Documentation ¶
Index ¶
- Constants
- Variables
- func FetchVaultAddrFromConsul(ctx context.Context, client *api.Client, serviceFetcher LiveServiceFetcher) error
- func NewConsul(addr string) (*api.Client, error)
- func NewConsulFromEnv() (*api.Client, error)
- func NewConsulWithConfig(config *api.Config) (*api.Client, error)
- func SimpleVaultLoad(addr, token, name string, to interface{}) errordeprecated
- type AdditionalPath
- type AuthOption
- type Consul
- func (l Consul) DynamicValue(ctx context.Context, key string) (<-chan []byte, error)
- func (l *Consul) EnsureClient() error
- func (l Consul) Load(appName string, to interface{}) error
- func (l Consul) LoadWithContext(ctx context.Context, appName string, to interface{}) error
- func (l *Consul) SearchLiveServices(ctx context.Context, name string, tags []string) ([]*api.ServiceEntry, error)
- type CustomFlagVar
- type Default
- type DynamicValuer
- type Env
- type File
- func (l File) Load(appName string, to interface{}) error
- func (l File) LoadEnv(to interface{}) error
- func (l *File) LoadEtc(appName string, to interface{}) error
- func (l File) LoadFile(fileName string, to interface{}) error
- func (l File) LoadFileSuffix(filePath string, to interface{}) error
- func (l File) LoadWithContext(_ context.Context, appName string, to interface{}) error
- func (l File) LoadWorkDir(appName string, to interface{}) error
- type Flags
- func (l Flags) AddFlagsIterator(set *flag.FlagSet) internal.IteratorFunc
- func (l Flags) FieldNameFunc(outer string, field reflect.StructField) string
- func (l Flags) Load(_ string, to interface{}) error
- func (l Flags) LoadSlice(to interface{}, args []string) error
- func (l Flags) LoadWithContext(_ context.Context, _ string, to interface{}) error
- func (l Flags) ProcessFlagsIterator(set flag.FlagSet) internal.IteratorFunc
- type LiveServiceFetcher
- type Loader
- type Planer
- type Vault
- func (l *Vault) EnsureClient(ctx context.Context) error
- func (l *Vault) Load(appName string, to interface{}) error
- func (l *Vault) LoadFromReformat(ctx context.Context, paths []AdditionalPath, to interface{}) error
- func (l *Vault) LoadGeneric(ctx context.Context, to interface{}) error
- func (l *Vault) LoadWithContext(ctx context.Context, appName string, to interface{}) error
- type Vaulter
- type Watch
Constants ¶
const CmdTag = "cmd"
CmdTag is the tag used to specify a command line flag.
const ConsulConfigPathPrefixEnv = "CONSUL_CONFIG_PATH_PREFIX"
ConsulConfigPathPrefixEnv holds the name of the env variable that is used to set custom path prefix.
const DefaultTag = "default"
DefaultTag is a tag name for default value.
const EnvConfigFile = "CONFIG_FILE"
EnvConfigFile sets a name for environmental variable that can hold path for configuration file.
const EnvTag = "env"
EnvTag is a tag name for environment variable.
const VaultAppRoleBasePathEnv = "VAULT_APPROLE_BASE_PATH"
VaultAppRoleBasePathEnv specifies the name of the environment variable that holds the path to login.
const VaultRoleIDEnv = "VAULT_ROLE_ID"
VaultRoleIDEnv specifies the name of environment a variable that holds Vault role id to authenticate with.
const VaultRoleSecretEnv = "VAULT_ROLE_SECRET" // nolint:gosec // false-positive
VaultRoleSecretEnv specifies the name of environment a variable that holds Vault role secret.
const VaultSecretBasePathEnv = "VAULT_SECRET_BASE_PATH"
VaultSecretBasePathEnv specifies the name of the environment variable that holds the base path to secrets.
Variables ¶
var ConfFileSuffixes = []string{".toml", ".yml", ".yaml", ".json"}
ConfFileSuffixes is the ordered list of suffix for configuration file. It is not specific for type(.toml .yml, .yaml, .json) because it is possible to change which loader will be used.
var ConsulConfigPathPrefix = "finops"
ConsulConfigPathPrefix stores the default base path for secrets.
var ConsulTag = "cfg"
ConsulTag is a tag used to identify field name.
var ErrNoClient = errors.New("no client available")
ErrNoClient is returned when no client is found, for Vault and Consul.
var ErrNoConfFile = errors.New("config file not found")
ErrNoConfFile use to skip reader.
var ErrNoDecoder = errors.New("decoder not found for this file type")
ErrNoDecoder is a serious error and not continue process.
var ErrNoEnv = errors.New("CONFIG_FILE not declared")
ErrNoEnv use to skip reader.
var FileDecoders = map[string]codec.Decoder{ ".toml": codec.TOML{}, ".yml": codec.YAML{}, ".yaml": codec.YAML{}, ".json": codec.JSON{}, }
FileDecoders for file extensions
var FileTag = "cfg"
FileTag is a tag name for file loader
var VaultAppRoleBasePath = "auth/approle/login"
VaultAppRoleBasePath is the default base path for app role authentication.
var VaultSecretAdditionalPaths = []AdditionalPath{
{Map: "", Name: "generic"},
}
VaultSecretAdditionalPaths is usable for additional secrets to load. Such generic secrets might be re-used by any number of applications. They must not be application specific!
var VaultSecretBasePath = "finops"
VaultSecretBasePath is the base path for secrets.
var VaultSecretTag = "secret"
VaultSecretTag is the tag used to identify Vault secrets.
Functions ¶
func FetchVaultAddrFromConsul ¶
func FetchVaultAddrFromConsul(ctx context.Context, client *api.Client, serviceFetcher LiveServiceFetcher) error
FetchVaultAddrFromConsul will try to find alive Vault instances in `serviceFetcher` and will set `client` address to random instance. If no instances were found or error happened - nothing will be changed.
If address will be changed - it will always be HTTPS.
func NewConsulFromEnv ¶
NewConsulFromEnv creates a client from environmental variables.
This function uses api.DefatulConfig(), which means that variables should be named as Consul expects them. For example now CONSUL_ADDR should be set as CONSUL_HTTP_ADDR.
func NewConsulWithConfig ¶
NewConsulWithConfig creates a client from a config.
func SimpleVaultLoad
deprecated
Types ¶
type AdditionalPath ¶
type AdditionalPath struct { // Map to wrap values to a new map with this key. // It could be / seperated to create a nested map [e.g. "foo/bar"]. Map string // Name to get that value. Name string // InnerPath to get that value [e.g. "foo/bar"]. // If not found then it return empty map. InnerPath string }
AdditionalPath is used to add additional path to the Vault path.
type AuthOption ¶
AuthOption options for authentication.
func SetAppRole ¶
func SetAppRole(role, secret string) AuthOption
SetAppRole sets the client token from the Approle auth Method It does authenticate to fetch the token, then sets it.
Vault can also be setup to authenticate with role_id only for this the secret id can be passed as blank.
func SetToken ¶
func SetToken(token string) AuthOption
SetToken sets the token auth method It does not do authentication here.
type Consul ¶
type Consul struct { Client *api.Client // Decoder specifies function that will decode the response from Consul. // By default it is YAML parser + Map decoder. // // Please prefer YAML to JSON or anything else if there is no strict requirement for it. // // Note: this function is not used in Watcher. Decoder codec.Decoder // Plan for dynamic changes Plan Planer }
Consul is an instance of configuration loader from Consul.
Example usage:
var config Config // some Config struct cl, err := api.NewClient(&api.Config{Address: "http://consul:8500"}) if err != nil { ... } consulLoader := Consul{Client: cl} err = consulLoader.Load("adm0001s", &config) if err != nil { ... } // config is now populated from Consul.
func (Consul) DynamicValue ¶
DynamicValue allows to get dynamically updated values at a runtime.
---
If specified key has new value - runner will be called.
If specified key deleted or consul server closed nothing happen and you can restart consul server safetly. Remove specified key not trigger function! This function will spin up Goroutine to track changes in background.
Developers will use a context. After that you can cancel that context to close listening and channel. Don't close channel manually. It return a channel to get new value as []byte.
Example:
ch, err := loader.Consul{}.DynamicValue(ctx, "test/dynamic") if err != nil { log.Logger.Debug().Err(err).Msg("uupps") return } for v := range ch { // use v here }
func (*Consul) EnsureClient ¶
EnsureClient creates and sets a Consul client if needed.
func (Consul) LoadWithContext ¶
LoadWithContext retrieves data from Consul and decode response into 'to' struct.
func (*Consul) SearchLiveServices ¶
func (l *Consul) SearchLiveServices(ctx context.Context, name string, tags []string) ([]*api.ServiceEntry, error)
SearchLiveServices is a wrapper for c.Client.Health().ServiceMultipleTags(name, tags, true, (&api.QueryOptions{}).WithContext(ctx))
This provides a bit nicer interface on fetching services and gives ability to have LiveServiceFetcher as an argument or a field instead of actual implementation.
type CustomFlagVar ¶
type CustomFlagVar struct { Setter internal.TypeSetter Val reflect.Value }
func (CustomFlagVar) Get ¶
func (c CustomFlagVar) Get() interface{}
Get is necessary to get reflect.Value as is and not as a string.
func (CustomFlagVar) Set ¶
func (c CustomFlagVar) Set(s string) error
func (CustomFlagVar) String ¶
func (c CustomFlagVar) String() string
type Default ¶
type Default struct{}
Default is a loader that loads config struct fields with their default value as defined in the tags.
func (Default) FieldNameFunc ¶
func (l Default) FieldNameFunc(outer string, field reflect.StructField) string
FieldNameFunc defined field retrieval function for Default loader.
This function will return string in format of <field_name>:<default_value> or just "-" if no default value is defined.
func (Default) IteratorFunc ¶
IteratorFunc returns a setter function for setting fields.
type DynamicValuer ¶
type DynamicValuer interface { // DynamicValue polls config field value once in dynamicConfig.RefreshInterval. // If after poll value was changed - dynamicConfig.Runner function will be called with new value. // // If requested service supports better(native) listening for changes - it will be implemented instead. // // Error handling should be done in runner function. DynamicValue(context.Context, string) (<-chan []byte, error) }
DynamicValuer interface is used to get dynamic value from loader.
type Env ¶
type Env struct{}
Env allows to load values from environmental variables.
For consistency and best-practices of Linux environmental variables only upper-case values will be used. Even if in tag it is specified in lower-case.
Variable name will be upper-cased when doing lookup. No other cases are checked.
func (Env) FieldNameFunc ¶
func (l Env) FieldNameFunc(outer string, field reflect.StructField) string
FieldNameFunc returns a field function which will get name from `env` tag, concatenated with '_'(underscore) and uppercased.
func (Env) IteratorFunc ¶
IteratorFunc sets a field to a value from environment.
If field is not defined in environment - it is no-op.
type File ¶
type File struct { // EtcPath for setting new path for etc, default is '/etc'. EtcPath string // NoFolderCheck doesn't try to check working directory and 'EtcPath' // with this formation '<appname>.[yml|yaml|json]'. NoFolderCheck bool }
File is intended to be a limited time option to read configuration from files. Set configuration path on CONFIG_FILE environment variable. '.yml|.yaml|.json' extensions supported.
Breaking changes from v1: config field name will be used as-is, without changing case.
func (*File) LoadEtc ¶
LoadEtc will load configuration file from /etc directory. File name is appName, so resulting path will be /etc/<appName>.
func (File) LoadFileSuffix ¶
LoadFileSuffix will load configuration from file path.
func (File) LoadWithContext ¶
LoadWithContext will try to load configuration file from two places: working directory(or file specified in env) and /etc. File in /etc will only be read if configuration file is missing in working directory.
See DefaultDecoder for understanding of which decoder will used in this loader.
Not existing configuration files are not treated as an error. If this behavior is required - use `Reader.Load*` methods directly.
func (File) LoadWorkDir ¶
LoadWorkDir will load configuration from current working directory.
If EnvConfigFile environment variable is specified - it will have priority over current working directory. EnvConfigFile value will be expanded with environment before use.
type Flags ¶
type Flags struct { // Args to give manually read from flags default os.Args[1:] Args []string // NoUsage may be used to silence usage on invalid flags. NoUsage bool }
Flags will parse CMD args.
Flags defined in inner structs will be set with combination of outer flag name and inner flag name separated by '-'.
For example:
type s struct{ A struct{ B int `cmd:"inner"` } `cmd:"outer"` }
Field B could be set using flag '--outer-inner'. This works for any depth of field.
If flag name is not specified and "cfg" tag is not present - lowercase field name will be used as flag name.
Breaking change from v1: parsing will fail with usage if unknown flag will be found.
Also only first value from the tag will be used. This means that if tag is 'cmd:"tag,t"' - only "tag" will be used as command line. This might be changed in the future.
func (Flags) AddFlagsIterator ¶
func (l Flags) AddFlagsIterator(set *flag.FlagSet) internal.IteratorFunc
AddFlagsIterator is the function to add flags to a specified flag set.
func (Flags) FieldNameFunc ¶
func (l Flags) FieldNameFunc(outer string, field reflect.StructField) string
FieldNameFunc returns a field name retrieved from `cmd` tag, concatenated with '-'(minus sign) and lowercased.
func (Flags) LoadWithContext ¶
LoadWithContext loads config values from the command line with context. Context value not used in this loader.
func (Flags) ProcessFlagsIterator ¶
func (l Flags) ProcessFlagsIterator(set flag.FlagSet) internal.IteratorFunc
ProcessFlagsIterator is the function to set flag values based on already parsed flags.
type LiveServiceFetcher ¶
type LiveServiceFetcher func(ctx context.Context, name string, tags []string) ([]*api.ServiceEntry, error)
LiveServiceFetcher is a signature of the function that will fetch only live instances of the service.
If no services found - (nil, nil) will be returned.
type Loader ¶
type Loader interface { // Load will load all available data to at 'to' value. // // Even if particular loader type must implement ReflectLoader - // this interface still must be implemented as a proxy. Load(appName string, to interface{}) error // LoadWithContext same as Load but using predefined ctx in load process. // This is usable for logging. LoadWithContext(ctx context.Context, appName string, to interface{}) error }
Loader is a interface for all loaders.
func NewVaulterer ¶
func NewVaulterer(addr string, opts ...AuthOption) (loader Loader, err error)
NewVaulterer returns the Vaulter interface. If role_id is given it will call SetTokenAppRole to set the token
Example usage:
var config Config // some Config struct vaultLoader, NewVaulterer(addr, SetAppRole(roleID, "")) if err != nil { ... } err = vaultLoader.Load("adm0001s", &config) if err != nil { ... }
type Vault ¶
type Vault struct {
Client Vaulter
}
Vault loads secret values from Vault instance.
Generic secrets can also be loaded by using LoadGeneric method ¶
Example usage:
var config Config // some Config struct cl, err := api.NewClient(&api.Config{Address: "http://vault:8200"}) if err != nil { ... } cl.SetToken("some_token") // this could be also other means of authentication. vaultLoader := Vault{Client: cl} err = vaultLoader.Load("adm0001s", &config) if err != nil { ... } // config is now populated from Vault.
func (*Vault) EnsureClient ¶
EnsureClient creates and sets a Vault client if needed.
func (*Vault) LoadFromReformat ¶
func (l *Vault) LoadFromReformat(ctx context.Context, paths []AdditionalPath, to interface{}) error
LoadFromReformat loads secrets from Vault and load to the input struct 'to'.
func (*Vault) LoadGeneric ¶
LoadGeneric loads generic(shared) secrets from Vault.
func (*Vault) LoadWithContext ¶
LoadWithContext will load data from Vault to input struct 'to'. 'name' is base secret path, or just name of application. Path will be constructed as "${VaultSecretTag}/${name}". By default VaultSecretTag value is "secrets/data", which allows to load secrets from root.
type Vaulter ¶
type Vaulter interface { Read(path string) (*api.Secret, error) List(path string) (*api.Secret, error) }
Vaulter interface for Vault.
func NewVaulter ¶
NewVaulter creates a new Vault client.
func NewVaulterFromClient ¶
NewVaulterFromClient will create a Vaulter client based on input client.
This function will try to choose live Vault instance from the Consul.