vault

package

v1.24.2 Latest Latest Go to latest Published: Apr 17, 2024 License: MIT Imports: 29 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ricoberger/vault-secrets-operator

Links

Documentation ¶

Index ¶

Variables
func InitSharedClient() error
type Client
- func CreateClient(vaultKubernetesRole string) (*Client, error)
type RequestToken

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// SharedClient is our Vault client wich is used for the token auth method and the kubernetes auth method with a
	// a globally configured Vault role via the VAULT_KUBERNETES_ROLE environment variable.
	// The client is then used for all requests against Vault, except for secrets, which have the vaultRole property
	// specified.
	// If the operator is configured with the kubernetes auth method, but without a VAULT_KUBERNETES_ROLE the client can
	// be nil. When the client is nil every secret must contain the vaultRole property.
	SharedClient *Client

	// ReconciliationTime specify the time in seconds after a vault secret is reconciled.
	ReconciliationTime int
)

Functions ¶

func InitSharedClient ¶

func InitSharedClient() error

InitSharedClient is used to initialize the shared client, when the VAULT_KUBERNETES_ROLE is specified.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client is the structure of our global client for Vault.

func CreateClient ¶

func CreateClient(vaultKubernetesRole string) (*Client, error)

CreateClient is used by the InitSharedClient and directly for a reconciliation loop to create a new Vault client.

func (*Client) GetCertificate ¶

func (c *Client) GetCertificate(path string, role string, options map[string]string) (map[string][]byte, *time.Time, error)

func (*Client) GetHealth ¶

func (c *Client) GetHealth(threshold int) error

GetHealth checks if the failedRenewTokenAttempts hits the given thresholds. If this is the case an error is returned.

func (*Client) GetPKIRenew ¶

func (c *Client) GetPKIRenew() time.Duration

func (*Client) GetSecret ¶

func (c *Client) GetSecret(secretEngine string, path string, keys []string, version int, isBinary bool, vaultNamespace string) (map[string][]byte, error)

GetSecret returns the value for a given secret.

func (*Client) IsNamespaceRestricted ¶ added in v1.24.0

func (c *Client) IsNamespaceRestricted() (bool, string)

func (*Client) PerformRenewToken ¶

func (c *Client) PerformRenewToken() bool

PerformRenewToken returns whether the operator should renew its token

func (*Client) RenewToken ¶

func (c *Client) RenewToken()

RenewToken renews the provided token after the half of the lease duration is passed, retrying every 30 seconds in case of errors.

type RequestToken ¶

type RequestToken func(*Client) error

RequestToken is a function to request a new Vault token, specific for auth method.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL