vault

package

v0.3.1 Latest Latest Go to latest Published: May 12, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/DoodleScheduling/k8svault-controller

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type AuthConfig
type AuthHandler
- func NewAuthHandler(opts AuthHandlerConfig) *AuthHandler
- func (ah *AuthHandler) Authenticate(ctx context.Context, am AuthMethod) error
type AuthHandlerConfig
type AuthMethod
- func NewKubernetesAuthMethod(conf *AuthConfig) (AuthMethod, error)
type AuthMethodRegistry
- func (r *AuthMethodRegistry) Invoke(name string, conf *v1beta1.VaultAuthSpec) (AuthMethod, error)
- func (r *AuthMethodRegistry) MustRegister(name string, init NewAuthMethod)
- func (r *AuthMethodRegistry) Register(name string, init NewAuthMethod) error
type Mapper
type NewAuthMethod
type ReadWriter
type Reader
type TokenWriter
type VaultHandler
- func NewHandler(config *v1beta1.VaultSpec, logger logr.Logger) (*VaultHandler, error)
- func (h *VaultHandler) Read(path string) (map[string]interface{}, error)
- func (h *VaultHandler) Write(writer Mapper, srcData map[string]interface{}) (bool, error)
type Writer

Constants ¶

View Source

const (
	DefaultAuthRole = "k8svault-controller"
)

Variables ¶

View Source

var (
	ErrVaultAddrNotFound   = errors.New("Neither vault address nor a default vault address found")
	ErrFieldNotAvailable   = errors.New("Source field to be mapped does not exist")
	ErrUnsupportedAuthType = errors.New("Unsupported vault authentication")
	ErrVaultConfig         = errors.New("Failed to setup default vault configuration")
	ErrPathNotFound        = errors.New("Vault path not found")
)

Common errors

Functions ¶

This section is empty.

Types ¶

type AuthConfig ¶

type AuthConfig struct {
	MountPath string
	Config    map[string]interface{}
}

type AuthHandler ¶

type AuthHandler struct {
	// contains filtered or unexported fields
}

AuthHandler is responsible for keeping a token alive and renewed and passing new tokens to the sink server

func NewAuthHandler ¶

func NewAuthHandler(opts AuthHandlerConfig) *AuthHandler

func (*AuthHandler) Authenticate ¶

func (ah *AuthHandler) Authenticate(ctx context.Context, am AuthMethod) error

type AuthHandlerConfig ¶

type AuthHandlerConfig struct {
	Writer      Writer
	TokenWriter TokenWriter
}

type AuthMethod ¶

type AuthMethod interface {
	// Authenticate returns a mount path, header, request body, and error.
	// The header may be nil if no special header is needed.
	Authenticate(context.Context) (string, http.Header, map[string]interface{}, error)
}

AuthMethod is the interface that auto-auth methods implement for the agent to use.

func NewKubernetesAuthMethod ¶

func NewKubernetesAuthMethod(conf *AuthConfig) (AuthMethod, error)

NewKubernetesAuthMethod reads the user configuration and returns a configured AuthMethod

type AuthMethodRegistry ¶

type AuthMethodRegistry struct {
	// contains filtered or unexported fields
}

func (*AuthMethodRegistry) Invoke ¶

func (r *AuthMethodRegistry) Invoke(name string, conf *v1beta1.VaultAuthSpec) (AuthMethod, error)

func (*AuthMethodRegistry) MustRegister ¶

func (r *AuthMethodRegistry) MustRegister(name string, init NewAuthMethod)

func (*AuthMethodRegistry) Register ¶

func (r *AuthMethodRegistry) Register(name string, init NewAuthMethod) error

type Mapper ¶

type Mapper interface {
	IsForceApply() bool
	GetPath() string
	GetFieldMapping() []v1beta1.FieldMapping
}

Mapper retrieves mapping configuration

type NewAuthMethod ¶

type NewAuthMethod func(conf *v1beta1.VaultAuthSpec) (AuthMethod, error)

type ReadWriter ¶

type ReadWriter interface {
	Reader
	Writer
}

type Reader ¶

type Reader interface {
	Read(path string) (*api.Secret, error)
}

type TokenWriter ¶

type TokenWriter interface {
	SetToken(token string)
}

type VaultHandler ¶

type VaultHandler struct {
	// contains filtered or unexported fields
}

VaultHandler

func NewHandler ¶

func NewHandler(config *v1beta1.VaultSpec, logger logr.Logger) (*VaultHandler, error)

NewHandler creates a vault client handler If the config holds no vault address it will fallback to the env VAULT_ADDRESS

func (*VaultHandler) Read ¶

func (h *VaultHandler) Read(path string) (map[string]interface{}, error)

Read vault path and return data map Return empty map if no data exists

func (*VaultHandler) Write ¶

func (h *VaultHandler) Write(writer Mapper, srcData map[string]interface{}) (bool, error)

Write writes secrets to vault defined by the mapper

type Writer ¶

type Writer interface {
	Write(path string, data map[string]interface{}) (*api.Secret, error)
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL