Documentation ¶
Overview ¶
Software Name : Remote Key Server Version: 0.9.0 SPDX-FileCopyrightText: Copyright (c) 2020 Orange SPDX-License-Identifier: MPL-2.0
This software is distributed under the Mozilla Public License 2.0, the text of which is available at https://www.mozilla.org/en-US/MPL/2.0/ or see the "LICENSE" file for more details.
Author: Glenn Feunteun, Celine Nicolas
Software Name : Remote Key Server Version: 0.9.0 SPDX-FileCopyrightText: Copyright (c) 2020 Orange SPDX-License-Identifier: MPL-2.0
This software is distributed under the Mozilla Public License 2.0, the text of which is available at https://www.mozilla.org/en-US/MPL/2.0/ or see the "LICENSE" file for more details.
Author: Glenn Feunteun, Celine Nicolas
Index ¶
- Constants
- func RKSErrFromVaultErr(err error, msg string) *model.RksError
- type Configuration
- type Vault
- func (v *Vault) ConfigExists() (bool, *model.RksError)
- func (v *Vault) CreateGroupToken(group string) (*model.GroupToken, *model.RksError)
- func (v *Vault) CreateGroupTokenAndPolicies(group string) (*model.GroupToken, *model.RksError)
- func (v *Vault) CreateGroupTokenRole(group string) *model.RksError
- func (v *Vault) CreateNodeTokenFromRole(group string, nodeID string) (*vaultAPI.Secret, *model.RksError)
- func (v *Vault) CreateNodeTokenRole(group string, nodeID string) *model.RksError
- func (v *Vault) DeleteConfig(group string) *model.RksError
- func (v *Vault) DeleteGroupToken(group string) *model.RksError
- func (v *Vault) DeleteGroupTokenAndPolicies(group string) *model.RksError
- func (v *Vault) EnableAdminUserpassBackend() *model.RksError
- func (v *Vault) GetGroupList() ([]string, *model.RksError)
- func (v *Vault) GetGroupNameFromGroupToken() (string, *model.RksError)
- func (v *Vault) GetGroupSecretList(group string) (*model.GroupSecrets, int, *model.RksError)
- func (v *Vault) GetSecretGroupList(fqdn string) ([]string, *model.RksError)
- func (v *Vault) GroupExists(group string) (bool, *model.RksError)
- func (v *Vault) InitKvBackend() *model.RksError
- func (v *Vault) KeyExists(path string) (bool, *model.RksError)
- func (v *Vault) ListKeysUnderPath(path string) ([]string, *model.RksError)
- func (v *Vault) Login(login string, adminPassword string) (*model.AdminToken, *model.RksError)
- func (v *Vault) PurgeGroupSecretList(group string) *model.RksError
- func (v *Vault) PurgeKey(path string) *model.RksError
- func (v *Vault) ReadGroupConfig(group string) (*model.GroupRegInfo, *model.RksError)
- func (v *Vault) ReadGroupToken(group string) (*model.GroupToken, *model.RksError)
- func (v *Vault) ReadSecret(path string) (*vaultAPI.Secret, *model.RksError)
- func (v *Vault) ReadSecretIntoStruct(path string, data interface{}) *model.RksError
- func (v *Vault) ReadSecretIntoStructWithCas(path string, data interface{}) (int, *model.RksError)
- func (v *Vault) RevokeGroupToken(group string) *model.RksError
- func (v *Vault) RevokeNodeToken(group string, nodeID string) *model.RksError
- func (v *Vault) SecretExists(fqdn string) (bool, *model.RksError)
- func (v *Vault) WriteConfig() *model.RksError
- func (v *Vault) WriteGroupConfig(group string, groupRegInfo *model.GroupRegInfo) *model.RksError
- func (v *Vault) WriteGroupSecretList(group string, groupSecrets *model.GroupSecrets, version int) *model.RksError
- func (v *Vault) WriteGroupToken(group string, groupToken *model.GroupToken) *model.RksError
- func (v *Vault) WriteSecret(fqdn string, secret *model.Secret) *model.RksError
- func (v *Vault) WriteStruct(path string, data interface{}) *model.RksError
- func (v *Vault) WriteStructWithCas(path string, data interface{}, version int) *model.RksError
Constants ¶
const AdminPolicy = `` /* 636-byte string literal not displayed */
const GroupInitAccessPolicy = `
path "auth/token/renew-self" {
capabilities = ["read", "create", "update"]
}
`
const GroupSecretAccessPolicy = `` /* 187-byte string literal not displayed */
const GroupTokenAccessPolicy = `` /* 379-byte string literal not displayed */
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Configuration ¶
type Configuration struct { VaultAddr string Certificate string PrivateKey string ListenAddress string VaultInitialized bool AdminLogin string AdminPwd string }
Configuration options
var Config Configuration
Configs the global config struct
type Vault ¶
func NewVaultClient ¶
func (*Vault) CreateGroupToken ¶
func (*Vault) CreateGroupTokenAndPolicies ¶
func (*Vault) CreateGroupTokenRole ¶
func (*Vault) CreateNodeTokenFromRole ¶
func (*Vault) CreateNodeTokenRole ¶
func (*Vault) DeleteGroupTokenAndPolicies ¶
func (*Vault) EnableAdminUserpassBackend ¶
func (*Vault) GetGroupNameFromGroupToken ¶
func (*Vault) GetGroupSecretList ¶
func (*Vault) GetSecretGroupList ¶
return a list of groupname that uses a secret return an empyt list if None
func (*Vault) InitKvBackend ¶
func (*Vault) ListKeysUnderPath ¶
List first stage of path under given path remove / at end of key if exists
func (*Vault) PurgeGroupSecretList ¶
func (*Vault) PurgeKey ¶
PurgeKey removes a key entirely Vault KV2 introduces new semantics to delete with possibility to remove specific version of a key/value We want a complete key/value deletion so we use rks/metadata/fqdn https://www.vaultproject.io/api/secret/kv/kv-v2.html#delete-metadata-and-all-versions
func (*Vault) ReadGroupConfig ¶
func (*Vault) ReadGroupToken ¶
func (*Vault) ReadSecret ¶
func (*Vault) ReadSecretIntoStruct ¶
ReadSecretIntoStruct read key at *path* and decodes vault secret "data" field into given data struct This function will fail if no vault secret is found