credentials

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 3, 2019 License: GPL-2.0-or-later Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CredentialFile 

type CredentialFile struct {
	FilePath string      `yaml:"path"`
	Mode     os.FileMode `yaml:"mode"`
	Owner    string      `yaml:"owner"`
	Group    string      `yaml:"group"`
	// contains filtered or unexported fields
}

func NewCredentialFile 

func NewCredentialFile(path string, mode os.FileMode, owner string, group string) (*CredentialFile, error)

func (*CredentialFile) Path 

func (f *CredentialFile) Path() string

func (*CredentialFile) Read 

func (f *CredentialFile) Read() (string, error)

func (*CredentialFile) Write 

func (f *CredentialFile) Write(content string) error

type CredentialRenewer 

type CredentialRenewer struct {
	Credential RenewableCredential
	Action     PostRenewAction
	// contains filtered or unexported fields
}

func NewCredentialRenewer 

func NewCredentialRenewer(cred RenewableCredential, action PostRenewAction) *CredentialRenewer

func (*CredentialRenewer) DoneCh 

func (r *CredentialRenewer) DoneCh() <-chan error

func (*CredentialRenewer) Renew 

func (r *CredentialRenewer) Renew()

func (*CredentialRenewer) RenewCh 

func (r *CredentialRenewer) RenewCh() <-chan *RenewOutput

func (*CredentialRenewer) Stop 

func (r *CredentialRenewer) Stop()

type CredentialTemplate 

type CredentialTemplate struct {
	TemplateFile string          `yaml:"template_file"`
	OutputFile   *CredentialFile `yaml:"output_file"`
	Notifies     string          `yaml:"notifies"`
	// contains filtered or unexported fields
}

CredentialTemplate wraps an invocation of consul-template, using the vault token and address configured for the vaultClient

func (*CredentialTemplate) Initialize 

func (t *CredentialTemplate) Initialize(vaultClient *vault.Client) error

func (*CredentialTemplate) Renewer 

func (t *CredentialTemplate) Renewer() Renewer

func (*CredentialTemplate) Stop 

func (t *CredentialTemplate) Stop()

func (*CredentialTemplate) String 

func (t *CredentialTemplate) String() string

type CredentialTemplateRenewer 

type CredentialTemplateRenewer struct {
	// contains filtered or unexported fields
}

func (*CredentialTemplateRenewer) DoneCh 

func (r *CredentialTemplateRenewer) DoneCh() <-chan error

func (*CredentialTemplateRenewer) RenewCh 

func (r *CredentialTemplateRenewer) RenewCh() <-chan *RenewOutput

type ErrMaxRetriesExceeded 

type ErrMaxRetriesExceeded struct {
	MaxRetries uint
	Message    string
}

func (ErrMaxRetriesExceeded) Error 

func (e ErrMaxRetriesExceeded) Error() string

type PKICertificate 

type PKICertificate struct {
	PrivateKeyFile                      *CredentialFile `yaml:"private_key_file"`
	CertificateFile                     *CredentialFile `yaml:"certificate_file"`
	CertificateAuthorityCertificateFile *CredentialFile `yaml:"ca_cert_file"`
	RoleName                            string          `yaml:"role"`
	CommonName                          string          `yaml:"common_name"`
	AlternativeNames                    []string        `yaml:"alternative_names"`
	IPSubjectAlternativeNames           []string        `yaml:"ip_sans"`
	LeaseDuration                       time.Duration   `yaml:"lifetime"`
	BackendMountPoint                   string          `yaml:"vault_backend_mount"`
	Notifies                            string          `yaml:"notifies"`
	// contains filtered or unexported fields
}

func (*PKICertificate) Initialize 

func (p *PKICertificate) Initialize(vaultClient *vault.Client) error

func (*PKICertificate) MaxRenewInterval 

func (p *PKICertificate) MaxRenewInterval() time.Duration

func (*PKICertificate) Renew 

func (p *PKICertificate) Renew() error

func (*PKICertificate) Renewer 

func (p *PKICertificate) Renewer() Renewer

func (*PKICertificate) Stop 

func (p *PKICertificate) Stop()

func (*PKICertificate) String 

func (p *PKICertificate) String() string

type PostRenewAction 

type PostRenewAction interface {
	Do() error
}

type ReloadOrRestartSystemdUnit 

type ReloadOrRestartSystemdUnit struct {
	UnitName string
}

func (*ReloadOrRestartSystemdUnit) Do 

func (a *ReloadOrRestartSystemdUnit) Do() error

type RenewOutput 

type RenewOutput struct {
	Source      fmt.Stringer
	Message     string
	RenewalTime time.Time
}

func (*RenewOutput) String 

func (o *RenewOutput) String() string

type RenewTimer 

type RenewTimer struct {
	*time.Timer
	// contains filtered or unexported fields
}

func NewRenewTimer 

func NewRenewTimer(initialDelay, expirationWindow, initialFailInterval time.Duration, jitterPercent int64) *RenewTimer

func (*RenewTimer) FailReset 

func (t *RenewTimer) FailReset(expirationWindow time.Duration)

FailReset resets the timer using the exponential backoff time and increments the failure count

func (*RenewTimer) Reset 

func (t *RenewTimer) Reset(expirationWindow time.Duration)

Reset resets the timer using the success interval

type RenewableCredential 

type RenewableCredential interface {
	Renew() error
	MaxRenewInterval() time.Duration
	fmt.Stringer
}

type Renewer 

type Renewer interface {
	DoneCh() <-chan error
	RenewCh() <-chan *RenewOutput
}

type RenewerMerger 

type RenewerMerger struct {
	// contains filtered or unexported fields
}

func (*RenewerMerger) AddRenewer 

func (l *RenewerMerger) AddRenewer(r Renewer)

func (*RenewerMerger) DoneCh 

func (l *RenewerMerger) DoneCh() <-chan error

func (*RenewerMerger) RenewCh 

func (l *RenewerMerger) RenewCh() <-chan *RenewOutput

type SSHHostCertificate 

type SSHHostCertificate struct {
	PublicKeyFile     string          `yaml:"public_key_file"`
	CertificateFile   *CredentialFile `yaml:"certificate_file"`
	BackendMountPoint string          `yaml:"vault_backend_mount"`
	LeaseDuration     time.Duration   `yaml:"lifetime"`
	RoleName          string          `yaml:"role"`
	ValidPrincipals   []string        `yaml:"valid_principals"`
	Notifies          string          `yaml:"notifies"`
	// contains filtered or unexported fields
}

SSHHostCertificate is a credential type for ssh host certificate creation

func (*SSHHostCertificate) Initialize 

func (s *SSHHostCertificate) Initialize(vaultClient *vault.Client) error

func (*SSHHostCertificate) MaxRenewInterval 

func (s *SSHHostCertificate) MaxRenewInterval() time.Duration

func (*SSHHostCertificate) Renew 

func (s *SSHHostCertificate) Renew() error

func (*SSHHostCertificate) Renewer 

func (s *SSHHostCertificate) Renewer() Renewer

func (*SSHHostCertificate) Stop 

func (s *SSHHostCertificate) Stop()

func (*SSHHostCertificate) String 

func (s *SSHHostCertificate) String() string

type VaultToken 

type VaultToken struct {
	Policies           []string        `yaml:"policies"`
	TokenCreateRole    string          `yaml:"creation_role"`
	TokenFile          *CredentialFile `yaml:"token_file"`
	MaxRenewalInterval time.Duration   `yaml:"max_renew"`
	// contains filtered or unexported fields
}

func (*VaultToken) Initialize 

func (t *VaultToken) Initialize(vaultClient *vault.Client) error

func (*VaultToken) MaxRenewInterval 

func (t *VaultToken) MaxRenewInterval() time.Duration

func (*VaultToken) Renew 

func (t *VaultToken) Renew() error

func (*VaultToken) Renewer 

func (t *VaultToken) Renewer() Renewer

func (*VaultToken) Stop 

func (t *VaultToken) Stop()

func (*VaultToken) String 

func (t *VaultToken) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.