Documentation ¶
Overview ¶
Package vaultk8s provides authentication with Vault on Kubernetes
Index ¶
- Constants
- func FixAuthMountPath(p string) string
- type Authenticate
- type Vault
- func (v *Vault) Authenticate() (string, error)
- func (v *Vault) Client() *vault.Client
- func (v *Vault) GetToken() (string, error)
- func (v *Vault) LoadToken() (string, error)
- func (v *Vault) NewRenewer(token string) (*vault.Renewer, error)
- func (v *Vault) StoreToken(token string) error
- func (v *Vault) UseToken(token string)
Constants ¶
const ( AuthMountPath = "kubernetes" ServiceAccountTokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token" //nolint: gosec // not the token DefaultTimeout = 30 * time.Second )
Constants
Variables ¶
This section is empty.
Functions ¶
func FixAuthMountPath ¶
FixAuthMountPath add the auth prefix kubernetes -> kubernetes /kubernetes -> kubernetes auth/kubernetes -> kubernetes presumes a valid path
Types ¶
type Authenticate ¶ added in v0.1.0
Authenticate is the function for the Vault authentication.
type Vault ¶
type Vault struct { // approle auth RoleID string SecretID string // kubernetes auth Role string ServiceAccountTokenPath string TokenPath string AuthMountPath string TTL int ReAuth bool AllowFail bool LoginTimeout time.Duration // contains filtered or unexported fields }
Vault represents the configuration to get a valid Vault token
func NewFromEnvironment ¶
NewFromEnvironment returns a initialized Vault type for authentication
func (*Vault) GetToken ¶
GetToken tries to load the vault token from VaultTokenPath if token is not available, invalid or not renewable and VaultReAuth is true, try to re-authenticate
func (*Vault) NewRenewer ¶
NewRenewer returns a *vault.Renewer to renew the vault token regularly
func (*Vault) StoreToken ¶
StoreToken in VaultTokenPath