Versions in this module Expand all Collapse all v1 v1.1.11 Mar 9, 2023 v1.1.10 Feb 14, 2023 v1.1.9 Feb 14, 2023 v1.1.8 Aug 6, 2021 Changes in this version + const AliasLookaheadOperation + const CreateOperation + const DeleteOperation + const HTTPContentType + const HTTPRawBody + const HTTPRawBodyAlreadyJSONDecoded + const HTTPStatusCode + const HelpOperation + const ListOperation + const ReadOperation + const RenewOperation + const RevokeOperation + const RollbackOperation + const UpdateOperation + var ErrInvalidRequest = errors.New("invalid request") + var ErrMultiAuthzPending = errors.New("request needs further approval") + var ErrPerfStandbyPleaseForward = errors.New("please forward to the active node") + var ErrPermissionDenied = errors.New("permission denied") + var ErrReadOnly = errors.New("cannot write to readonly storage") + var ErrRelativePath = errors.New("relative paths not supported") + var ErrSetupReadOnly = errors.New("cannot write to storage during setup") + var ErrUnsupportedOperation = errors.New("unsupported operation") + var ErrUnsupportedPath = errors.New("unsupported path") + var ErrUpstreamRateLimited = errors.New("upstream rate limited") + func AdjustErrorStatusCode(status *int, err error) + func ClearView(ctx context.Context, view ClearableView) error + func ClearViewWithLogging(ctx context.Context, view ClearableView, logger hclog.Logger) error + func CollectKeys(ctx context.Context, view ClearableView) ([]string, error) + func CollectKeysWithPrefix(ctx context.Context, view ClearableView, prefix string) ([]string, error) + func RespondError(w http.ResponseWriter, status int, err error) + func RespondErrorCommon(req *Request, resp *Response, err error) (int, error) + func ScanView(ctx context.Context, view ClearableView, cb func(path string)) error + type Alias struct + Metadata map[string]string + MountAccessor string + MountType string + Name string + XXX_NoUnkeyedLiteral struct{} + XXX_sizecache int32 + XXX_unrecognized []byte + func (*Alias) Descriptor() ([]byte, []int) + func (*Alias) ProtoMessage() + func (m *Alias) GetMetadata() map[string]string + func (m *Alias) GetMountAccessor() string + func (m *Alias) GetMountType() string + func (m *Alias) GetName() string + func (m *Alias) Reset() + func (m *Alias) String() string + func (m *Alias) XXX_DiscardUnknown() + func (m *Alias) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) + func (m *Alias) XXX_Merge(src proto.Message) + func (m *Alias) XXX_Size() int + func (m *Alias) XXX_Unmarshal(b []byte) error + type Auth struct + Accessor string + Alias *Alias + BoundCIDRs []*sockaddr.SockAddrMarshaler + ClientToken string + CreationPath string + DisplayName string + EntityID string + ExplicitMaxTTL time.Duration + ExternalNamespacePolicies map[string][]string + GroupAliases []*Alias + IdentityPolicies []string + InternalData map[string]interface{} + Metadata map[string]string + NumUses int + Orphan bool + Period time.Duration + Policies []string + TokenPolicies []string + TokenType TokenType + func (a *Auth) GoString() string + type Authz struct + AuthorizationTime time.Time + Token string + type Backend interface + Cleanup func(context.Context) + HandleExistenceCheck func(context.Context, *Request) (bool, bool, error) + HandleRequest func(context.Context, *Request) (*Response, error) + InvalidateKey func(context.Context, string) + Logger func() log.Logger + Setup func(context.Context, *BackendConfig) error + SpecialPaths func() *Paths + System func() SystemView + Type func() BackendType + type BackendConfig struct + BackendUUID string + Config map[string]string + Logger log.Logger + StorageView Storage + System SystemView + type BackendType uint32 + const TypeCredential + const TypeLogical + const TypeUnknown + func (b BackendType) String() string + type ClearableView interface + Delete func(context.Context, string) error + List func(context.Context, string) ([]string, error) + type ClientTokenSource uint32 + const ClientTokenFromAuthzHeader + const ClientTokenFromVaultHeader + const NoClientToken + type Connection struct + ConnState *tls.ConnectionState + RemoteAddr string + type ControlGroup struct + Approved bool + Authorizations []*Authz + NamespaceID string + RequestTime time.Time + type Entity struct + Aliases []*Alias + ID string + Metadata map[string]string + Name string + XXX_NoUnkeyedLiteral struct{} + XXX_sizecache int32 + XXX_unrecognized []byte + func (*Entity) Descriptor() ([]byte, []int) + func (*Entity) ProtoMessage() + func (m *Entity) GetAliases() []*Alias + func (m *Entity) GetID() string + func (m *Entity) GetMetadata() map[string]string + func (m *Entity) GetName() string + func (m *Entity) Reset() + func (m *Entity) String() string + func (m *Entity) XXX_DiscardUnknown() + func (m *Entity) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) + func (m *Entity) XXX_Merge(src proto.Message) + func (m *Entity) XXX_Size() int + func (m *Entity) XXX_Unmarshal(b []byte) error + type Factory func(context.Context, *BackendConfig) (Backend, error) + type HTTPAuth struct + Accessor string + ClientToken string + EntityID string + IdentityPolicies []string + LeaseDuration int + Metadata map[string]string + Orphan bool + Policies []string + Renewable bool + TokenPolicies []string + TokenType string + type HTTPCodedError interface + Code func() int + Error func() string + func CodedError(status int, msg string) HTTPCodedError + type HTTPResponse struct + Auth *HTTPAuth + Data map[string]interface{} + Headers map[string][]string + LeaseDuration int + LeaseID string + Renewable bool + RequestID string + Warnings []string + WrapInfo *HTTPWrapInfo + func LResponseToHTTPResponse(input *Response) *HTTPResponse + type HTTPSysInjector struct + Response *HTTPResponse + func (h HTTPSysInjector) MarshalJSON() ([]byte, error) + type HTTPWrapInfo struct + Accessor string + CreationPath string + CreationTime string + TTL int + Token string + WrappedAccessor string + type InmemStorage struct + func (s *InmemStorage) Delete(ctx context.Context, key string) error + func (s *InmemStorage) Get(ctx context.Context, key string) (*StorageEntry, error) + func (s *InmemStorage) List(ctx context.Context, prefix string) ([]string, error) + func (s *InmemStorage) Put(ctx context.Context, entry *StorageEntry) error + func (s *InmemStorage) Underlying() *inmem.IBackend + type KeyNotFoundError struct + Err error + func (e *KeyNotFoundError) Error() string + func (e *KeyNotFoundError) WrappedErrors() []error + type LStorage struct + func NewLStorage(underlying physical.Backend) *LStorage + func (s *LStorage) Delete(ctx context.Context, key string) error + func (s *LStorage) Get(ctx context.Context, key string) (*StorageEntry, error) + func (s *LStorage) List(ctx context.Context, prefix string) ([]string, error) + func (s *LStorage) Put(ctx context.Context, entry *StorageEntry) error + func (s *LStorage) Underlying() physical.Backend + type LeaseOptions struct + Increment time.Duration + IssueTime time.Time + MaxTTL time.Duration + Renewable bool + TTL time.Duration + func (l *LeaseOptions) ExpirationTime() time.Time + func (l *LeaseOptions) LeaseEnabled() bool + func (l *LeaseOptions) LeaseTotal() time.Duration + type MFACreds map[string][]string + type Operation string + type Paths struct + LocalStorage []string + Root []string + SealWrapStorage []string + Unauthenticated []string + type PluginEnvironment struct + VaultVersion string + XXX_NoUnkeyedLiteral struct{} + XXX_sizecache int32 + XXX_unrecognized []byte + func (*PluginEnvironment) Descriptor() ([]byte, []int) + func (*PluginEnvironment) ProtoMessage() + func (m *PluginEnvironment) GetVaultVersion() string + func (m *PluginEnvironment) Reset() + func (m *PluginEnvironment) String() string + func (m *PluginEnvironment) XXX_DiscardUnknown() + func (m *PluginEnvironment) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) + func (m *PluginEnvironment) XXX_Merge(src proto.Message) + func (m *PluginEnvironment) XXX_Size() int + func (m *PluginEnvironment) XXX_Unmarshal(b []byte) error + type ReplicationCodedError struct + Code int + Msg string + func (r *ReplicationCodedError) Error() string + type Request struct + Auth *Auth + ClientToken string + ClientTokenAccessor string + ClientTokenRemainingUses int + ClientTokenSource ClientTokenSource + Connection *Connection + ControlGroup *ControlGroup + Data map[string]interface{} + DisplayName string + EntityID string + Headers map[string][]string + ID string + MFACreds MFACreds + MountAccessor string + MountPoint string + MountType string + Operation Operation + Path string + PolicyOverride bool + ReplicationCluster string + Secret *Secret + Storage Storage + Unauthenticated bool + WrapInfo *RequestWrapInfo + func RenewAuthRequest(path string, auth *Auth, data map[string]interface{}) *Request + func RenewRequest(path string, secret *Secret, data map[string]interface{}) *Request + func RevokeRequest(path string, secret *Secret, data map[string]interface{}) *Request + func RollbackRequest(path string) *Request + func (r *Request) Get(key string) interface{} + func (r *Request) GetString(key string) string + func (r *Request) GoString() string + func (r *Request) LastRemoteWAL() uint64 + func (r *Request) SentinelGet(key string) (interface{}, error) + func (r *Request) SentinelKeys() []string + func (r *Request) SetLastRemoteWAL(last uint64) + func (r *Request) SetTokenEntry(te *TokenEntry) + func (r *Request) TokenEntry() *TokenEntry + type RequestWrapInfo struct + Format string + SealWrap bool + TTL time.Duration + func (r *RequestWrapInfo) SentinelGet(key string) (interface{}, error) + func (r *RequestWrapInfo) SentinelKeys() []string + type Response struct + Auth *Auth + Data map[string]interface{} + Headers map[string][]string + Redirect string + Secret *Secret + Warnings []string + WrapInfo *wrapping.ResponseWrapInfo + func ErrorResponse(text string, vargs ...interface{}) *Response + func HTTPResponseToLogicalResponse(input *HTTPResponse) *Response + func HelpResponse(text string, seeAlso []string, oapiDoc interface{}) *Response + func ListResponse(keys []string) *Response + func ListResponseWithInfo(keys []string, keyInfo map[string]interface{}) *Response + func RespondWithStatusCode(resp *Response, req *Request, code int) (*Response, error) + func (r *Response) AddWarning(warning string) + func (r *Response) Error() error + func (r *Response) IsError() bool + type Secret struct + InternalData map[string]interface{} + LeaseID string + func (s *Secret) GoString() string + func (s *Secret) Validate() error + type StaticSystemView struct + CachingDisabledVal bool + DefaultLeaseTTLVal time.Duration + EnableMlock bool + EntityVal *Entity + LocalMountVal bool + MaxLeaseTTLVal time.Duration + PluginEnvironment *PluginEnvironment + Primary bool + ReplicationStateVal consts.ReplicationState + SudoPrivilegeVal bool + TaintedVal bool + VaultVersion string + func (d StaticSystemView) CachingDisabled() bool + func (d StaticSystemView) DefaultLeaseTTL() time.Duration + func (d StaticSystemView) EntityInfo(entityID string) (*Entity, error) + func (d StaticSystemView) LocalMount() bool + func (d StaticSystemView) LookupPlugin(_ context.Context, _ string, _ consts.PluginType) (*pluginutil.PluginRunner, error) + func (d StaticSystemView) MaxLeaseTTL() time.Duration + func (d StaticSystemView) MlockEnabled() bool + func (d StaticSystemView) PluginEnv(_ context.Context) (*PluginEnvironment, error) + func (d StaticSystemView) ReplicationState() consts.ReplicationState + func (d StaticSystemView) ResponseWrapData(_ context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error) + func (d StaticSystemView) SudoPrivilege(_ context.Context, path string, token string) bool + func (d StaticSystemView) Tainted() bool + type StatusBadRequest struct + Err string + func (s *StatusBadRequest) Error() string + type Storage interface + Delete func(context.Context, string) error + Get func(context.Context, string) (*StorageEntry, error) + List func(context.Context, string) ([]string, error) + Put func(context.Context, *StorageEntry) error + type StorageEntry struct + Key string + SealWrap bool + Value []byte + func StorageEntryJSON(k string, v interface{}) (*StorageEntry, error) + func (e *StorageEntry) DecodeJSON(out interface{}) error + type StorageView struct + func NewStorageView(storage Storage, prefix string) *StorageView + func (s *StorageView) Delete(ctx context.Context, key string) error + func (s *StorageView) ExpandKey(suffix string) string + func (s *StorageView) Get(ctx context.Context, key string) (*StorageEntry, error) + func (s *StorageView) List(ctx context.Context, prefix string) ([]string, error) + func (s *StorageView) Prefix() string + func (s *StorageView) Put(ctx context.Context, entry *StorageEntry) error + func (s *StorageView) SanityCheck(key string) error + func (s *StorageView) SubView(prefix string) *StorageView + func (s *StorageView) TruncateKey(full string) string + type SystemView interface + CachingDisabled func() bool + DefaultLeaseTTL func() time.Duration + EntityInfo func(entityID string) (*Entity, error) + LocalMount func() bool + LookupPlugin func(context.Context, string, consts.PluginType) (*pluginutil.PluginRunner, error) + MaxLeaseTTL func() time.Duration + MlockEnabled func() bool + PluginEnv func(context.Context) (*PluginEnvironment, error) + ReplicationState func() consts.ReplicationState + ResponseWrapData func(ctx context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error) + SudoPrivilege func(ctx context.Context, path string, token string) bool + Tainted func() bool + type TokenEntry struct + Accessor string + BoundCIDRs []*sockaddr.SockAddrMarshaler + CreationTime int64 + CreationTimeDeprecated int64 + DisplayName string + DisplayNameDeprecated string + EntityID string + ExplicitMaxTTL time.Duration + ExplicitMaxTTLDeprecated time.Duration + ID string + Meta map[string]string + NamespaceID string + NumUses int + NumUsesDeprecated int + Parent string + Path string + Period time.Duration + Policies []string + PublicID string + Role string + TTL time.Duration + Type TokenType + func (te *TokenEntry) SentinelGet(key string) (interface{}, error) + func (te *TokenEntry) SentinelKeys() []string + type TokenType uint8 + const TokenTypeBatch + const TokenTypeDefault + const TokenTypeDefaultBatch + const TokenTypeDefaultService + const TokenTypeService + func (t TokenType) String() string