secretstore

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 14, 2020 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source
const (
	VaultToken             = "X-Vault-Token"
	TokenCreatorPolicyName = "privileged-token-creator"

	// This is an admin token policy that allow for creation of
	// per-service tokens and policies
	TokenCreatorPolicy = `` /* 394-byte string literal not displayed */

)
View Source
const OneShotProvider = "oneshot"

Variables

This section is empty.

Functions

func Main

func Main(ctx context.Context, cancel context.CancelFunc, _ *mux.Router, _ chan<- bool)

Types

type Bootstrap

type Bootstrap struct {
	// contains filtered or unexported fields
}

func NewBootstrap

func NewBootstrap(insecureSkipVerify bool, vaultInterval int) *Bootstrap

func (*Bootstrap) BootstrapHandler

func (b *Bootstrap) BootstrapHandler(ctx context.Context, _ *sync.WaitGroup, _ startup.Timer, dic *di.Container) bool

BootstrapHandler fulfills the BootstrapHandler contract and performs initialization needed by the data service.

type CertCollect

type CertCollect struct {
	Pair CertPair `json:"data"`
}

type CertPair

type CertPair struct {
	Cert string `json:"cert,omitempty"`
	Key  string `json:"key,omitempty"`
}

type Certs

type Certs struct {
	// contains filtered or unexported fields
}

func NewCerts

func NewCerts(
	caller internal.HttpCaller,
	certPath string,
	rootToken string,
	secretServiceBaseURL string,
	lc logger.LoggingClient) Certs

func (*Certs) AlreadyinStore

func (cs *Certs) AlreadyinStore() (bool, error)

func (*Certs) ReadFrom

func (cs *Certs) ReadFrom(certPath string, keyPath string) (*CertPair, error)

func (*Certs) UploadToStore

func (cs *Certs) UploadToStore(cp *CertPair) error

type CmdRunner

type CmdRunner interface {
	Start() error
	Wait() error
}

type Cred

type Cred struct {
	// contains filtered or unexported fields
}

func NewCred

func NewCred(
	caller internal.HttpCaller,
	rootToken string,
	generator CredentialGenerator,
	secretServiceBaseURL string,
	lc logger.LoggingClient) Cred

func (*Cred) AlreadyInStore

func (cr *Cred) AlreadyInStore(path string) (bool, error)

func (*Cred) GeneratePassword

func (cr *Cred) GeneratePassword(service string) (string, error)

func (*Cred) UploadToStore

func (cr *Cred) UploadToStore(pair *UserPasswordPair, path string) error

type CredCollect

type CredCollect struct {
	Pair UserPasswordPair `json:"data"`
}

type CredentialGenerator

type CredentialGenerator interface {
	Generate(string) (string, error)
}

CredentialGenerator returns a credential generated with random algorithm for secret store

type ExecRunner

type ExecRunner interface {
	LookPath(file string) (string, error)
	CommandContext(ctx context.Context, name string, arg ...string) CmdRunner
}

type ExecWrapper added in v1.2.0

type ExecWrapper struct{}

func (ExecWrapper) CommandContext added in v1.2.0

func (w ExecWrapper) CommandContext(ctx context.Context, name string, arg ...string) CmdRunner

func (ExecWrapper) LookPath added in v1.2.0

func (w ExecWrapper) LookPath(file string) (string, error)

type GokeyGenerator added in v1.2.0

type GokeyGenerator struct {
	// contains filtered or unexported fields
}

GokeyGenerator implements the CredentialGenerator interface using the gokey library using tokenPath as the gokey master password and accepting the realm as the argument to the Generate method

func NewGokeyGenerator added in v1.2.0

func NewGokeyGenerator(masterPassword string) *GokeyGenerator

func (GokeyGenerator) Generate added in v1.2.0

func (gk GokeyGenerator) Generate(realm string) (string, error)

type RevokeFunc

type RevokeFunc func()

type TokenMaintenance

type TokenMaintenance struct {
	// contains filtered or unexported fields
}

func NewTokenMaintenance

func NewTokenMaintenance(logging logger.LoggingClient, secretClient secretstoreclient.SecretStoreClient) *TokenMaintenance

NewTokenMaintenance creates a new TokenProvider

func (*TokenMaintenance) CreateTokenIssuingToken

func (tm *TokenMaintenance) CreateTokenIssuingToken(rootToken string) (map[string]interface{}, RevokeFunc, error)

CreateTokenIssuingToken creates an admin token that allows the holder to create per-service tokens an policies. Requires a root token, returns a function that, if called, with revoke the token

func (*TokenMaintenance) RevokeNonRootTokens

func (tm *TokenMaintenance) RevokeNonRootTokens(privilegedToken string) error

RevokeNonRootTokens revokes non-root tokens that may have been issued in previous EdgeX runs. Should be called with a high-privileged token.

func (*TokenMaintenance) RevokeRootTokens

func (tm *TokenMaintenance) RevokeRootTokens(privilegedToken string) error

RevokeRootTokens revokes any root tokens found in the secret store. Should be called with a high-privileged token.

type TokenProvider

type TokenProvider struct {
	// contains filtered or unexported fields
}

func NewTokenProvider

func NewTokenProvider(ctx context.Context, lc logger.LoggingClient, execRunner ExecRunner) *TokenProvider

NewTokenProvider creates a new TokenProvider

func (*TokenProvider) Launch

func (p *TokenProvider) Launch() error

Launch spawns the token provider function

func (*TokenProvider) SetConfiguration

func (p *TokenProvider) SetConfiguration(config secretstoreclient.SecretServiceInfo) error

SetConfiguration parses token provider configuration and resolves paths specified therein

type UserPasswordPair

type UserPasswordPair struct {
	User     string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL