vaultclient

package
v1.5.12 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 13, 2023 License: MPL-2.0 Imports: 13 Imported by: 87

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewVaultClient

func NewVaultClient(config *config.VaultConfig, logger hclog.Logger, tokenDeriver TokenDeriverFunc) (*vaultClient, error)

NewVaultClient returns a new vault client from the given config.

Types

type MockVaultClient

type MockVaultClient struct {

	// DeriveTokenFn allows the caller to control the DeriveToken function. If
	// not set an error is returned if found in DeriveTokenErrors and otherwise
	// a token is generated and returned
	DeriveTokenFn func(a *structs.Allocation, tasks []string) (map[string]string, error)
	// contains filtered or unexported fields
}

MockVaultClient is used for testing the vaultclient integration and is safe for concurrent access.

func NewMockVaultClient

func NewMockVaultClient() *MockVaultClient

NewMockVaultClient returns a MockVaultClient for testing

func (*MockVaultClient) DeriveToken

func (vc *MockVaultClient) DeriveToken(a *structs.Allocation, tasks []string) (map[string]string, error)

func (*MockVaultClient) DeriveTokenErrors

func (vc *MockVaultClient) DeriveTokenErrors() map[string]map[string]error

DeriveTokenErrors maps an allocation ID and tasks to an error when the token is derived

func (*MockVaultClient) GetConsulACL

func (vc *MockVaultClient) GetConsulACL(string, string) (*vaultapi.Secret, error)

func (*MockVaultClient) RenewToken

func (vc *MockVaultClient) RenewToken(token string, interval int) (<-chan error, error)

func (*MockVaultClient) RenewTokenErrors

func (vc *MockVaultClient) RenewTokenErrors() map[string]error

RenewTokenErrors is used to return an error when the RenewToken is called with the given token

func (*MockVaultClient) RenewTokens

func (vc *MockVaultClient) RenewTokens() map[string]chan error

RenewTokens are the tokens that have been renewed and their error channels

func (*MockVaultClient) SetDeriveTokenError

func (vc *MockVaultClient) SetDeriveTokenError(allocID string, tasks []string, err error)

func (*MockVaultClient) SetRenewTokenError

func (vc *MockVaultClient) SetRenewTokenError(token string, err error)

func (*MockVaultClient) Start

func (vc *MockVaultClient) Start()

func (*MockVaultClient) Stop

func (vc *MockVaultClient) Stop()

func (*MockVaultClient) StopRenewToken

func (vc *MockVaultClient) StopRenewToken(token string) error

func (*MockVaultClient) StoppedTokens

func (vc *MockVaultClient) StoppedTokens() []string

StoppedTokens tracks the tokens that have stopped renewing

type TokenDeriverFunc

type TokenDeriverFunc func(*structs.Allocation, []string, *vaultapi.Client) (map[string]string, error)

TokenDeriverFunc takes in an allocation and a set of tasks and derives a wrapped token for all the tasks, from the nomad server. All the derived wrapped tokens will be unwrapped using the vault API client.

type VaultClient

type VaultClient interface {
	// Start initiates the renewal loop of tokens and secrets
	Start()

	// Stop terminates the renewal loop for tokens and secrets
	Stop()

	// DeriveToken contacts the nomad server and fetches wrapped tokens for
	// a set of tasks. The wrapped tokens will be unwrapped using vault and
	// returned.
	DeriveToken(*structs.Allocation, []string) (map[string]string, error)

	// GetConsulACL fetches the Consul ACL token required for the task
	GetConsulACL(string, string) (*vaultapi.Secret, error)

	// RenewToken renews a token with the given increment and adds it to
	// the min-heap for periodic renewal.
	RenewToken(string, int) (<-chan error, error)

	// StopRenewToken removes the token from the min-heap, stopping its
	// renewal.
	StopRenewToken(string) error
}

VaultClient is the interface which nomad client uses to interact with vault and periodically renews the tokens and secrets.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL