Documentation
¶
Index ¶
- Constants
- func SetLegacyLicense(ctx context.Context, tr it.Transport, req *SetLegacyLicenseRequest) error
- func Version(ctx context.Context, tr it.Transport, req *StateRequest) (semver.Version, error)
- type CLIRequest
- type CheckStater
- func CheckStateAllContainersAreReady() CheckStater
- func CheckStateAllPodContainersAreReady(podName string) CheckStater
- func CheckStateAllPodsHavePhase(phase v1.PodPhase) CheckStater
- func CheckStateAutopilotHasLeader() CheckStater
- func CheckStateAutopilotIsHealthy() CheckStater
- func CheckStateHasEnableUIInConfig() CheckStater
- func CheckStateHasHAActiveNode() CheckStater
- func CheckStateHasHealthStatusOf(statuses ...HealthStatus) CheckStater
- func CheckStateHasMatchingListenerInConfig(listener *ConfigListener) CheckStater
- func CheckStateHasMinNAutopilotHealthyNodes(min uint) CheckStater
- func CheckStateHasMinNAutopilotServers(min uint) CheckStater
- func CheckStateHasMinNAutopilotVoters(min uint) CheckStater
- func CheckStateHasMinNHANodes(min uint) CheckStater
- func CheckStateHasMinNRaftServers(min uint) CheckStater
- func CheckStateHasMinNRaftVoters(min uint) CheckStater
- func CheckStateHasRaftLeader() CheckStater
- func CheckStateHasSealType(stype SealType) CheckStater
- func CheckStateHasStatusCode(status StatusCode) CheckStater
- func CheckStateHasStorageType(stype string) CheckStater
- func CheckStateHasSystemdEnabledAndRunningProperties() CheckStater
- func CheckStateIsInitialized() CheckStater
- func CheckStateIsSealed() CheckStater
- func CheckStateIsUnsealed() CheckStater
- func CheckStatePodContainerIsReady(podName string, containerName string) CheckStater
- func CheckStatePodHasPhase(name string, phase v1.PodPhase) CheckStater
- func CheckStateSealStateIsKnown() CheckStater
- type ConfigListener
- type ConfigListenerConfig
- type ConfigSeals
- type ConfigStateSanitizedResponse
- type ConfigStateSanitizedResponseData
- type ConfigStorage
- type HAStatusData
- type HAStatusNode
- type HAStatusResponse
- type HealthRequest
- type HealthRequestOpt
- type HealthResponse
- type HealthResponseDataLicense
- type HealthStatus
- type HostInfoData
- type HostInfoHost
- type HostInfoResponse
- type InitArguments
- type InitRequest
- type InitRequestOpt
- func WithInitRequestConsulAuto(auto bool) InitRequestOpt
- func WithInitRequestConsulService(service string) InitRequestOpt
- func WithInitRequestKeyShares(shares int) InitRequestOpt
- func WithInitRequestKeyThreshold(thres int) InitRequestOpt
- func WithInitRequestPGPKeys(keys []string) InitRequestOpt
- func WithInitRequestRecoveryPGPKeys(keys []string) InitRequestOpt
- func WithInitRequestRecoveryShares(shares int) InitRequestOpt
- func WithInitRequestRecoveryThreshold(thres int) InitRequestOpt
- func WithInitRequestRootTokenPGPKey(key string) InitRequestOpt
- func WithInitRequestStateRequestOpts(opts ...StateRequestOpt) InitRequestOpt
- func WithInitRequestStoredShares(shares int) InitRequestOpt
- type InitResponse
- type RaftAutopilotConfigurationData
- type RaftAutopilotConfigurationResponse
- type RaftAutopilotStateRedundancyZone
- type RaftAutopilotStateResponse
- type RaftAutopilotStateResponseData
- type RaftAutopilotStateServer
- type RaftAutopilotStateUpgradeInfo
- type RaftAutopilotStateUpgradeInfoRedundancyZone
- type RaftConfigurationData
- type RaftConfigurationDataConfig
- type RaftConfigurationResponse
- type RaftConfigurationServer
- type ReplicationData
- type ReplicationDataStatus
- type ReplicationRequest
- type ReplicationRequestOpt
- type ReplicationResponse
- type ReplicationSecondary
- type SealStatusRequest
- type SealStatusRequestOpt
- type SealStatusResponse
- type SealStatusResponseData
- type SealType
- type SetLegacyLicenseRequest
- type SetLegacyLicenseRequestOpt
- func WithSetLegacyLicenseRequestBinPath(path string) SetLegacyLicenseRequestOpt
- func WithSetLegacyLicenseRequestLicenseContent(content string) SetLegacyLicenseRequestOpt
- func WithSetLegacyLicenseRequestLicensePath(path string) SetLegacyLicenseRequestOpt
- func WithSetLegacyLicenseRequestToken(token string) SetLegacyLicenseRequestOpt
- func WithSetLegacyLicenseRequestVaultAddr(addr string) SetLegacyLicenseRequestOpt
- type State
- func (s *State) HAEnabled() (bool, error)
- func (s *State) IsInitialized() (bool, error)
- func (s *State) IsSealed() (bool, error)
- func (s *State) ReplicationEnabled() (bool, error)
- func (s *State) StatusCode() (StatusCode, error)
- func (s *State) StorageType() (string, error)
- func (s *State) String() string
- type StateRequest
- type StateRequestOpt
- func WithStateRequestBinPath(path string) StateRequestOpt
- func WithStateRequestFlightControlPath(path string) StateRequestOpt
- func WithStateRequestFlightControlUseHomeDir() StateRequestOpt
- func WithStateRequestListPodsRequestOpts(opts ...kubernetes.ListPodsRequestOpt) StateRequestOpt
- func WithStateRequestSystemdUnitName(unit string) StateRequestOpt
- func WithStateRequestVaultAddr(addr string) StateRequestOpt
- func WithStateRequestVaultToken(token string) StateRequestOpt
- type StatusCode
- type StatusResponse
- type UnsealArguments
- type UnsealRequest
- type UnsealRequestOpt
- type UnsealResponse
- Bugs
Constants ¶
Variables ¶
This section is empty.
Functions ¶
func SetLegacyLicense ¶
SetLegacyLicense sets the vault license using the /sys/license endpoint.
Types ¶
type CLIRequest ¶
CLIRequest are common things that we need when making a CLI request.
type CheckStater ¶
CheckStater is a validate function that takes a state and validates that it has expected values.
func CheckStateAllContainersAreReady ¶
func CheckStateAllContainersAreReady() CheckStater
CheckStateAllContainersAreReady checks that all containers found in the state are Ready.
func CheckStateAllPodContainersAreReady ¶
func CheckStateAllPodContainersAreReady(podName string) CheckStater
CheckStateAllPodContainersAreReady takes a pod name and asserts that all of its containers are ready.
func CheckStateAllPodsHavePhase ¶
func CheckStateAllPodsHavePhase(phase v1.PodPhase) CheckStater
CheckStateAllPodsHavePhase takes a phase and asserts that all of the pods match the phase.
func CheckStateAutopilotHasLeader ¶
func CheckStateAutopilotHasLeader() CheckStater
CheckStateAutopilotHasLeader checks whether or not the cluster has a raft leader.
func CheckStateAutopilotIsHealthy ¶
func CheckStateAutopilotIsHealthy() CheckStater
CheckStateAutopilotIsHealthy checks whether or not the autopilot is in a healthy state.
func CheckStateHasEnableUIInConfig ¶
func CheckStateHasEnableUIInConfig() CheckStater
CheckStateHasEnableUIInConfig checks whether or not the vault cluster has been configured to enable the UI.
func CheckStateHasHAActiveNode ¶
func CheckStateHasHAActiveNode() CheckStater
CheckStateHasHAActiveNode checks whether or not the vault cluster has an active HA node.
func CheckStateHasHealthStatusOf ¶
func CheckStateHasHealthStatusOf(statuses ...HealthStatus) CheckStater
CheckStateHasHealthStatusOf takes one-or-more health statuses and checks whether or not the node has one of the health status.
func CheckStateHasMatchingListenerInConfig ¶
func CheckStateHasMatchingListenerInConfig(listener *ConfigListener) CheckStater
CheckStateHasMatchingListenerInConfig checks whether or not the vault cluster has been configured with a matching listener.
func CheckStateHasMinNAutopilotHealthyNodes ¶
func CheckStateHasMinNAutopilotHealthyNodes(min uint) CheckStater
CheckStateHasMinNAutopilotHealthyNodes checks whether or not the cluster has a minimum of N autopilot healthy nodes.
func CheckStateHasMinNAutopilotServers ¶
func CheckStateHasMinNAutopilotServers(min uint) CheckStater
CheckStateHasMinNAutopilotServers checks whether or not the cluster has a minimum of N autopilot servers.
func CheckStateHasMinNAutopilotVoters ¶
func CheckStateHasMinNAutopilotVoters(min uint) CheckStater
CheckStateHasMinNAutopilotVoters checks whether or not the cluster has a minimum of N autopilot voters.
func CheckStateHasMinNHANodes ¶
func CheckStateHasMinNHANodes(min uint) CheckStater
CheckStateHasMinNHANodes checks whether or not the cluster has a minimum of N nodes.
func CheckStateHasMinNRaftServers ¶
func CheckStateHasMinNRaftServers(min uint) CheckStater
CheckStateHasMinNRaftServers checks whether or not the cluster has a minimum of N raft servers.
func CheckStateHasMinNRaftVoters ¶
func CheckStateHasMinNRaftVoters(min uint) CheckStater
CheckStateHasMinNRaftVoters checks whether or not the cluster has a minimum of N raft voters.
func CheckStateHasRaftLeader ¶
func CheckStateHasRaftLeader() CheckStater
CheckStateHasRaftLeader checks whether or not the cluster has a raft leader.
func CheckStateHasSealType ¶
func CheckStateHasSealType(stype SealType) CheckStater
CheckStateHasSealType checks whether or not the node has the given seal type.
func CheckStateHasStatusCode ¶
func CheckStateHasStatusCode(status StatusCode) CheckStater
CheckStateHasStatusCode checks that the vault status code matches the given code.
func CheckStateHasStorageType ¶
func CheckStateHasStorageType(stype string) CheckStater
CheckStateHasStorageType checks whether or not the node has the given storage type.
func CheckStateHasSystemdEnabledAndRunningProperties ¶
func CheckStateHasSystemdEnabledAndRunningProperties() CheckStater
CheckStateHasSystemdEnabledAndRunningProperties checks that the vault systemd service has all of the properties and values we expect for a service to be running.
func CheckStateIsInitialized ¶
func CheckStateIsInitialized() CheckStater
CheckStateIsInitialized checks whether or not vault is initialized.
func CheckStateIsSealed ¶
func CheckStateIsSealed() CheckStater
CheckStateIsSealed checks whether or not the Vault node is sealed.
func CheckStateIsUnsealed ¶
func CheckStateIsUnsealed() CheckStater
CheckStateIsUnsealed checks whether or not the Vault node is unsealed.
func CheckStatePodContainerIsReady ¶
func CheckStatePodContainerIsReady(podName string, containerName string) CheckStater
CheckStatePodContainerIsReady takes a pod name, a container name and asserts that the container is ready.
func CheckStatePodHasPhase ¶
func CheckStatePodHasPhase(name string, phase v1.PodPhase) CheckStater
CheckStatePodHasPhase takes a pod name and a phase and asserts that the pod has the expected phase.
func CheckStateSealStateIsKnown ¶
func CheckStateSealStateIsKnown() CheckStater
CheckStateSealStateIsKnown checks whether or not the Vault node has a valid seal state.
type ConfigListener ¶
type ConfigListener struct {
Config *ConfigListenerConfig `json:"config,omitempty"`
Type string `json:"type,omitempty"`
}
ConfigListener is the listeners stanza of the configuration.
type ConfigListenerConfig ¶
type ConfigListenerConfig struct {
Address string `json:"address,omitempty"`
TLSDisable string `json:"tls_disable,omitempty"`
}
ConfigListenerConfig is the config section of the listeners configuration.
type ConfigSeals ¶
type ConfigSeals struct {
Disabled bool `json:"disabled,omitempty"`
Type string `json:"type,omitempty"`
}
ConfigSeals is the seals stanza of the configuration.
type ConfigStateSanitizedResponse ¶
type ConfigStateSanitizedResponse struct {
Data *ConfigStateSanitizedResponseData `json:"data,omitempty"`
}
ConfigStateSanitizedResponse is the sanitized config returned from vault.
func GetConfigStateSanitized ¶
func GetConfigStateSanitized(ctx context.Context, tr it.Transport, req *CLIRequest) (*ConfigStateSanitizedResponse, error)
GetConfigStateSanitized returns a sanitized version of the configuration state.
func NewConfigStateSanitizedResponse ¶
func NewConfigStateSanitizedResponse() *ConfigStateSanitizedResponse
NewConfigStateSanitizedResponse returns a new instance of ConfigStateSanitizedResponse.
func (*ConfigStateSanitizedResponse) String ¶
func (s *ConfigStateSanitizedResponse) String() string
String returns the sanitized config.
type ConfigStateSanitizedResponseData ¶
type ConfigStateSanitizedResponseData struct {
APIAddr string `json:"api_addr,omitempty"`
CacheSize json.Number `json:"cache_size,omitempty"`
ClusterAddr string `json:"cluster_addr,omitempty"`
ClusterCipherSuites string `json:"cluster_cipher_suites,omitempty"`
ClusterName string `json:"cluster_name,omitempty"`
DefaultLeaseTTL json.Number `json:"default_lease_ttl,omitempty"`
DefaultMaxRequestDuration json.Number `json:"default_max_request_duration,omitempty"`
DisableCache bool `json:"disable_cache,omitempty"`
DisableClustering bool `json:"disable_clustering,omitempty"`
DisableIndexing bool `json:"disable_indexing,omitempty"`
DisableMlock bool `json:"disable_mlock,omitempty"`
DisablePerformanceStandby bool `json:"disable_performance_standby,omitempty"`
DisablePrintableCheck bool `json:"disable_printable_check,omitempty"`
DisableSealwrap bool `json:"disable_sealwrap,omitempty"`
EnableUI bool `json:"enable_ui,omitempty"`
Listeners []*ConfigListener `json:"listeners,omitempty"`
LogFormat string `json:"log_format,omitempty"`
LogLevel string `json:"log_level,omitempty"`
MaxLeaseTTL json.Number `json:"max_lease_ttl,omitempty"`
PIDFile string `json:"pid_file,omitempty"`
PluginDirectory string `json:"plugin_directory,omitempty"`
RawStorageEndpoint bool `json:"raw_storage_endpoint,omitempty"`
Seals []*ConfigSeals `json:"seals,omitempty"`
Storage *ConfigStorage `json:"storage,omitempty"`
}
ConfigStateSanitizedResponse is the data section of the sanitized config.
func (*ConfigStateSanitizedResponseData) String ¶
func (s *ConfigStateSanitizedResponseData) String() string
String returns the sanitized config data.
type ConfigStorage ¶
type ConfigStorage struct {
ClusterAddr string `json:"cluster_addr,omitempty"`
DisableClustering bool `json:"disable_clustering,omitempty"`
RedirectAddr string `json:"redirect_addr,omitempty"`
Type string `json:"type,omitempty"`
}
ConfigStorage is the storage stanza of the configuration.
type HAStatusData ¶
type HAStatusData struct {
Nodes []*HAStatusNode `json:"nodes,omitempty"`
}
HAStatusData is the data section of the ha-status result.
func (*HAStatusData) String ¶
func (s *HAStatusData) String() string
String returns the ha-status data as a string.
type HAStatusNode ¶
type HAStatusNode struct {
ActiveNode bool `json:"active_node,omitempty"`
APIAddress string `json:"api_address,omitempty"`
ClusterAddress string `json:"cluster_address,omitempty"`
Hostname string `json:"hostname,omitempty"`
LastEcho string `json:"last_echo,omitempty"`
Version string `json:"version,omitempty"`
// ENT only fields are below
RedundancyZone string `json:"redundancy_zone,omitempty"`
UpgradeVersion string `json:"upgrade_version,omitempty"`
}
HAStatusNode is a node in the ha-status result.
func (*HAStatusNode) String ¶
func (s *HAStatusNode) String() string
String returns the ha-status node data as a string.
type HAStatusResponse ¶
type HAStatusResponse struct {
Data *HAStatusData `json:"data,omitempty"`
}
HAStatusResponse is the JSON stdout result of /v1/sys/ha-status.
func GetHAStatus ¶
func GetHAStatus(ctx context.Context, tr it.Transport, req *CLIRequest) (*HAStatusResponse, error)
GetHAStatus returns the vault HA status.
func NewHAStatusResponse ¶
func NewHAStatusResponse() *HAStatusResponse
NewHAStatusResponse returns a new instance of HAStatusResponse.
func (*HAStatusResponse) String ¶
func (s *HAStatusResponse) String() string
String returns the ha status as a string.
type HealthRequest ¶
type HealthRequest struct {
VaultAddr string
FlightControlPath string
StandbyOk bool
PerfStandbyOk bool
ActiveCode HealthStatus
StandbyCode HealthStatus
DRSecondaryCode HealthStatus
PerformanceStandbyCode HealthStatus
SealedCode HealthStatus
UnInitCode HealthStatus
}
HealthRequest is a vault /v1/sys/health request.
func NewHealthRequest ¶
func NewHealthRequest(opts ...HealthRequestOpt) *HealthRequest
NewHealthRequest takes functional options and returns a new request.
func (*HealthRequest) String ¶
func (r *HealthRequest) String() string
String returns the health status request as an enos-flight-control command string.
type HealthRequestOpt ¶
type HealthRequestOpt func(*HealthRequest) *HealthRequest
HealthRequestOpt is a functional option for health requests.
func WithHealthFlightControlPath ¶
func WithHealthFlightControlPath(path string) HealthRequestOpt
WithHealthFlightControlPath sets the path to flightcontrol.
func WithHealthRequestVaultAddr ¶
func WithHealthRequestVaultAddr(addr string) HealthRequestOpt
WithHealthRequestVaultAddr sets vault address.
type HealthResponse ¶
type HealthResponse struct {
HealthStatus
ClusterID string `json:"cluster_id,omitempty"`
ClusterName string `json:"cluster_name,omitempty"`
Initialized bool `json:"initialized,omitempty"`
LastWAL uint64 `json:"last_wal,omitempty"`
License *HealthResponseDataLicense `json:"license,omitempty"`
PerformanceStandby bool `json:"performance_standby,omitempty"`
ReplicationDRMode string `json:"replication_dr_mode,omitempty"`
ReplicationPerformanceMode string `json:"replication_performance_mode,omitempty"`
Sealed bool `json:"sealed,omitempty"`
ServerTimeUTC uint64 `json:"server_time_utc,omitempty"`
Standby bool `json:"standby,omitempty"`
Version string `json:"version,omitempty"`
}
HealthResponse is the JSON stdout result of /v1/sys/health.
func GetHealth ¶
func GetHealth(ctx context.Context, tr it.Transport, req *HealthRequest) (*HealthResponse, error)
GetHealth returns the vault node health.
func NewHealthResponse ¶
func NewHealthResponse() *HealthResponse
NewHealthResponse returns a new instance of NewHealthResponse.
func (*HealthResponse) IsSealed ¶
func (r *HealthResponse) IsSealed() (bool, error)
IsSealed returns whether or not the node is sealed.
func (*HealthResponse) Status ¶
func (r *HealthResponse) Status() HealthStatus
Status is the response code to requests to /v1/sys/health. As we don't actually have access to the header status code because we use "vault read" we have to determine it by ourselves.
func (*HealthResponse) StatusIsOneOf ¶
func (r *HealthResponse) StatusIsOneOf(statuses ...HealthStatus) bool
StatusIsOneOf takes one-or-more statuses and returns wether or not the response status matches one of the statuses. If no statuses are passed it will return false.
func (*HealthResponse) String ¶
func (r *HealthResponse) String() string
String returns the health response as a string.
type HealthResponseDataLicense ¶
type HealthResponseDataLicense struct {
ExpiryTime string `json:"expiry_time"`
State string `json:"state"`
Terminated bool `json:"terminated"`
}
HealthResponseDataLicense is the data body of the license for /v1/sys/health.
func (*HealthResponseDataLicense) String ¶
func (l *HealthResponseDataLicense) String() string
String returns the license health as a string.
type HealthStatus ¶
type HealthStatus int
HealthStatus is the response code to requests to /v1/sys/health.
const ( // These health status codes differ from the defaults as outlined here: // https://developer.hashicorp.com/vault/api-docs/system/health // // When we get the health status of a node/cluster the /v1/sys/health // endpoint behaves differently depending the node role (active, standby, // perf standby, DR active secondary) and the cluster state // (initialized and unsealed). The endpoint will return different HTTP // status codes which correspond to node health, as well as a JSON body // that contains the data. We can't use 'vault read' for this endpoint // because it doesn't allow us to pass parameters, nor does it handle // the different status codes the endpoint will return. What we've chosen // to do is to use enos-flight-control to "download" the health response // to STDOUT and then exit the program with the status code that is // returned. This will allow us to ascertain the health status and get the // body with a single execution. // // Because we are going to exit with an code to specify health, we have to // choose codes that fall into POSIX and HTTP compliance. We need to support // waitid(), which means that in practice any exit code will only ever // return the first 8 bits, i.e. an int up to 255. We also need our codes // to fall into HTTP compliance, and 200 codes are used for success. We // choose to avoid all exisiting reserved codes and stay within our range. HealthStatusInitializedUnsealedActive HealthStatus = 230 HealthStatusUnsealedStandby HealthStatus = 231 HealthStatusDRReplicationSecondaryActive HealthStatus = 232 HealthStatusPerformanceStandby HealthStatus = 233 HealthStatusNotInitialized HealthStatus = 234 HealthStatusSealed HealthStatus = 235 // Unknown is our default state and is defined outside of LSB range. HealthStatusUnknown HealthStatus = 9 )
func (HealthStatus) String ¶
func (s HealthStatus) String() string
String returns the health status response as a string.
type HostInfoData ¶
type HostInfoData struct {
Host *HostInfoHost `json:"host,omitempty"`
}
HostInfoData is the data section of the host-info response.
func (*HostInfoData) String ¶
func (s *HostInfoData) String() string
String returns the host info data as a string.
type HostInfoHost ¶
type HostInfoHost struct {
BootTime json.Number `json:"bootTime,omitempty"`
HostID string `json:"hostid,omitempty"`
Hostname string `json:"hostname,omitempty"`
KernelArch string `json:"kernelArch,omitempty"`
KernelVersion string `json:"kernelVersion,omitempty"`
OS string `json:"os,omitempty"`
Platform string `json:"platform,omitempty"`
PlatformFamily string `json:"platformFamily,omitempty"`
PlatformVersion string `json:"platformVersion,omitempty"`
Procs json.Number `json:"procs,omitempty"`
Uptime json.Number `json:"uptime,omitempty"`
VirtualizationRole string `json:"virtualizationRole,omitempty"`
VirtualizationSystem string `json:"virtualizationSystem,omitempty"`
}
HostInfoHost is the host section of the host-info response.
func (*HostInfoHost) String ¶
func (s *HostInfoHost) String() string
String returns the host info host as a string.
type HostInfoResponse ¶
type HostInfoResponse struct {
Data *HostInfoData `json:"data,omitempty"`
}
HostInfoResponse is the JSON stdout result of /v1/sys/host-info.
func GetHostInfo ¶
func GetHostInfo(ctx context.Context, tr it.Transport, req *CLIRequest) (*HostInfoResponse, error)
GetHostInfo returns the vault host info.
func NewHostInfoResponse ¶
func NewHostInfoResponse() *HostInfoResponse
NewHostInfoResponse returns a new instance of HostInfoResponse.
func (*HostInfoResponse) String ¶
func (s *HostInfoResponse) String() string
String returns the host info as a string.
type InitArguments ¶
type InitArguments struct {
KeyThreshold int
PGPKeys []string
RecoveryThreshold int
RecoveryPGPKeys []string
RootTokenPGPKey string
ConsulAuto bool
ConsulService string
}
InitArguments are the possible arguments to pass to the init command.
type InitRequest ¶
type InitRequest struct {
*StateRequest
StateRequestOpts []StateRequestOpt
*InitArguments
}
InitRequest is the init request.
func NewInitRequest ¶
func NewInitRequest(opts ...InitRequestOpt) *InitRequest
NewInitRequest takes functional options and returns a new systemd unit request.
func (*InitRequest) String ¶
func (r *InitRequest) String() string
String returns the init request as an init command.
func (*InitRequest) Validate ¶
func (r *InitRequest) Validate() error
Validate validates that the init requests has required fields.
type InitRequestOpt ¶
type InitRequestOpt func(*InitRequest) *InitRequest
InitRequestOpt is a functional option for a config create request.
func WithInitRequestConsulAuto ¶
func WithInitRequestConsulAuto(auto bool) InitRequestOpt
WithInitRequestConsulAuto enables consul service discovery mode.
func WithInitRequestConsulService ¶
func WithInitRequestConsulService(service string) InitRequestOpt
WithInitRequestConsulService sets the service name for consul service discovery mode.
func WithInitRequestKeyShares ¶
func WithInitRequestKeyShares(shares int) InitRequestOpt
WithInitRequestKeyShares sets the init request key shares.
func WithInitRequestKeyThreshold ¶
func WithInitRequestKeyThreshold(thres int) InitRequestOpt
WithInitRequestKeyThreshold sets the init key request threshold.
func WithInitRequestPGPKeys ¶
func WithInitRequestPGPKeys(keys []string) InitRequestOpt
WithInitRequestPGPKeys sets the init pgp keys.
func WithInitRequestRecoveryPGPKeys ¶
func WithInitRequestRecoveryPGPKeys(keys []string) InitRequestOpt
WithInitRequestRecoveryPGPKeys sets the recovery pgp keys.
func WithInitRequestRecoveryShares ¶
func WithInitRequestRecoveryShares(shares int) InitRequestOpt
WithInitRequestRecoveryShares sets the init recovery shares.
func WithInitRequestRecoveryThreshold ¶
func WithInitRequestRecoveryThreshold(thres int) InitRequestOpt
WithInitRequestRecoveryThreshold sets the init recovery threshold.
func WithInitRequestRootTokenPGPKey ¶
func WithInitRequestRootTokenPGPKey(key string) InitRequestOpt
WithInitRequestRootTokenPGPKey sets the root token pgp key.
func WithInitRequestStateRequestOpts ¶
func WithInitRequestStateRequestOpts(opts ...StateRequestOpt) InitRequestOpt
WithInitRequestStateRequestOpts sets the options for the state request.
func WithInitRequestStoredShares ¶
func WithInitRequestStoredShares(shares int) InitRequestOpt
WithInitRequestStoredShares sets the request stored shares.
type InitResponse ¶
type InitResponse struct {
UnsealKeysB64 []string `json:"unseal_keys_b64"`
UnsealKeysHex []string `json:"unseal_keys_hex"`
UnsealThreshold json.Number `json:"unseal_threshold"`
RecoveryKeysB64 []string `json:"recovery_keys_b64"`
RecoveryKeysHex []string `json:"recovery_keys_hex"`
RecoveryKeysThreshold json.Number `json:"recovery_keys_threshold"`
RootToken string `json:"root_token"`
PriorState *State
PostState *State
}
InitResponse is the init response.
func Init ¶
func Init(ctx context.Context, tr it.Transport, req *InitRequest) (*InitResponse, error)
Init initializes a vault cluster.
type RaftAutopilotConfigurationData ¶
type RaftAutopilotConfigurationData struct {
CleanupDeadServers bool `json:"cleanup_dead_servers,omitempty"`
DeadServerLastContactThreshold string `json:"dead_server_last_contact_threshold,omitempty"`
LastContactThreshold string `json:"last_contact_threshold,omitempty"`
MaxTrailingLogs json.Number `json:"max_trailing_logs,omitempty"`
MinQuorum json.Number `json:"min_quorum,omitempty"`
ServerStabilizationTime string `json:"server_stabilization_time,omitempty"`
DisableUpgradeMigration bool `json:"disable_upgrade_migration,omitempty"`
}
RaftAutopilotConfigurationData is the data stanza of the config response.
func (*RaftAutopilotConfigurationData) String ¶
func (s *RaftAutopilotConfigurationData) String() string
String returns the raft autopilot configuration data as a string.
type RaftAutopilotConfigurationResponse ¶
type RaftAutopilotConfigurationResponse struct {
Data *RaftAutopilotConfigurationData `json:"data,omitempty"`
}
RaftAutopilotConfigurationResponse is the response of /v1/sys/raft/autopilot/configuration.
func GetRaftAutopilotConfiguration ¶
func GetRaftAutopilotConfiguration(ctx context.Context, tr it.Transport, req *CLIRequest) (*RaftAutopilotConfigurationResponse, error)
GetRaftAutopilotConfiguration returns raft autopilot configuration.
func NewRaftAutopilotConfigurationResponse ¶
func NewRaftAutopilotConfigurationResponse() *RaftAutopilotConfigurationResponse
NewRaftAutopilotConfigurationResponse returns a new instance of RaftAutopilotConfigurationResponse.
func (*RaftAutopilotConfigurationResponse) String ¶
func (s *RaftAutopilotConfigurationResponse) String() string
String returns the raft autopilot configuration response as a string.
type RaftAutopilotStateRedundancyZone ¶
type RaftAutopilotStateRedundancyZone struct {
Servers []string `json:"servers,omitempty"`
Voters []string `json:"voters,omitempty"`
FailureTolerance json.Number `json:"failure_tolerance,omitempty"`
}
RaftAutopilotStateRedundancyZone is vault enterprise raft redundancy zone config.
func (*RaftAutopilotStateRedundancyZone) String ¶
func (r *RaftAutopilotStateRedundancyZone) String() string
String returns the RaftAutopilotStateRedundancyZone as a string.
type RaftAutopilotStateResponse ¶
type RaftAutopilotStateResponse struct {
Data *RaftAutopilotStateResponseData `json:"data,omitempty"`
}
RaftAutopilotStateResponse is the raft autopilot state.
func GetRaftAutopilotState ¶
func GetRaftAutopilotState(ctx context.Context, tr it.Transport, req *CLIRequest) (*RaftAutopilotStateResponse, error)
GetRaftAutopilotState returns the raft autopilot state.
func NewRaftAutopilotStateResponse ¶
func NewRaftAutopilotStateResponse() *RaftAutopilotStateResponse
NewRaftAutopilotStateResponse returns a new instance of RaftAutopilotStateResponse.
func (*RaftAutopilotStateResponse) String ¶
func (r *RaftAutopilotStateResponse) String() string
String returns the RaftAutopilotStateResponse as a string.
type RaftAutopilotStateResponseData ¶
type RaftAutopilotStateResponseData struct {
Healthy bool `json:"healthy,omitempty"`
FailureTolerance json.Number `json:"failure_tolerance,omitempty"`
Leader string `json:"leader,omitempty"`
OptimisticFailureTolerance json.Number `json:"optimistic_failure_tolerance,omitempty"`
// RedundancyZones is ENT only
RedundancyZones map[string]*RaftAutopilotStateRedundancyZone `json:"redundancy_zones,omitempty"`
Servers map[string]*RaftAutopilotStateServer `json:"servers,omitempty"`
// UpgradeInfo is ENT only
UpgradeInfo *RaftAutopilotStateUpgradeInfo `json:"upgrade_info,omitempty"`
Voters []string `json:"voters,omitempty"`
NonVoters []string `json:"non_voters,omitempty"`
}
RaftAutopilotStateResponseData is the raft autopilot state data.
func (*RaftAutopilotStateResponseData) String ¶
func (r *RaftAutopilotStateResponseData) String() string
String returns the RaftAutopilotStateResponseData as a string.
type RaftAutopilotStateServer ¶
type RaftAutopilotStateServer struct {
ID string `json:"id,omitempty"`
Name string `json:"name,omitempty"`
Address string `json:"address,omitempty"`
NodeStatus string `json:"node_status,omitempty"`
LastContact string `json:"last_contact,omitempty"`
LastTerm json.Number `json:"last_term,omitempty"`
Healthy bool `json:"healthy,omitempty"`
StableSince string `json:"stable_since,omitempty"`
Status string `json:"status,omitempty"`
Meta json.RawMessage `json:"meta,omitempty"`
}
RaftAutopilotStateServer is the raft autopilot state server.
func (*RaftAutopilotStateServer) String ¶
func (r *RaftAutopilotStateServer) String() string
String returns the RaftAutopilotStateServer as a string.
type RaftAutopilotStateUpgradeInfo ¶
type RaftAutopilotStateUpgradeInfo struct {
OtherVersionNonVoters []string `json:"other_version_non_voters,omitempty"`
OtherVersionVoters []string `json:"other_version_voters,omitempty"`
RedundancyZones map[string]*RaftAutopilotStateUpgradeInfoRedundancyZone `json:"redundancy_zones,omitempty"`
Status string `json:"status,omitempty"`
TargetVersion string `json:"target_version,omitempty"`
TargetVersionNonVoters []string `json:"target_version_non_voters,omitempty"`
}
RaftAutopilotStateServer is the raft autopilot state upgrade info.
func (*RaftAutopilotStateUpgradeInfo) String ¶
func (r *RaftAutopilotStateUpgradeInfo) String() string
String returns the RaftAutopilotStateUpgradeInfo as a string.
type RaftAutopilotStateUpgradeInfoRedundancyZone ¶
type RaftAutopilotStateUpgradeInfoRedundancyZone struct {
TargetVersionNonVoters []string `json:"target_version_non_voters,omitempty"`
OtherVersionVoters []string `json:"other_version_voters,omitempty"`
OtherVersionNonVoters []string `json:"other_version_non_voters,omitempty"`
}
RaftAutopilotStateServer is the raft autopilot state upgrade info redundancy zone.
func (*RaftAutopilotStateUpgradeInfoRedundancyZone) String ¶
func (r *RaftAutopilotStateUpgradeInfoRedundancyZone) String() string
String returns the RaftAutopilotStateUpgradeInfoRedundancyZone as a string.
type RaftConfigurationData ¶
type RaftConfigurationData struct {
Config *RaftConfigurationDataConfig `json:"config,omitempty"`
}
RaftConfigurationData is the data stanza of the raft response.
func (*RaftConfigurationData) String ¶
func (s *RaftConfigurationData) String() string
String returns the seal data as a string.
type RaftConfigurationDataConfig ¶
type RaftConfigurationDataConfig struct {
Index json.Number `json:"index,omitempty"`
Servers []*RaftConfigurationServer `json:"servers,omitempty"`
}
RaftConfigurationData is the config stanza of the raft response.
func (*RaftConfigurationDataConfig) String ¶
func (s *RaftConfigurationDataConfig) String() string
String returns the seal data as a string.
type RaftConfigurationResponse ¶
type RaftConfigurationResponse struct {
Data *RaftConfigurationData `json:"data,omitempty"`
}
RaftConfigurationResponse is the response of /v1/sys/raft/configuration.
func GetRaftConfiguration ¶
func GetRaftConfiguration(ctx context.Context, tr it.Transport, req *CLIRequest) (*RaftConfigurationResponse, error)
GetRaftConfiguration returns the vault raft configuration.
func NewRaftConfigurationResponse ¶
func NewRaftConfigurationResponse() *RaftConfigurationResponse
NewRaftConfigurationResponse returns a new instance of RaftConfigurationResponse.
func (*RaftConfigurationResponse) String ¶
func (s *RaftConfigurationResponse) String() string
String returns the ha status as a string.
type RaftConfigurationServer ¶
type RaftConfigurationServer struct {
Address string `json:"address,omitempty"`
Leader bool `json:"leader,omitempty"`
NodeID string `json:"node_id,omitempty"`
ProtocolVersion string `json:"protocol_version,omitempty"`
Voter bool `json:"voter,omitempty"`
}
RaftConfigurationServer is one of the raft servers that have been configured.
func (*RaftConfigurationServer) String ¶
func (s *RaftConfigurationServer) String() string
String returns the seal data as a string.
type ReplicationData ¶
type ReplicationData struct {
DR *ReplicationDataStatus `json:"dr,omitempty"`
Performance *ReplicationDataStatus `json:"performance,omitempty"`
}
ReplicationData is the replication response data.
func (*ReplicationData) String ¶
func (s *ReplicationData) String() string
String returns the replication data as a string.
type ReplicationDataStatus ¶
type ReplicationDataStatus struct {
ClusterID string `json:"cluster_id,omitempty"`
KnownSecondaries []string `json:"known_secondaries,omitempty"`
LastWAL json.Number `json:"last_wal,omitempty"`
MerkleRoot string `json:"merkle_root,omitempty"`
Mode string `json:"mode,omitempty"`
Secondaries []*ReplicationSecondary `json:"secondaries,omitempty"`
}
ReplicationDataStatus is the replication status information.
func NewReplicationDataStatus ¶
func NewReplicationDataStatus() *ReplicationDataStatus
NewReplicationDataStatus returns a new instance of ReplicationDataStatus.
func (*ReplicationDataStatus) String ¶
func (s *ReplicationDataStatus) String() string
String returns the status information as a string.
type ReplicationRequest ¶
type ReplicationRequest struct {
*CLIRequest
}
ReplicationRequest is a replication request.
func NewReplicationRequest ¶
func NewReplicationRequest(opts ...ReplicationRequestOpt) *ReplicationRequest
NewReplicationRequest takes functional options and returns a new replication request.
type ReplicationRequestOpt ¶
type ReplicationRequestOpt func(*ReplicationRequest) *ReplicationRequest
ReplicationRequestOpt is a replication request function option.
func WithReplicationRequestBinPath ¶
func WithReplicationRequestBinPath(path string) ReplicationRequestOpt
WithReplicationRequestBinPath sets the vault binary path.
func WithReplicationRequestVaultAddr ¶
func WithReplicationRequestVaultAddr(addr string) ReplicationRequestOpt
WithReplicationRequestVaultAddr sets the vault address.
type ReplicationResponse ¶
type ReplicationResponse struct {
Data *ReplicationData `json:"data,omitempty"`
}
ReplicationStatusResponse is the JSON stdout result /v1/sys/replication/status.
func GetReplicationStatus ¶
func GetReplicationStatus(ctx context.Context, tr it.Transport, req *ReplicationRequest) (*ReplicationResponse, error)
GetReplicationStatus returns the vault node status.
func NewReplicationResponse ¶
func NewReplicationResponse() *ReplicationResponse
NewReplicationResponse returns a new instance of ReplicationResponse.
func (*ReplicationResponse) String ¶
func (s *ReplicationResponse) String() string
String returns the ha status as a string.
type ReplicationSecondary ¶
type ReplicationSecondary struct {
APIAddress string `json:"api_address,omitempty"`
ClusterAddress string `json:"cluster_address,omitempty"`
ConnectionStatus string `json:"connection_status,omitempty"`
LastHeartbeat string `json:"last_heartbeat,omitempty"`
NodeID string `json:"node_id,omitempty"`
}
ReplicationSecondary is the replication secondary data.
func (*ReplicationSecondary) String ¶
func (s *ReplicationSecondary) String() string
String returns the seal data as a string.
type SealStatusRequest ¶
SealStatusRequest is a vault /v1/sys/seal-status request.
func NewSealStatusRequest ¶
func NewSealStatusRequest(opts ...SealStatusRequestOpt) *SealStatusRequest
NewSealStatusRequest takes functional options and returns a new request.
func (*SealStatusRequest) String ¶
func (r *SealStatusRequest) String() string
String returns the health status request as an enos-flight-control command string. We use enos-flight-control here over `vault read` because the response body of this API is different among vault versions. At some point in the 1.11.x series the API changed to conform to what `vault read` expects, but we have get the raw body to support prior and post response body types.
type SealStatusRequestOpt ¶
type SealStatusRequestOpt func(*SealStatusRequest) *SealStatusRequest
SealStatusRequestOpt is a functional option for seal-status requests.
func WithSealStatusFlightControlPath ¶
func WithSealStatusFlightControlPath(path string) SealStatusRequestOpt
WithSealStatusFlightControlPath sets the path to flightcontrol.
func WithSealStatusRequestVaultAddr ¶
func WithSealStatusRequestVaultAddr(addr string) SealStatusRequestOpt
WithSealStatusRequestVaultAddr sets vault address.
type SealStatusResponse ¶
type SealStatusResponse struct {
Data *SealStatusResponseData `json:"data,omitempty"`
}
SealStatusResponse is the JSON stdout result of "vault status". It should be taken with a grain of salt. For seal status in particular, always trust the exit code before the status response.
func GetSealStatus ¶
func GetSealStatus(ctx context.Context, tr it.Transport, req *SealStatusRequest) (*SealStatusResponse, error)
GetSealStatus returns the vault node seal status.
func NewSealStatusResponse ¶
func NewSealStatusResponse() *SealStatusResponse
NewSealStatusResponse returns a new instance of SealStatusResponse.
func (*SealStatusResponse) IsSealed ¶
func (s *SealStatusResponse) IsSealed() (bool, error)
IsSealed checks whether or not the status of the cluster is sealed.
func (*SealStatusResponse) String ¶
func (s *SealStatusResponse) String() string
String returns the seal data as a string.
type SealStatusResponseData ¶
type SealStatusResponseData struct {
BuildDate string `json:"build_date,omitempty"`
ClusterID string `json:"cluster_id,omitempty"`
ClusterName string `json:"cluster_name,omitempty"`
Initialized bool `json:"initialized,omitempty"`
Migration bool `json:"migration,omitempty"`
Number json.Number `json:"n,omitempty"`
Nonce string `json:"nonce,omitempty"`
Progress json.Number `json:"progress,omitempty"`
RecoverySeal bool `json:"recovery_seal,omitempty"`
Sealed bool `json:"sealed,omitempty"`
StorageType string `json:"storage_type,omitempty"`
Threshold json.Number `json:"t,omitempty"`
Type SealType `json:"type,omitempty"`
Version string `json:"version,omitempty"`
}
SealStatusResponseData is the seal data in the seal response.
func (*SealStatusResponseData) String ¶
func (s *SealStatusResponseData) String() string
String returns the seal data as a string.
type SealType ¶
type SealType string
SealType is the Vault seal type.
const ( SealTypeShamir SealType = "shamir" SealTypeAliCloud SealType = "alicloudkms" SealTypeAWSKMS SealType = "awskms" SealTypeAzureKeyVault SealType = "azurekeyvault" SealTypeGCPKMS SealType = "gcpkms" SealTypeOCIKMS SealType = "ocikms" SealTypeHSMPKCS11 SealType = "pkcs11" SealTypeTransit SealType = "transit" )
SealTypes are the possible Vault seal types.
type SetLegacyLicenseRequest ¶
type SetLegacyLicenseRequest struct {
*CLIRequest
LicensePath string
LicenseContent string
}
SetLegacyLicenseRequest is the legacy license set request.
func NewSetLegacyLicenseRequest ¶
func NewSetLegacyLicenseRequest(opts ...SetLegacyLicenseRequestOpt) *SetLegacyLicenseRequest
NewSetLegacyLicenseRequest takes functional options and returns a new systemd unit request.
type SetLegacyLicenseRequestOpt ¶
type SetLegacyLicenseRequestOpt func(*SetLegacyLicenseRequest) *SetLegacyLicenseRequest
SetLegacyLicenseRequestOpt is a functional option for a legacy license request.
func WithSetLegacyLicenseRequestBinPath ¶
func WithSetLegacyLicenseRequestBinPath(path string) SetLegacyLicenseRequestOpt
WithSetLegacyLicenseRequestBinPath sets the vault binary path.
func WithSetLegacyLicenseRequestLicenseContent ¶
func WithSetLegacyLicenseRequestLicenseContent(content string) SetLegacyLicenseRequestOpt
WithSetLegacyLicenseRequestLicenseContent sets the vault license content.
func WithSetLegacyLicenseRequestLicensePath ¶
func WithSetLegacyLicenseRequestLicensePath(path string) SetLegacyLicenseRequestOpt
WithSetLegacyLicenseRequestLicensePath sets the vault license path.
func WithSetLegacyLicenseRequestToken ¶
func WithSetLegacyLicenseRequestToken(token string) SetLegacyLicenseRequestOpt
WithSetLegacyLicenseRequestToken sets the vault license token.
func WithSetLegacyLicenseRequestVaultAddr ¶
func WithSetLegacyLicenseRequestVaultAddr(addr string) SetLegacyLicenseRequestOpt
WithSetLegacyLicenseRequestVaultAddr sets the vault address.
type State ¶
type State struct {
AutopilotConfig *RaftAutopilotConfigurationResponse // /v1/sys/storage/raft/autopilot/configuration
AutopilotState *RaftAutopilotStateResponse // /v1/sys/storage/raft/autopilot/state
ConfigSanitized *ConfigStateSanitizedResponse // /v1/sys/config/state/sanitized
ReplicationStatus *ReplicationResponse // /v1/sys/replication/status
Health *HealthResponse // /v1/sys/health
HAStatus *HAStatusResponse // /v1/sys/ha-status
HostInfo *HostInfoResponse // /v1/sys/host-info
PerfReplication *ReplicationResponse // /v1/sys/replication/performance
PodList *kubernetes.ListPodsResponse // kubernetes pod info for vault pod
RaftConfig *RaftConfigurationResponse // /v1/sys/storage/raft/configuration
SealStatus *SealStatusResponse // /v1/sys/seal-status
Status *StatusResponse // "vault status"
UnitProperties systemd.UnitProperties // systemd unit properties for vault.service
}
State represents the state of a node in a vault cluster.
func WaitForState ¶
func WaitForState(ctx context.Context, tr it.Transport, req *StateRequest, checks ...CheckStater) (*State, error)
WaitForState waits until the vault cluster node state satisfies all of the provided checks.
func (*State) HAEnabled ¶
HAEnabled checks whether or not the state includes status infroatmion and if HA is enabled.
func (*State) IsInitialized ¶
IsInitialized checks whether or not the state is initialized. If we are unable to determine the init status, or the status and health APIs diverge, an error will be returned.
func (*State) IsSealed ¶
IsSealed checks whether or not the state is sealed. If we are unable to determine the seal status, or the exit code and status body diverge, an error will be returned.
func (*State) ReplicationEnabled ¶
ReplicationEnabled checks whether or not the state includes replication health information and if replication is enabled.
func (*State) StatusCode ¶
func (s *State) StatusCode() (StatusCode, error)
StatusCode gets the status code from the 'vault status' response.
func (*State) StorageType ¶
StorageType gets the storage type from the seal status data.
type StateRequest ¶
type StateRequest struct {
// Basic vault binary information
*CLIRequest
// Where to install enos-flight-control
FlightControlPath string
// Install enos-flight-control into the $HOME directory
FlightControlUseHomeDir bool
// What the systemd unit name for the vault service when using systemd for process management.
SystemdUnitName string
// How to get k8s pod information.
*kubernetes.ListPodsRequest
ListPodOpts []kubernetes.ListPodsRequestOpt
}
StateRequest is a vault state request.
func NewStateRequest ¶
func NewStateRequest(opts ...StateRequestOpt) *StateRequest
NewStateRequest takes functional options and returns a new systemd unit request.
type StateRequestOpt ¶
type StateRequestOpt func(*StateRequest) *StateRequest
StateRequestOpt is a functional option for a config create request.
func WithStateRequestBinPath ¶
func WithStateRequestBinPath(path string) StateRequestOpt
WithStateRequestBinPath sets the vault binary path.
func WithStateRequestFlightControlPath ¶
func WithStateRequestFlightControlPath(path string) StateRequestOpt
WithStateRequestFlightControlPath sets the enos-flight-control binary path.
func WithStateRequestFlightControlUseHomeDir ¶
func WithStateRequestFlightControlUseHomeDir() StateRequestOpt
WithStateRequestFlightControlUseHomeDir configures the state request to install enos-flight-control into the $HOME directory.
func WithStateRequestListPodsRequestOpts ¶
func WithStateRequestListPodsRequestOpts(opts ...kubernetes.ListPodsRequestOpt) StateRequestOpt
WithStateRequestListPodsRequestOpts configures the ListPodsRequest with ListPodsRequestOpts.
func WithStateRequestSystemdUnitName ¶
func WithStateRequestSystemdUnitName(unit string) StateRequestOpt
WithStateRequestSystemdUnitName sets the vault systemd unit name.
func WithStateRequestVaultAddr ¶
func WithStateRequestVaultAddr(addr string) StateRequestOpt
WithStateRequestVaultAddr sets the vault address.
func WithStateRequestVaultToken ¶
func WithStateRequestVaultToken(token string) StateRequestOpt
WithStateRequestVaultToken sets the vault token.
type StatusCode ¶
type StatusCode int
StatusCode is the exit code of "vault status".
const ( // The exit code of "vault status" reflects our seal status // https://developer.hashicorp.com/vault/docs/commands/status StatusInitializedUnsealed StatusCode = 0 StatusError StatusCode = 1 StatusSealed StatusCode = 2 // Unknown is our default state and is defined outside of LSB range. StatusUnknown StatusCode = 9 )
func (StatusCode) String ¶
func (s StatusCode) String() string
String returns the status code as a string.
type StatusResponse ¶
type StatusResponse struct {
StatusCode
SealType string `json:"type,omitempty"`
Initialized bool `json:"initialized,omitempty"`
Sealed bool `json:"sealed,omitempty"`
Version string `json:"version,omitempty"`
HAEnabled bool `json:"ha_enabled,omitempty"`
}
StatusResponse is the JSON stdout result of "vault status". It should be taken with a grain of salt. For seal status in particular, always trust the exit code before the status response.
func GetStatus ¶
func GetStatus(ctx context.Context, tr it.Transport, req *CLIRequest) (*StatusResponse, error)
GetStatus returns the vault node status.
func NewStatusResponse ¶
func NewStatusResponse() *StatusResponse
NewStatusResponse returns a new instance of StatusResponse.
func (*StatusResponse) IsSealed ¶
func (s *StatusResponse) IsSealed() (bool, error)
IsSealed checks whether or not the status of the cluster is sealed. If we are unable to determine the seal status, or the exit code and status body diverge, an error will be returned.
func (*StatusResponse) String ¶
func (s *StatusResponse) String() string
String returns the status response as a string.
type UnsealArguments ¶
type UnsealRequest ¶
type UnsealRequest struct {
*StateRequest
StateRequestOpts []StateRequestOpt
*UnsealArguments
}
UnsealRequest is a Vault unseal request.
func NewUnsealRequest ¶
func NewUnsealRequest(opts ...UnsealRequestOpt) *UnsealRequest
NewUnsealRequest takes functional options and returns a new unseal request.
type UnsealRequestOpt ¶
type UnsealRequestOpt func(*UnsealRequest) *UnsealRequest
UnsealRequestOpt is a functional option for a unseal request.
func WithUnsealRequestSealType ¶
func WithUnsealRequestSealType(typ SealType) UnsealRequestOpt
WithUnsealRequestSealType sets the Vault seal type.
func WithUnsealRequestUnsealKeys ¶
func WithUnsealRequestUnsealKeys(unsealKeys []string) UnsealRequestOpt
WithUnsealRequestUnsealKeys sets the Vault unseal keys.
func WithUnsealStateRequestOpts ¶
func WithUnsealStateRequestOpts(opts ...StateRequestOpt) UnsealRequestOpt
WithUnsealStateRequestOpts sets the state request options.
type UnsealResponse ¶
UnsealResponse is a Vault unseal response.
func Unseal ¶
func Unseal(ctx context.Context, tr it.Transport, req *UnsealRequest) (*UnsealResponse, error)
Unseal checks the current steal status, and if needed unseals the Vault in different ways depending on seal type.
Notes ¶
Bugs ¶
Only enforce the seal type check for shamir as the seal-status API is broken when using auto-unseal methods. When the issue is resolved we can assert it here. If vault_status is implemented before the bug is fixed we should assert the seal-type separately and output a warning diagnostic.
Further reading: - https://hashicorp.atlassian.net/browse/VAULT-7061
Source Files