secretstoreclient

package
v1.2.2-dev.65 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 13, 2020 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

******************************************************************************

  • Copyright 2019 Dell Inc.
  • Copyright 2019 Intel Corporation *
  • Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  • in compliance with the License. You may obtain a copy of the License at *
  • http://www.apache.org/licenses/LICENSE-2.0 *
  • Unless required by applicable law or agreed to in writing, software distributed under the License
  • is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  • or implied. See the License for the specific language governing permissions and limitations under
  • the License. *
  • @author: Tingyu Zeng, Dell ******************************************************************************

Index

Constants

View Source
const (
	VaultToken            = "X-Vault-Token"
	VaultHealthAPI        = "/v1/sys/health"
	VaultInitAPI          = "/v1/sys/init"
	VaultUnsealAPI        = "/v1/sys/unseal"
	JSONContentType       = "application/json"
	CreatePolicyPath      = "/v1/sys/policies/acl/%s"
	CreateTokenAPI        = "/v1/auth/token/create"
	ListAccessorsAPI      = "/v1/auth/token/accessors"
	RevokeAccessorAPI     = "/v1/auth/token/revoke-accessor"
	LookupAccessorAPI     = "/v1/auth/token/lookup-accessor"
	LookupSelfAPI         = "/v1/auth/token/lookup-self"
	RevokeSelfAPI         = "/v1/auth/token/revoke-self"
	RootTokenControlAPI   = "/v1/sys/generate-root/attempt"
	RootTokenRetrievalAPI = "/v1/sys/generate-root/update"
	VaultMountsAPI        = "/v1/sys/mounts"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type EnableSecretsEngineRequest

type EnableSecretsEngineRequest struct {
	Type        string `json:"type"`
	Description string `json:"description"`
	Options     struct {
		Version string `json:"version"`
	} `json:"options"`
}

EnableSecretsEngineRequest is the POST request to /v1/sys/mounts

type HTTPSRequestor

type HTTPSRequestor interface {
	Insecure() internal.HttpCaller
	WithTLS(io.Reader, string) internal.HttpCaller
}

func NewRequestor

func NewRequestor(logger logger.LoggingClient) HTTPSRequestor

type InitRequest

type InitRequest struct {
	SecretShares    int `json:"secret_shares"`
	SecretThreshold int `json:"secret_threshold"`
}

InitRequest contains a Vault init request regarding the Shamir Secret Sharing (SSS) parameters

type InitResponse

type InitResponse struct {
	Keys          []string `json:"keys,omitempty"`
	KeysBase64    []string `json:"keys_base64,omitempty"`
	EncryptedKeys []string `json:"encrypted_keys,omitempty"`
	Nonces        []string `json:"nonces,omitempty"`
	RootToken     string   `json:"root_token,omitempty"`
}

InitResponse contains a Vault init response

type ListSecretEnginesResponse

type ListSecretEnginesResponse struct {
	Data map[string]struct {
		Type string `json:"type"`
	} `json:"data"`
}

ListSecretEnginesResponse is the response to GET /v1/sys/mounts

type ListTokenAccessorsResponse

type ListTokenAccessorsResponse struct {
	Data struct {
		Keys []string `json:"keys"`
	} `json:"data"`
}

ListTokenAccessorsResponse is the response to the list accessors API

type LookupAccessorRequest

type LookupAccessorRequest struct {
	Accessor string `json:"accessor"`
}

LookupAccessorRequest is used by accessor lookup API

type RevokeTokenAccessorRequest

type RevokeTokenAccessorRequest struct {
	Accessor string `json:"accessor"`
}

RevokeTokenAccessorRequest is the input to the revoke token by accessor API

type RootTokenControlResponse

type RootTokenControlResponse struct {
	Complete bool   `json:"complete"`
	Nonce    string `json:"nonce"`
	Otp      string `json:"otp"`
}

RootTokenControlResponse is the response to /v1/sys/generate-root/attempt

type RootTokenRetrievalRequest

type RootTokenRetrievalRequest struct {
	Key   string `json:"key"`
	Nonce string `json:"nonce"`
}

RootTokenRetrievalRequest is the request to /v1/sys/generate-root/update

type RootTokenRetrievalResponse

type RootTokenRetrievalResponse struct {
	Complete     bool   `json:"complete"`
	EncodedToken string `json:"encoded_token"`
}

RootTokenRetrievalResponse is the response to /v1/sys/generate-root/update

type SecretServiceInfo

type SecretServiceInfo struct {
	Scheme                      string
	Server                      string
	ServerName                  string
	Port                        int
	CertPath                    string
	CaFilePath                  string
	CertFilePath                string
	KeyFilePath                 string
	TokenFolderPath             string
	TokenFile                   string
	VaultSecretShares           int
	VaultSecretThreshold        int
	TokenProvider               string
	TokenProviderArgs           []string
	TokenProviderType           string
	TokenProviderAdminTokenPath string
	PasswordProvider            string
	PasswordProviderArgs        []string
	RevokeRootTokens            bool
}

func (SecretServiceInfo) GetSecretSvcBaseURL

func (s SecretServiceInfo) GetSecretSvcBaseURL() string

type SecretStoreClient

type SecretStoreClient interface {
	HealthCheck() (statusCode int, err error)
	Init(secretThreshold int, secretShares int, initResponse *InitResponse) (statusCode int, err error)
	Unseal(initResponse *InitResponse) (statusCode int, err error)
	InstallPolicy(token string,
		policyName string, policyDocument string) (statusCode int, err error)
	CreateToken(token string,
		parameters map[string]interface{}, response interface{}) (statusCode int, err error)
	ListAccessors(token string, accessors *[]string) (statusCode int, err error)
	RevokeAccessor(token string, accessor string) (statusCode int, err error)
	LookupAccessor(token string, accessor string, tokenMetadata *TokenMetadata) (statusCode int, err error)
	LookupSelf(token string, tokenMetadata *TokenMetadata) (statusCode int, err error)
	RevokeSelf(token string) (statusCode int, err error)
	RegenRootToken(initResponse *InitResponse, rootToken *string) (err error)
	CheckSecretEngineInstalled(token string, mountPoint string, engine string) (isInstalled bool, err error)
	EnableKVSecretEngine(token string, mountPoint string, kvVersion string) (statusCode int, err error)
}

SecretStoreClient is interface to Vault

type TokenLookupResponse

type TokenLookupResponse struct {
	Data TokenMetadata
}

TokenLookupResponse is the response to the token lookup API

type TokenMetadata

type TokenMetadata struct {
	Accessor   string   `json:"accessor"`
	ExpireTime string   `json:"expire_time"`
	Path       string   `json:"path"`
	Policies   []string `json:"policies"`
}

TokenMetadata has introspection data about a token

type UnsealRequest

type UnsealRequest struct {
	Key   string `json:"key"`
	Reset bool   `json:"reset"`
}

UnsealRequest contains a Vault unseal request

type UnsealResponse

type UnsealResponse struct {
	Sealed   bool `json:"sealed"`
	T        int  `json:"t"`
	N        int  `json:"n"`
	Progress int  `json:"progress"`
}

UnsealResponse contains a Vault unseal response

type UpdateACLPolicyRequest

type UpdateACLPolicyRequest struct {
	Policy string `json:"policy"`
}

UpdateACLPolicyRequest contains a ACL policy create/update request

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL