vault

package

v0.4.3 Latest Latest Go to latest Published: Nov 29, 2018 License: GPL-3.0 Imports: 9 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/shankj3/go-til

Links

Open Source Insights

Documentation ¶

Overview ¶

Package vault is a generated GoMock package.

Index ¶

Variables
type ErrNotFound
- func NotFound(msg string) *ErrNotFound
- func (e *ErrNotFound) Error() string
type MockVaulty
- func NewMockVaulty(ctrl *gomock.Controller) *MockVaulty
type MockVaultyMockRecorder
type Vaulty
type VaultyImpl

Constants ¶

This section is empty.

Variables ¶

View Source

var VaultCIPath = "secret/data/%s"

VaultCIPath is the base path for vault. Will be formatted to include the user or group when setting or retrieving credentials.

Functions ¶

This section is empty.

Types ¶

type ErrNotFound ¶

type ErrNotFound struct {
	// contains filtered or unexported fields
}

ErrNotFound is a string wrapping error type

func NotFound ¶

func NotFound(msg string) *ErrNotFound

NotFound returns a ErrNotFound string wrapper

func (*ErrNotFound) Error ¶

func (e *ErrNotFound) Error() string

Error returns the error message from ErrNotFound struct

func NewMockVaulty ¶

func NewMockVaulty(ctrl *gomock.Controller) *MockVaulty

NewMockVaulty creates a new mock instance

func (*MockVaulty) AddUserAuthData ¶

func (m *MockVaulty) AddUserAuthData(user string, data map[string]interface{}) (*api.Secret, error)

AddUserAuthData mocks base method

func (*MockVaulty) AddVaultData ¶

func (m *MockVaulty) AddVaultData(path string, data map[string]interface{}) (*api.Secret, error)

AddVaultData mocks base method

func (*MockVaulty) CreateThrowawayToken ¶

func (m *MockVaulty) CreateThrowawayToken() (string, error)

CreateThrowawayToken mocks base method

func (*MockVaulty) CreateToken ¶

func (m *MockVaulty) CreateToken(request *api.TokenCreateRequest) (string, error)

CreateToken mocks base method

func (*MockVaulty) CreateVaultPolicy ¶

func (m *MockVaulty) CreateVaultPolicy() error

CreateVaultPolicy mocks base method

func (*MockVaulty) DeletePath ¶

func (m *MockVaulty) DeletePath(path string) error

DeletePath mocks base method

func (*MockVaulty) EXPECT ¶

func (m *MockVaulty) EXPECT() *MockVaultyMockRecorder

EXPECT returns an object that allows the caller to indicate expected use

func (*MockVaulty) GetAddress ¶

func (m *MockVaulty) GetAddress() string

GetAddress mocks base method

func (*MockVaulty) GetUserAuthData ¶

func (m *MockVaulty) GetUserAuthData(user string) (map[string]interface{}, error)

GetUserAuthData mocks base method

func (*MockVaulty) GetVaultData ¶

func (m *MockVaulty) GetVaultData(path string) (map[string]interface{}, error)

GetVaultData mocks base method

func (*MockVaulty) GetVaultSecret ¶

func (m *MockVaulty) GetVaultSecret(path string) (*api.Secret, error)

GetVaultSecret mocks base method

func (*MockVaulty) Healthy ¶

func (m *MockVaulty) Healthy() bool

Healthy mocks base method

func (*MockVaulty) RenewLeaseForever ¶

func (m *MockVaulty) RenewLeaseForever(secret *api.Secret) error

RenewLeaseForever mocks base method

func (*MockVaulty) RenewLeaseOnce ¶

func (m *MockVaulty) RenewLeaseOnce(leaseID string, increment int) (*api.Secret, error)

RenewLeaseOnce mocks base method

type MockVaultyMockRecorder ¶

type MockVaultyMockRecorder struct {
	// contains filtered or unexported fields
}

MockVaultyMockRecorder is the mock recorder for MockVaulty

func (*MockVaultyMockRecorder) AddUserAuthData ¶

func (mr *MockVaultyMockRecorder) AddUserAuthData(user, data interface{}) *gomock.Call

AddUserAuthData indicates an expected call of AddUserAuthData

func (*MockVaultyMockRecorder) AddVaultData ¶

func (mr *MockVaultyMockRecorder) AddVaultData(path, data interface{}) *gomock.Call

AddVaultData indicates an expected call of AddVaultData

func (*MockVaultyMockRecorder) CreateThrowawayToken ¶

func (mr *MockVaultyMockRecorder) CreateThrowawayToken() *gomock.Call

CreateThrowawayToken indicates an expected call of CreateThrowawayToken

func (*MockVaultyMockRecorder) CreateToken ¶

func (mr *MockVaultyMockRecorder) CreateToken(request interface{}) *gomock.Call

CreateToken indicates an expected call of CreateToken

func (*MockVaultyMockRecorder) CreateVaultPolicy ¶

func (mr *MockVaultyMockRecorder) CreateVaultPolicy() *gomock.Call

CreateVaultPolicy indicates an expected call of CreateVaultPolicy

func (*MockVaultyMockRecorder) DeletePath ¶

func (mr *MockVaultyMockRecorder) DeletePath(path interface{}) *gomock.Call

DeletePath indicates an expected call of DeletePath

func (*MockVaultyMockRecorder) GetAddress ¶

func (mr *MockVaultyMockRecorder) GetAddress() *gomock.Call

GetAddress indicates an expected call of GetAddress

func (*MockVaultyMockRecorder) GetUserAuthData ¶

func (mr *MockVaultyMockRecorder) GetUserAuthData(user interface{}) *gomock.Call

GetUserAuthData indicates an expected call of GetUserAuthData

func (*MockVaultyMockRecorder) GetVaultData ¶

func (mr *MockVaultyMockRecorder) GetVaultData(path interface{}) *gomock.Call

GetVaultData indicates an expected call of GetVaultData

func (*MockVaultyMockRecorder) GetVaultSecret ¶

func (mr *MockVaultyMockRecorder) GetVaultSecret(path interface{}) *gomock.Call

GetVaultSecret indicates an expected call of GetVaultSecret

func (*MockVaultyMockRecorder) Healthy ¶

func (mr *MockVaultyMockRecorder) Healthy() *gomock.Call

Healthy indicates an expected call of Healthy

func (*MockVaultyMockRecorder) RenewLeaseForever ¶

func (mr *MockVaultyMockRecorder) RenewLeaseForever(secret interface{}) *gomock.Call

RenewLeaseForever indicates an expected call of RenewLeaseForever

func (*MockVaultyMockRecorder) RenewLeaseOnce ¶

func (mr *MockVaultyMockRecorder) RenewLeaseOnce(leaseID, increment interface{}) *gomock.Call

RenewLeaseOnce indicates an expected call of RenewLeaseOnce

type Vaulty ¶

type Vaulty interface {
	AddUserAuthData(user string, data map[string]interface{}) (*api.Secret, error)
	GetUserAuthData(user string) (map[string]interface{}, error)
	AddVaultData(path string, data map[string]interface{}) (*api.Secret, error)
	GetVaultData(path string) (map[string]interface{}, error)
	GetVaultSecret(path string) (*api.Secret, error)
	CreateToken(request *api.TokenCreateRequest) (token string, err error)
	CreateThrowawayToken() (token string, err error)
	CreateVaultPolicy() error
	GetAddress() string
	Healthy() bool
	DeletePath(path string) error
	RenewLeaseForever(secret *api.Secret) error
	RenewLeaseOnce(leaseID string, increment int) (*api.Secret, error)
}

Vaulty is the go-til wrapper interface to the Vault API

func GetInitVault ¶

func GetInitVault(once sync.Once, vaultCached Vaulty) (Vaulty, error)

GetInitVault will return an authenticated Vault client Use this function as a singleton essentially. todo, flesh out docs, for now look at hookhandler for use.

func NewAuthedClient ¶

func NewAuthedClient(token string) (val Vaulty, err error)

NewAuthedClient will return a client with default configurations and the Token attached to it. Vault URL configured through VAULT_ADDR environment variable.

func NewEnvAuthClient ¶

func NewEnvAuthClient() (Vaulty, error)

NewEnvAuthClient will set the Client token based on the environment variable `$VAULT_TOKEN`. Will return error if it is not set. Returns configured ocevault struct

type VaultyImpl ¶

type VaultyImpl struct {
	Client *api.Client
	Config *api.Config
}

VaultyImpl is the go-til wrapper to the Vault client

func (*VaultyImpl) AddUserAuthData ¶

func (val *VaultyImpl) AddUserAuthData(user string, data map[string]interface{}) (*api.Secret, error)

AddUserAuthData will add the values of the data map to the path of the CI user creds CI vault path set off of base path VaultCIPath

func (*VaultyImpl) AddVaultData ¶

func (val *VaultyImpl) AddVaultData(path string, data map[string]interface{}) (*api.Secret, error)

AddVaultData will add the values of the data map to the path of the CI user creds CI vault path set off of base path VaultCIPath

func (*VaultyImpl) CreateThrowawayToken ¶

func (val *VaultyImpl) CreateThrowawayToken() (token string, err error)

CreateThrowawayToken creates a single use token w/ same privileges as client. *single use* really means enough uses to initialize the client and make one call to actually get data todo: add ocevault policy for reading the secrets/ci/user path

func (*VaultyImpl) CreateToken ¶

func (val *VaultyImpl) CreateToken(request *api.TokenCreateRequest) (token string, err error)

CreateToken creates an Auth token using the val.Client's creds. Look at api.TokenCreateRequest docs for how to configure the token. Will return any errors from the create request.

func (*VaultyImpl) CreateVaultPolicy ¶

func (val *VaultyImpl) CreateVaultPolicy() error

CreateVaultPolicy creates a policy for r/w ops on only the path that credentials are on, which is `secret/ci/creds`. Tokens that are one-off and passed to the workers for building will get this access.

func (*VaultyImpl) DeletePath ¶

func (val *VaultyImpl) DeletePath(path string) error

DeletePath will format the path with prepending our mount path (secret/data) and then deleting at the fully qualified path will return any errors from the Vault API

func (*VaultyImpl) GetAddress ¶

func (val *VaultyImpl) GetAddress() string

GetAddress returns the Vault client address

func (*VaultyImpl) GetUserAuthData ¶

func (val *VaultyImpl) GetUserAuthData(user string) (map[string]interface{}, error)

GetUserAuthData will return the Data attribute of the secret you get at the path of the CI user creds, ie all the key-value fields that were set on it

func (*VaultyImpl) GetVaultData ¶

func (val *VaultyImpl) GetVaultData(path string) (map[string]interface{}, error)

GetVaultData Reads from a given Vault path, but only returns the Data element

func (*VaultyImpl) GetVaultSecret ¶

func (val *VaultyImpl) GetVaultSecret(path string) (*api.Secret, error)

GetVaultSecret Reads from a given Vault path. It is a lazy copy/paste of GetVaultData, but instead returns the full secret

func (*VaultyImpl) Healthy ¶

func (val *VaultyImpl) Healthy() bool

Healthy returns true if the Vault server returns a HealthResponse. Otherwise returns false.

func (*VaultyImpl) RenewLeaseForever ¶

func (val *VaultyImpl) RenewLeaseForever(secret *api.Secret) error

RenewLeaseForever is intended to be run as a goroutine. Will wait for 75% of ttl (secret.LeaseDuration), then try to renew the secret with same ttl

func (*VaultyImpl) RenewLeaseOnce ¶

func (val *VaultyImpl) RenewLeaseOnce(leaseID string, increment int) (*api.Secret, error)

RenewLeaseOnce is a wrapper to the Vault API secret renew

func (*VaultyImpl) RenewToken ¶

func (val *VaultyImpl) RenewToken() error

RenewToken is a wrapper to the Vault api. Renews the token for 24 hours.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL