secretstore

package

v1.2.2-dev.41 Latest Latest Go to latest Published: Oct 1, 2020 License: Apache-2.0 Imports: 32 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/edgexfoundry/edgex-go

Documentation ¶

Rendered for

Index ¶

Constants
func Main(ctx context.Context, cancel context.CancelFunc, _ *mux.Router, _ chan<- bool)
type Bootstrap
- func NewBootstrap(insecureSkipVerify bool, vaultInterval int) *Bootstrap
- func (b *Bootstrap) BootstrapHandler(ctx context.Context, _ *sync.WaitGroup, _ startup.Timer, dic *di.Container) bool
type CertCollect
type CertPair
type Certs
- func NewCerts(caller internal.HttpCaller, certPath string, rootToken string, ...) Certs
- func (cs *Certs) AlreadyinStore() (bool, error)
- func (cs *Certs) ReadFrom(certPath string, keyPath string) (*CertPair, error)
- func (cs *Certs) UploadToStore(cp *CertPair) error
type CmdRunner
type Cred
- func NewCred(caller internal.HttpCaller, rootToken string, generator CredentialGenerator, ...) Cred
- func (cr *Cred) AlreadyInStore(path string) (bool, error)
- func (cr *Cred) GeneratePassword(ctx context.Context) (string, error)
- func (cr *Cred) UploadToStore(pair *UserPasswordPair, path string) error
type CredCollect
type CredentialGenerator
- func NewDefaultCredentialGenerator() CredentialGenerator
- func NewPasswordGenerator(lc logger.LoggingClient, passwordProvider string, ...) CredentialGenerator
type ExecRunner
- func NewDefaultExecRunner() ExecRunner
type PasswordProvider
- func NewPasswordProvider(lc logger.LoggingClient, execRunner ExecRunner) *PasswordProvider
- func (p *PasswordProvider) Generate(ctx context.Context) (string, error)
- func (p *PasswordProvider) SetConfiguration(passwordProvider string, passwordProviderArgs []string) error
type RevokeFunc
type TokenMaintenance
- func NewTokenMaintenance(logging logger.LoggingClient, secretClient secretstoreclient.SecretStoreClient) *TokenMaintenance
- func (tm *TokenMaintenance) CreateTokenIssuingToken(rootToken string) (map[string]interface{}, RevokeFunc, error)
- func (tm *TokenMaintenance) RevokeNonRootTokens(privilegedToken string) error
- func (tm *TokenMaintenance) RevokeRootTokens(privilegedToken string) error
type TokenProvider
- func NewTokenProvider(ctx context.Context, lc logger.LoggingClient, execRunner ExecRunner) *TokenProvider
- func (p *TokenProvider) Launch() error
- func (p *TokenProvider) SetConfiguration(config secretstoreclient.SecretServiceInfo) error
type UserPasswordPair

Constants ¶

View Source

const (
	VaultToken             = "X-Vault-Token"
	TokenCreatorPolicyName = "privileged-token-creator"

	// This is an admin token policy that allow for creation of
	// per-service tokens and policies
	TokenCreatorPolicy = `` /* 394-byte string literal not displayed */

)

View Source

const OneShotProvider = "oneshot"

Variables ¶

This section is empty.

Functions ¶

func Main ¶

func Main(ctx context.Context, cancel context.CancelFunc, _ *mux.Router, _ chan<- bool)

Types ¶

type Bootstrap ¶

type Bootstrap struct {
	// contains filtered or unexported fields
}

func NewBootstrap ¶

func NewBootstrap(insecureSkipVerify bool, vaultInterval int) *Bootstrap

func (*Bootstrap) BootstrapHandler ¶

func (b *Bootstrap) BootstrapHandler(ctx context.Context, _ *sync.WaitGroup, _ startup.Timer, dic *di.Container) bool

BootstrapHandler fulfills the BootstrapHandler contract and performs initialization needed by the data service.

type CertCollect ¶

type CertCollect struct {
	Pair CertPair `json:"data"`
}

type CertPair ¶

type CertPair struct {
	Cert string `json:"cert,omitempty"`
	Key  string `json:"key,omitempty"`
}

type Certs ¶

type Certs struct {
	// contains filtered or unexported fields
}

func NewCerts ¶

func NewCerts(
	caller internal.HttpCaller,
	certPath string,
	rootToken string,
	secretServiceBaseURL string,
	lc logger.LoggingClient) Certs

func (*Certs) AlreadyinStore ¶

func (cs *Certs) AlreadyinStore() (bool, error)

func (*Certs) ReadFrom ¶

func (cs *Certs) ReadFrom(certPath string, keyPath string) (*CertPair, error)

func (*Certs) UploadToStore ¶

func (cs *Certs) UploadToStore(cp *CertPair) error

type CmdRunner ¶

type CmdRunner interface {
	Start() error
	Wait() error
}

CmdRunner is mockable interface for golang's exec.Cmd

type Cred ¶

type Cred struct {
	// contains filtered or unexported fields
}

func NewCred ¶

func NewCred(
	caller internal.HttpCaller,
	rootToken string,
	generator CredentialGenerator,
	secretServiceBaseURL string,
	lc logger.LoggingClient) Cred

func (*Cred) AlreadyInStore ¶

func (cr *Cred) AlreadyInStore(path string) (bool, error)

func (*Cred) GeneratePassword ¶

func (cr *Cred) GeneratePassword(ctx context.Context) (string, error)

GeneratePassword is a pass-through to the password generator

func (*Cred) UploadToStore ¶

func (cr *Cred) UploadToStore(pair *UserPasswordPair, path string) error

type CredCollect ¶

type CredCollect struct {
	Pair UserPasswordPair `json:"data"`
}

type CredentialGenerator ¶

type CredentialGenerator interface {
	Generate(ctx context.Context) (string, error)
}

CredentialGenerator is the interface for pluggable password generators

func NewDefaultCredentialGenerator ¶

func NewDefaultCredentialGenerator() CredentialGenerator

NewDefaultCredentialGenerator generates random passwords as base64-encoded strings

func NewPasswordGenerator ¶

func NewPasswordGenerator(lc logger.LoggingClient, passwordProvider string, passwordProviderArgs []string) CredentialGenerator

NewPasswordGenerator wires up a pluggable password generator or defaults to a built-in implementation if the pluggable configuration is missing

type ExecRunner ¶

type ExecRunner interface {
	SetStdout(stdout io.Writer)
	LookPath(file string) (string, error)
	CommandContext(ctx context.Context, name string, arg ...string) CmdRunner
}

ExecRunner is mockable interface for wrapping os/exec functionality

func NewDefaultExecRunner ¶

func NewDefaultExecRunner() ExecRunner

NewDefaultExecRunner creates an os/exec wrapper that joins subprocesses' stdout and stderr with the caller's

type PasswordProvider ¶

type PasswordProvider struct {
	// contains filtered or unexported fields
}

func NewPasswordProvider ¶

func NewPasswordProvider(lc logger.LoggingClient, execRunner ExecRunner) *PasswordProvider

NewPasswordProvider creates a new PasswordProvider

func (*PasswordProvider) Generate ¶

func (p *PasswordProvider) Generate(ctx context.Context) (string, error)

Generate retrives the password from the tool

func (*PasswordProvider) SetConfiguration ¶

func (p *PasswordProvider) SetConfiguration(passwordProvider string, passwordProviderArgs []string) error

SetConfiguration parses token provider configuration and resolves paths specified therein

type RevokeFunc ¶

type RevokeFunc func()

type TokenMaintenance ¶

type TokenMaintenance struct {
	// contains filtered or unexported fields
}

func NewTokenMaintenance ¶

func NewTokenMaintenance(logging logger.LoggingClient, secretClient secretstoreclient.SecretStoreClient) *TokenMaintenance

NewTokenMaintenance creates a new TokenProvider

func (*TokenMaintenance) CreateTokenIssuingToken ¶

func (tm *TokenMaintenance) CreateTokenIssuingToken(rootToken string) (map[string]interface{}, RevokeFunc, error)

CreateTokenIssuingToken creates an admin token that allows the holder to create per-service tokens an policies. Requires a root token, returns a function that, if called, with revoke the token

func (*TokenMaintenance) RevokeNonRootTokens ¶

func (tm *TokenMaintenance) RevokeNonRootTokens(privilegedToken string) error

RevokeNonRootTokens revokes non-root tokens that may have been issued in previous EdgeX runs. Should be called with a high-privileged token.

func (*TokenMaintenance) RevokeRootTokens ¶

func (tm *TokenMaintenance) RevokeRootTokens(privilegedToken string) error

RevokeRootTokens revokes any root tokens found in the secret store. Should be called with a high-privileged token.

type TokenProvider ¶

type TokenProvider struct {
	// contains filtered or unexported fields
}

func NewTokenProvider ¶

func NewTokenProvider(ctx context.Context, lc logger.LoggingClient, execRunner ExecRunner) *TokenProvider

NewTokenProvider creates a new TokenProvider

func (*TokenProvider) Launch ¶

func (p *TokenProvider) Launch() error

Launch spawns the token provider function

func (*TokenProvider) SetConfiguration ¶

func (p *TokenProvider) SetConfiguration(config secretstoreclient.SecretServiceInfo) error

SetConfiguration parses token provider configuration and resolves paths specified therein

type UserPasswordPair ¶

type UserPasswordPair struct {
	User     string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
config
container

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL