Documentation ¶
Index ¶
- Constants
- func DeleteWAL(s logical.Storage, id string) error
- func GenericNameRegex(name string) string
- func ListWAL(s logical.Storage) ([]string, error)
- func OptionalParamRegex(name string) string
- func PutWAL(s logical.Storage, kind string, data interface{}) (string, error)
- func TestBackendRoutes(t *testing.T, b *Backend, rs []string)
- type Backend
- func (b *Backend) Cleanup()
- func (b *Backend) HandleExistenceCheck(req *logical.Request) (checkFound bool, exists bool, err error)
- func (b *Backend) HandleRequest(req *logical.Request) (*logical.Response, error)
- func (b *Backend) Initialize() error
- func (b *Backend) InvalidateKey(key string)
- func (b *Backend) Logger() log.Logger
- func (b *Backend) Route(path string) *Path
- func (b *Backend) SanitizeTTL(ttl, maxTTL time.Duration) (time.Duration, time.Duration, error)
- func (b *Backend) SanitizeTTLStr(ttlStr, maxTTLStr string) (ttl, maxTTL time.Duration, err error)
- func (b *Backend) Secret(k string) *Secret
- func (b *Backend) Setup(config *logical.BackendConfig) (logical.Backend, error)
- func (b *Backend) SpecialPaths() *logical.Paths
- func (b *Backend) System() logical.SystemView
- type CleanupFunc
- type FieldData
- type FieldSchema
- type FieldType
- type InitializeFunc
- type InvalidateFunc
- type OperationFunc
- type Path
- type PathMap
- func (p *PathMap) Delete(s logical.Storage, k string) error
- func (p *PathMap) Get(s logical.Storage, k string) (map[string]interface{}, error)
- func (p *PathMap) List(s logical.Storage, prefix string) ([]string, error)
- func (p *PathMap) Paths() []*Path
- func (p *PathMap) Put(s logical.Storage, k string, v map[string]interface{}) error
- type PathStruct
- type PolicyMap
- type Secret
- type WALEntry
- type WALRollbackFunc
Constants ¶
const WALPrefix = "wal/"
WALPrefix is the prefix within Storage where WAL entries will be written.
Variables ¶
This section is empty.
Functions ¶
func DeleteWAL ¶
DeleteWAL commits the WAL entry with the given ID. Once committed, it is assumed that the operation was a success and doesn't need to be rolled back.
func GenericNameRegex ¶ added in v0.3.0
Helper which returns a generic regex string for creating endpoint patterns that are identified by the given name in the backends
func OptionalParamRegex ¶ added in v0.5.2
Helper which returns a regex string for optionally accepting the a field from the API URL
func PutWAL ¶
PutWAL writes some data to the WAL.
The kind parameter is used by the framework to allow users to store multiple kinds of WAL data and to easily disambiguate what data they're expecting.
Data within the WAL that is uncommitted (CommitWAL hasn't be called) will be given to the rollback callback when an rollback operation is received, allowing the backend to clean up some partial states.
The data must be JSON encodable.
This returns a unique ID that can be used to reference this WAL data. WAL data cannot be modified. You can only add to the WAL and commit existing WAL entries.
Types ¶
type Backend ¶
type Backend struct { // Help is the help text that is shown when a help request is made // on the root of this resource. The root help is special since we // show all the paths that can be requested. Help string // Paths are the various routes that the backend responds to. // This cannot be modified after construction (i.e. dynamically changing // paths, including adding or removing, is not allowed once the // backend is in use). // // PathsSpecial is the list of path patterns that denote the // paths above that require special privileges. These can't be // regular expressions, it is either exact match or prefix match. // For prefix match, append '*' as a suffix. Paths []*Path PathsSpecial *logical.Paths // Secrets is the list of secret types that this backend can // return. It is used to automatically generate proper responses, // and ease specifying callbacks for revocation, renewal, etc. Secrets []*Secret // PeriodicFunc is the callback, which if set, will be invoked when the // periodic timer of RollbackManager ticks. This can be used by // backends to do anything it wishes to do periodically. // // PeriodicFunc can be invoked to, say to periodically delete stale // entries in backend's storage, while the backend is still being used. // (Note the different of this action from what `Clean` does, which is // invoked just before the backend is unmounted). PeriodicFunc periodicFunc // WALRollback is called when a WAL entry (see wal.go) has to be rolled // back. It is called with the data from the entry. // // WALRollbackMinAge is the minimum age of a WAL entry before it is attempted // to be rolled back. This should be longer than the maximum time it takes // to successfully create a secret. WALRollback WALRollbackFunc WALRollbackMinAge time.Duration // Clean is called on unload to clean up e.g any existing connections // to the backend, if required. Clean CleanupFunc // Initialize is called after a backend is created. Storage should not be // written to before this function is called. Init InitializeFunc // Invalidate is called when a keys is modified if required Invalidate InvalidateFunc // AuthRenew is the callback to call when a RenewRequest for an // authentication comes in. By default, renewal won't be allowed. // See the built-in AuthRenew helpers in lease.go for common callbacks. AuthRenew OperationFunc // contains filtered or unexported fields }
Backend is an implementation of logical.Backend that allows the implementer to code a backend using a much more programmer-friendly framework that handles a lot of the routing and validation for you.
This is recommended over implementing logical.Backend directly.
func (*Backend) Cleanup ¶ added in v0.3.0
func (b *Backend) Cleanup()
Cleanup is used to release resources and prepare to stop the backend
func (*Backend) HandleExistenceCheck ¶ added in v0.5.0
func (*Backend) HandleRequest ¶
logical.Backend impl.
func (*Backend) Initialize ¶ added in v0.6.5
func (*Backend) InvalidateKey ¶ added in v0.6.5
InvalidateKey is used to clear caches and reset internal state on key changes
func (*Backend) Logger ¶
Logger can be used to get the logger. If no logger has been set, the logs will be discarded.
func (*Backend) SanitizeTTL ¶ added in v0.3.0
Caps the boundaries of ttl and max_ttl values to the backend mount's max_ttl value.
func (*Backend) SanitizeTTLStr ¶ added in v0.6.0
This method takes in the TTL and MaxTTL values provided by the user, compares those with the SystemView values. If they are empty a value of 0 is set, which will cause initial secret or LeaseExtend operations to use the mount/system defaults. If they are set, their boundaries are validated.
func (*Backend) Setup ¶ added in v0.2.0
Setup is used to initialize the backend with the initial backend configuration
func (*Backend) SpecialPaths ¶
logical.Backend impl.
func (*Backend) System ¶ added in v0.3.0
func (b *Backend) System() logical.SystemView
type CleanupFunc ¶ added in v0.3.0
type CleanupFunc func()
CleanupFunc is the callback for backend unload.
type FieldData ¶
type FieldData struct { Raw map[string]interface{} Schema map[string]*FieldSchema }
FieldData is the structure passed to the callback to handle a path containing the populated parameters for fields. This should be used instead of the raw (*vault.Request).Data to access data in a type-safe way.
func (*FieldData) Get ¶
Get gets the value for the given field. If the key is an invalid field, FieldData will panic. If you want a safer version of this method, use GetOk. If the field k is not set, the default value (if set) will be returned, otherwise the zero value will be returned.
func (*FieldData) GetDefaultOrZero ¶ added in v0.6.0
GetDefaultOrZero gets the default value set on the schema for the given field. If there is no default value set, the zero value of the type will be returned.
func (*FieldData) GetOk ¶
GetOk gets the value for the given field. The second return value will be false if the key is invalid or the key is not set at all.
type FieldSchema ¶
FieldSchema is a basic schema to describe the format of a path field.
func (*FieldSchema) DefaultOrZero ¶
func (s *FieldSchema) DefaultOrZero() interface{}
DefaultOrZero returns the default value if it is set, or otherwise the zero value of the type.
type FieldType ¶
type FieldType uint
FieldType is the enum of types that a field can be.
const ( TypeInvalid FieldType = 0 TypeString FieldType = iota TypeInt TypeBool TypeMap // TypeDurationSecond represent as seconds, this can be either an // integer or go duration format string (e.g. 24h) TypeDurationSecond // TypeSlice represents a slice of any type TypeSlice // TypeStringSlice is a helper for TypeSlice that returns a sanitized // slice of strings TypeStringSlice // TypeCommaStringSlice is a helper for TypeSlice that returns a sanitized // slice of strings and also supports parsing a comma-separated list in // a string field TypeCommaStringSlice )
type InitializeFunc ¶ added in v0.6.5
type InitializeFunc func() error
InitializeFunc is the callback for backend creation.
type InvalidateFunc ¶ added in v0.6.5
type InvalidateFunc func(string)
InvalidateFunc is the callback for backend key invalidation.
type OperationFunc ¶
OperationFunc is the callback called for an operation on a path.
func LeaseExtend ¶
func LeaseExtend(backendIncrement, backendMax time.Duration, systemView logical.SystemView) OperationFunc
LeaseExtend returns an OperationFunc that can be used to simply extend the lease of the auth/secret for the duration that was requested.
backendIncrement is the backend's requested increment -- perhaps from a user request, perhaps from a role/config value. If not set, uses the mount/system value.
backendMax is the backend's requested increment -- this can be more restrictive than the mount/system value but not less.
systemView is the system view from the calling backend, used to determine and/or correct default/max times.
type Path ¶
type Path struct { // Pattern is the pattern of the URL that matches this path. // // This should be a valid regular expression. Named captures will be // exposed as fields that should map to a schema in Fields. If a named // capture is not a field in the Fields map, then it will be ignored. Pattern string // Fields is the mapping of data fields to a schema describing that // field. Named captures in the Pattern also map to fields. If a named // capture name matches a PUT body name, the named capture takes // priority. // // Note that only named capture fields are available in every operation, // whereas all fields are available in the Write operation. Fields map[string]*FieldSchema // Callbacks are the set of callbacks that are called for a given // operation. If a callback for a specific operation is not present, // then logical.ErrUnsupportedOperation is automatically generated. // // The help operation is the only operation that the Path will // automatically handle if the Help field is set. If both the Help // field is set and there is a callback registered here, then the // callback will be called. Callbacks map[logical.Operation]OperationFunc // ExistenceCheck, if implemented, is used to query whether a given // resource exists or not. This is used for ACL purposes: if an Update // action is specified, and the existence check returns false, the action // is not allowed since the resource must first be created. The reverse is // also true. If not specified, the Update action is forced and the user // must have UpdateCapability on the path. ExistenceCheck func(*logical.Request, *FieldData) (bool, error) // Help is text describing how to use this path. This will be used // to auto-generate the help operation. The Path will automatically // generate a parameter listing and URL structure based on the // regular expression, so the help text should just contain a description // of what happens. // // HelpSynopsis is a one-sentence description of the path. This will // be automatically line-wrapped at 80 characters. // // HelpDescription is a long-form description of the path. This will // be automatically line-wrapped at 80 characters. HelpSynopsis string HelpDescription string }
Path is a single path that the backend responds to.
func PathAppend ¶
PathAppend is a helper for appending lists of paths into a single list.
type PathMap ¶
type PathMap struct { Prefix string Name string Schema map[string]*FieldSchema CaseSensitive bool Salt *salt.Salt SaltMutex *sync.RWMutex // contains filtered or unexported fields }
PathMap can be used to generate a path that stores mappings in the storage. It is a structure that also exports functions for querying the mappings.
The primary use case for this is for credential providers to do their mapping to policies.
type PathStruct ¶
type PathStruct struct { Name string Path string Schema map[string]*FieldSchema HelpSynopsis string HelpDescription string Read bool }
PathStruct can be used to generate a path that stores a struct in the storage. This structure is a map[string]interface{} but the types are set according to the schema in this structure.
func (*PathStruct) Delete ¶ added in v0.2.0
func (p *PathStruct) Delete(s logical.Storage) error
Delete removes the structure.
func (*PathStruct) Get ¶
func (p *PathStruct) Get(s logical.Storage) (map[string]interface{}, error)
Get reads the structure.
func (*PathStruct) Paths ¶
func (p *PathStruct) Paths() []*Path
Paths are the paths to append to the Backend paths.
type PolicyMap ¶
PolicyMap is a specialization of PathMap that expects the values to be lists of policies. This assists in querying and loading policies from the PathMap.
type Secret ¶
type Secret struct { // Type is the name of this secret type. This is used to setup the // vault ID and to look up the proper secret structure when revocation/ // renewal happens. Once this is set this should not be changed. // // The format of this must match (case insensitive): ^a-Z0-9_$ Type string // Fields is the mapping of data fields and schema that comprise // the structure of this secret. Fields map[string]*FieldSchema // DefaultDuration is the default value for the duration of the lease for // this secret. This can be manually overwritten with the result of // Response(). // // If these aren't set, Vault core will set a default lease period which // may come from a mount tuning. DefaultDuration time.Duration // Renew is the callback called to renew this secret. If Renew is // not specified then renewable is set to false in the secret. // See lease.go for helpers for this value. Renew OperationFunc // Revoke is the callback called to revoke this secret. This is required. Revoke OperationFunc }
Secret is a type of secret that can be returned from a backend.
func (*Secret) HandleRenew ¶
HandleRenew is the request handler for renewing this secret.
func (*Secret) HandleRevoke ¶
HandleRevoke is the request handler for renewing this secret.