jx: github.com/jenkins-x/jx/pkg/kube/vault Index | Files

package vault

import "github.com/jenkins-x/jx/pkg/kube/vault"


Package Files

vault.go vault_factory.go vault_selector.go


const (
    BankVaultsImage    = "banzaicloud/bank-vaults"
    VaultOperatorImage = "banzaicloud/vault-operator"
    VaultImage         = "vault"

func CreateAWSVault Uses

func CreateAWSVault(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, name string, ns string,
    images map[string]string, awsServiceAccountSecretName string, awsConfig *AWSConfig, authServiceAccount string,
    authServiceAccountNamespace string, secretsPathPrefix string) error

CreateAWSVault creates a new vault backed by AWS KMS and DynamoDB storage

func CreateGKEVault Uses

func CreateGKEVault(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, name string, ns string,
    images map[string]string, gcpServiceAccountSecretName string, gcpConfig *GCPConfig, authServiceAccount string,
    authServiceAccountNamespace string, secretsPathPrefix string) error

CreateGKEVault creates a new vault backed by GCP KMS and storage

func DeleteVault Uses

func DeleteVault(vaultOperatorClient versioned.Interface, name string, ns string) error

DeleteVault delete a Vault resource

func FindVault Uses

func FindVault(vaultOperatorClient versioned.Interface, name string, ns string) bool

FindVault checks if a vault is available

func GetAuthSaName Uses

func GetAuthSaName(vault v1alpha1.Vault) string

GetAuthSaName gets the Auth Service Account name for the vault

func GetVault Uses

func GetVault(vaultOperatorClient versioned.Interface, name string, ns string) (*v1alpha1.Vault, error)

GetVault gets a specific vault

func SystemVaultName Uses

func SystemVaultName(kuber kube.Kuber) (string, error)

SystemVaultName returns the name of the system vault based on the cluster name

func SystemVaultNameForCluster Uses

func SystemVaultNameForCluster(clusterName string) string

SystemVaultNameForCluster returns the system vault name from a given cluster name

type AWSConfig Uses

type AWSConfig struct {
    AutoCreate          bool
    DynamoDBTable       string
    DynamoDBRegion      string
    AccessKeyID         string
    SecretAccessKey     string
    ProvidedIAMUsername string

AWSConfig keeps the vault configuration for AWS

type AWSSealConig Uses

type AWSSealConig struct {
    Region    string `json:"region,omitempty"`
    AccessKey string `json:"access_key,omitempty"`
    SecretKey string `json:"secret_key,omitempty"`
    KmsKeyID  string `json:"kms_key_id,omitempty"`
    Endpoint  string `json:"endpoint,omitempty"`

AWSSealConig AWS KMS config for vault auto-unseal

type DynamoDBConfig Uses

type DynamoDBConfig struct {
    HaEnabled       string `json:"ha_enabled"`
    Region          string `json:"region"`
    Table           string `json:"table"`
    AccessKeyID     string `json:"access_key"`
    SecretAccessKey string `json:"secret_key"`

DynamoDBConfig AWS DynamoDB config for Vault backend

type GCPConfig Uses

type GCPConfig struct {
    ProjectId   string
    KmsKeyring  string
    KmsKey      string
    KmsLocation string
    GcsBucket   string

GCPConfig keeps the configuration for Google Cloud

type GCPSealConfig Uses

type GCPSealConfig struct {
    Credentials string `json:"credentials,omitempty"`
    Project     string `json:"project,omitempty"`
    Region      string `json:"region,omitempty"`
    KeyRing     string `json:"key_ring,omitempty"`
    CryptoKey   string `json:"crypto_key,omitempty"`

GCPSealConfig Google Cloud KMS config for vault auto-unseal

type GCSConfig Uses

type GCSConfig struct {
    Bucket    string `json:"bucket"`
    HaEnabled string `json:"ha_enabled"`

GCSConfig Google Cloud Storage config for Vault backend

type Listener Uses

type Listener struct {
    Tcp Tcp `json:"tcp"`

Listener vault server listener

type OptionsInterface Uses

type OptionsInterface interface {
    KubeClientAndNamespace() (kubernetes.Interface, string, error)
    VaultOperatorClient() (versioned.Interface, error)
    GetIn() terminal.FileReader
    GetOut() terminal.FileWriter
    GetErr() io.Writer
    GetIOFileHandles() util.IOFileHandles

OptionsInterface is an interface to allow passing around of a CommonOptions object without dependencies on the whole of the cmd package

type Seal Uses

type Seal struct {
    GcpCkms *GCPSealConfig `json:"gcpckms,omitempty"`
    AWSKms  *AWSSealConig  `json:"awskms,omitempty"`

Seal configuration for Vault auto-unseal

type SecretEngine Uses

type SecretEngine struct {
    Path string `json:"path"`

SecretEngine configuration for secret engine

type Selector Uses

type Selector interface {
    GetVault(name string, namespace string, useIngressURL bool) (*Vault, error)

Selector is an interface for selecting a vault from the installed ones on the platform It should pick the most logical one, or give the user a way of picking a vault if there are multiple installed

func NewVaultSelector Uses

func NewVaultSelector(o OptionsInterface) (Selector, error)

NewVaultSelector creates a new vault selector

type Storage Uses

type Storage struct {
    GCS      *GCSConfig      `json:"gcs,omitempty"`
    DynamoDB *DynamoDBConfig `json:"dynamodb,omitempty"`

Storage configuration for Vault storage

type Tcp Uses

type Tcp struct {
    Address    string `json:"address"`
    TlsDisable bool   `json:"tls_disable"`

Tcp address for vault server

type Telemetry Uses

type Telemetry struct {
    StatsdAddress string `json:"statsd_address"`

Telemetry address for telemetry server

type Vault Uses

type Vault struct {
    Name                   string
    Namespace              string
    URL                    string
    AuthServiceAccountName string

Vault stores some details of a Vault resource

func GetVaults Uses

func GetVaults(client kubernetes.Interface, vaultOperatorClient versioned.Interface, ns string, useIngressURL bool) ([]*Vault, error)

GetVaults returns all vaults available in a given namespaces

type VaultAuth Uses

type VaultAuth struct {
    Roles []VaultRole `json:"roles"`
    Type  string      `json:"type"`

VaultAuth vault auth configuration

type VaultAuths Uses

type VaultAuths []VaultAuth

VaultAuths list of vault authentications

type VaultClientFactory Uses

type VaultClientFactory struct {
    Options  OptionsInterface
    Selector Selector

    DisableURLDiscovery bool
    // contains filtered or unexported fields

VaultClientFactory keeps the configuration required to build a new vault client factory

func NewInteractiveVaultClientFactory Uses

func NewInteractiveVaultClientFactory(options OptionsInterface) (*VaultClientFactory, error)

NewInteractiveVaultClientFactory creates a VaultClientFactory that allows the user to pick vaults if necessary

func NewVaultClientFactory Uses

func NewVaultClientFactory(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, defaultNamespace string) (*VaultClientFactory, error)

NewVaultClientFactory Creates a new VaultClientFactory with different options to the above. It doesnt' have CLI support so will fail if it needs interactive input (unlikely)

func (*VaultClientFactory) GetConfigData Uses

func (v *VaultClientFactory) GetConfigData(name string, namespace string, useIngressURL, insecureSSLWebhook bool) (config *api.Config, jwt string, saName string, err error)

GetConfigData generates the information necessary to configure an api.Client object Returns the api.Config object, the JWT needed to create the auth user in vault, and an error if present

func (*VaultClientFactory) NewVaultClient Uses

func (v *VaultClientFactory) NewVaultClient(name string, namespace string, useIngressURL, insecureSSLWebhook bool) (*api.Client, error)

NewVaultClient creates a new api.Client if namespace is nil, then the default namespace of the factory will be used if the name is nil, and only one vault is found, then that vault will be used. Otherwise the user will be prompted to select a vault for the client.

type VaultPolicies Uses

type VaultPolicies []VaultPolicy

VaultPolicies list of vault policies

type VaultPolicy Uses

type VaultPolicy struct {
    Name  string `json:"name"`
    Rules string `json:"rules"`

VaultPolicy vault policy

type VaultRole Uses

type VaultRole struct {
    BoundServiceAccountNames      string `json:"bound_service_account_names"`
    BoundServiceAccountNamespaces string `json:"bound_service_account_namespaces"`
    Name                          string `json:"name"`
    Policies                      string `json:"policies"`
    TTL                           string `json:"ttl"`

VaultRole role configuration for VaultAuth

Package vault imports 20 packages (graph) and is imported by 6 packages. Updated 2019-11-09. Refresh now. Tools for package owners.