vault

package
v0.6.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 8, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func PathForReadingKubeSecret 

func PathForReadingKubeSecret(secretNamespace string, secretName string) string

PathForReadingKubeSecret returns the path to Vault secret that holds dataset credentials stored in kubernetes secret. Vault plugin vault-plugin-secrets-kubernetes-reader is used for reading kubernetes secret (https://github.com/fybrik/vault-plugin-secrets-kubernetes-reader) The path contains the following parts: - pluginPath is the Vault path where vault-plugin-secrets-kubernetes-reader plugin is enabled. - secret name - secret namespace for example, for secret name my-secret and namespace default it will be of the form: "/v1/kubernetes-secrets/my-secret?namespace=default"

Types

type Connection 

type Connection struct {
	Client  *api.Client
	Address string
	Token   string
}

Connection contains required information for connecting to vault

func NewConnection 

func NewConnection(addr string, token string) (*Connection, error)

NewConnection returns a new Connection object

func (*Connection) AddSecret 

func (c *Connection) AddSecret(path string, credentials map[string]interface{}) error

AddSecret adds a secret to vault

func (*Connection) AddSecretFromStruct 

func (c *Connection) AddSecretFromStruct(path string, creds interface{}) error

AddSecretFromStruct constructs a vault secret from the given structure

func (*Connection) DeletePolicy 

func (c *Connection) DeletePolicy(policyName string) error

DeletePolicy removes the policy with the given name from vault

func (*Connection) DeleteSecret 

func (c *Connection) DeleteSecret(vaultPath string) error

DeleteSecret deletes a secret

func (*Connection) GetSecret 

func (c *Connection) GetSecret(vaultPath string) (string, error)

GetSecret returns the stored secret as json

func (*Connection) LinkPolicyToIdentity 

func (c *Connection) LinkPolicyToIdentity(identity string, policyName string, boundedNamespace string, serviceAccount string, auth string, ttl string) error

LinkPolicyToIdentity registers a policy for a given identity or role, meaning that when a person or service of that identity logs into vault and tries to read or write a secret the provided policy will determine whether that is allowed or not.

func (*Connection) Mount 

func (c *Connection) Mount(path string) error

Mount mounts a key-value secret provider (kv version 1) to manage the storage of the secrets

func (*Connection) RemovePolicyFromIdentity 

func (c *Connection) RemovePolicyFromIdentity(identity string, policyName string, auth string) error

RemovePolicyFromIdentity removes the policy from the authentication identity with which it is associated, meaning this policy will no longer be invoked when a person or service authenticates with this identity.

func (*Connection) WritePolicy 

func (c *Connection) WritePolicy(policyName string, policy string) error

WritePolicy stores in vault the policy indicated. This can be associated with a vault token or an authentication identity to ensure proper use of secrets. Example policy: "path \"identities/test-identity\" {\n capabilities = [\"read\"]\n }" 

NOTE the line returns and the tab.  Without them it fails!

type Dummy 

type Dummy struct {
	// contains filtered or unexported fields
}

Dummy implementation for testing

func NewDummyConnection 

func NewDummyConnection() *Dummy

NewDummyConnection returns a new Dummy object

func (*Dummy) AddSecret 

func (c *Dummy) AddSecret(path string, credentials map[string]interface{}) error

func (*Dummy) AddSecretFromStruct 

func (c *Dummy) AddSecretFromStruct(path string, creds interface{}) error

func (*Dummy) DeletePolicy 

func (c *Dummy) DeletePolicy(policyName string) error

func (*Dummy) DeleteSecret 

func (c *Dummy) DeleteSecret(vaultPath string) error

func (*Dummy) GetSecret 

func (c *Dummy) GetSecret(vaultPath string) (string, error)

func (*Dummy) LinkPolicyToIdentity 

func (c *Dummy) LinkPolicyToIdentity(identity string, policyName string, boundedNamespace string, serviceAccount string, auth string, ttl string) error

func (*Dummy) Mount 

func (c *Dummy) Mount(path string) error

func (*Dummy) RemovePolicyFromIdentity 

func (c *Dummy) RemovePolicyFromIdentity(identity string, policyName string, auth string) error

func (*Dummy) WritePolicy 

func (c *Dummy) WritePolicy(policyName string, policy string) error

type Interface 

type Interface interface {
	LinkPolicyToIdentity(identity string, policyName string, boundedNamespace string, serviceAccount string, auth string, ttl string) error
	RemovePolicyFromIdentity(identity string, policyName string, auth string) error
	WritePolicy(policyName string, policy string) error
	DeletePolicy(policyName string) error
	Mount(path string) error
	DeleteSecret(vaultPath string) error
	GetSecret(vaultPath string) (string, error)
	AddSecret(path string, credentials map[string]interface{}) error
	AddSecretFromStruct(path string, creds interface{}) error
}

Interface provides vault functionality

func InitConnection 

func InitConnection(addr string, token string) (Interface, error)

InitConnection creates a new connection to vault. Note that it assumes that the home path has been mounted during the vault setup.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.