secretstore

package
v1.2.2-dev.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 18, 2020 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	VaultToken             = "X-Vault-Token"
	TokenCreatorPolicyName = "privileged-token-creator"

	// This is an admin token policy that allow for creation of
	// per-service tokens and policies
	TokenCreatorPolicy = `` /* 394-byte string literal not displayed */

)
View Source 
const OneShotProvider = "oneshot"

Variables

This section is empty.

Functions

func Main 

func Main(ctx context.Context, cancel context.CancelFunc, _ *mux.Router, _ chan<- bool)

Types

type Bootstrap 

type Bootstrap struct {
	// contains filtered or unexported fields
}

func NewBootstrap 

func NewBootstrap(insecureSkipVerify bool, vaultInterval int) *Bootstrap

func (*Bootstrap) BootstrapHandler 

func (b *Bootstrap) BootstrapHandler(ctx context.Context, _ *sync.WaitGroup, _ startup.Timer, dic *di.Container) bool

BootstrapHandler fulfills the BootstrapHandler contract and performs initialization needed by the data service.

type CertCollect 

type CertCollect struct {
	Pair CertPair `json:"data"`
}

type CertPair 

type CertPair struct {
	Cert string `json:"cert,omitempty"`
	Key  string `json:"key,omitempty"`
}

type Certs 

type Certs struct {
	// contains filtered or unexported fields
}

func NewCerts 

func NewCerts(
	caller internal.HttpCaller,
	certPath string,
	rootToken string,
	secretServiceBaseURL string,
	lc logger.LoggingClient) Certs

func (*Certs) AlreadyinStore 

func (cs *Certs) AlreadyinStore() (bool, error)

func (*Certs) ReadFrom 

func (cs *Certs) ReadFrom(certPath string, keyPath string) (*CertPair, error)

func (*Certs) UploadToStore 

func (cs *Certs) UploadToStore(cp *CertPair) error

type CmdRunner 

type CmdRunner interface {
	Start() error
	Wait() error
}

type Cred 

type Cred struct {
	// contains filtered or unexported fields
}

func NewCred 

func NewCred(
	caller internal.HttpCaller,
	rootToken string,
	generator CredentialGenerator,
	secretServiceBaseURL string,
	lc logger.LoggingClient) Cred

func (*Cred) AlreadyInStore 

func (cr *Cred) AlreadyInStore(path string) (bool, error)

func (*Cred) GeneratePassword 

func (cr *Cred) GeneratePassword(service string) (string, error)

func (*Cred) UploadToStore 

func (cr *Cred) UploadToStore(pair *UserPasswordPair, path string) error

type CredCollect 

type CredCollect struct {
	Pair UserPasswordPair `json:"data"`
}

type CredentialGenerator 

type CredentialGenerator interface {
	Generate(string) (string, error)
}

CredentialGenerator returns a credential generated with random algorithm for secret store

type ExecRunner 

type ExecRunner interface {
	LookPath(file string) (string, error)
	CommandContext(ctx context.Context, name string, arg ...string) CmdRunner
}

type ExecWrapper added in v1.2.0 

type ExecWrapper struct{}

func (ExecWrapper) CommandContext added in v1.2.0 

func (w ExecWrapper) CommandContext(ctx context.Context, name string, arg ...string) CmdRunner

func (ExecWrapper) LookPath added in v1.2.0 

func (w ExecWrapper) LookPath(file string) (string, error)

type GokeyGenerator added in v1.2.0 

type GokeyGenerator struct {
	// contains filtered or unexported fields
}

GokeyGenerator implements the CredentialGenerator interface using the gokey library using tokenPath as the gokey master password and accepting the realm as the argument to the Generate method

func NewGokeyGenerator added in v1.2.0 

func NewGokeyGenerator(masterPassword string) *GokeyGenerator

func (GokeyGenerator) Generate added in v1.2.0 

func (gk GokeyGenerator) Generate(realm string) (string, error)

type RevokeFunc 

type RevokeFunc func()

type TokenMaintenance 

type TokenMaintenance struct {
	// contains filtered or unexported fields
}

func NewTokenMaintenance 

func NewTokenMaintenance(logging logger.LoggingClient, secretClient secretstoreclient.SecretStoreClient) *TokenMaintenance

NewTokenMaintenance creates a new TokenProvider

func (*TokenMaintenance) CreateTokenIssuingToken 

func (tm *TokenMaintenance) CreateTokenIssuingToken(rootToken string) (map[string]interface{}, RevokeFunc, error)

CreateTokenIssuingToken creates an admin token that allows the holder to create per-service tokens an policies. Requires a root token, returns a function that, if called, with revoke the token

func (*TokenMaintenance) RevokeNonRootTokens 

func (tm *TokenMaintenance) RevokeNonRootTokens(privilegedToken string) error

RevokeNonRootTokens revokes non-root tokens that may have been issued in previous EdgeX runs. Should be called with a high-privileged token.

func (*TokenMaintenance) RevokeRootTokens 

func (tm *TokenMaintenance) RevokeRootTokens(privilegedToken string) error

RevokeRootTokens revokes any root tokens found in the secret store. Should be called with a high-privileged token.

type TokenProvider 

type TokenProvider struct {
	// contains filtered or unexported fields
}

func NewTokenProvider 

func NewTokenProvider(ctx context.Context, lc logger.LoggingClient, execRunner ExecRunner) *TokenProvider

NewTokenProvider creates a new TokenProvider

func (*TokenProvider) Launch 

func (p *TokenProvider) Launch() error

Launch spawns the token provider function

func (*TokenProvider) SetConfiguration 

func (p *TokenProvider) SetConfiguration(config secretstoreclient.SecretServiceInfo) error

SetConfiguration parses token provider configuration and resolves paths specified therein

type UserPasswordPair 

type UserPasswordPair struct {
	User     string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.