Documentation ¶
Index ¶
- Constants
- func CreateAWSVault(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, ...) error
- func CreateGKEVault(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, ...) error
- func DeleteVault(vaultOperatorClient versioned.Interface, name string, ns string) error
- func FindVault(vaultOperatorClient versioned.Interface, name string, ns string) bool
- func GetAuthSaName(vault v1alpha1.Vault) string
- func GetVault(vaultOperatorClient versioned.Interface, name string, ns string) (*v1alpha1.Vault, error)
- func InitializeVault(kubeClient kubernetes.Interface, name string, ns string, ...) (*v1alpha1.Vault, error)
- func SystemVaultName(kuber kube.Kuber) (string, error)
- func SystemVaultNameForCluster(clusterName string) string
- type AWSConfig
- type DynamoDBConfig
- type GCPConfig
- type GCSConfig
- type Listener
- type OptionsInterface
- type Selector
- type Storage
- type Tcp
- type Telemetry
- type Vault
- type VaultAuth
- type VaultAuths
- type VaultClientFactory
- type VaultPolicies
- type VaultPolicy
- type VaultRole
Constants ¶
const ( BankVaultsOperatorImage = "banzaicloud/vault-operator" BankVaultsImage = "banzaicloud/bank-vaults" BankVaultsImageTag = "0.4.7" )
Variables ¶
This section is empty.
Functions ¶
func CreateAWSVault ¶ added in v1.3.1015
func CreateAWSVault(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, name string, ns string, awsServiceAccountSecretName string, awsConfig *AWSConfig, authServiceAccount string, authServiceAccountNamespace string, secretsPathPrefix string) error
CreateAWSVault creates a new vault backed by AWS KMS and DynamoDB storage
func CreateGKEVault ¶ added in v1.3.1015
func CreateGKEVault(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, name string, ns string, gcpServiceAccountSecretName string, gcpConfig *GCPConfig, authServiceAccount string, authServiceAccountNamespace string, secretsPathPrefix string) error
CreateGKEVault creates a new vault backed by GCP KMS and storage
func DeleteVault ¶
DeleteVault delete a Vault resource
func GetAuthSaName ¶
GetAuthSaName gets the Auth Service Account name for the vault
func GetVault ¶
func GetVault(vaultOperatorClient versioned.Interface, name string, ns string) (*v1alpha1.Vault, error)
GetVault gets a specific vault
func InitializeVault ¶ added in v1.3.1015
func InitializeVault(kubeClient kubernetes.Interface, name string, ns string, authServiceAccount string, authServiceAccountNamespace string, secretsPathPrefix string) (*v1alpha1.Vault, error)
InitializeVault intializes and returns vault struct
func SystemVaultName ¶ added in v1.3.856
SystemVaultName returns the name of the system vault based on the cluster name
func SystemVaultNameForCluster ¶ added in v1.3.937
SystemVaultNameForCluster returns the system vault name from a given cluster name
Types ¶
type AWSConfig ¶ added in v1.3.1015
type AWSConfig struct { v1alpha1.AWSUnsealConfig DynamoDBTable string DynamoDBRegion string AccessKeyID string SecretAccessKey string }
AWSConfig keeps the vault configuration for AWS
type DynamoDBConfig ¶ added in v1.3.1015
type DynamoDBConfig struct { HaEnabled string `json:"ha_enabled"` Region string `json:"region"` Table string `json:"table"` AccessKeyID string `json:"access_key"` SecretAccessKey string `json:"secret_key"` }
DynamoDBConfig AWS DynamoDB config for Vault backend
type GCPConfig ¶
type GCPConfig struct { ProjectId string KmsKeyring string KmsKey string KmsLocation string GcsBucket string }
GCPConfig keeps the configuration for Google Cloud
type OptionsInterface ¶ added in v1.3.882
type OptionsInterface interface { KubeClientAndNamespace() (kubernetes.Interface, string, error) VaultOperatorClient() (versioned.Interface, error) GetIn() terminal.FileReader GetOut() terminal.FileWriter GetErr() io.Writer }
OptionsInterface is an interface to allow passing around of a CommonOptions object without dependencies on the whole of the cmd package
type Selector ¶
Selector is an interface for selecting a vault from the installed ones on the platform It should pick the most logical one, or give the user a way of picking a vault if there are multiple installed
func NewVaultSelector ¶
func NewVaultSelector(o OptionsInterface) (Selector, error)
NewVaultSelector creates a new vault selector
type Storage ¶
type Storage struct { GCS *GCSConfig `json:"gcs,omitempty"` DynamoDB *DynamoDBConfig `json:"dynamodb,omitempty"` }
Storage configuration for Vault storage
type Telemetry ¶
type Telemetry struct {
StatsdAddress string `json:"statsd_address"`
}
Telemetry address for telemetry server
type VaultClientFactory ¶
type VaultClientFactory struct { Options OptionsInterface Selector Selector // contains filtered or unexported fields }
VaultClientFactory keeps the configuration required to build a new vault client factory
func NewInteractiveVaultClientFactory ¶
func NewInteractiveVaultClientFactory(options OptionsInterface) (*VaultClientFactory, error)
NewInteractiveVaultClientFactory creates a VaultClientFactory that allows the user to pick vaults if necessary
func NewVaultClientFactory ¶
func NewVaultClientFactory(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, defaultNamespace string) (*VaultClientFactory, error)
NewVaultClientFactory Creates a new VaultClientFactory with different options to the above. It doesnt' have CLI support so will fail if it needs interactive input (unlikely)
func (*VaultClientFactory) GetConfigData ¶
func (v *VaultClientFactory) GetConfigData(name string, namespace string) (config *api.Config, jwt string, saName string, err error)
GetConfigData generates the information necessary to configure an api.Client object Returns the api.Config object, the JWT needed to create the auth user in vault, and an error if present
func (*VaultClientFactory) NewVaultClient ¶
NewVaultClient creates a new api.Client if namespace is nil, then the default namespace of the factory will be used if the name is nil, and only one vault is found, then that vault will be used. Otherwise the user will be prompted to select a vault for the client.
type VaultPolicy ¶
VaultPolicy vault policy
type VaultRole ¶
type VaultRole struct { BoundServiceAccountNames string `json:"bound_service_account_names"` BoundServiceAccountNamespaces string `json:"bound_service_account_namespaces"` Name string `json:"name"` Policies string `json:"policies"` TTL string `json:"ttl"` }
VaultRole role configuration for VaultAuth