vault

package
v1.3.1023 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 26, 2019 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source
const (
	BankVaultsOperatorImage = "banzaicloud/vault-operator"
	BankVaultsImage         = "banzaicloud/bank-vaults"
	BankVaultsImageTag      = "0.4.7"
)

Variables

This section is empty.

Functions

func CreateAWSVault added in v1.3.1015

func CreateAWSVault(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, name string, ns string,
	awsServiceAccountSecretName string, awsConfig *AWSConfig, authServiceAccount string,
	authServiceAccountNamespace string, secretsPathPrefix string) error

CreateAWSVault creates a new vault backed by AWS KMS and DynamoDB storage

func CreateGKEVault added in v1.3.1015

func CreateGKEVault(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, name string, ns string,
	gcpServiceAccountSecretName string, gcpConfig *GCPConfig, authServiceAccount string,
	authServiceAccountNamespace string, secretsPathPrefix string) error

CreateGKEVault creates a new vault backed by GCP KMS and storage

func DeleteVault

func DeleteVault(vaultOperatorClient versioned.Interface, name string, ns string) error

DeleteVault delete a Vault resource

func FindVault

func FindVault(vaultOperatorClient versioned.Interface, name string, ns string) bool

FindVault checks if a vault is available

func GetAuthSaName

func GetAuthSaName(vault v1alpha1.Vault) string

GetAuthSaName gets the Auth Service Account name for the vault

func GetVault

func GetVault(vaultOperatorClient versioned.Interface, name string, ns string) (*v1alpha1.Vault, error)

GetVault gets a specific vault

func InitializeVault added in v1.3.1015

func InitializeVault(kubeClient kubernetes.Interface, name string, ns string, authServiceAccount string,
	authServiceAccountNamespace string, secretsPathPrefix string) (*v1alpha1.Vault, error)

InitializeVault intializes and returns vault struct

func SystemVaultName added in v1.3.856

func SystemVaultName(kuber kube.Kuber) (string, error)

SystemVaultName returns the name of the system vault based on the cluster name

func SystemVaultNameForCluster added in v1.3.937

func SystemVaultNameForCluster(clusterName string) string

SystemVaultNameForCluster returns the system vault name from a given cluster name

Types

type AWSConfig added in v1.3.1015

type AWSConfig struct {
	v1alpha1.AWSUnsealConfig
	DynamoDBTable   string
	DynamoDBRegion  string
	AccessKeyID     string
	SecretAccessKey string
}

AWSConfig keeps the vault configuration for AWS

type DynamoDBConfig added in v1.3.1015

type DynamoDBConfig struct {
	HaEnabled       string `json:"ha_enabled"`
	Region          string `json:"region"`
	Table           string `json:"table"`
	AccessKeyID     string `json:"access_key"`
	SecretAccessKey string `json:"secret_key"`
}

DynamoDBConfig AWS DynamoDB config for Vault backend

type GCPConfig

type GCPConfig struct {
	ProjectId   string
	KmsKeyring  string
	KmsKey      string
	KmsLocation string
	GcsBucket   string
}

GCPConfig keeps the configuration for Google Cloud

type GCSConfig

type GCSConfig struct {
	Bucket    string `json:"bucket"`
	HaEnabled string `json:"ha_enabled"`
}

GCSConfig Google Cloud Storage config for Vault backend

type Listener

type Listener struct {
	Tcp Tcp `json:"tcp"`
}

Listener vault server listener

type OptionsInterface added in v1.3.882

type OptionsInterface interface {
	KubeClientAndNamespace() (kubernetes.Interface, string, error)
	VaultOperatorClient() (versioned.Interface, error)
	GetIn() terminal.FileReader
	GetOut() terminal.FileWriter
	GetErr() io.Writer
}

OptionsInterface is an interface to allow passing around of a CommonOptions object without dependencies on the whole of the cmd package

type Selector

type Selector interface {
	GetVault(name string, namespace string) (*Vault, error)
}

Selector is an interface for selecting a vault from the installed ones on the platform It should pick the most logical one, or give the user a way of picking a vault if there are multiple installed

func NewVaultSelector

func NewVaultSelector(o OptionsInterface) (Selector, error)

NewVaultSelector creates a new vault selector

type Storage

type Storage struct {
	GCS      *GCSConfig      `json:"gcs,omitempty"`
	DynamoDB *DynamoDBConfig `json:"dynamodb,omitempty"`
}

Storage configuration for Vault storage

type Tcp

type Tcp struct {
	Address    string `json:"address"`
	TlsDisable bool   `json:"tls_disable"`
}

Tcp address for vault server

type Telemetry

type Telemetry struct {
	StatsdAddress string `json:"statsd_address"`
}

Telemetry address for telemetry server

type Vault

type Vault struct {
	Name                   string
	Namespace              string
	URL                    string
	AuthServiceAccountName string
}

Vault stores some details of a Vault resource

func GetVaults

func GetVaults(client kubernetes.Interface, vaultOperatorClient versioned.Interface, ns string) ([]*Vault, error)

GetVaults returns all vaults available in a given namespaces

type VaultAuth

type VaultAuth struct {
	Roles []VaultRole `json:"roles"`
	Type  string      `json:"type"`
}

VaultAuth vault auth configuration

type VaultAuths

type VaultAuths []VaultAuth

VaultAuths list of vault authentications

type VaultClientFactory

type VaultClientFactory struct {
	Options  OptionsInterface
	Selector Selector
	// contains filtered or unexported fields
}

VaultClientFactory keeps the configuration required to build a new vault client factory

func NewInteractiveVaultClientFactory

func NewInteractiveVaultClientFactory(options OptionsInterface) (*VaultClientFactory, error)

NewInteractiveVaultClientFactory creates a VaultClientFactory that allows the user to pick vaults if necessary

func NewVaultClientFactory

func NewVaultClientFactory(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, defaultNamespace string) (*VaultClientFactory, error)

NewVaultClientFactory Creates a new VaultClientFactory with different options to the above. It doesnt' have CLI support so will fail if it needs interactive input (unlikely)

func (*VaultClientFactory) GetConfigData

func (v *VaultClientFactory) GetConfigData(name string, namespace string) (config *api.Config, jwt string, saName string, err error)

GetConfigData generates the information necessary to configure an api.Client object Returns the api.Config object, the JWT needed to create the auth user in vault, and an error if present

func (*VaultClientFactory) NewVaultClient

func (v *VaultClientFactory) NewVaultClient(name string, namespace string) (*api.Client, error)

NewVaultClient creates a new api.Client if namespace is nil, then the default namespace of the factory will be used if the name is nil, and only one vault is found, then that vault will be used. Otherwise the user will be prompted to select a vault for the client.

type VaultPolicies

type VaultPolicies []VaultPolicy

VaultPolicies list of vault policies

type VaultPolicy

type VaultPolicy struct {
	Name  string `json:"name"`
	Rules string `json:"rules"`
}

VaultPolicy vault policy

type VaultRole

type VaultRole struct {
	BoundServiceAccountNames      string `json:"bound_service_account_names"`
	BoundServiceAccountNamespaces string `json:"bound_service_account_namespaces"`
	Name                          string `json:"name"`
	Policies                      string `json:"policies"`
	TTL                           string `json:"ttl"`
}

VaultRole role configuration for VaultAuth

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL