v0.2.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jul 13, 2015 License: MPL-2.0 Imports: 11 Imported by: 0




View Source
const AuthCookieName = "token"


This section is empty.


This section is empty.


type Audit

type Audit struct {
	Type        string
	Description string
	Options     map[string]string

type Auth

type Auth struct {
	// contains filtered or unexported fields

Auth is used to perform credential backend related operations.

func (*Auth) Token

func (a *Auth) Token() *TokenAuth

TokenAuth is used to return the client for logical-backend API calls.

type AuthMount

type AuthMount struct {
	Type        string
	Description string

type Client

type Client struct {
	// contains filtered or unexported fields

Client is the client to the Vault API. Create a client with NewClient.

func NewClient

func NewClient(c *Config) (*Client, error)

NewClient returns a new client for the given configuration.

If the environment variable `VAULT_TOKEN` is present, the token will be automatically added to the client. Otherwise, you must manually call `SetToken()`.

func (*Client) Auth

func (c *Client) Auth() *Auth

Auth is used to return the client for logical-backend API calls.

func (*Client) ClearToken

func (c *Client) ClearToken()

ClearToken deletes the token cookie if it is set or does nothing otherwise.

func (*Client) Help

func (c *Client) Help(path string) (*Help, error)

Help reads the help information for the given path.

func (*Client) Logical

func (c *Client) Logical() *Logical

Logical is used to return the client for logical-backend API calls.

func (*Client) NewRequest

func (c *Client) NewRequest(method, path string) *Request

NewRequest creates a new raw request object to query the Vault server configured for this client. This is an advanced method and generally doesn't need to be called externally.

func (*Client) RawRequest

func (c *Client) RawRequest(r *Request) (*Response, error)

RawRequest performs the raw request given. This request may be against a Vault server not configured with this client. This is an advanced operation that generally won't need to be called externally.

func (*Client) SetToken

func (c *Client) SetToken(v string)

SetToken sets the token directly. This won't perform any auth verification, it simply sets the cookie properly for future requests.

func (*Client) Sys

func (c *Client) Sys() *Sys

Sys is used to return the client for sys-related API calls.

func (*Client) Token

func (c *Client) Token() string

Token returns the access token being used by this client. It will return the empty string if there is no token set.

type Config

type Config struct {
	// Address is the address of the Vault server. This should be a complete
	// URL such as "http://vault.example.com". If you need a custom SSL
	// cert or want to enable insecure mode, you need to specify a custom
	// HttpClient.
	Address string

	// HttpClient is the HTTP client to use. http.DefaultClient will be
	// used if not specified. The HTTP client must have the cookie jar set
	// to be able to store cookies, otherwise authentication (login) will
	// not work properly. If the jar is nil, a default empty cookie jar
	// will be set.
	HttpClient *http.Client

Config is used to configure the creation of the client.

func DefaultConfig

func DefaultConfig() *Config

DefaultConfig returns a default configuration for the client. It is safe to modify the return value of this function.

The default Address is, but this can be overridden by setting the `VAULT_ADDR` environment variable.

type ErrorResponse

type ErrorResponse struct {
	Errors []string

ErrorResponse is the raw structure of errors when they're returned by the HTTP API.

type Help

type Help struct {
	Help    string   `json:"help"`
	SeeAlso []string `json:"see_also"`

type InitRequest

type InitRequest struct {
	SecretShares    int
	SecretThreshold int

type InitResponse

type InitResponse struct {
	Keys      []string
	RootToken string `json:"root_token"`

type InitStatusResponse

type InitStatusResponse struct {
	Initialized bool

type KeyStatus added in v0.2.0

type KeyStatus struct {
	Term        int
	InstallTime time.Time `json:"install_time"`

type LeaderResponse

type LeaderResponse struct {
	HAEnabled     bool   `json:"ha_enabled"`
	IsSelf        bool   `json:"is_self"`
	LeaderAddress string `json:"leader_address"`

type Logical

type Logical struct {
	// contains filtered or unexported fields

Logical is used to perform logical backend operations on Vault.

func (*Logical) Delete

func (c *Logical) Delete(path string) (*Secret, error)

func (*Logical) Read

func (c *Logical) Read(path string) (*Secret, error)

func (*Logical) Write

func (c *Logical) Write(path string, data map[string]interface{}) (*Secret, error)

type Mount

type Mount struct {
	Type        string
	Description string

type RekeyInitRequest added in v0.2.0

type RekeyInitRequest struct {
	SecretShares    int `json:"secret_shares"`
	SecretThreshold int `json:"secret_threshold"`

type RekeyStatusResponse added in v0.2.0

type RekeyStatusResponse struct {
	Started  bool
	T        int
	N        int
	Progress int
	Required int

type RekeyUpdateResponse added in v0.2.0

type RekeyUpdateResponse struct {
	Complete bool
	Keys     []string

type Request

type Request struct {
	Method   string
	URL      *url.URL
	Params   url.Values
	Obj      interface{}
	Body     io.Reader
	BodySize int64

Request is a raw request configuration structure used to initiate API requests to the Vault server.

func (*Request) ResetJSONBody

func (r *Request) ResetJSONBody() error

ResetJSONBody is used to reset the body for a redirect

func (*Request) SetJSONBody

func (r *Request) SetJSONBody(val interface{}) error

SetJSONBody is used to set a request body that is a JSON-encoded value.

func (*Request) ToHTTP

func (r *Request) ToHTTP() (*http.Request, error)

ToHTTP turns this request into a valid *http.Request for use with the net/http package.

type Response

type Response struct {

Response is a raw response that wraps an HTTP response.

func (*Response) DecodeJSON

func (r *Response) DecodeJSON(out interface{}) error

DecodeJSON will decode the response body to a JSON structure. This will consume the response body, but will not close it. Close must still be called.

func (*Response) Error

func (r *Response) Error() error

Error returns an error response if there is one. If there is an error, this will fully consume the response body, but will not close it. The body must still be closed manually.

type SealStatusResponse

type SealStatusResponse struct {
	Sealed   bool
	T        int
	N        int
	Progress int

type Secret

type Secret struct {
	LeaseID       string `json:"lease_id"`
	LeaseDuration int    `json:"lease_duration"`
	Renewable     bool   `json:"renewable"`

	// Data is the actual contents of the secret. The format of the data
	// is arbitrary and up to the secret backend.
	Data map[string]interface{} `json:"data"`

	// Auth, if non-nil, means that there was authentication information
	// attached to this response.
	Auth *SecretAuth `json:"auth,omitempty"`

Secret is the structure returned for every secret within Vault.

func ParseSecret

func ParseSecret(r io.Reader) (*Secret, error)

ParseSecret is used to parse a secret value from JSON from an io.Reader.

type SecretAuth

type SecretAuth struct {
	ClientToken string            `json:"client_token"`
	Policies    []string          `json:"policies"`
	Metadata    map[string]string `json:"metadata"`

	LeaseDuration int  `json:"lease_duration"`
	Renewable     bool `json:"renewable"`

Auth is the structure containing auth information if we have it.

type Sys

type Sys struct {
	// contains filtered or unexported fields

Sys is used to perform system-related operations on Vault.

func (*Sys) DeletePolicy

func (c *Sys) DeletePolicy(name string) error

func (*Sys) DisableAudit

func (c *Sys) DisableAudit(path string) error

func (*Sys) DisableAuth

func (c *Sys) DisableAuth(path string) error

func (*Sys) EnableAudit

func (c *Sys) EnableAudit(
	path string, auditType string, desc string, opts map[string]string) error

func (*Sys) EnableAuth

func (c *Sys) EnableAuth(path, authType, desc string) error

func (*Sys) GetPolicy

func (c *Sys) GetPolicy(name string) (string, error)

func (*Sys) Init

func (c *Sys) Init(opts *InitRequest) (*InitResponse, error)

func (*Sys) InitStatus

func (c *Sys) InitStatus() (bool, error)

func (*Sys) KeyStatus added in v0.2.0

func (c *Sys) KeyStatus() (*KeyStatus, error)

func (*Sys) Leader

func (c *Sys) Leader() (*LeaderResponse, error)

func (*Sys) ListAudit

func (c *Sys) ListAudit() (map[string]*Audit, error)

func (*Sys) ListAuth

func (c *Sys) ListAuth() (map[string]*AuthMount, error)

func (*Sys) ListMounts

func (c *Sys) ListMounts() (map[string]*Mount, error)

func (*Sys) ListPolicies

func (c *Sys) ListPolicies() ([]string, error)

func (*Sys) Login

func (c *Sys) Login(vars map[string]string) error

Login performs the /sys/login API call.

This API call is stateful: it will set the access token on the client for future API calls to be authenticated. The access token can be retrieved at any time from the client using `client.Token()` and it can be cleared with `sys.Logout()`.

func (*Sys) Mount

func (c *Sys) Mount(path, mountType, description string) error

func (*Sys) PutPolicy

func (c *Sys) PutPolicy(name, rules string) error

func (*Sys) RekeyCancel added in v0.2.0

func (c *Sys) RekeyCancel() error

func (*Sys) RekeyInit added in v0.2.0

func (c *Sys) RekeyInit(config *RekeyInitRequest) error

func (*Sys) RekeyStatus added in v0.2.0

func (c *Sys) RekeyStatus() (*RekeyStatusResponse, error)

func (*Sys) RekeyUpdate added in v0.2.0

func (c *Sys) RekeyUpdate(shard string) (*RekeyUpdateResponse, error)

func (*Sys) Remount

func (c *Sys) Remount(from, to string) error

func (*Sys) Renew

func (c *Sys) Renew(id string, increment int) (*Secret, error)

func (*Sys) Revoke

func (c *Sys) Revoke(id string) error

func (*Sys) RevokePrefix

func (c *Sys) RevokePrefix(id string) error

func (*Sys) Rotate added in v0.2.0

func (c *Sys) Rotate() error

func (*Sys) Seal

func (c *Sys) Seal() error

func (*Sys) SealStatus

func (c *Sys) SealStatus() (*SealStatusResponse, error)

func (*Sys) Unmount

func (c *Sys) Unmount(path string) error

func (*Sys) Unseal

func (c *Sys) Unseal(shard string) (*SealStatusResponse, error)

type TokenAuth

type TokenAuth struct {
	// contains filtered or unexported fields

TokenAuth is used to perform token backend operations on Vault.

func (*TokenAuth) Create

func (c *TokenAuth) Create(opts *TokenCreateRequest) (*Secret, error)

func (*TokenAuth) Renew

func (c *TokenAuth) Renew(token string, increment int) (*Secret, error)

func (*TokenAuth) RevokeOrphan

func (c *TokenAuth) RevokeOrphan(token string) error

func (*TokenAuth) RevokePrefix

func (c *TokenAuth) RevokePrefix(token string) error

func (*TokenAuth) RevokeTree

func (c *TokenAuth) RevokeTree(token string) error

type TokenCreateRequest

type TokenCreateRequest struct {
	ID          string            `json:"id,omitempty"`
	Policies    []string          `json:"policies,omitempty"`
	Metadata    map[string]string `json:"meta,omitempty"`
	Lease       string            `json:"lease,omitempty"`
	NoParent    bool              `json:"no_parent,omitempty"`
	DisplayName string            `json:"display_name"`
	NumUses     int               `json:"num_uses"`

TokenCreateRequest is the options structure for creating a token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL