vault

package

v1.7.3 Latest Latest Go to latest Published: Jun 23, 2022 License: Apache-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jetstack/cert-manager

Links

Open Source Insights

Documentation ¶

Overview ¶

package vault contains an addon that installs Vault

Index ¶

func NewVaultAppRoleSecret(name, secretId string) *corev1.Secret
func NewVaultKubernetesSecret(name string, serviceAccountName string) *corev1.Secret
func NewVaultServiceAccount(name string) *corev1.ServiceAccount
func NewVaultServiceAccountClusterRoleBinding(roleName, namespace, subject string) *rbacv1.ClusterRoleBinding
func NewVaultServiceAccountRole(namespace, serviceAccountName string) *rbacv1.ClusterRole
func NewVaultTokenSecret(name string) *corev1.Secret
type Details
type Vault
type VaultInitializer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewVaultAppRoleSecret ¶

func NewVaultAppRoleSecret(name, secretId string) *corev1.Secret

func NewVaultKubernetesSecret ¶ added in v0.11.0

func NewVaultKubernetesSecret(name string, serviceAccountName string) *corev1.Secret

func NewVaultServiceAccount ¶ added in v0.11.0

func NewVaultServiceAccount(name string) *corev1.ServiceAccount

func NewVaultServiceAccountClusterRoleBinding ¶ added in v0.11.0

func NewVaultServiceAccountClusterRoleBinding(roleName, namespace, subject string) *rbacv1.ClusterRoleBinding

func NewVaultServiceAccountRole ¶ added in v0.11.0

func NewVaultServiceAccountRole(namespace, serviceAccountName string) *rbacv1.ClusterRole

func NewVaultTokenSecret ¶

func NewVaultTokenSecret(name string) *corev1.Secret

Types ¶

type Details ¶

type Details struct {
	// Kubectl is the path to kubectl
	Kubectl string

	// Host is the hostname that can be used to connect to Vault
	Host string

	// PodName is the name of the Vault pod
	PodName string

	// Namespace is the namespace vault has been deployed into
	Namespace string

	// VaultCA is the CA used to sign the vault serving certificate
	VaultCA           []byte
	VaultCAPrivateKey []byte

	// VaultCert is the vault serving certificate
	VaultCert           []byte
	VaultCertPrivateKey []byte
}

type Vault ¶

type Vault struct {
	Base *base.Base

	// Name is a unique name for this Vault deployment
	Name string

	// Namespace is the namespace to deploy Vault into
	Namespace string
	// contains filtered or unexported fields
}

Vault describes the configuration details for an instance of Vault deployed to the test cluster

func (*Vault) Deprovision ¶

func (v *Vault) Deprovision() error

Deprovision will destroy this instance of Vault

func (*Vault) Details ¶

func (v *Vault) Details() *Details

Details returns details that can be used to utilise the instance of Vault.

func (*Vault) Logs ¶ added in v0.6.0

func (v *Vault) Logs() (map[string]string, error)

func (*Vault) Provision ¶

func (v *Vault) Provision() error

Provision will actually deploy this instance of Vault to the cluster.

func (*Vault) Setup ¶

func (v *Vault) Setup(cfg *config.Config) error

func (*Vault) SupportsGlobal ¶

func (v *Vault) SupportsGlobal() bool

type VaultInitializer ¶

type VaultInitializer struct {
	Details

	RootMount         string
	IntermediateMount string
	// Whether the intermediate CA should be configured with root CA
	ConfigureWithRoot  bool
	Role               string // AppRole auth Role
	AppRoleAuthPath    string // AppRole auth mount point in Vault
	KubernetesAuthPath string // Kubernetes auth mount point in Vault
	APIServerURL       string // Kubernetes API Server URL
	APIServerCA        string // Kubernetes API Server CA certificate
	// contains filtered or unexported fields
}

VaultInitializer holds the state of a configured Vault PKI. We use the same Vault server for all tests. PKIs are mounted and unmounted for each test scenario that uses them.

func (*VaultInitializer) Clean ¶

func (v *VaultInitializer) Clean() error

func (*VaultInitializer) CleanAppRole ¶

func (v *VaultInitializer) CleanAppRole() error

func (*VaultInitializer) CleanKubernetesRole ¶ added in v0.11.0

func (v *VaultInitializer) CleanKubernetesRole(client kubernetes.Interface, namespace, roleName, serviceAccountName string) error

CleanKubernetesRole cleans up the ClusterRoleBinding and ServiceAccount for Kubernetes auth delegation

func (*VaultInitializer) CreateAppRole ¶

func (v *VaultInitializer) CreateAppRole() (string, string, error)

func (*VaultInitializer) CreateKubernetesRole ¶ added in v0.11.0

func (v *VaultInitializer) CreateKubernetesRole(client kubernetes.Interface, namespace, roleName, serviceAccountName string) error

CreateKubernetesRole creates a service account and ClusterRoleBinding for Kubernetes auth delegation

func (*VaultInitializer) Init ¶

func (v *VaultInitializer) Init() error

Set up a new Vault client, port-forward to the Vault instance.

func (*VaultInitializer) Setup ¶

func (v *VaultInitializer) Setup() error

Set up a Vault PKI.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL