Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExternalTokenHelperPath ¶
ExternalTokenHelperPath should only be used in dev mode. ExternalTokenHelperPath takes the configured path to a helper and expands it to a full absolute path that can be executed. As of 0.5, the default token helper is internal, to avoid problems running in dev mode (see GH-850 and GH-783), so special assumptions of prepending "vault token-" no longer apply.
As an additional result, only absolute paths are now allowed. Looking in the path or a current directory for an arbitrary executable could allow someone to switch the expected binary for one further up the path (or in the current directory), potentially opening up execution of an arbitrary binary.
Types ¶
type ExternalTokenHelper ¶
ExternalTokenHelper should only be used in a dev mode. For all other cases, InternalTokenHelper should be used. ExternalTokenHelper is the struct that has all the logic for storing and retrieving tokens from the token helper. The API for the helpers is simple: the BinaryPath is executed within a shell with environment Env. The last argument appended will be the operation, which is:
- "get" - Read the value of the token and write it to stdout.
- "store" - Store the value of the token which is on stdin. Output nothing.
- "erase" - Erase the contents stored. Output nothing.
Any errors can be written on stdout. If the helper exits with a non-zero exit code then the stderr will be made part of the error value.
func (*ExternalTokenHelper) Erase ¶
func (h *ExternalTokenHelper) Erase() error
Erase deletes the contents from the helper.
func (*ExternalTokenHelper) Get ¶
func (h *ExternalTokenHelper) Get() (string, error)
Get gets the token value from the helper.
func (*ExternalTokenHelper) Path ¶
func (h *ExternalTokenHelper) Path() string
func (*ExternalTokenHelper) Store ¶
func (h *ExternalTokenHelper) Store(v string) error
Store stores the token value into the helper.
type InternalTokenHelper ¶
type InternalTokenHelper struct {
// contains filtered or unexported fields
}
InternalTokenHelper fulfills the TokenHelper interface when no external token-helper is configured, and avoids shelling out
func NewInternalTokenHelper ¶
func NewInternalTokenHelper() (*InternalTokenHelper, error)
func (*InternalTokenHelper) Erase ¶
func (i *InternalTokenHelper) Erase() error
Erase erases the value of the token
func (*InternalTokenHelper) Get ¶
func (i *InternalTokenHelper) Get() (string, error)
Get gets the value of the stored token, if any
func (*InternalTokenHelper) Path ¶
func (i *InternalTokenHelper) Path() string
func (*InternalTokenHelper) Store ¶
func (i *InternalTokenHelper) Store(input string) error
Store stores the value of the token to the file. We always overwrite any existing file atomically to ensure that ownership and permissions are set appropriately.
type TokenHelper ¶
type TokenHelper interface {
// Path displays a method-specific path; for the internal helper this
// is the location of the token stored on disk; for the external helper
// this is the location of the binary being invoked
Path() string
Erase() error
Get() (string, error)
Store(string) error
}
TokenHelper is an interface that contains basic operations that must be implemented by a token helper
Source Files