Documentation ¶
Overview ¶
******************************************************************************
- Copyright 2018 Dell Inc. *
- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at *
- http://www.apache.org/licenses/LICENSE-2.0 *
- Unless required by applicable law or agreed to in writing, software distributed under the License
- is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- or implied. See the License for the specific language governing permissions and limitations under
- the License. *
- @author: Tingyu Zeng, Dell
- @version: 1.0.0 ******************************************************************************
******************************************************************************
- Copyright 2018 Dell Inc. *
- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at *
- http://www.apache.org/licenses/LICENSE-2.0 *
- Unless required by applicable law or agreed to in writing, software distributed under the License
- is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- or implied. See the License for the specific language governing permissions and limitations under
- the License. *
- @author: Tingyu Zeng, Dell
- @version: 1.0.0 ******************************************************************************
******************************************************************************
- Copyright 2018 Dell Inc. *
- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at *
- http://www.apache.org/licenses/LICENSE-2.0 *
- Unless required by applicable law or agreed to in writing, software distributed under the License
- is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- or implied. See the License for the specific language governing permissions and limitations under
- the License. *
- @author: Tingyu Zeng, Dell
- @version: 1.0.0 ******************************************************************************
******************************************************************************
- Copyright 2018 Dell Inc. *
- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at *
- http://www.apache.org/licenses/LICENSE-2.0 *
- Unless required by applicable law or agreed to in writing, software distributed under the License
- is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- or implied. See the License for the specific language governing permissions and limitations under
- the License. *
- @author: Tingyu Zeng, Dell
- @version: 1.0.0 ******************************************************************************
******************************************************************************
- Copyright 2018 Dell Inc. *
- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at *
- http://www.apache.org/licenses/LICENSE-2.0 *
- Unless required by applicable law or agreed to in writing, software distributed under the License
- is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- or implied. See the License for the specific language governing permissions and limitations under
- the License. *
- @author: Tingyu Zeng, Dell / Alain Pulluelo, ForgeRock AS
- @version: 1.0.0 ******************************************************************************
Index ¶
- Constants
- func CertKeyPairInStore(config *tomlConfig, secretBaseURL string, c *http.Client, debug bool) (bool, error)
- func CreateCredential() (string, error)
- func CreateLogging() logger.LoggingClient
- func CreateToken(tokenName string, policyName string, rootToken string, config *tomlConfig, ...) (err error)
- func CredentialInStore(config *tomlConfig, secretBaseURL string, credPath string, c *http.Client) (bool, error)
- func FatalIfErr(err error, msg string)
- func GetPolicyFromFile(policyFilePtr *string) ([]byte, error)
- func HashFile(policyFilePtr *string, debug bool) (hashSum []byte, err error)
- func HelpCallback()
- func ImportPolicy(policyName string, policyRequest *[]byte, rootToken string, config *tomlConfig, ...) (err error)
- func InitCredentials(config *tomlConfig, secretBaseURL string, secretPath string, cred *UserPasswd, ...) error
- func LoadCACert(caPath string) (string, error)
- func LoadCertKeyPair(certPath string, keyPath string) (string, string, error)
- func LoadKongCerts(config *tomlConfig, url string, secretBaseURL string, c *http.Client, ...) error
- func LoadTomlConfig(path string) (*tomlConfig, error)
- func UploadProxyCerts(config *tomlConfig, secretBaseURL string, cert string, sk string, ...) (bool, error)
- func VaultHealthCheck(config *tomlConfig, httpClient *http.Client) (sCode int, err error)
- func VaultInit(config *tomlConfig, httpClient *http.Client, debug bool) (sCode int, err error)
- func VaultPolicyCheck(policyName string, tokenID string, config *tomlConfig, httpClient *http.Client) (sCode int, err error)
- func VaultUnseal(config *tomlConfig, httpClient *http.Client, debug bool) (sCode int, err error)
- type CertInfo
- type CertKeyCollector
- type CertKeyPair
- type InitRequest
- type InitResponse
- type Metadata
- type Secret
- type TokenData
- type TokenID
- type UnsealRequest
- type UnsealResponse
- type UserPasswd
Constants ¶
const ( CertificatesPath = "certificates/" SecurityService = "securityservice" EdgeXService = "edgex" VaultToken = "X-Vault-Token" )
Global constants
Variables ¶
This section is empty.
Functions ¶
func CertKeyPairInStore ¶
func CreateCredential ¶
func CreateToken ¶
func CredentialInStore ¶
func FatalIfErr ¶
FatalIfErr = Prinf() followed by a call to os.Exit(1)
func GetPolicyFromFile ¶
func HelpCallback ¶
func HelpCallback()
func ImportPolicy ¶
func InitCredentials ¶
func LoadCACert ¶
func LoadCertKeyPair ¶
func LoadKongCerts ¶
func LoadTomlConfig ¶
LoadTomlConfig Loading the TOML configuration into structure
func UploadProxyCerts ¶
func UploadProxyCerts(config *tomlConfig, secretBaseURL string, cert string, sk string, c *http.Client) (bool, error)
----------------------------------------------------------
curl --header "X-Vault-Token: ${_ROOT_TOKEN}" \ --header "Content-Type: application/json" \ --request POST \ --data @${_PAYLOAD_KONG} \ http://localhost:8200/v1/secret/edgex/pki/tls/edgex-kong
func VaultHealthCheck ¶
func VaultPolicyCheck ¶
Types ¶
type CertInfo ¶
type CertInfo struct { Cert string `json:"cert,omitempty"` Key string `json:"key,omitempty"` Snis []string `json:"snis,omitempty"` }
CertInfo parm
type CertKeyCollector ¶
type CertKeyCollector struct {
Section CertKeyPair `json:"data"`
}
CertKeyCollector X.509 TLS certificate and associated private key from Secret Store get req
type CertKeyPair ¶
CertKeyPair X.509 TLS certioficate and associated private key
type InitRequest ¶
type InitRequest struct { SecretThreshold int `json:"secret_threshold"` }
InitRequest contains a Vault init request regarding the Shamir Secret Sharing (SSS) parameters
type InitResponse ¶
type InitResponse struct { Keys []string `json:"keys"` KeysBase64 []string `json:"keys_base64"` RootToken string `json:"root_token"` }
InitResponse contains a Vault init response
type Metadata ¶
type Metadata struct {
User string `json:"user"`
}
Metadata structure from token create data structure
type TokenData ¶
type TokenData struct { Policies []string `json:"policies"` Metadata Metadata `json:"metadata"` DisplayName string `json:"display_name"` TTL string `json:"ttl"` Renewable string `json:"renewable"` }
TokenData structure to serialize a token create data
{ "policies": [ "admin", "default" ], "metadata": { "user": "admin user" }, "display_name": "admin", "ttl": "1h", "renewable": true }
type TokenID ¶
type TokenID struct {
RequestID string `json:"request_id"`
}
TokenID structure to serialize a token ID from its fs storage
{ "request_id": "ded4b254-de08-8c23-fb95-3d9352dbe002", "lease_id": "", "renewable": false, "lease_duration": 0, "data": null, "wrap_info": null, "warnings": null, "auth": { "client_token": "2f7b982d-dd49-41df-cca3-dbf23f166751", "accessor": "bbba3c5d-454b-3940-b20b-72d5a3e3cf3d", "policies": [ "admin", "default" ], "metadata": null, "lease_duration": 3600, "renewable": true, "entity_id": "" } }
type AutoGenerated struct { RequestID string `json:"request_id"` LeaseID string `json:"lease_id"` Renewable bool `json:"renewable"` LeaseDuration int `json:"lease_duration"` Data interface{} `json:"data"` WrapInfo interface{} `json:"wrap_info"` Warnings interface{} `json:"warnings"` Auth struct { ClientToken string `json:"client_token"` Accessor string `json:"accessor"` Policies []string `json:"policies"` Metadata interface{} `json:"metadata"` LeaseDuration int `json:"lease_duration"` Renewable bool `json:"renewable"` EntityID string `json:"entity_id"` } `json:"auth"` }
type UnsealRequest ¶
UnsealRequest contains a Vault unseal request
type UnsealResponse ¶
type UnsealResponse struct { Sealed bool `json:"sealed"` T int `json:"t"` N int `json:"n"` Progress int `json:"progress"` }
UnsealResponse contains a Vault unseal response