types

package
v3.1.0-dev.10 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 3, 2023 License: Apache-2.0 Imports: 3 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthenticationInfo

type AuthenticationInfo struct {
	AuthType  string
	AuthToken string
}

AuthenticationInfo contains authentication information to be used when communicating with an HTTP based provider

type BootStrapACLTokenInfo

type BootStrapACLTokenInfo struct {
	SecretID string   `json:"SecretID"`
	Policies []Policy `json:"Policies"`
}

BootStrapACLTokenInfo is the key portion of the response metadata from consulACLBootstrapAPI

type ConsulRole

type ConsulRole struct {
	RoleName    string   `json:"name"`
	TokenType   string   `json:"token_type"`
	PolicyNames []string `json:"policies,omitempty"`
	Local       bool     `json:"local,omitempty"`
	TimeToLive  string   `json:"TTL,omitempty"`
}

func NewConsulRole

func NewConsulRole(name string, tokenType ConsulTokenType, policies []Policy, localUse bool) ConsulRole

type ConsulTokenType

type ConsulTokenType string
const (
	/*
	 * The following are available Consul token types that can be used for specifying in the role-based tokens
	 * created via /consul/creds secret engine Vault API.
	 * For the details, see reference https://www.vaultproject.io/api/secret/consul#create-update-role
	 */
	// ManagementType is the type of Consul role can be used to create tokens when role-based API /consul/creds is called
	// the management type of created tokens is automatically granted the built-in global management policy
	ManagementType ConsulTokenType = "management"
	// ClientType is the type of Consul role that can be used to create tokens when role-based API /consul/creds is called
	// the regular client type of created tokens is associated with custom policies
	ClientType ConsulTokenType = "client"
)

type InitResponse

type InitResponse struct {
	Keys          []string `json:"keys,omitempty"`
	KeysBase64    []string `json:"keys_base64,omitempty"`
	EncryptedKeys []string `json:"encrypted_keys,omitempty"`
	Nonces        []string `json:"nonces,omitempty"`
	RootToken     string   `json:"root_token,omitempty"`
}

InitResponse contains a Secret Store init response

type Policy

type Policy struct {
	ID   string `json:"ID"`
	Name string `json:"Name"`
}

type RuntimeTokenProviderInfo

type RuntimeTokenProviderInfo struct {
	Enabled        bool
	Protocol       string
	Host           string
	Port           int
	TrustDomain    string
	EndpointSocket string
	// comma-separated list of required secrets for the service
	// currently we have redis in a typical use case
	RequiredSecrets string
}

RuntimeTokenProviderInfo contains the information about the server of a runtime secret token provider

func (RuntimeTokenProviderInfo) BuildProviderURL

func (provider RuntimeTokenProviderInfo) BuildProviderURL(path string) (string, error)

type SecretConfig

type SecretConfig struct {
	Type string
	Host string
	Port int
	// BasePath is the base path to the secret's location in the secret store
	BasePath string
	// SecretsFile is path to optional JSON file containing secrets to seed into service's SecretStore
	SecretsFile    string
	Protocol       string
	Namespace      string
	RootCaCertPath string
	ServerName     string
	Authentication AuthenticationInfo
	// RuntimeTokenProvider could be optional if not using delayed start from a runtime token provider
	RuntimeTokenProvider RuntimeTokenProviderInfo
}

SecretConfig contains configuration settings used to communicate with an HTTP based secret provider

func (SecretConfig) BuildRequestURL

func (c SecretConfig) BuildRequestURL(subPath string) (string, error)

BuildRequestURL constructs a request URL for send the a request to the secrets engine

func (SecretConfig) BuildSecretNameURL

func (c SecretConfig) BuildSecretNameURL(secretName string) (string, error)

BuildSecretNameURL constructs a URL to the service's secret with in it's secret store secretName is the name of the secret in the service's secret store

func (SecretConfig) BuildURL

func (c SecretConfig) BuildURL(path string) (string, error)

BuildURL constructs a URL which can be used to identify a HTTP based secret provider

func (SecretConfig) IsRuntimeProviderEnabled

func (c SecretConfig) IsRuntimeProviderEnabled() bool

IsRuntimeProviderEnabled returns whether the token provider is using runtime token mechanism

type TokenMetadata

type TokenMetadata struct {
	Accessor   string   `json:"accessor"`
	ExpireTime string   `json:"expire_time"`
	Path       string   `json:"path"`
	Policies   []string `json:"policies"`
	Period     int      `json:"period"` // in seconds
	Renewable  bool     `json:"renewable"`
	Ttl        int      `json:"ttl"` // in seconds
}

TokenMetadata has introspection data about a token and is the "data" sub-structure for token lookup, i.e. TokenLookupResponse, and token self-lookup

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL