Documentation ¶
Index ¶
Constants ¶
View Source
const ( AuthBackendMountPath = "kubernetes" AuthBackendRole = "default" // use "=" characters in the secret to test the string splitting code in // theatre-envconsol is correct SentinelSecretValue = "eats=the=world" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Runner ¶
type Runner struct{}
func (*Runner) Prepare ¶
Prepare is used for configuring a Vault server in our acceptance tests to provide Kubernetes authentication via service account.
It does several things:
Mounts a kv2 secrets engine at secret/
Creates a Kubernetes auth backend mounted at auth/kubernetes
Configures the Kubernetes backend to authenticate against the currently detected Kubernetes API server (the current cluster, if run from within)
For all successful Kubernetes logins, the user is assigned a token that maps to a cluster-reader policy, which permits reading of secrets from:
secret/data/kubernetes/{namespace}/{service-account-name}/*
Click to show internal directories.
Click to hide internal directories.