Affected by GO-2023-2329 and 4 other vulnerabilities

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-2982: Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vault

auth

package

v1.14.5 Latest Latest Go to latest Published: Oct 20, 2023 License: MPL-2.0 Imports: 10 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/vault

Links

Open Source Insights

Documentation ¶

Index ¶

type AuthConfig
type AuthHandler
- func NewAuthHandler(conf *AuthHandlerConfig) *AuthHandler
- func (ah *AuthHandler) Run(ctx context.Context, am AuthMethod) error
type AuthHandlerConfig
type AuthMethod
type AuthMethodWithClient

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthConfig ¶

type AuthConfig struct {
	Logger    hclog.Logger
	MountPath string
	WrapTTL   time.Duration
	Config    map[string]interface{}
}

type AuthHandler ¶

type AuthHandler struct {
	OutputCh        chan string
	TemplateTokenCh chan string
	ExecTokenCh     chan string
	// contains filtered or unexported fields
}

AuthHandler is responsible for keeping a token alive and renewed and passing new tokens to the sink server

func NewAuthHandler ¶

func NewAuthHandler(conf *AuthHandlerConfig) *AuthHandler

func (*AuthHandler) Run ¶

func (ah *AuthHandler) Run(ctx context.Context, am AuthMethod) error

type AuthHandlerConfig ¶

type AuthHandlerConfig struct {
	Logger     hclog.Logger
	Client     *api.Client
	WrapTTL    time.Duration
	MaxBackoff time.Duration
	MinBackoff time.Duration
	Token      string
	// UserAgent is the HTTP UserAgent header auto-auth will use when
	// communicating with Vault.
	UserAgent string
	// MetricsSignifier is the first argument we will give to
	// metrics.IncrCounter, signifying what the name of the application is
	MetricsSignifier             string
	EnableReauthOnNewCredentials bool
	EnableTemplateTokenCh        bool
	EnableExecTokenCh            bool
	ExitOnError                  bool
}

type AuthMethod ¶

type AuthMethod interface {
	// Authenticate returns a mount path, header, request body, and error.
	// The header may be nil if no special header is needed.
	Authenticate(context.Context, *api.Client) (string, http.Header, map[string]interface{}, error)
	NewCreds() chan struct{}
	CredSuccess()
	Shutdown()
}

AuthMethod is the interface that auto-auth methods implement for the agent/proxy to use.

type AuthMethodWithClient ¶

type AuthMethodWithClient interface {
	AuthMethod
	AuthClient(client *api.Client) (*api.Client, error)
}

AuthMethodWithClient is an extended interface that can return an API client for use during the authentication call.

Source Files ¶

View all Source files

auth.go

Directories ¶

Path	Synopsis
alicloud
approle
aws
azure
cert
cf
gcp
jwt
kerberos
kubernetes
oci
token-file

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL