Documentation
¶
Overview ¶
******************************************************************************
- Copyright 2019 Dell Inc.
- Copyright 2019 Intel Corporation *
- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at *
- http://www.apache.org/licenses/LICENSE-2.0 *
- Unless required by applicable law or agreed to in writing, software distributed under the License
- is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- or implied. See the License for the specific language governing permissions and limitations under
- the License. *
- @author: Tingyu Zeng, Dell ******************************************************************************
Index ¶
- Constants
- type EnableSecretsEngineRequest
- type HTTPSRequestor
- type InitRequest
- type InitResponse
- type ListSecretEnginesResponse
- type ListTokenAccessorsResponse
- type LookupAccessorRequest
- type RevokeTokenAccessorRequest
- type RootTokenControlResponse
- type RootTokenRetrievalRequest
- type RootTokenRetrievalResponse
- type SecretServiceInfo
- type SecretStoreClient
- type TokenLookupResponse
- type TokenMetadata
- type UnsealRequest
- type UnsealResponse
- type UpdateACLPolicyRequest
Constants ¶
View Source
const ( VaultToken = "X-Vault-Token" VaultHealthAPI = "/v1/sys/health" VaultInitAPI = "/v1/sys/init" VaultUnsealAPI = "/v1/sys/unseal" JSONContentType = "application/json" CreatePolicyPath = "/v1/sys/policies/acl/%s" CreateTokenAPI = "/v1/auth/token/create" ListAccessorsAPI = "/v1/auth/token/accessors" RevokeAccessorAPI = "/v1/auth/token/revoke-accessor" LookupAccessorAPI = "/v1/auth/token/lookup-accessor" LookupSelfAPI = "/v1/auth/token/lookup-self" RevokeSelfAPI = "/v1/auth/token/revoke-self" RootTokenControlAPI = "/v1/sys/generate-root/attempt" RootTokenRetrievalAPI = "/v1/sys/generate-root/update" VaultMountsAPI = "/v1/sys/mounts" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EnableSecretsEngineRequest ¶
type EnableSecretsEngineRequest struct {
Type string `json:"type"`
Description string `json:"description"`
Options struct {
Version string `json:"version"`
} `json:"options"`
}
EnableSecretsEngineRequest is the POST request to /v1/sys/mounts
type HTTPSRequestor ¶
type HTTPSRequestor interface {
Insecure() internal.HttpCaller
WithTLS(io.Reader, string) internal.HttpCaller
}
func NewRequestor ¶
func NewRequestor(logger logger.LoggingClient) HTTPSRequestor
type InitRequest ¶
type InitRequest struct {
SecretThreshold int `json:"secret_threshold"`
}
InitRequest contains a Vault init request regarding the Shamir Secret Sharing (SSS) parameters
type InitResponse ¶
type InitResponse struct {
Keys []string `json:"keys,omitempty"`
KeysBase64 []string `json:"keys_base64,omitempty"`
EncryptedKeys []string `json:"encrypted_keys,omitempty"`
Nonces []string `json:"nonces,omitempty"`
RootToken string `json:"root_token,omitempty"`
}
InitResponse contains a Vault init response
type ListSecretEnginesResponse ¶
type ListSecretEnginesResponse struct {
Data map[string]struct {
Type string `json:"type"`
} `json:"data"`
}
ListSecretEnginesResponse is the response to GET /v1/sys/mounts
type ListTokenAccessorsResponse ¶
type ListTokenAccessorsResponse struct {
Data struct {
Keys []string `json:"keys"`
} `json:"data"`
}
ListTokenAccessorsResponse is the response to the list accessors API
type LookupAccessorRequest ¶
type LookupAccessorRequest struct {
Accessor string `json:"accessor"`
}
LookupAccessorRequest is used by accessor lookup API
type RevokeTokenAccessorRequest ¶
type RevokeTokenAccessorRequest struct {
Accessor string `json:"accessor"`
}
RevokeTokenAccessorRequest is the input to the revoke token by accessor API
type RootTokenControlResponse ¶
type RootTokenControlResponse struct {
Complete bool `json:"complete"`
Nonce string `json:"nonce"`
Otp string `json:"otp"`
}
RootTokenControlResponse is the response to /v1/sys/generate-root/attempt
type RootTokenRetrievalRequest ¶
RootTokenRetrievalRequest is the request to /v1/sys/generate-root/update
type RootTokenRetrievalResponse ¶
type RootTokenRetrievalResponse struct {
Complete bool `json:"complete"`
EncodedToken string `json:"encoded_token"`
}
RootTokenRetrievalResponse is the response to /v1/sys/generate-root/update
type SecretServiceInfo ¶
type SecretServiceInfo struct {
Scheme string
Server string
ServerName string
Port int
CertPath string
CaFilePath string
CertFilePath string
KeyFilePath string
TokenFolderPath string
TokenFile string
VaultSecretThreshold int
TokenProvider string
TokenProviderArgs []string
TokenProviderType string
TokenProviderAdminTokenPath string
PasswordProvider string
PasswordProviderArgs []string
RevokeRootTokens bool
}
func (SecretServiceInfo) GetSecretSvcBaseURL ¶
func (s SecretServiceInfo) GetSecretSvcBaseURL() string
type SecretStoreClient ¶
type SecretStoreClient interface {
HealthCheck() (statusCode int, err error)
Init(secretThreshold int, secretShares int, initResponse *InitResponse) (statusCode int, err error)
Unseal(initResponse *InitResponse) (statusCode int, err error)
InstallPolicy(token string,
policyName string, policyDocument string) (statusCode int, err error)
CreateToken(token string,
parameters map[string]interface{}, response interface{}) (statusCode int, err error)
ListAccessors(token string, accessors *[]string) (statusCode int, err error)
RevokeAccessor(token string, accessor string) (statusCode int, err error)
LookupAccessor(token string, accessor string, tokenMetadata *TokenMetadata) (statusCode int, err error)
LookupSelf(token string, tokenMetadata *TokenMetadata) (statusCode int, err error)
RevokeSelf(token string) (statusCode int, err error)
RegenRootToken(initResponse *InitResponse, rootToken *string) (err error)
CheckSecretEngineInstalled(token string, mountPoint string, engine string) (isInstalled bool, err error)
EnableKVSecretEngine(token string, mountPoint string, kvVersion string) (statusCode int, err error)
}
SecretStoreClient is interface to Vault
func NewSecretStoreClient ¶
func NewSecretStoreClient(logger logger.LoggingClient, r internal.HttpCaller, s string, h string) SecretStoreClient
type TokenLookupResponse ¶
type TokenLookupResponse struct {
Data TokenMetadata
}
TokenLookupResponse is the response to the token lookup API
type TokenMetadata ¶
type TokenMetadata struct {
Accessor string `json:"accessor"`
ExpireTime string `json:"expire_time"`
Path string `json:"path"`
Policies []string `json:"policies"`
}
TokenMetadata has introspection data about a token
type UnsealRequest ¶
UnsealRequest contains a Vault unseal request
type UnsealResponse ¶
type UnsealResponse struct {
Sealed bool `json:"sealed"`
T int `json:"t"`
N int `json:"n"`
Progress int `json:"progress"`
}
UnsealResponse contains a Vault unseal response
type UpdateACLPolicyRequest ¶
type UpdateACLPolicyRequest struct {
Policy string `json:"policy"`
}
UpdateACLPolicyRequest contains a ACL policy create/update request
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.