Documentation ¶
Index ¶
- Constants
- Variables
- func AdminSecretPath(secret AdminSecret) string
- func AuthSecretPath(secret string) string
- func GitOpsSecretPath(secret string) string
- func InstallVaultCli() error
- func WriteBasicAuth(client Client, path string, auth config.BasicAuth) error
- func WriteMap(client Client, path string, secret map[string]interface{}) error
- func WriteYamlFiles(client Client, path string, files ...string) error
- type AdminSecret
- type Client
- type PathPolicy
- type PathRule
Constants ¶
View Source
const ( // SystemVaultNamePrefix name prefix of the system vault used by the jenkins-x platform SystemVaultNamePrefix = "jx-vault" // GitOpsSecretsPath the path of secrets generated for GitOps GitOpsSecretsPath = "gitops/" // GitOpsTemplatesPath the path of gitops templates secrets GitOpsTemplatesPath = "templates/" // AdminSecretsPath the path of admin secrets AdminSecretsPath = "admin/" // AuthSecretsPath the path of auth secrets AuthSecretsPath = "auth/" // LocalVaultEnvVar defines the address to search for when using kubectl port-forward to access Vault without an ingress LocalVaultEnvVar = "LOCAL_VAULT_ADDR" //DefaultVaultPort defines the port to access vault DefaultVaultPort = "8200" )
View Source
const ( // JenkinsAdminSecret the secret name for Jenkins admin password JenkinsAdminSecret = "jenkins" // NexusAdminSecret the secret name for Nexus credentials NexusAdminSecret = "nexus" // ChartmuseumAdminSecret the secret name for ChartMuseum credentials ChartmuseumAdminSecret = "chartmuseum" // GrafanaAdminSecret the secret name for Grafana credentials GrafanaAdminSecret = "grafana" // IngressAdminSecret the secret name for Ingress basic authentication IngressAdminSecret = "ingress" )
View Source
const ( DenyCapability = "deny" CreateCapability = "create" ReadCapability = "read" UpdateCapability = "update" DeleteCapability = "delete" ListCapability = "list" SudoCapability = "sudo" RootCapability = "root" PathRulesName = "allow_secrets" DefaultSecretsPathPrefix = "secret/*" PoliciesName = "policies" DefaultSecretsPath = "secret" )
Variables ¶
View Source
var (
DefaultSecretsCapabiltities = []string{CreateCapability, ReadCapability, UpdateCapability, DeleteCapability, ListCapability}
)
Functions ¶
func AdminSecretPath ¶
func AdminSecretPath(secret AdminSecret) string
AdminSecretPath returns the admin secret path for a given admin secret
func AuthSecretPath ¶
AuthSecretPath returns the path of an auth secret
func GitOpsSecretPath ¶
GitOpsSecretsPath returns the path of an install secret
func WriteBasicAuth ¶
WriteBasicAuth stores the basic authentication credentials in vault at the given path.
Types ¶
type Client ¶
type Client interface { // Write writes a named secret to the vault Write(secretName string, data map[string]interface{}) (map[string]interface{}, error) // WriteObject writes a generic named object to the vault. // The secret _must_ be serializable to JSON. WriteObject(secretName string, secret interface{}) (map[string]interface{}, error) // WriteYaml writes a yaml object to a named secret WriteYaml(secretName string, yamlstring string) (map[string]interface{}, error) // List lists the secrets under the specified path List(path string) ([]string, error) // Read reads a named secret from the vault Read(secretName string) (map[string]interface{}, error) // ReadObject reads a generic named object from vault. // The secret _must_ be serializable to JSON. ReadObject(secretName string, secret interface{}) error // ReadYaml reads a yaml object from a named secret ReadYaml(secretName string) (string, error) // Config gets the config required for configuring the official Vault CLI Config() (vaultURL url.URL, vaultToken string, err error) // ReplaceURIs will replace any vault: URIs in a string (or whatever URL scheme the secret URL client supports ReplaceURIs(text string) (string, error) }
Client is an interface for interacting with Vault
func NewVaultClient ¶
NewVaultClient creates a new Vault Client wrapping the api.client
type PathPolicy ¶
type PathPolicy struct { Prefix string `hcl:",key"` Capabilities []string `hcl:"capabilities" hcle:"omitempty"` }
PathPolicy defiens a vault path policy
Source Files ¶
Click to show internal directories.
Click to hide internal directories.