Documentation
¶
Overview ¶
Package vault implements a wrapper around a Vault API client that retrieves credentials from the operating system environment.
Index ¶
- Constants
- func DataInSecret(instanceAddr string, data map[string]interface{}, path string, version string) (bool, error)
- func DeleteSecret(instanceAddr string, secretPath string) error
- func DeleteVaultPolicy(instanceAddr string, name string) error
- func DisableAuditDevice(instanceAddr string, path string) error
- func DisableAuth(instanceAddr string, path string) error
- func DisableSecretsEngine(instanceAddr string, path string) error
- func EnableAuditDevice(instanceAddr, path string, options *api.EnableAuditOptions) error
- func EnableAuthWithOptions(instanceAddr string, path string, options *api.EnableAuthOptions) error
- func EnableSecretsEngine(instanceAddr string, path string, mount *api.MountInput) error
- func EqualPathNames(x, y string) bool
- func FormatSecretPath(secret string, secretEngine string) string
- func GenerateApproleSecretID(instanceAddr, secretPath string) (*api.Secret, error)
- func GetEntityAliasInfo(instanceAddr string, id string) (map[string]interface{}, error)
- func GetEntityInfo(instanceAddr string, name string) (map[string]interface{}, error)
- func GetGroupInfo(instanceAddr string, name string) (map[string]interface{}, error)
- func GetInstances(entriesBytes []byte, kubeAuth bool, threadPoolSize int) []string
- func GetVaultPolicy(instanceAddr string, name string) (string, error)
- func GetVaultSecretField(instanceAddr, path, field, engineVersion string) (string, error)
- func GetVaultVersion(instanceAddr string) (string, error)
- func ListAuditDevices(instanceAddr string) (map[string]*api.Audit, error)
- func ListAuthBackends(instanceAddr string) (map[string]*api.AuthMount, error)
- func ListEntities(instanceAddr string) (map[string]interface{}, error)
- func ListGroups(instanceAddr string) (map[string]interface{}, error)
- func ListSecrets(instanceAddr string, path string) (*api.Secret, error)
- func ListSecretsEngines(instanceAddr string) (map[string]*api.MountOutput, error)
- func ListVaultPolicies(instanceAddr string) ([]string, error)
- func OptionsEqual(xopts, yopts map[string]interface{}) bool
- func ParseDuration(duration string) (time.Duration, error)
- func PutVaultPolicy(instanceAddr string, name string, rules string) error
- func ReadSecret(instanceAddr, secretPath, engineVersion string) (map[string]interface{}, error)
- func UpdateSecretsEngine(instanceAddr string, path string, config api.MountConfigInput) error
- func WriteEntityAlias(instanceAddr string, secretPath string, secretData map[string]interface{}) error
- func WriteSecret(instanceAddr, secretPath, engineVersion string, ...) error
- type AuthBundle
- type Instance
- type Item
- type VaultSecret
Constants ¶
const ( ROLE_ID = "roleID" SECRET_ID = "secretID" TOKEN = "token" APPROLE_AUTH = "approle" TOKEN_AUTH = "token" KV_V1 = "kv_v1" KV_V2 = "kv_v2" )
names to assign to access attributes
const ( OIDC_CLIENT_SECRET = "oidc_client_secret" OIDC_CLIENT_SECRET_KV_VER = "oidc_client_secret_kv_version" KUBERNETES_CA_CERT = "kubernetes_ca_cert" KUBERNETES_CA_CERT_KV_VER = "kubernetes_ca_cert_kv_version" )
Variables ¶
This section is empty.
Functions ¶
func DataInSecret ¶
func DataInSecret(instanceAddr string, data map[string]interface{}, path string, version string) (bool, error)
DataInSecret compare given data with data stored in the vault secret
func DeleteSecret ¶
delete secret from vault
func DeleteVaultPolicy ¶
delete vault policy
func DisableAuditDevice ¶
disable audit device
func DisableSecretsEngine ¶
disable secrets engine
func EnableAuditDevice ¶
func EnableAuditDevice(instanceAddr, path string, options *api.EnableAuditOptions) error
enable audit device with options
func EnableAuthWithOptions ¶
func EnableAuthWithOptions(instanceAddr string, path string, options *api.EnableAuthOptions) error
enable auth backend
func EnableSecretsEngine ¶
func EnableSecretsEngine(instanceAddr string, path string, mount *api.MountInput) error
enable secrets engine
func EqualPathNames ¶
EqualPathNames determines if two paths are the same.
func FormatSecretPath ¶
return proper secret path format based upon kv version kv v2 api inserts /data/ between the root engine name and remaining path
func GenerateApproleSecretID ¶
"write" empty secret to approle secret-id endpoint in order to generate new secret_id https://www.vaultproject.io/docs/auth/approle#via-the-api-1
func GetEntityAliasInfo ¶
func GetEntityInfo ¶
func GetGroupInfo ¶
func GetInstances ¶
Utilized to initialize vault instance clients for use by other toplevel integrations returns list of instance addresses being included in reconcile
func GetVaultPolicy ¶
get vault policy name
func GetVaultSecretField ¶
attempts to read/proccess a single access credential for a particular vault instance
func GetVaultVersion ¶
GetVaultVersion returns the vault server version
func ListAuditDevices ¶
list existing enabled Audits Devices.
func ListAuthBackends ¶
list existing auth backends
func ListEntities ¶
func ListGroups ¶
func ListSecrets ¶
list secrets
func ListSecretsEngines ¶
func ListSecretsEngines(instanceAddr string) (map[string]*api.MountOutput, error)
return secret engines
func ListVaultPolicies ¶
returns a list of existing policy names for a specific instance
func OptionsEqual ¶
OptionsEqual compares two sets of options mappings.
func ParseDuration ¶
ParseDuration parses a string duration from Vault. Defaults to seconds if no unit is found at the end of the string.
func PutVaultPolicy ¶
put vault policy
func ReadSecret ¶
read secret from vault and return the secret map
func UpdateSecretsEngine ¶
func UpdateSecretsEngine(instanceAddr string, path string, config api.MountConfigInput) error
update secrets engine
func WriteEntityAlias ¶
func WriteSecret ¶
func WriteSecret(instanceAddr, secretPath, engineVersion string, secretData map[string]interface{}) error
write secret to vault
Types ¶
type AuthBundle ¶
type AuthBundle struct {
KubeRoleName string
SecretEngine string
VaultSecrets []*VaultSecret
}
Source Files