Documentation ¶
Index ¶
- func NewVaultClient(config *config.VaultConfig, logger hclog.Logger, tokenDeriver TokenDeriverFunc) (*vaultClient, error)
- type MockVaultClient
- func (vc *MockVaultClient) DeriveToken(a *structs.Allocation, tasks []string) (map[string]string, error)
- func (vc *MockVaultClient) DeriveTokenErrors() map[string]map[string]error
- func (vc *MockVaultClient) GetConsulACL(string, string) (*vaultapi.Secret, error)
- func (vc *MockVaultClient) RenewLease(leaseId string, interval int) (<-chan error, error)
- func (vc *MockVaultClient) RenewToken(token string, interval int) (<-chan error, error)
- func (vc *MockVaultClient) RenewTokenErrors() map[string]error
- func (vc *MockVaultClient) RenewTokens() map[string]chan error
- func (vc *MockVaultClient) SetDeriveTokenError(allocID string, tasks []string, err error)
- func (vc *MockVaultClient) SetRenewTokenError(token string, err error)
- func (vc *MockVaultClient) Start()
- func (vc *MockVaultClient) Stop()
- func (vc *MockVaultClient) StopRenewLease(leaseId string) error
- func (vc *MockVaultClient) StopRenewToken(token string) error
- func (vc *MockVaultClient) StoppedTokens() []string
- type TokenDeriverFunc
- type VaultClient
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewVaultClient ¶
func NewVaultClient(config *config.VaultConfig, logger hclog.Logger, tokenDeriver TokenDeriverFunc) (*vaultClient, error)
NewVaultClient returns a new vault client from the given config.
Types ¶
type MockVaultClient ¶
type MockVaultClient struct { // DeriveTokenFn allows the caller to control the DeriveToken function. If // not set an error is returned if found in DeriveTokenErrors and otherwise // a token is generated and returned DeriveTokenFn func(a *structs.Allocation, tasks []string) (map[string]string, error) // contains filtered or unexported fields }
MockVaultClient is used for testing the vaultclient integration and is safe for concurrent access.
func NewMockVaultClient ¶
func NewMockVaultClient() *MockVaultClient
NewMockVaultClient returns a MockVaultClient for testing
func (*MockVaultClient) DeriveToken ¶
func (vc *MockVaultClient) DeriveToken(a *structs.Allocation, tasks []string) (map[string]string, error)
func (*MockVaultClient) DeriveTokenErrors ¶
func (vc *MockVaultClient) DeriveTokenErrors() map[string]map[string]error
DeriveTokenErrors maps an allocation ID and tasks to an error when the token is derived
func (*MockVaultClient) GetConsulACL ¶
func (*MockVaultClient) RenewLease ¶
func (vc *MockVaultClient) RenewLease(leaseId string, interval int) (<-chan error, error)
func (*MockVaultClient) RenewToken ¶
func (vc *MockVaultClient) RenewToken(token string, interval int) (<-chan error, error)
func (*MockVaultClient) RenewTokenErrors ¶
func (vc *MockVaultClient) RenewTokenErrors() map[string]error
RenewTokenErrors is used to return an error when the RenewToken is called with the given token
func (*MockVaultClient) RenewTokens ¶
func (vc *MockVaultClient) RenewTokens() map[string]chan error
RenewTokens are the tokens that have been renewed and their error channels
func (*MockVaultClient) SetDeriveTokenError ¶
func (vc *MockVaultClient) SetDeriveTokenError(allocID string, tasks []string, err error)
func (*MockVaultClient) SetRenewTokenError ¶
func (vc *MockVaultClient) SetRenewTokenError(token string, err error)
func (*MockVaultClient) Start ¶
func (vc *MockVaultClient) Start()
func (*MockVaultClient) Stop ¶
func (vc *MockVaultClient) Stop()
func (*MockVaultClient) StopRenewLease ¶
func (vc *MockVaultClient) StopRenewLease(leaseId string) error
func (*MockVaultClient) StopRenewToken ¶
func (vc *MockVaultClient) StopRenewToken(token string) error
func (*MockVaultClient) StoppedTokens ¶
func (vc *MockVaultClient) StoppedTokens() []string
StoppedTokens tracks the tokens that have stopped renewing
type TokenDeriverFunc ¶
type TokenDeriverFunc func(*structs.Allocation, []string, *vaultapi.Client) (map[string]string, error)
TokenDeriverFunc takes in an allocation and a set of tasks and derives a wrapped token for all the tasks, from the nomad server. All the derived wrapped tokens will be unwrapped using the vault API client.
type VaultClient ¶
type VaultClient interface { // Start initiates the renewal loop of tokens and secrets Start() // Stop terminates the renewal loop for tokens and secrets Stop() // DeriveToken contacts the nomad server and fetches wrapped tokens for // a set of tasks. The wrapped tokens will be unwrapped using vault and // returned. DeriveToken(*structs.Allocation, []string) (map[string]string, error) // GetConsulACL fetches the Consul ACL token required for the task GetConsulACL(string, string) (*vaultapi.Secret, error) // RenewToken renews a token with the given increment and adds it to // the min-heap for periodic renewal. RenewToken(string, int) (<-chan error, error) // StopRenewToken removes the token from the min-heap, stopping its // renewal. StopRenewToken(string) error // RenewLease renews a vault secret's lease and adds the lease // identifier to the min-heap for periodic renewal. RenewLease(string, int) (<-chan error, error) // StopRenewLease removes a secret's lease ID from the min-heap, // stopping its renewal. StopRenewLease(string) error }
The interface which nomad client uses to interact with vault and periodically renews the tokens and secrets.