Documentation ¶
Index ¶
- Variables
- type LockInfo
- type VaultStorage
- func (VaultStorage) CaddyModule() caddy.ModuleInfo
- func (s *VaultStorage) CertMagicStorage() (certmagic.Storage, error)
- func (s *VaultStorage) CheckCapabilities(ctx context.Context) error
- func (s *VaultStorage) CheckCapabilitiesOnPath(ctx context.Context, path string, requiredCapabilities []string) (bool, error)
- func (s *VaultStorage) Cleanup() error
- func (s *VaultStorage) Connect(ctx context.Context) error
- func (s *VaultStorage) Delete(ctx context.Context, path string) error
- func (s *VaultStorage) Exists(ctx context.Context, path string) bool
- func (s *VaultStorage) List(ctx context.Context, path string, recursive bool) ([]string, error)
- func (s *VaultStorage) ListAggregate(ctx context.Context, path string, recursive bool, ...) error
- func (s *VaultStorage) Load(ctx context.Context, path string) ([]byte, error)
- func (s *VaultStorage) LoadTokenFromFile() error
- func (s *VaultStorage) Lock(ctx context.Context, path string) error
- func (s *VaultStorage) LockEnsureMetadata(ctx context.Context, path string) error
- func (s *VaultStorage) LockStat(ctx context.Context, path string) (LockInfo, error)
- func (s *VaultStorage) PrefixPath(path string) string
- func (s *VaultStorage) Provision(ctx caddy.Context) error
- func (s *VaultStorage) ReconnectOnError(ctx context.Context, err error, clientAddressTried string) (bool, error)
- func (s *VaultStorage) Stat(ctx context.Context, path string) (certmagic.KeyInfo, error)
- func (s *VaultStorage) StatCheckDirectory(ctx context.Context, path string) (bool, error)
- func (s *VaultStorage) Store(ctx context.Context, path string, value []byte) error
- func (s *VaultStorage) StoreEnsureMetadata(ctx context.Context, path string) error
- func (s *VaultStorage) Unlock(ctx context.Context, path string) error
- func (s *VaultStorage) Validate() error
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrClientNotInitialized = errors.New("Client is not initialized")
View Source
var ErrInvalidResponse = errors.New("Couldn't process an invalid response")
View Source
var ErrInvalidValue = errors.New("Data in this key has an invalid value")
View Source
var ErrNoServersConfigured = errors.New("No servers configured")
View Source
var ErrRetriesExceeded = errors.New("Connection retry count exceeded")
*
- Errors
Functions ¶
This section is empty.
Types ¶
type LockInfo ¶
type LockInfo struct { Created time.Time Version int // Version number of the current holded lock (required for check-and-set) IsLocked bool }
*
- Data structure for lock information
type VaultStorage ¶
type VaultStorage struct { // One or more address(es) to Vault servers on the same cluster. (At least one address is required.) Addresses []string `json:"addresses"` // Local path to read the access token from. Updates on that file will be // detected and automatically read. (As fallback the the environment // variable "VAULT_TOKEN" will be used, but it will only be read once on // startup.) TokenPath string `json:"token_path,omitempty"` // Path of the KVv2 mount to use. (Default is "kv".) SecretsMountPath string `json:"secrets_mount_path,omitempty"` // Path in the KVv2 mount to use. (Default is "caddy".) SecretsPathPrefix string `json:"secrets_path_prefix,omitempty"` // Limit of connection retries after which to fail a request. (Default is 3.) MaxRetries int `json:"max_retries,omitempty"` // Timeout for locks (in seconds). (Default is 60.) LockTimeout int `json:"lock_timeout,omitempty"` // Interval for checking lock status (in seconds). (Default is 5.) LockCheckInterval int `json:"lock_check_interval,omitempty"` // contains filtered or unexported fields }
A highly available storage module that integrates with HashiCorp Vault.
func New ¶
func New() *VaultStorage
*
- Creates a new vault storage module instance with default values
func (VaultStorage) CaddyModule ¶
func (VaultStorage) CaddyModule() caddy.ModuleInfo
func (*VaultStorage) CertMagicStorage ¶
func (s *VaultStorage) CertMagicStorage() (certmagic.Storage, error)
func (*VaultStorage) CheckCapabilities ¶ added in v1.1.0
func (s *VaultStorage) CheckCapabilities(ctx context.Context) error
*
- Checks whether the provided token has enough access rights to perform all
- operations, that this module requires.
func (*VaultStorage) CheckCapabilitiesOnPath ¶ added in v1.1.0
func (s *VaultStorage) CheckCapabilitiesOnPath(ctx context.Context, path string, requiredCapabilities []string) (bool, error)
*
- Checks if a set of required capabilities are granted on a given api path
func (*VaultStorage) Cleanup ¶ added in v1.1.0
func (s *VaultStorage) Cleanup() error
func (*VaultStorage) Connect ¶
func (s *VaultStorage) Connect(ctx context.Context) error
*
- Establishes a connection to a healthy Vault instance. *
- `s.client` will always be initialized and reused, if already existing, so there
- can't be a nil dereference error, when at least calling this once. *
- If there is more than one address configured, every address will be checked
- to be a healthy Vault instance and the first healthy instance will be used.
func (*VaultStorage) Delete ¶
func (s *VaultStorage) Delete(ctx context.Context, path string) error
*
- Deletes a value in the key-value store. Throws the error fs.ErrNotExist
- if no value exists for the key. *
- @see https://pkg.go.dev/github.com/caddyserver/certmagic#Storage
func (*VaultStorage) Exists ¶
func (s *VaultStorage) Exists(ctx context.Context, path string) bool
*
- Check whether a key exists in the key-value store. On error, false will be
- returned. *
- @see https://pkg.go.dev/github.com/caddyserver/certmagic#Storage
func (*VaultStorage) List ¶
*
- List all existing keys in a specific path. *
- @see https://pkg.go.dev/github.com/caddyserver/certmagic#Storage
func (*VaultStorage) ListAggregate ¶
func (s *VaultStorage) ListAggregate(ctx context.Context, path string, recursive bool, filePathsAggregator *list.List, keyExistsCheck bool) error
*
- Internal aggregator for existing keys in a specific path.
func (*VaultStorage) Load ¶
*
- Retreives a value from the key-value store. Throws the error fs.ErrNotExist
- if no value exists for the key. *
- @see https://pkg.go.dev/github.com/caddyserver/certmagic#Storage
func (*VaultStorage) LoadTokenFromFile ¶ added in v1.1.0
func (s *VaultStorage) LoadTokenFromFile() error
*
- Loads the access token from the configured file path
func (*VaultStorage) Lock ¶
func (s *VaultStorage) Lock(ctx context.Context, path string) error
*
- Tries to create a lock or blocks until an existing lock is freed (or timed out)
- and then tries to create the lock again. *
- @see https://pkg.go.dev/github.com/caddyserver/certmagic#Locker
func (*VaultStorage) LockEnsureMetadata ¶
func (s *VaultStorage) LockEnsureMetadata(ctx context.Context, path string) error
*
- Ensures, that metadata exists for a lock. This only has to be done once,
- but is idempotent.
func (*VaultStorage) PrefixPath ¶
func (s *VaultStorage) PrefixPath(path string) string
*
- Adds the secrets path prefix (from configuration) to the path provided.
func (*VaultStorage) Provision ¶
func (s *VaultStorage) Provision(ctx caddy.Context) error
func (*VaultStorage) ReconnectOnError ¶
func (s *VaultStorage) ReconnectOnError(ctx context.Context, err error, clientAddressTried string) (bool, error)
*
- Checks the provieded error and decides, whether a reconnection is necessary,
- than performs that reconnection and reports it's decision to the caller.
func (*VaultStorage) Stat ¶
*
- Retreives stat information about a value in the key-value store. Throws the
- error fs.ErrNotExist, if no value exists for the key. *
- @see https://pkg.go.dev/github.com/caddyserver/certmagic#Storage
func (*VaultStorage) StatCheckDirectory ¶
*
- Checks whether a directory exits on a given path. Files will report as false.
func (*VaultStorage) Store ¶
*
- Creates or updates a value in the key-value store. *
- @see https://pkg.go.dev/github.com/caddyserver/certmagic#Storage
func (*VaultStorage) StoreEnsureMetadata ¶
func (s *VaultStorage) StoreEnsureMetadata(ctx context.Context, path string) error
*
- Ensures, that metadata exists for a key in the key-value store. This only
- has to be done once, but is idempotent.
func (*VaultStorage) Unlock ¶
func (s *VaultStorage) Unlock(ctx context.Context, path string) error
*
- Frees an existing lock. Throws the error fs.ErrNotExist if there was no lock
- found, that was aquired on this vault storge module instance. *
- @see https://pkg.go.dev/github.com/caddyserver/certmagic#Locker
func (*VaultStorage) Validate ¶ added in v1.1.0
func (s *VaultStorage) Validate() error
Click to show internal directories.
Click to hide internal directories.