Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthenticationInfo ¶
AuthenticationInfo contains authentication information to be used when communicating with an HTTP based provider
type BootStrapACLTokenInfo ¶
type BootStrapACLTokenInfo struct { SecretID string `json:"SecretID"` Policies []Policy `json:"Policies"` }
BootStrapACLTokenInfo is the key portion of the response metadata from consulACLBootstrapAPI
type ConsulRole ¶
type ConsulRole struct { RoleName string `json:"name"` TokenType string `json:"token_type"` PolicyNames []string `json:"policies,omitempty"` Local bool `json:"local,omitempty"` TimeToLive string `json:"TTL,omitempty"` }
func NewConsulRole ¶
func NewConsulRole(name string, tokenType ConsulTokenType, policies []Policy, localUse bool) ConsulRole
type ConsulTokenType ¶
type ConsulTokenType string
const ( /* * The following are available Consul token types that can be used for specifying in the role-based tokens * created via /consul/creds secret engine Vault API. * For the details, see reference https://www.vaultproject.io/api/secret/consul#create-update-role */ // ManagementType is the type of Consul role can be used to create tokens when role-based API /consul/creds is called // the management type of created tokens is automatically granted the built-in global management policy ManagementType ConsulTokenType = "management" // ClientType is the type of Consul role that can be used to create tokens when role-based API /consul/creds is called // the regular client type of created tokens is associated with custom policies ClientType ConsulTokenType = "client" )
type InitResponse ¶
type InitResponse struct { Keys []string `json:"keys,omitempty"` KeysBase64 []string `json:"keys_base64,omitempty"` EncryptedKeys []string `json:"encrypted_keys,omitempty"` Nonces []string `json:"nonces,omitempty"` RootToken string `json:"root_token,omitempty"` }
InitResponse contains a Secret Store init response
type RuntimeTokenProviderInfo ¶
type RuntimeTokenProviderInfo struct { Enabled bool Protocol string Host string Port int TrustDomain string EndpointSocket string // comma-separated list of required secrets for the service // currently we have redis in a typical use case RequiredSecrets string }
RuntimeTokenProviderInfo contains the information about the server of a runtime secret token provider
func (RuntimeTokenProviderInfo) BuildProviderURL ¶
func (provider RuntimeTokenProviderInfo) BuildProviderURL(path string) (string, error)
type SecretConfig ¶
type SecretConfig struct { Type string Host string Port int // BasePath is the base path to the secret's location in the secret store BasePath string // SecretsFile is path to optional JSON file containing secrets to seed into service's SecretStore SecretsFile string Protocol string Namespace string RootCaCertPath string ServerName string Authentication AuthenticationInfo // RuntimeTokenProvider could be optional if not using delayed start from a runtime token provider RuntimeTokenProvider RuntimeTokenProviderInfo }
SecretConfig contains configuration settings used to communicate with an HTTP based secret provider
func (SecretConfig) BuildRequestURL ¶
func (c SecretConfig) BuildRequestURL(subPath string) (string, error)
BuildRequestURL constructs a request URL for send the a request to the secrets engine
func (SecretConfig) BuildSecretNameURL ¶
func (c SecretConfig) BuildSecretNameURL(secretName string) (string, error)
BuildSecretNameURL constructs a URL to the service's secret with in it's secret store secretName is the name of the secret in the service's secret store
func (SecretConfig) BuildURL ¶
func (c SecretConfig) BuildURL(path string) (string, error)
BuildURL constructs a URL which can be used to identify a HTTP based secret provider
func (SecretConfig) IsRuntimeProviderEnabled ¶
func (c SecretConfig) IsRuntimeProviderEnabled() bool
IsRuntimeProviderEnabled returns whether the token provider is using runtime token mechanism
type TokenMetadata ¶
type TokenMetadata struct { Accessor string `json:"accessor"` ExpireTime string `json:"expire_time"` Path string `json:"path"` Policies []string `json:"policies"` Period int `json:"period"` // in seconds Renewable bool `json:"renewable"` Ttl int `json:"ttl"` // in seconds }
TokenMetadata has introspection data about a token and is the "data" sub-structure for token lookup, i.e. TokenLookupResponse, and token self-lookup