request

package
v0.7.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 25, 2017 License: MPL-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Add

func Add(auth *vault.AuthInfo, raw map[string]interface{}) (string, error)

adds a request if user has authentication

func IsRootOnly

func IsRootOnly(req Request) bool

func Reject

func Reject(auth *vault.AuthInfo, hash string) error

deletes request, if user is authorized to read resource

Types

type GithubRequest

type GithubRequest struct {
	Type          string
	CommitHash    string
	Changes       map[string]PolicyDiff
	Requester     string
	RequesterHash string
	Required      int
	Progress      int `hash:"ignore"`
}

func CreateGithubRequest

func CreateGithubRequest(auth *vault.AuthInfo, raw map[string]interface{}) (*GithubRequest, error)

verifies user can read all policies in the changes

func (*GithubRequest) Approve

func (r *GithubRequest) Approve(hash string, unsealKey string) error

provides and unseal as an approval to a request if there are sufficient unseal tokens, attempt to roll the change

func (GithubRequest) IsRootOnly

func (r GithubRequest) IsRootOnly() bool

func (*GithubRequest) Reject

func (r *GithubRequest) Reject(auth *vault.AuthInfo, hash string) error

purges the request entry and unseal tokens from goldfish's cubbyhole

func (*GithubRequest) Verify

func (r *GithubRequest) Verify(auth *vault.AuthInfo) error

verifies user can read all policies that will be changed if vault's policies changed in the meanwhile, progress will be reset

type PolicyDiff

type PolicyDiff struct {
	Previous string
	Proposed string
}

type PolicyRequest

type PolicyRequest struct {
	Type          string
	PolicyName    string
	Previous      string
	Proposed      string
	Requester     string
	RequesterHash string
	Required      int
	Progress      int `hash:"ignore"`
}

func CreatePolicyRequest

func CreatePolicyRequest(auth *vault.AuthInfo, raw map[string]interface{}) (*PolicyRequest, string, error)

constructs the request from limited fields and returns the hash raw must contain two keys: 'policyname' and 'rules'

func (*PolicyRequest) Approve

func (r *PolicyRequest) Approve(hash string, unsealKey string) error

provides an unseal key as an approval to a request if there are sufficient unseal keys, attempt to roll the change

func (PolicyRequest) IsRootOnly

func (r PolicyRequest) IsRootOnly() bool

func (*PolicyRequest) Reject

func (r *PolicyRequest) Reject(auth *vault.AuthInfo, hash string) error

purges the request entry and unseal keys from goldfish's cubbyhole

func (*PolicyRequest) Verify

func (r *PolicyRequest) Verify(auth *vault.AuthInfo) error

verifies user can read policy, and that it hasn't changed since proposal

type Request

type Request interface {
	IsRootOnly() bool
	Verify(*vault.AuthInfo) error
	Approve(string, string) error
	Reject(*vault.AuthInfo, string) error
}

func Approve

func Approve(auth *vault.AuthInfo, hash string, unseal string) (Request, error)

if unseal is nonempty string, approve request with current auth otherwise, add unseal to list of unseals to generate root token later

func Get

func Get(auth *vault.AuthInfo, hash string) (Request, error)

fetches a request if it exists, and if user has authentication

type TokenRequest

type TokenRequest struct {
	Type           string
	Orphan         string
	Wrap_ttl       string
	Role           string
	CreateRequest  *api.TokenCreateRequest
	CreateResponse *api.Secret
	Requester      string
	RequesterHash  string
	Required       int
	Progress       int `hash:"ignore"`
}

func CreateTokenRequest

func CreateTokenRequest(auth *vault.AuthInfo, raw map[string]interface{}) (*TokenRequest, string, error)

constructs the request from limited fields and returns the hash raw must contain key: 'wrap_ttl', and can contain 'orphan', 'role'

func (*TokenRequest) Approve

func (r *TokenRequest) Approve(hash string, unsealKey string) error

provides an unseal token as an approval to a request if there are sufficient unseal tokens, attempt to roll the change

func (TokenRequest) IsRootOnly

func (r TokenRequest) IsRootOnly() bool

func (*TokenRequest) Reject

func (r *TokenRequest) Reject(auth *vault.AuthInfo, hash string) error

purges the request entry and unseal tokens from goldfish's cubbyhole

func (*TokenRequest) Verify

func (r *TokenRequest) Verify(auth *vault.AuthInfo) error

verifies user can read the role if request contains one, and at least lookup self

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL