Documentation
¶
Index ¶
- Constants
- Variables
- func DeleteData(config *Config, path string) error
- func DeleteKV(client *api.Client, path string) error
- func FindKeychainSecret(account, server string) (string, error)
- func GetData(config *Config, path string, version int, data interface{}) error
- func GetEnvVars(config *Config, path string) (map[string]string, error)
- func GetKV(client *api.Client, path string, version int) (map[string]interface{}, error)
- func IsCheckAndSetError(err error) bool
- func IsErrNoSecretsAtPath(err error) bool
- func IsErrUpgradingNonVersionedToVersionedData(err error) bool
- func ListData(config *Config, mountPath, path string, recurse bool) ([]string, error)
- func NewClient(addr string) (*api.Client, error)
- func PutData(config *Config, path string, data interface{}) error
- func PutDataCAS(config *Config, path string, data interface{}, checkAndSet int) error
- func PutKV(client *api.Client, path string, data map[string]interface{}) error
- func PutSecret(config *Config, region, name, secret, refresh string) error
- func SignSSHKey(config *Config, publicKey string) (string, error)
- func SplitKVPath(fullpath string) (mount, typ, path string, err error)
- type AppRoleAuth
- type Auth
- type BestOp
- type BestOptions
- type Claims
- type Config
- type DummyServer
- type EnvData
- type GithubAuth
- type JWK
- type JWKS
- func (s *JWKS) GenerateCookie(claims Claims) (string, error)
- func (s *JWKS) GetCurrentKey() (string, int, bool)
- func (s *JWKS) GetKey(version int) (string, bool)
- func (s *JWKS) GoUpdate(callerDone chan struct{}, updateDone chan struct{})
- func (s *JWKS) Init(config *Config, region, name string)
- func (s *JWKS) SetLastUpdateAttempt(t time.Time)
- func (s *JWKS) UpdateKeys() error
- func (s *JWKS) VerifyCookie(cookie string, claims Claims) (*jwt.Token, error)
- type KVData
- type KVJWK
- type KVMeta
- type KVMetadata
- type LdapAuth
- type MEXKey
- type NoAuth
- type PublicCert
- type TokenAuth
- type VaultEnvData
Constants ¶
const NoCheckAndSet = -1
const UnitTestIgnoreVaultAddr = "UnitTestIgnoreVaultAddr"
Variables ¶
var DefaultJwkRefreshDelay = 5 * time.Minute
var JwkUpdateDelay = 5 * time.Second
var SetupRegionScript []byte
var SetupScript []byte
Functions ¶
func DeleteData ¶
func FindKeychainSecret ¶
Find a secret from keychain on OS X. Calling this function will typically prompt the user to enter their account password. This should only be used for local laptop testing.
func IsCheckAndSetError ¶
func IsErrNoSecretsAtPath ¶
func IsErrUpgradingNonVersionedToVersionedData ¶
IsErrUpgradingNonVersionedToVersionedData can happen right after start-up during a read to the KV secrets engine. A wait or retry is apparently the recommended recourse by Hashicorp. See https://github.com/hashicorp/terraform-provider-vault/issues/677.
func ListData ¶
ListData lists which secrets are under the given path directory. NB: None of the services actually have "list" permissions in their approles so this can't be used at the moment.
func PutDataCAS ¶
Check and set: -1 to ignore 0: write only allowed if key doesn't exist 1+: write only allowed if cas matches the current version of the secret
func SplitKVPath ¶
SplitKVPath splits a full path into it's mount, type, and path components. Type is either "data" or "metadata".
Types ¶
type AppRoleAuth ¶
type AppRoleAuth struct {
// contains filtered or unexported fields
}
func NewAppRoleAuth ¶
func NewAppRoleAuth(roleID, secretID string) *AppRoleAuth
func (*AppRoleAuth) Type ¶
func (s *AppRoleAuth) Type() string
type Auth ¶
type BestOptions ¶
type BestOptions struct {
// contains filtered or unexported fields
}
func ApplyOps ¶
func ApplyOps(ops ...BestOp) *BestOptions
type Config ¶
func NewAppRoleConfig ¶
type DummyServer ¶
type GithubAuth ¶
type GithubAuth struct {
// contains filtered or unexported fields
}
func NewGithubAuth ¶
func NewGithubAuth(githubID string) *GithubAuth
GetGithubAuth grabs the github token from keychain on mac OSX. This should only be used for local testing against real cloudlets when running services locally on the mac dev environment (laptop). It is not intended for production use.
func (*GithubAuth) Login ¶
func (s *GithubAuth) Login(client *api.Client) error
Login to Vault and return the client. This assumes the token used for github developement can also be used to access Vault.
func (*GithubAuth) Type ¶
func (s *GithubAuth) Type() string
type JWKS ¶
type JWKS struct {
Keys map[int]*JWK
Meta KVMetadata
RefreshDelay time.Duration
Mux sync.Mutex
Path string
Metapath string
// contains filtered or unexported fields
}
JWKS stores the multiple versions of data retrieved from Vault, as well as the data needed to access Vault.
func (*JWKS) GoUpdate ¶
func (s *JWKS) GoUpdate(callerDone chan struct{}, updateDone chan struct{})
GoUpdate starts a go thread to keep the JKWS up to date. A chan struct can be passed in which will be closed once the first iteration is done and the key set was downloaded from Vault.
func (*JWKS) SetLastUpdateAttempt ¶
For testing or debug only
func (*JWKS) UpdateKeys ¶
type KVMetadata ¶
type KVMetadata struct {
CurrentVersion int `mapstructure:"current_version"`
MaxVersions int `mapstructure:"max_versions"`
OldestVersion int `mapstructure:"oldest_version"`
Versions map[int]KVMeta
}
KVMetadata is the metadata from the metadata path
func ParseMetadata ¶
func ParseMetadata(data map[string]interface{}) (*KVMetadata, error)
type LdapAuth ¶
type LdapAuth struct {
// contains filtered or unexported fields
}
func NewLdapAuth ¶
type NoAuth ¶
type NoAuth struct{}
NoAuth skips any auth. It is used for unit testing against a fake httptest server.
type PublicCert ¶
type PublicCert struct {
Cert string `json:"cert"`
Key string `json:"key"`
TTL int64 `json:"ttl"` // in seconds
}
func GetPublicCert ¶
func GetPublicCert(config *Config, commonName string) (*PublicCert, error)
type TokenAuth ¶
type TokenAuth struct {
// contains filtered or unexported fields
}
func NewTokenAuth ¶
type VaultEnvData ¶
type VaultEnvData struct {
Env []EnvData `json:"env"`
}
Source Files