diogenes

package module

v0.1.4 Latest Latest Go to latest Published: Dec 11, 2023 License: MIT Imports: 15 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/odysseia-greek/agora

Links

Open Source Insights

README ¶

Diogenes

Common layer for odysseia-greek it holds the vault interface

Installation

Usage

Documentation ¶

Index ¶

Constants
func CreateTLSConfig(insecure bool, ca, cert, key, caPath string) *api.TLSConfig
type Client
type ClusterKeys
- func UnmarshalClusterKeys(data []byte) (ClusterKeys, error)
- func (r *ClusterKeys) Marshal() ([]byte, error)
type CreateSecretRequest
- func (r *CreateSecretRequest) Marshal() ([]byte, error)
type ElasticConfigVault
- func UnmarshalSecretData(data []byte) (ElasticConfigVault, error)
- func (r *ElasticConfigVault) Marshal() ([]byte, error)
type MockVaultTransport
- func (t *MockVaultTransport) RoundTrip(req *http.Request) (*http.Response, error)
type Vault

Constants ¶

View Source

const (
	VAULT = "vault"

	EnvVaultService = "VAULT_SERVICE"
	EnvAuthMethod   = "AUTH_METHOD"
	EnvTLSEnabled   = "VAULT_TLS"
	EnvVaultRole    = "VAULT_ROLE"
	EnvRootTlSDir   = "CERT_ROOT"
	AuthMethodKube  = "kubernetes"
	AuthMethodToken = "token"
)

View Source

const SecretPrefix string = "secret"

Variables ¶

This section is empty.

Functions ¶

func CreateTLSConfig ¶

func CreateTLSConfig(insecure bool, ca, cert, key, caPath string) *api.TLSConfig

Types ¶

type Client ¶

type Client interface {
	CheckHealthyStatus(ticks, tick time.Duration) bool
	Health() (bool, error)
	CreateOneTimeToken(policy []string) (string, error)
	CreateNewSecret(name string, payload []byte) (bool, error)
	GetSecret(name string) (*api.Secret, error)
	SetOnetimeToken(token string)
	LoginWithRootToken(rootToken string) error
	GetCurrentToken() string
	Unseal(keys []string) (bool, error)
	AutoUnsealGCP(keyRing, cryptoKey, location string, keys []string) (bool, error)
	Status() (*api.SealStatusResponse, error)
	Initialize(shares, threshold int) (*api.InitResponse, error)
	InitializeAutoUnseal(shares, threshold int) (*api.InitResponse, error)
	EnableKVSecretsEngine(namespace, configName string) error
	WritePolicy(policyName string, policyContent []byte) error
	ReadPolicy(policyName string) (string, error)
	KubernetesAuthMethod(role, serviceAccountName, namespace, kubeHost string) error
	RaftJoin(leaderAddress string, cert, key, ca []byte) (*api.RaftJoinResponse, error)
	Leader() (*api.LeaderResponse, error)
}

func CreateMockVaultClient ¶

func CreateMockVaultClient(fixtureFiles []string, statusCode int) (Client, error)

func CreateVaultClient ¶

func CreateVaultClient(env string, healthCheck, debugMode bool) (Client, error)

func CreateVaultClientKubernetes ¶

func CreateVaultClientKubernetes(address, vaultRole, jwt string, tlsConfig *api.TLSConfig) (Client, error)

func NewVaultClient ¶

func NewVaultClient(address, token string, tlsConfig *api.TLSConfig) (Client, error)

type ClusterKeys ¶

type ClusterKeys struct {
	UnsealKeysB64         []string      `json:"unseal_keys_b64"`
	UnsealKeysHex         []string      `json:"unseal_keys_hex"`
	UnsealShares          int64         `json:"unseal_shares"`
	UnsealThreshold       int64         `json:"unseal_threshold"`
	RecoveryKeysB64       []interface{} `json:"recovery_keys_b64"`
	RecoveryKeysHex       []interface{} `json:"recovery_keys_hex"`
	RecoveryKeysShares    int64         `json:"recovery_keys_shares"`
	RecoveryKeysThreshold int64         `json:"recovery_keys_threshold"`
	RootToken             string        `json:"root_token"`
}

func UnmarshalClusterKeys ¶

func UnmarshalClusterKeys(data []byte) (ClusterKeys, error)

func (*ClusterKeys) Marshal ¶

func (r *ClusterKeys) Marshal() ([]byte, error)

type CreateSecretRequest ¶

type CreateSecretRequest struct {
	Data ElasticConfigVault `json:"data"`
}

func (*CreateSecretRequest) Marshal ¶

func (r *CreateSecretRequest) Marshal() ([]byte, error)

type ElasticConfigVault ¶

type ElasticConfigVault struct {
	Username    string `json:"elasticUsername"`
	Password    string `json:"elasticPassword"`
	ElasticCERT string `json:"elasticCert"`
}

func UnmarshalSecretData ¶

func UnmarshalSecretData(data []byte) (ElasticConfigVault, error)

func (*ElasticConfigVault) Marshal ¶

func (r *ElasticConfigVault) Marshal() ([]byte, error)

type MockVaultTransport ¶

type MockVaultTransport struct {
	Responses   []*http.Response
	ResponseIdx int
}

func (*MockVaultTransport) RoundTrip ¶

func (t *MockVaultTransport) RoundTrip(req *http.Request) (*http.Response, error)

type Vault ¶

type Vault struct {
	SecretPath string
	Connection *api.Client
}

func (*Vault) AutoUnsealGCP ¶

func (v *Vault) AutoUnsealGCP(keyRing, cryptoKey, location string, keys []string) (bool, error)

AutoUnsealGCP attempts to unseal Vault using a gcp provider key

func (*Vault) CheckHealthyStatus ¶

func (v *Vault) CheckHealthyStatus(ticks, tick time.Duration) bool

func (*Vault) CreateNewSecret ¶

func (v *Vault) CreateNewSecret(name string, payload []byte) (bool, error)

func (*Vault) CreateOneTimeToken ¶

func (v *Vault) CreateOneTimeToken(policy []string) (string, error)

func (*Vault) EnableKVSecretsEngine ¶

func (v *Vault) EnableKVSecretsEngine(namespace, configName string) error

EnableKVSecretsEngine enables the Key-Value (KV) secrets engine in HashiCorp Vault.

Parameters:

namespace: In Vault, a namespace is a way to create a logical grouping or isolation of data within a Vault cluster. If you're not using namespaces, you can typically set this to an empty string or ignore it.

configName: This is the name you want to give to your KV (Key-Value) secrets engine. For instance, to create a KV secrets engine at the path "configs," pass "configs" as configName.

Returns:

error: If there is an error during the process of enabling the KV secrets engine, an error is returned. Otherwise, nil is returned.

Usage example:

// Enable KV secrets engine without using namespaces err := EnableKVSecretsEngine("", "configs")

if err != nil {
    log.Printf("Error enabling KV secrets engine: %v", err)
}

func (*Vault) GetCurrentToken ¶

func (v *Vault) GetCurrentToken() string

func (*Vault) GetSecret ¶

func (v *Vault) GetSecret(name string) (*api.Secret, error)

func (*Vault) Health ¶

func (v *Vault) Health() (bool, error)

func (*Vault) Initialize ¶

func (v *Vault) Initialize(shares, threshold int) (*api.InitResponse, error)

Initialize initializes the Vault server.

func (*Vault) InitializeAutoUnseal ¶

func (v *Vault) InitializeAutoUnseal(shares, threshold int) (*api.InitResponse, error)

func (*Vault) KubernetesAuthMethod ¶

func (v *Vault) KubernetesAuthMethod(role, serviceAccountName, namespace, kubeHost string) error

func (*Vault) Leader ¶

func (v *Vault) Leader() (*api.LeaderResponse, error)

func (*Vault) LoginWithRootToken ¶

func (v *Vault) LoginWithRootToken(rootToken string) error

func (*Vault) RaftJoin ¶

func (v *Vault) RaftJoin(leaderAddress string, cert, key, ca []byte) (*api.RaftJoinResponse, error)

func (*Vault) ReadPolicy ¶

func (v *Vault) ReadPolicy(policyName string) (string, error)

func (*Vault) SetOnetimeToken ¶

func (v *Vault) SetOnetimeToken(token string)

func (*Vault) Status ¶

func (v *Vault) Status() (*api.SealStatusResponse, error)

Status attempts to unseal the Vault using the provided keys.

func (*Vault) Unseal ¶

func (v *Vault) Unseal(keys []string) (bool, error)

Unseal attempts to unseal the Vault using the provided keys.

func (*Vault) WritePolicy ¶

func (v *Vault) WritePolicy(policyName string, policyContent []byte) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL