token

package

v0.0.1-alpha.1 Latest Latest Go to latest Published: Aug 28, 2018 License: MIT Imports: 7 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/thatsmrtalbot/k8s-vault-csr

Documentation ¶

Index ¶

Variables
type AuthProvider
type AuthProviderAppRole
- func (p AuthProviderAppRole) Auth(client *api.Client) error
- func (p AuthProviderAppRole) String() string
type AuthProviderKubernetes
- func (p AuthProviderKubernetes) Auth(client *api.Client) error
- func (p AuthProviderKubernetes) String() string
type Renewer
- func NewRenewer(client *api.Client, authProvider AuthProvider) *Renewer
- func (r *Renewer) Run(done <-chan struct{}) error
- func (r *Renewer) RunOnce() error

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrNoAuthInfo = errors.New("no auth info returned")

ErrNoAuthInfo is returned when an auth provider returns no authentication info when requested from the vault server.

View Source

var ErrNoAuthProvider = errors.New("no vault authentication method provided")

ErrNoAuthProvider is the error returned when a Renewer is created without an auth method provided

Functions ¶

This section is empty.

Types ¶

type AuthProvider ¶

type AuthProvider interface {
	Auth(*api.Client) error
	String() string
}

AuthMethod the method used to authenticate against vault and update the client token.

type AuthProviderAppRole ¶

type AuthProviderAppRole struct {
	Mount    string
	RoleID   string
	SecretID string
}

func (AuthProviderAppRole) Auth ¶

func (p AuthProviderAppRole) Auth(client *api.Client) error

AppRoleAuth authenticates against Vault using an approle and secret.

func (AuthProviderAppRole) String ¶

func (p AuthProviderAppRole) String() string

type AuthProviderKubernetes ¶

type AuthProviderKubernetes struct {
	Mount     string
	Role      string
	TokenFile string
}

func (AuthProviderKubernetes) Auth ¶

func (p AuthProviderKubernetes) Auth(client *api.Client) error

Auth implements AuthProvider

func (AuthProviderKubernetes) String ¶

func (p AuthProviderKubernetes) String() string

type Renewer ¶

type Renewer struct {
	// contains filtered or unexported fields
}

Renewer manages vault token, it starts a control loop that checks the status of a token every second and performs the following actions:

- If no token exists then auth is attempted (requires auth method) - If the token is half way through its lifespan a token renew is attempted - If the token is expired auth is attempted (requires auth method)

If any of these actions fail the renewer exits with an error, allowing the application to handle to handle this failure. Its worth noting that the vault client has built in support for retrying failed requests, so a single failure should not cause an error.

func NewRenewer ¶

func NewRenewer(client *api.Client, authProvider AuthProvider) *Renewer

NewRenewer creates a Vault token renewer that will renew tokens halfway through their lifespan. If an auth method is provided then the controller can also authenticate against Vault if a authentication method is provided

func (*Renewer) Run ¶

func (r *Renewer) Run(done <-chan struct{}) error

Run starts the renewer loop until stopped or an error occurs

func (*Renewer) RunOnce ¶

func (r *Renewer) RunOnce() error

RunOnce runs the renew/auth action once

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL