Documentation
¶
Index ¶
- func InsertDataIntoPath(path string) string
- func InsertMetadataIntoPath(path string) string
- func IsNotFound(err error) bool
- type Alias
- type Entity
- type Group
- type KVData
- type KVMetadata
- type MountConfigOutput
- type MountListResponse
- type MountOutput
- type VaultClient
- func (v *VaultClient) CreateIdentity(name string, policies []string) (*Entity, error)
- func (v *VaultClient) CreateIdentityAlias(aliasName string, userID string, mountAccessor string) error
- func (v *VaultClient) DeleteGroupByName(name string) error
- func (v *VaultClient) DestroyKVIrreversibly(path string) error
- func (v *VaultClient) GetAllGroups() ([]Group, error)
- func (v *VaultClient) GetGroupByID(groupID string) (*Group, error)
- func (v *VaultClient) GetGroupByName(groupName string) (*Group, error)
- func (v *VaultClient) GetGroupNames() ([]string, error)
- func (v *VaultClient) GetKV(path string) (*KVData, error)
- func (v *VaultClient) GetUserByID(id string) (*Entity, error)
- func (v *VaultClient) GetUserByName(name string) (*Entity, error)
- func (v *VaultClient) GetUserFromAliasName(userName string) (*Entity, error)
- func (v *VaultClient) IsCredentialExpired() bool
- func (v *VaultClient) ListAuthMounts() (MountListResponse, error)
- func (v *VaultClient) ListIdentities() ([]string, error)
- func (v *VaultClient) ListKV(path string) ([]string, error)
- func (v *VaultClient) ListKVRecursively(path string) ([]string, error)
- func (v *VaultClient) Put(path string, body []byte) error
- func (v *VaultClient) UpdateGroupMembers(groupName string, newMemberIDs []string) error
- func (v *VaultClient) UpsertKV(path string, data map[string]string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func InsertDataIntoPath ¶
InsertDataIntoPath inserts '/data' as second element into a given path (which itself might have only one element(
func InsertMetadataIntoPath ¶
InsertMetadataIntoPath inserts '/metadata' as second element into a given path (which itself might have only one element(
func IsNotFound ¶
Types ¶
type Alias ¶
type Alias struct {
// ID is the unique identifier that represents this alias
ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
// CanonicalID is the entity identifier to which this alias belongs to
CanonicalID string `sentinel:"" protobuf:"bytes,2,opt,name=canonical_id,json=canonicalId,proto3" json:"canonical_id,omitempty"`
// MountType is the backend mount's type to which this alias belongs to.
// This enables categorically querying aliases of specific backend types.
MountType string `sentinel:"" protobuf:"bytes,3,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty"`
// MountAccessor is the backend mount's accessor to which this alias
// belongs to.
MountAccessor string `sentinel:"" protobuf:"bytes,4,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"`
// MountPath is the backend mount's path to which the Maccessor belongs to. This
// field is not used for any operational purposes. This is only returned when
// alias is read, only as a nicety.
MountPath string `sentinel:"" protobuf:"bytes,5,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"`
// Metadata is the explicit metadata that clients set against an entity
// which enables virtual grouping of aliases. Aliases will be indexed
// against their metadata.
Metadata map[string]string `` /* 169-byte string literal not displayed */
// Name is the identifier of this alias in its authentication source.
// This does not uniquely identify an alias in Vault. This in conjunction
// with MountAccessor form to be the factors that represent an alias in a
// unique way. Aliases will be indexed based on this combined uniqueness
// factor.
Name string `sentinel:"" protobuf:"bytes,7,opt,name=name,proto3" json:"name,omitempty"`
// CreationTime is the time at which this alias was first created
CreationTime *time.Time `sentinel:"" protobuf:"bytes,8,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
// LastUpdateTime is the most recent time at which the properties of this
// alias got modified. This is helpful in filtering out aliases based
// on its age and to take action on them, if desired.
LastUpdateTime *time.Time `sentinel:"" protobuf:"bytes,9,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
// MergedFromCanonicalIDs is the FIFO history of merging activity
MergedFromCanonicalIDs []string `` /* 144-byte string literal not displayed */
// NamespaceID is the identifier of the namespace to which this alias
// belongs.
NamespaceID string `sentinel:"" protobuf:"bytes,11,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"`
}
Alias is copied from https://github.com/hashicorp/vault/blob/9fc412306dd8282aead42f77654aaaad71bf10e5/helper/identity/types.pb.go#L373 change: timestamp.Timestamp replaced with time.Time
type Entity ¶
type Entity struct {
// Aliases are the identities that this entity is made of. This can be
// empty as well to favor being able to create the entity first and then
// incrementally adding aliases.
Aliases []*Alias `sentinel:"" protobuf:"bytes,1,rep,name=aliases,proto3" json:"aliases,omitempty"`
// ID is the unique identifier of the entity which always be a UUID. This
// should never be allowed to be updated.
ID string `sentinel:"" protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
// Name is a unique identifier of the entity which is intended to be
// human-friendly. The default name might not be human friendly since it
// gets suffixed by a UUID, but it can optionally be updated, unlike the ID
// field.
Name string `sentinel:"" protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
// Metadata represents the explicit metadata which is set by the
// clients. This is useful to tie any information pertaining to the
// aliases. This is a non-unique field of entity, meaning multiple
// entities can have the same metadata set. Entities will be indexed based
// on this explicit metadata. This enables virtual groupings of entities
// based on its metadata.
Metadata map[string]string `` /* 169-byte string literal not displayed */
// CreationTime is the time at which this entity is first created.
CreationTime *time.Time `sentinel:"" protobuf:"bytes,5,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
// LastUpdateTime is the most recent time at which the properties of this
// entity got modified. This is helpful in filtering out entities based on
// its age and to take action on them, if desired.
LastUpdateTime *time.Time `sentinel:"" protobuf:"bytes,6,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
// MergedEntityIDs are the entities which got merged to this one. Entities
// will be indexed based on all the entities that got merged into it. This
// helps to apply the actions on this entity on the tokens that are merged
// to the merged entities. Merged entities will be deleted entirely and
// this is the only trackable trail of its earlier presence.
MergedEntityIDs []string `sentinel:"" protobuf:"bytes,7,rep,name=merged_entity_ids,json=mergedEntityIDs,proto3" json:"merged_entity_ids,omitempty"`
// Policies the entity is entitled to
Policies []string `sentinel:"" protobuf:"bytes,8,rep,name=policies,proto3" json:"policies,omitempty"`
// BucketKey is the path of the storage packer key into which this entity is
// stored.
BucketKey string `sentinel:"" protobuf:"bytes,9,opt,name=bucket_key,json=bucketKey,proto3" json:"bucket_key,omitempty"`
// MFASecrets holds the MFA secrets indexed by the identifier of the MFA
// method configuration.
// MFASecrets map[string]*mfa.Secret `sentinel:"" protobuf:"bytes,10,rep,name=mfa_secrets,json=mfaSecrets,proto3" json:"mfa_secrets,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// Disabled indicates whether tokens associated with the account should not
// be able to be used
Disabled bool `sentinel:"" protobuf:"varint,11,opt,name=disabled,proto3" json:"disabled,omitempty"`
// NamespaceID is the identifier of the namespace to which this entity
// belongs to. Do not return this value over the API when reading the
// entity.
NamespaceID string `sentinel:"" protobuf:"bytes,12,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"`
// GroupIDs is added downstream. Upstream has no type that would include this: https://github.com/hashicorp/vault/blob/be65a227ef2e80f8588b3b13584b5c0d9238c1d7/vault/identity_store_entities.go#L407
GroupIDs []string `json:"group_ids,omitempty"`
}
Entity is copied from https://github.com/hashicorp/vault/blob/9fc412306dd8282aead42f77654aaaad71bf10e5/helper/identity/types.pb.go#L200 Changes: * timestamp.Timestamp replaced with time.Time * GroupIDs field added * MFASecrets field removed, we don't use it and it has has a field of protobuf_oneof type which isn't really supported for json
type Group ¶
type Group struct {
// ID is the unique identifier for this group
ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
// Name is the unique name for this group
Name string `sentinel:"" protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
// Policies are the vault policies to be granted to members of this group
Policies []string `sentinel:"" protobuf:"bytes,3,rep,name=policies,proto3" json:"policies,omitempty"`
// ParentGroupIDs are the identifiers of those groups to which this group is a
// member of. These will serve as references to the parent group in the
// hierarchy.
ParentGroupIDs []string `sentinel:"" protobuf:"bytes,4,rep,name=parent_group_ids,json=parentGroupIds,proto3" json:"parent_group_ids,omitempty"`
// MemberEntityIDs are the identifiers of entities which are members of this
// group
MemberEntityIDs []string `sentinel:"" protobuf:"bytes,5,rep,name=member_entity_ids,json=memberEntityIDs,proto3" json:"member_entity_ids,omitempty"`
// Metadata represents the custom data tied with this group
Metadata map[string]string `` /* 169-byte string literal not displayed */
// CreationTime is the time at which this group was created
CreationTime *time.Time `sentinel:"" protobuf:"bytes,7,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
// LastUpdateTime is the time at which this group was last modified
LastUpdateTime *time.Time `sentinel:"" protobuf:"bytes,8,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
// ModifyIndex tracks the number of updates to the group. It is useful to detect
// updates to the groups.
ModifyIndex uint64 `sentinel:"" protobuf:"varint,9,opt,name=modify_index,json=modifyIndex,proto3" json:"modify_index,omitempty"`
// BucketKey is the path of the storage packer key into which this group is
// stored.
BucketKey string `sentinel:"" protobuf:"bytes,10,opt,name=bucket_key,json=bucketKey,proto3" json:"bucket_key,omitempty"`
// Alias is used to mark this group as an internal mapping of a group that
// is external to the identity store. Alias can only be set if the 'type'
// is set to 'external'.
Alias *Alias `sentinel:"" protobuf:"bytes,11,opt,name=alias,proto3" json:"alias,omitempty"`
// Type indicates if this group is an internal group or an external group.
// Memberships of the internal groups can be managed over the API whereas
// the memberships on the external group --for which a corresponding alias
// will be set-- will be managed automatically.
Type string `sentinel:"" protobuf:"bytes,12,opt,name=type,proto3" json:"type,omitempty"`
// NamespaceID is the identifier of the namespace to which this group
// belongs to. Do not return this value over the API when reading the
// group.
NamespaceID string `sentinel:"" protobuf:"bytes,13,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"`
}
Group represents an identity group. Copied from https://github.com/hashicorp/vault/blob/9fc412306dd8282aead42f77654aaaad71bf10e5/helper/identity/types.pb.go#L31 Changes: timestamp.Timestamp replaced with time.Time
type KVData ¶
type KVData struct {
Data map[string]string `json:"data"`
Metadata KVMetadata `json:"metadata"`
}
type KVMetadata ¶
type MountConfigOutput ¶
type MountConfigOutput struct {
DefaultLeaseTTL int `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
MaxLeaseTTL int `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"`
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
TokenType string `json:"token_type,omitempty" mapstructure:"token_type"`
// Deprecated: This field will always be blank for newer server responses.
PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`
}
MountConfigOutput is copied from https://github.com/hashicorp/vault/blob/be65a227ef2e80f8588b3b13584b5c0d9238c1d7/api/sys_mounts.go#L174
type MountListResponse ¶
type MountListResponse map[string]MountOutput
MountListResponse is a map mountPath -> mount properties
type MountOutput ¶
type MountOutput struct {
UUID string `json:"uuid"`
Type string `json:"type"`
Description string `json:"description"`
Accessor string `json:"accessor"`
Config MountConfigOutput `json:"config"`
Options map[string]string `json:"options"`
Local bool `json:"local"`
SealWrap bool `json:"seal_wrap" mapstructure:"seal_wrap"`
ExternalEntropyAccess bool `json:"external_entropy_access" mapstructure:"external_entropy_access"`
}
MountOutput is copied from https://github.com/hashicorp/vault/blob/be65a227ef2e80f8588b3b13584b5c0d9238c1d7/api/sys_mounts.go#L162
type VaultClient ¶
func New ¶
func New(addr, token string) (*VaultClient, error)
func NewFromKubernetesAuth ¶
func NewFromKubernetesAuth(addr, role string) (*VaultClient, error)
func NewFromUserPass ¶
func NewFromUserPass(addr, user, pass string) (*VaultClient, error)
func (*VaultClient) CreateIdentity ¶
func (v *VaultClient) CreateIdentity(name string, policies []string) (*Entity, error)
func (*VaultClient) CreateIdentityAlias ¶
func (v *VaultClient) CreateIdentityAlias(aliasName string, userID string, mountAccessor string) error
func (*VaultClient) DeleteGroupByName ¶
func (v *VaultClient) DeleteGroupByName(name string) error
func (*VaultClient) DestroyKVIrreversibly ¶
func (v *VaultClient) DestroyKVIrreversibly(path string) error
func (*VaultClient) GetAllGroups ¶
func (v *VaultClient) GetAllGroups() ([]Group, error)
func (*VaultClient) GetGroupByID ¶
func (v *VaultClient) GetGroupByID(groupID string) (*Group, error)
func (*VaultClient) GetGroupByName ¶
func (v *VaultClient) GetGroupByName(groupName string) (*Group, error)
func (*VaultClient) GetGroupNames ¶
func (v *VaultClient) GetGroupNames() ([]string, error)
func (*VaultClient) GetUserByID ¶
func (v *VaultClient) GetUserByID(id string) (*Entity, error)
func (*VaultClient) GetUserByName ¶
func (v *VaultClient) GetUserByName(name string) (*Entity, error)
func (*VaultClient) GetUserFromAliasName ¶
func (v *VaultClient) GetUserFromAliasName(userName string) (*Entity, error)
func (*VaultClient) IsCredentialExpired ¶
func (v *VaultClient) IsCredentialExpired() bool
func (*VaultClient) ListAuthMounts ¶
func (v *VaultClient) ListAuthMounts() (MountListResponse, error)
func (*VaultClient) ListIdentities ¶
func (v *VaultClient) ListIdentities() ([]string, error)
func (*VaultClient) ListKVRecursively ¶
func (v *VaultClient) ListKVRecursively(path string) ([]string, error)
func (*VaultClient) UpdateGroupMembers ¶
func (v *VaultClient) UpdateGroupMembers(groupName string, newMemberIDs []string) error
Source Files
Click to show internal directories.
Click to hide internal directories.