Documentation ¶
Overview ¶
******************************************************************************
- Copyright 2019 Dell Inc.
- Copyright 2019 Intel Corporation *
- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at *
- http://www.apache.org/licenses/LICENSE-2.0 *
- Unless required by applicable law or agreed to in writing, software distributed under the License
- is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- or implied. See the License for the specific language governing permissions and limitations under
- the License. *
- @author: Tingyu Zeng, Dell ******************************************************************************
Index ¶
- Constants
- type EnableSecretsEngineRequest
- type HTTPSRequestor
- type InitRequest
- type InitResponse
- type ListSecretEnginesResponse
- type ListTokenAccessorsResponse
- type LookupAccessorRequest
- type RevokeTokenAccessorRequest
- type RootTokenControlResponse
- type RootTokenRetrievalRequest
- type RootTokenRetrievalResponse
- type SecretServiceInfo
- type SecretStoreClient
- type TokenLookupResponse
- type TokenMetadata
- type UnsealRequest
- type UnsealResponse
- type UpdateACLPolicyRequest
Constants ¶
const ( VaultToken = "X-Vault-Token" VaultHealthAPI = "/v1/sys/health" VaultInitAPI = "/v1/sys/init" VaultUnsealAPI = "/v1/sys/unseal" JSONContentType = "application/json" CreatePolicyPath = "/v1/sys/policies/acl/%s" CreateTokenAPI = "/v1/auth/token/create" ListAccessorsAPI = "/v1/auth/token/accessors" RevokeAccessorAPI = "/v1/auth/token/revoke-accessor" LookupAccessorAPI = "/v1/auth/token/lookup-accessor" LookupSelfAPI = "/v1/auth/token/lookup-self" RevokeSelfAPI = "/v1/auth/token/revoke-self" RootTokenControlAPI = "/v1/sys/generate-root/attempt" RootTokenRetrievalAPI = "/v1/sys/generate-root/update" VaultMountsAPI = "/v1/sys/mounts" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EnableSecretsEngineRequest ¶
type EnableSecretsEngineRequest struct { Type string `json:"type"` Description string `json:"description"` Options struct { Version string `json:"version"` } `json:"options"` }
EnableSecretsEngineRequest is the POST request to /v1/sys/mounts
type HTTPSRequestor ¶
type HTTPSRequestor interface { Insecure() internal.HttpCaller WithTLS(io.Reader, string) internal.HttpCaller }
func NewRequestor ¶
func NewRequestor(logger logger.LoggingClient) HTTPSRequestor
type InitRequest ¶
type InitRequest struct { SecretThreshold int `json:"secret_threshold"` }
InitRequest contains a Vault init request regarding the Shamir Secret Sharing (SSS) parameters
type InitResponse ¶
type InitResponse struct { Keys []string `json:"keys"` KeysBase64 []string `json:"keys_base64"` RootToken string `json:"root_token,omitempty"` }
InitResponse contains a Vault init response
type ListSecretEnginesResponse ¶
type ListSecretEnginesResponse struct { Data map[string]struct { Type string `json:"type"` } `json:"data"` }
ListSecretEnginesResponse is the response to GET /v1/sys/mounts
type ListTokenAccessorsResponse ¶
type ListTokenAccessorsResponse struct { Data struct { Keys []string `json:"keys"` } `json:"data"` }
ListTokenAccessorsResponse is the response to the list accessors API
type LookupAccessorRequest ¶
type LookupAccessorRequest struct {
Accessor string `json:"accessor"`
}
LookupAccessorRequest is used by accessor lookup API
type RevokeTokenAccessorRequest ¶
type RevokeTokenAccessorRequest struct {
Accessor string `json:"accessor"`
}
RevokeTokenAccessorRequest is the input to the revoke token by accessor API
type RootTokenControlResponse ¶
type RootTokenControlResponse struct { Complete bool `json:"complete"` Nonce string `json:"nonce"` Otp string `json:"otp"` }
RootTokenControlResponse is the response to /v1/sys/generate-root/attempt
type RootTokenRetrievalRequest ¶
RootTokenRetrievalRequest is the request to /v1/sys/generate-root/update
type RootTokenRetrievalResponse ¶
type RootTokenRetrievalResponse struct { Complete bool `json:"complete"` EncodedToken string `json:"encoded_token"` }
RootTokenRetrievalResponse is the response to /v1/sys/generate-root/update
type SecretServiceInfo ¶
type SecretServiceInfo struct { Scheme string Server string ServerName string Port int CertPath string CaFilePath string CertFilePath string KeyFilePath string TokenFolderPath string TokenFile string VaultSecretThreshold int TokenProvider string TokenProviderArgs []string TokenProviderType string TokenProviderAdminTokenPath string RevokeRootTokens bool }
func (SecretServiceInfo) GetSecretSvcBaseURL ¶
func (s SecretServiceInfo) GetSecretSvcBaseURL() string
type SecretStoreClient ¶
type SecretStoreClient interface { HealthCheck() (statusCode int, err error) Init(secretThreshold int, secretShares int, initResponse *InitResponse) (statusCode int, err error) Unseal(initResponse *InitResponse) (statusCode int, err error) InstallPolicy(token string, policyName string, policyDocument string) (statusCode int, err error) CreateToken(token string, parameters map[string]interface{}, response interface{}) (statusCode int, err error) ListAccessors(token string, accessors *[]string) (statusCode int, err error) RevokeAccessor(token string, accessor string) (statusCode int, err error) LookupAccessor(token string, accessor string, tokenMetadata *TokenMetadata) (statusCode int, err error) LookupSelf(token string, tokenMetadata *TokenMetadata) (statusCode int, err error) RevokeSelf(token string) (statusCode int, err error) RegenRootToken(initResponse *InitResponse, rootToken *string) (err error) CheckSecretEngineInstalled(token string, mountPoint string, engine string) (isInstalled bool, err error) EnableKVSecretEngine(token string, mountPoint string, kvVersion string) (statusCode int, err error) }
SecretStoreClient is interface to Vault
func NewSecretStoreClient ¶
func NewSecretStoreClient(logger logger.LoggingClient, r internal.HttpCaller, s string, h string) SecretStoreClient
type TokenLookupResponse ¶
type TokenLookupResponse struct {
Data TokenMetadata
}
TokenLookupResponse is the response to the token lookup API
type TokenMetadata ¶
type TokenMetadata struct { Accessor string `json:"accessor"` ExpireTime string `json:"expire_time"` Path string `json:"path"` Policies []string `json:"policies"` }
TokenMetadata has introspection data about a token
type UnsealRequest ¶
UnsealRequest contains a Vault unseal request
type UnsealResponse ¶
type UnsealResponse struct { Sealed bool `json:"sealed"` T int `json:"t"` N int `json:"n"` Progress int `json:"progress"` }
UnsealResponse contains a Vault unseal response
type UpdateACLPolicyRequest ¶
type UpdateACLPolicyRequest struct {
Policy string `json:"policy"`
}
UpdateACLPolicyRequest contains a ACL policy create/update request