Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrRenewerMissingInput = errors.New("missing input to renewer") ErrRenewerMissingSecret = errors.New("missing secret to renew") ErrRenewerNotRenewable = errors.New("secret is not renewable") ErrRenewerNoSecretData = errors.New("returned empty secret data") // DefaultRenewerRenewBuffer is the default size of the buffer for renew // messages on the channel. DefaultRenewerRenewBuffer = 5 )
Functions ¶
This section is empty.
Types ¶
type Renewer ¶
type Renewer struct {
// contains filtered or unexported fields
}
Renewer is a process for renewing a secret.
renewer, err := client.NewRenewer(&RenewerInput{ Secret: mySecret, }) go renewer.Renew() defer renewer.Stop() for { select { case err := <-renewer.DoneCh(): if err != nil { log.Fatal(err) } // Renewal is now over case renewal := <-renewer.RenewCh(): log.Printf("Successfully renewed: %#v", renewal) } }
The `DoneCh` will return if renewal fails or if the remaining lease duration after a renewal is less than or equal to the grace (in number of seconds). In both cases, the caller should attempt a re-read of the secret or reauthenticate to get a new token. Clients should check the return value of the channel to see if renewal was successful.
func NewRenewer ¶
func NewRenewer(c *api.Client, i *RenewerInput) (*Renewer, error)
NewRenewer creates a new Renewer from the given input.
func (*Renewer) DoneCh ¶
DoneCh returns the channel where the Renewer will publish when renewal stops. If there is an error, this will be an error.
func (*Renewer) Renew ¶
func (r *Renewer) Renew()
Renew starts a background process for renewing this secret. When the secret has auth data, this attempts to renew the auth (token). When the secret has a lease, this attempts to renew the lease.
type RenewerInput ¶
type RenewerInput struct { // Secret is the secret to renew Secret *api.Secret // DEPRECATED: this does not do anything. Grace time.Duration // Rand is the randomizer to use for underlying randomization. If not // provided, one will be generated and seeded automatically. If provided, it // is assumed to have already been seeded. Rand *rand.Rand // RenewBuffer is the size of the buffered channel where renew messages are // dispatched. RenewBuffer int // The new TTL, in seconds, that should be set on the lease. The TTL set // here may or may not be honored by the vault server, based on Vault // configuration or any associated max TTL values. Increment int }
RenewerInput is used as input to the renew function.