README
¶
go-credhub 
Overview
go-credhub is a client library for the Credhub API.
Usage
go get -u github.com/cloudfoundry-community/go-credhub
Experimental
- For the foreseeable future, releases will be in the
v0.x.yrange - You should expect breaking changes until
v1.x.yreleases occur - Notifications of breaking changes will be made via release notes associated with each tag
- This library is compatible both with
depand go 1.11 modules
Contributing
Pull requests welcome.
Documentation
¶
Overview ¶
Package credhub provides an API client for https://github.com/cloudfoundry-incubator/credhub
Index ¶
- func UAAEndpoint(credhubURL string, skipTLSVerify bool) (oauth2.Endpoint, error)
- type CFAppAuthClient
- type CertificateValueType
- type Client
- func (c *Client) AddPermissions(credentialName string, newPerms []Permission) ([]Permission, error)
- func (c *Client) Delete(name string) error
- func (c *Client) DeletePermissions(credentialName, actorID string) error
- func (c *Client) FindByPartialName(partialName string) ([]Credential, error)
- func (c *Client) FindByPath(path string) ([]Credential, error)
- func (c *Client) Generate(name string, credentialType CredentialType, parameters map[string]interface{}) (*Credential, error)
- func (c *Client) GetAllByName(name string) ([]Credential, error)
- func (c *Client) GetByID(id string) (*Credential, error)
- func (c *Client) GetLatestByName(name string) (*Credential, error)
- func (c *Client) GetPermissions(credentialName string) ([]Permission, error)
- func (c *Client) GetVersionsByName(name string, numVersions int) ([]Credential, error)
- func (c *Client) InterpolateCredentials(vcapServices string) (string, error)
- func (c *Client) ListAllPaths() ([]string, error)
- func (c *Client) Regenerate(name string) (*Credential, error)
- func (c *Client) Set(credential Credential, mode OverwriteMode, additionalPermissions []Permission) (*Credential, error)
- type Credential
- type CredentialType
- type HTTPClient
- type Operation
- type OverwriteMode
- type Permission
- type RSAValueType
- type SSHValueType
- type UAAAuthClient
- type UserValueType
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CFAppAuthClient ¶ added in v0.9.1
type CFAppAuthClient struct {
// contains filtered or unexported fields
}
CFAppAuthClient wraps an HTTPClient and handles mTLS authentication
type CertificateValueType ¶
type CertificateValueType struct {
CA string `json:"ca"`
PrivateKey string `json:"private_key"`
Certificate string `json:"certificate"`
}
CertificateValueType is what a certificate type credential will have. Use CertificateValue() to get this from a certificate type credential.
func CertificateValue ¶
func CertificateValue(cred Credential) (CertificateValueType, error)
CertificateValue will remarshal a credential so that its Value is a CertificateValueType. Use this method to get the CertificateValueType from the credential. Subsequent calls to this return the remarshalled struct.
func (*CertificateValueType) UnmarshalJSON ¶ added in v0.9.1
func (c *CertificateValueType) UnmarshalJSON(b []byte) error
UnmarshalJSON will unmarshal the JSON and strictly conform to the struct
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client interacts with the Credhub API. It provides methods for all available endpoints
func New ¶
func New(credhubURL string, hc HTTPClient) *Client
New creates a new Credhub client. You must bring an *http.Client that will negotiate authentication and authorization for you. See the examples for more information.
func (*Client) AddPermissions ¶
func (c *Client) AddPermissions(credentialName string, newPerms []Permission) ([]Permission, error)
AddPermissions adds permissions to a credential. Note that this method is *not* idempotent.
func (*Client) DeletePermissions ¶
DeletePermissions deletes permissions from a credential. Note that this method is *not* idempotent
func (*Client) FindByPartialName ¶
func (c *Client) FindByPartialName(partialName string) ([]Credential, error)
FindByPartialName retrieves a list of stored credential names which contain the search.
func (*Client) FindByPath ¶
func (c *Client) FindByPath(path string) ([]Credential, error)
FindByPath retrieves a list of stored credential names which are within the specified path. This method does not traverse sub-paths.
func (*Client) Generate ¶
func (c *Client) Generate(name string, credentialType CredentialType, parameters map[string]interface{}) (*Credential, error)
Generate will create a credential in Credhub. Currently does not work for the Value or JSON credential types. See https://credhub-api.cfapps.io/#generate-credentials for more information about available parameters.
func (*Client) GetAllByName ¶
func (c *Client) GetAllByName(name string) ([]Credential, error)
GetAllByName will return all versions of a credential, sorted in descending order by their created date.
func (*Client) GetByID ¶
func (c *Client) GetByID(id string) (*Credential, error)
GetByID will look up a credental by its ID. Since each version of a named credential has a different ID, this will always return at most one value.
func (*Client) GetLatestByName ¶
func (c *Client) GetLatestByName(name string) (*Credential, error)
GetLatestByName will return the current version of a credential. It will return at most one item.
func (*Client) GetPermissions ¶
func (c *Client) GetPermissions(credentialName string) ([]Permission, error)
GetPermissions returns the permissions of a credential. Permissions consist of an actor (See https://github.com/cloudfoundry-incubator/credhub/blob/master/docs/authentication-identities.md for more information on actor identities) and Operations
func (*Client) GetVersionsByName ¶
func (c *Client) GetVersionsByName(name string, numVersions int) ([]Credential, error)
GetVersionsByName will return the latest numVersions versions of a given credential, still sorted in descending order by their created date.
func (*Client) InterpolateCredentials ¶
InterpolateCredentials will take a string representation of a VCAP_SERVICES json variable, and interpolate any services whose credentials block consists only of credhub-ref. It will return the interpolated JSON as a string
func (*Client) ListAllPaths ¶
ListAllPaths lists all paths that have credentials that have that prefix. Use in conjunction with FindByPath() to list all credentials
func (*Client) Regenerate ¶
func (c *Client) Regenerate(name string) (*Credential, error)
Regenerate will generate new values for credentials using the same parameters as the stored value. All RSA and SSH credentials may be regenerated. Password and user credentials must have been generated to enable regeneration. Statically set certificates may be regenerated if they are self-signed or if the CA name has been set to a stored CA certificate.
func (*Client) Set ¶
func (c *Client) Set(credential Credential, mode OverwriteMode, additionalPermissions []Permission) (*Credential, error)
Set adds a credential in Credhub.
type Credential ¶
type Credential struct {
ID string `json:"id"`
Name string `json:"name"`
Created string `json:"version_created_at"`
Type CredentialType `json:"type,omitempty"`
Value interface{} `json:"value,omitempty"`
// contains filtered or unexported fields
}
Credential is the base type that the credential-based methods of Client will return.
type CredentialType ¶
type CredentialType string
CredentialType is the list of valid types of credentials Credhub supports
const ( // Value - A generic value Value CredentialType = "value" // Password - A password that can be (re-)generated Password CredentialType = "password" // User - A username, password, and password hash User CredentialType = "user" // JSON - An arbitrary block of JSON JSON CredentialType = "json" // RSA - A public/private key pair RSA CredentialType = "rsa" // SSH - An SSH private key, public key (in OpenSSH format), and public key fingerprint SSH CredentialType = "ssh" // Certificate - A private key, associated certificate, and CA Certificate CredentialType = "certificate" )
type HTTPClient ¶ added in v0.9.1
type HTTPClient interface {
Get(url string) (resp *http.Response, err error)
Do(req *http.Request) (*http.Response, error)
}
func NewCFAppAuthClient ¶ added in v0.9.1
func NewCFAppAuthClient(tr *http.Transport) (HTTPClient, error)
NewCFAppAuthClient creates a CFAppAuthClient
Example Usage:
client := NewCFAppAuthClient(http.DefaultClient())
func NewUAAAuthClient ¶ added in v0.9.1
func NewUAAAuthClient(hc HTTPClient, ua uaa.Client) HTTPClient
NewUAAAuthClient creates a UAAAuthClient.
Example usage:
cfg := &config.Config{
ClientName: "client-name",
ClientSecret: "client-secret",
UaaEndpoint: "https://uaa.service.cf.internal:8443",
SkipVerification: true,
}
uaaClient, err = client.NewClient(logger, cfg, clock)
if err != nil {
...
}
client := NewUAAAuthClient(http.DefaultClient(), uaaClient)
See github.com/cloudfoundry-community/uaa-go-client for more examples of instantiating the UAA client.
type Operation ¶
type Operation string
Operation is the list of valid operations
const ( // Read operation allows the actor to fetch and view credentials Read Operation = "read" // Write operation allows the actor to create, update, and generate credentials Write Operation = "write" // Delete operation allows the actor to delete credentials Delete Operation = "delete" // ReadACL operation allows the actor to view all permissions on a given credential ReadACL Operation = "read_acl" // WriteACL operation allows the actor to create and delete permissions on a given credential WriteACL Operation = "write_acl" )
type OverwriteMode ¶
type OverwriteMode string
OverwriteMode is the list of valid "mode" arguments
const ( // Overwrite will overwrite an existing credential on Set or Generate Overwrite OverwriteMode = "overwrite" // NoOverwrite will not overwrite an existing credential on Set or Generate NoOverwrite OverwriteMode = "no-overwrite" // Converge will only overwrite an existing credential if the parameters have changed Converge OverwriteMode = "converge" )
type Permission ¶
Permission represents the operations an actor is allowed to perform on a credential. See https://github.com/cloudfoundry-incubator/credhub/blob/master/docs/authentication-identities.md for more information on actor identities
type RSAValueType ¶
type RSAValueType struct {
PublicKey string `json:"public_key"`
PrivateKey string `json:"private_key"`
}
RSAValueType is what a rsa type credential will have. Use RSAValue() to get this from a rsa type Credential
func RSAValue ¶
func RSAValue(cred Credential) (RSAValueType, error)
RSAValue will remarshal a credential so that its Value is a RSAValueType. Use this method to get the RSAValueType from the credential. Subsequent calls to this return the remarshalled struct.
func (*RSAValueType) UnmarshalJSON ¶ added in v0.9.1
func (r *RSAValueType) UnmarshalJSON(b []byte) error
UnmarshalJSON will unmarshal the JSON and strictly conform to the struct
type SSHValueType ¶
type SSHValueType struct {
PublicKey string `json:"public_key"`
PrivateKey string `json:"private_key"`
PublicKeyFingerprint string `json:"public_key_fingerprint"`
}
SSHValueType is what a ssh type credential will have. Use SSHValue() to get this from a ssh type Credential
func SSHValue ¶
func SSHValue(cred Credential) (SSHValueType, error)
SSHValue will remarshal a credential so that its Value is a SSHValueType. Use this method to get the SSHValueType from the credential. Subsequent calls to this return the remarshalled struct.
func (*SSHValueType) UnmarshalJSON ¶ added in v0.9.1
func (s *SSHValueType) UnmarshalJSON(b []byte) error
UnmarshalJSON will unmarshal the JSON and strictly conform to the struct
type UAAAuthClient ¶ added in v0.9.1
type UAAAuthClient struct {
// contains filtered or unexported fields
}
UAAAuthClient is a thin wrapper around an http.Client that handles authenticating and renewing tokens provided via UAA.
type UserValueType ¶
type UserValueType struct {
Username string `json:"username"`
Password string `json:"password"`
PasswordHash string `json:"password_hash"`
}
UserValueType is what a user type credential will have. Use UserValue() to get this from a user type Credential
func UserValue ¶
func UserValue(cred Credential) (UserValueType, error)
UserValue will remarshal a credential so that its Value is a UserValueType. Use this method to get the UserValueType from the credential. Subsequent calls to this return the remarshalled struct.
func (*UserValueType) UnmarshalJSON ¶ added in v0.9.1
func (u *UserValueType) UnmarshalJSON(b []byte) error
UnmarshalJSON will unmarshal the JSON and strictly conform to the struct
Source Files