jx: github.com/jenkins-x/jx/pkg/vault Index | Files | Directories

package vault

import "github.com/jenkins-x/jx/pkg/vault"


Package Files

cli.go constants.go helpers.go rule.go vault_client.go vault_path.go


const (
    // SystemVaultNamePrefix name prefix of the system vault used by the jenkins-x platform
    SystemVaultNamePrefix = "jx-vault"
    // GitOpsSecretsPath the path of secrets generated for GitOps
    GitOpsSecretsPath = "gitops/"
    // GitOpsTemplatesPath the path of gitops templates secrets
    GitOpsTemplatesPath = "templates/"
    // AdminSecretsPath the path of admin secrets
    AdminSecretsPath = "admin/"
    // AuthSecretsPath the path of auth secrets
    AuthSecretsPath = "auth/"
    // LocalVaultEnvVar defines the address to search for when using kubectl port-forward to access Vault without an ingress
    LocalVaultEnvVar = "LOCAL_VAULT_ADDR"
    //DefaultVaultPort defines the port to access vault
    DefaultVaultPort = "8200"
const (
    // JenkinsAdminSecret the secret name for Jenkins admin password
    JenkinsAdminSecret = "jenkins"
    // NexusAdminSecret the secret name for Nexus credentials
    NexusAdminSecret = "nexus"
    // ChartmuseumAdminSecret the secret name for ChartMuseum credentials
    ChartmuseumAdminSecret = "chartmuseum"
    // GrafanaAdminSecret the secret name for Grafana credentials
    GrafanaAdminSecret = "grafana"
    // IngressAdminSecret the secret name for Ingress basic authentication
    IngressAdminSecret = "ingress"
const (
    DenyCapability   = "deny"
    CreateCapability = "create"
    ReadCapability   = "read"
    UpdateCapability = "update"
    DeleteCapability = "delete"
    ListCapability   = "list"
    SudoCapability   = "sudo"
    RootCapability   = "root"

    PathRulesName            = "allow_secrets"
    DefaultSecretsPathPrefix = "secret/*"
    PoliciesName             = "policies"
    DefaultSecretsPath       = "secret"


var (
    DefaultSecretsCapabiltities = []string{CreateCapability, ReadCapability, UpdateCapability, DeleteCapability, ListCapability}

func AdminSecretPath Uses

func AdminSecretPath(secret AdminSecret) string

AdminSecretPath returns the admin secret path for a given admin secret

func AuthSecretPath Uses

func AuthSecretPath(secret string) string

AuthSecretPath returns the path of an auth secret

func GitOpsSecretPath Uses

func GitOpsSecretPath(secret string) string

GitOpsSecretsPath returns the path of an install secret

func InstallVaultCli Uses

func InstallVaultCli() error

InstallVaultCli installs vault cli

func WriteBasicAuth Uses

func WriteBasicAuth(client Client, path string, auth config.BasicAuth) error

WriteBasicAuth stores the basic authentication credentials in vault at the given path.

func WriteMap Uses

func WriteMap(client Client, path string, secret map[string]interface{}) error

WriteMap stores the map in vault at the given path.

func WriteYamlFiles Uses

func WriteYamlFiles(client Client, path string, files ...string) error

WriteYAMLFiles stores the given YAML files in vault. The final secret path is a concatenation of the 'path' with the file name.

type AdminSecret Uses

type AdminSecret string

AdminSecret type for a vault admin secret

type Client Uses

type Client interface {
    // Write writes a named secret to the vault
    Write(secretName string, data map[string]interface{}) (map[string]interface{}, error)

    // WriteObject writes a generic named object to the vault.
    // The secret _must_ be serializable to JSON.
    WriteObject(secretName string, secret interface{}) (map[string]interface{}, error)

    // WriteYaml writes a yaml object to a named secret
    WriteYaml(secretName string, yamlstring string) (map[string]interface{}, error)

    // List lists the secrets under the specified path
    List(path string) ([]string, error)

    // Read reads a named secret from the vault
    Read(secretName string) (map[string]interface{}, error)

    // ReadObject reads a generic named object from vault.
    // The secret _must_ be serializable to JSON.
    ReadObject(secretName string, secret interface{}) error

    // ReadYaml reads a yaml object from a named secret
    ReadYaml(secretName string) (string, error)

    // Config gets the config required for configuring the official Vault CLI
    Config() (vaultURL url.URL, vaultToken string, err error)

    // ReplaceURIs will replace any vault: URIs in a string (or whatever URL scheme the secret URL client supports
    ReplaceURIs(text string) (string, error)

Client is an interface for interacting with Vault go:generate pegomock generate github.com/jenkins-x/jx/pkg/vault Client -o mocks/vault_client.go

func NewVaultClient Uses

func NewVaultClient(apiclient *api.Client) Client

NewVaultClient creates a new Vault Client wrapping the api.client

type PathPolicy Uses

type PathPolicy struct {
    Prefix       string   `hcl:",key"`
    Capabilities []string `hcl:"capabilities" hcle:"omitempty"`

PathPolicy defiens a vault path policy

type PathRule Uses

type PathRule struct {
    Path []PathPolicy `hcl:"path" hcle:"omitempty"`

PathRule defines a path rule

func (*PathRule) String Uses

func (r *PathRule) String() (string, error)

String encodes a Vault path rule to a string


mocks/matchersCode generated by pegomock.

Package vault imports 16 packages (graph) and is imported by 13 packages. Updated 2020-01-30. Refresh now. Tools for package owners.