vault

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 25, 2017 License: MPL-2.0 Imports: 11 Imported by: 22

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	GithubCurrentCommit = ""
)
View Source
var LoginMap = map[string]string{
	"token":    "",
	"userpass": "password",
	"github":   "token",
	"ldap":     "password",
	"okta":     "password",
}

Logging in with different methods requires different secondary keys

Functions

func Bootstrap added in v0.7.1

func Bootstrap(wrappingToken string) error

func BootstrapRaw added in v0.7.1

func BootstrapRaw(token string) error

similar to bootstrap function, but uses a raw token instead of an approle secret_id highly dangerous and not recommended to be called externally unless approle is inaccessible

func Bootstrapped added in v0.6.0

func Bootstrapped() bool

func DeleteFromCubbyhole

func DeleteFromCubbyhole(name string) (*api.Secret, error)

func GenerateRootCancel

func GenerateRootCancel() error

func GenerateRootInit

func GenerateRootInit(otp string) (*api.GenerateRootStatusResponse, error)

func GenerateRootStatus

func GenerateRootStatus() (*api.GenerateRootStatusResponse, error)

lookup current root generation status

func GenerateRootUpdate

func GenerateRootUpdate(shard, nonce string) (*api.GenerateRootStatusResponse, error)

func LoadRuntimeConfig added in v0.4.0

func LoadRuntimeConfig(configPath string) error

func LookupSelf added in v0.6.0

func LookupSelf() (map[string]interface{}, error)

func NewGoldfishVaultClient added in v0.6.0

func NewGoldfishVaultClient() (client *api.Client, err error)

func NewVaultClient added in v0.3.0

func NewVaultClient() (*api.Client, error)

func ReadFromCubbyhole

func ReadFromCubbyhole(name string) (*api.Secret, error)

func SetConfig added in v0.6.0

func SetConfig(c *config.VaultConfig)

func UnwrapData added in v0.2.5

func UnwrapData(wrappingToken string) (map[string]interface{}, error)

func VaultHealth

func VaultHealth() (*api.HealthResponse, error)

func VerifyTokenRights added in v0.7.1

func VerifyTokenRights(token string) (accessor string, err error)

check to ensure server's token has basic rights, and is able to read config path

func WrapData added in v0.2.5

func WrapData(wrapttl string, data map[string]interface{}) (string, error)

func WriteToCubbyhole

func WriteToCubbyhole(name string, data map[string]interface{}) (interface{}, error)

Types

type AuthInfo

type AuthInfo struct {
	Type string `json:"Type" form:"Type" query:"Type"`
	ID   string `json:"ID" form:"ID" query:"ID"`
	Pass string `json:"password" form:"Password" query:"Password"`
}

func (*AuthInfo) CapabilitiesSelf added in v0.3.2

func (auth *AuthInfo) CapabilitiesSelf(path string) ([]string, error)

returns a list of capabilities the current auth has on a given path

func (*AuthInfo) Clear

func (auth *AuthInfo) Clear()

zeros out credentials, call by defer

func (AuthInfo) Client

func (auth AuthInfo) Client() (client *api.Client, err error)

constructs a client with server's vault address and client access token

func (AuthInfo) CreateToken

func (auth AuthInfo) CreateToken(opts *api.TokenCreateRequest, orphan bool,
	rolename string, wrapttl string) (*api.Secret, error)

func (*AuthInfo) DecryptAuth

func (auth *AuthInfo) DecryptAuth() error

decrypt auth details with transit backend

func (AuthInfo) DecryptTransit

func (auth AuthInfo) DecryptTransit(key string, cipher string) (string, error)

decrypt given cipher with userTransitKey

func (AuthInfo) DeletePolicy

func (auth AuthInfo) DeletePolicy(name string) error

func (AuthInfo) DeleteRaw added in v0.5.1

func (auth AuthInfo) DeleteRaw(path string) (*api.Secret, error)

func (AuthInfo) DeleteSecret added in v0.4.1

func (auth AuthInfo) DeleteSecret(path string) (interface{}, error)

func (*AuthInfo) EncryptAuth

func (auth *AuthInfo) EncryptAuth() error

encrypt auth details with transit backend

func (AuthInfo) EncryptTransit

func (auth AuthInfo) EncryptTransit(key string, plaintext string) (string, error)

encrypt given string with userTransitKey

func (AuthInfo) GetBulletins

func (auth AuthInfo) GetBulletins() ([]map[string]interface{}, error)

func (AuthInfo) GetMount

func (auth AuthInfo) GetMount(path string) (*api.MountConfigOutput, error)

func (AuthInfo) GetPolicy

func (auth AuthInfo) GetPolicy(name string) (string, error)

func (AuthInfo) GetRole

func (auth AuthInfo) GetRole(rolename string) (interface{}, error)

func (AuthInfo) GetTokenAccessors added in v0.5.0

func (auth AuthInfo) GetTokenAccessors() ([]interface{}, error)

func (AuthInfo) ListApproleRoles added in v0.5.1

func (auth AuthInfo) ListApproleRoles() ([]Role, error)

func (AuthInfo) ListLDAPGroups added in v0.6.0

func (auth AuthInfo) ListLDAPGroups() ([]LDAPGroup, error)

func (AuthInfo) ListLDAPUsers added in v0.6.0

func (auth AuthInfo) ListLDAPUsers() ([]LDAPUser, error)

func (AuthInfo) ListMounts

func (auth AuthInfo) ListMounts() (map[string]*api.MountOutput, error)

returns list of current mounts, if authorized

func (AuthInfo) ListPolicies

func (auth AuthInfo) ListPolicies() ([]string, error)

func (AuthInfo) ListRoles

func (auth AuthInfo) ListRoles() (interface{}, error)

func (AuthInfo) ListSecret

func (auth AuthInfo) ListSecret(path string) ([]interface{}, error)

func (AuthInfo) ListUserpassUsers added in v0.5.1

func (auth AuthInfo) ListUserpassUsers() ([]UserpassUser, error)

func (*AuthInfo) Login

func (auth *AuthInfo) Login() (map[string]interface{}, error)

verifies whether auth ID and password are valid if valid, creates a client access token and returns the metadata

func (AuthInfo) LookupSelf

func (auth AuthInfo) LookupSelf() (*api.Secret, error)

func (AuthInfo) LookupTokenByAccessor added in v0.5.0

func (auth AuthInfo) LookupTokenByAccessor(accs string) ([]interface{}, error)

func (AuthInfo) PutPolicy

func (auth AuthInfo) PutPolicy(name, rules string) error

func (AuthInfo) ReadSecret

func (auth AuthInfo) ReadSecret(path string) (map[string]interface{}, error)

func (AuthInfo) RenewSelf

func (auth AuthInfo) RenewSelf() (*api.Secret, error)

func (AuthInfo) RevokeSelf

func (auth AuthInfo) RevokeSelf() error

func (AuthInfo) RevokeTokenByAccessor added in v0.5.1

func (auth AuthInfo) RevokeTokenByAccessor(acc string) error

func (AuthInfo) TuneMount

func (auth AuthInfo) TuneMount(path string, config api.MountConfigInput) error

func (*AuthInfo) UnwrapData added in v0.3.2

func (auth *AuthInfo) UnwrapData(wrappingToken string) (*api.Secret, error)

func (*AuthInfo) WrapData added in v0.3.2

func (auth *AuthInfo) WrapData(wrapttl string, raw string) (string, error)

func (AuthInfo) WriteSecret

func (auth AuthInfo) WriteSecret(path string, raw string) (interface{}, error)

type LDAPGroup added in v0.6.0

type LDAPGroup struct {
	Name     string
	Policies []string
}

type LDAPUser added in v0.6.0

type LDAPUser struct {
	Name     string
	Policies []string
	Groups   []string
}

type Role added in v0.5.1

type Role struct {
	Roleid             string
	Token_TTL          int
	Token_max_TTL      int
	Secret_id_TTL      int
	Secret_id_num_uses int
	Policies           []string
	Period             int
	Bind_secret_id     bool
	Bound_cidr_list    string
}

type RuntimeConfig added in v0.6.0

type RuntimeConfig struct {
	ServerTransitKey  string
	UserTransitKey    string
	TransitBackend    string
	DefaultSecretPath string
	BulletinPath      string

	SlackWebhook string
	SlackChannel string

	GithubAccessToken  string
	GithubRepoOwner    string
	GithubRepo         string
	GithubPoliciesPath string
	GithubTargetBranch string

	// fields that goldfish will write
	LastUpdated         string `hash:"ignore"`
	GithubCurrentCommit string
}

func GetConfig

func GetConfig() RuntimeConfig

type UserpassUser added in v0.5.1

type UserpassUser struct {
	Name     string
	TTL      int
	Max_TTL  int
	Policies string
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL