vault

package
v1.3.614 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 30, 2018 License: Apache-2.0 Imports: 18 Imported by: 1

Documentation

Index

Constants

View Source
const (
	DenyCapability   = "deny"
	CreateCapability = "create"
	ReadCapability   = "read"
	UpdateCapability = "update"
	DeleteCapability = "delete"
	ListCapability   = "list"
	SudoCapability   = "sudo"
	RootCapability   = "root"

	PathRulesName            = "allow_secrets"
	DefaultSecretsPathPrefix = "secret/*"
	PoliciesName             = "policies"
)
View Source
const (
	SystemVaultName = "jx-vault"
)

Variables

Functions

func CreateVault added in v1.3.537

func CreateVault(vaultOperatorClient versioned.Interface, name string, ns string,
	gcpServiceAccountSecretName string, gcpConfig *GCPConfig, authServiceAccount string,
	authServiceAccountNamespace string, secretsPathPrefix string) error

CreateVault creates a new vault backed by GCP KMS and storage

func DeleteVault added in v1.3.537

func DeleteVault(vaultOperatorClient versioned.Interface, name string, ns string) error

DeleteVault delete a Vault resource

func FindVault added in v1.3.537

func FindVault(vaultOperatorClient versioned.Interface, name string, ns string) bool

FindVault checks if a vault is available

func GetAuthSaName added in v1.3.594

func GetAuthSaName(vault v1alpha1.Vault) string

GetAuthSaName gets the Auth Service Account name for the vault

func GetVault added in v1.3.594

func GetVault(vaultOperatorClient versioned.Interface, name string, ns string) (*v1alpha1.Vault, error)

GetVault gets a specific vault

func VaultGcpServiceAccountSecretName added in v1.3.537

func VaultGcpServiceAccountSecretName(vaultName string, clusterName string) string

VaultGcpServiceAccountSecretName builds the secret name where the GCP service account is stored

Types

type GCPConfig added in v1.3.537

type GCPConfig struct {
	ProjectId   string
	KmsKeyring  string
	KmsKey      string
	KmsLocation string
	GcsBucket   string
}

GCPConfig keeps the configuration for Google Cloud

type GCSConfig added in v1.3.537

type GCSConfig struct {
	Bucket    string `json:"bucket"`
	HaEnabled string `json:"ha_enabled"`
}

type JxVaulter added in v1.3.537

type JxVaulter struct {
	// contains filtered or unexported fields
}

func (*JxVaulter) Config added in v1.3.537

func (v *JxVaulter) Config() (vaultUrl url.URL, vaultToken string, err error)

func (*JxVaulter) GetVaultClient added in v1.3.607

func (v *JxVaulter) GetVaultClient() *api.Client

GetVaultClient gets the underlying vault client

func (*JxVaulter) Secrets added in v1.3.537

func (v *JxVaulter) Secrets() ([]string, error)

type Listener added in v1.3.537

type Listener struct {
	Tcp Tcp `json:"tcp"`
}

type PathPolicy

type PathPolicy struct {
	Prefix       string   `hcl:",key"`
	Capabilities []string `hcl:"capabilities" hcle:"omitempty"`
}

PathPolicy defiens a vault path policy

type PathRule

type PathRule struct {
	Path []PathPolicy `hcl:"path" hcle:"omitempty"`
}

PathRule defines a path rule

func (*PathRule) String

func (r *PathRule) String() (string, error)

String encodes a Vault path rule to a string

type Storage added in v1.3.537

type Storage struct {
	GCS GCSConfig `json:"gcs"`
}

type Tcp added in v1.3.537

type Tcp struct {
	Address    string `json:"address"`
	TlsDisable bool   `json:"tls_disable"`
}

type Telemetry added in v1.3.537

type Telemetry struct {
	StatsdAddress string `json:"statsd_address"`
}

type Vault added in v1.3.537

type Vault struct {
	Name                   string
	Namespace              string
	URL                    string
	AuthServiceAccountName string
}

Vault stores some details of a Vault resource

func GetVaults added in v1.3.537

func GetVaults(client kubernetes.Interface, vaultOperatorClient versioned.Interface, ns string) ([]*Vault, error)

GetVaults returns all vaults available in a given namespaces

type VaultAuth added in v1.3.537

type VaultAuth struct {
	Roles []VaultRole `json:"roles"`
	Type  string      `json:"type"`
}

type VaultAuths added in v1.3.537

type VaultAuths []VaultAuth

type VaultClientFactory added in v1.3.537

type VaultClientFactory struct {
	Options  common.OptionsInterface
	Selector VaultSelector
	// contains filtered or unexported fields
}

func NewInteractiveVaultClientFactory added in v1.3.607

func NewInteractiveVaultClientFactory(options common.OptionsInterface) (VaultClientFactory, error)

NewInteractiveVaultClientFactory creates a VaultClientFactory that allows the user to pick vaults if necessary

func NewSystemVaultClientFactory added in v1.3.607

func NewSystemVaultClientFactory(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, defaultNamespace string) (VaultClientFactory, error)

NewSystemVaultClientFactory Creates a new VaultClientFactory with different options to the above. It doesnt' have CLI support so will fail if it needs interactive input (unlikely)

func (*VaultClientFactory) GetConfigData added in v1.3.537

func (v *VaultClientFactory) GetConfigData(name string, namespace string) (config *api.Config, jwt string, saName string, err error)

GetConfigData generates the information necessary to configure an api.Client object Returns the api.Config object, the JWT needed to create the auth user in vault, and an error if present

func (VaultClientFactory) NewVaultClient added in v1.3.537

func (v VaultClientFactory) NewVaultClient(name string, namespace string) (*api.Client, error)

NewVaultClient creates a new api.Client if namespace is nil, then the default namespace of the factory will be used if the name is nil, and only one vault is found, then that vault will be used. Otherwise the user will be prompted to select a vault for the client.

type VaultOptions added in v1.3.537

type VaultOptions interface {
	common.OptionsInterface
	VaultName() string
	VaultNamespace() string
}

type VaultPolicies added in v1.3.537

type VaultPolicies []VaultPolicy

type VaultPolicy added in v1.3.537

type VaultPolicy struct {
	Name  string `json:"name"`
	Rules string `json:"rules"`
}

type VaultRole added in v1.3.537

type VaultRole struct {
	BoundServiceAccountNames      string `json:"bound_service_account_names"`
	BoundServiceAccountNamespaces string `json:"bound_service_account_namespaces"`
	Name                          string `json:"name"`
	Policies                      string `json:"policies"`
	TTL                           string `json:"ttl"`
}

type VaultSelector added in v1.3.537

type VaultSelector interface {
	GetVault(name string, namespace string) (*Vault, error)
}

VaultSelector is an interface for selecting a vault from the installed ones on the platform It should pick the most logical one, or give the user a way of picking a vault if there are multiple installed

func NewVaultSelector added in v1.3.537

func NewVaultSelector(o common.OptionsInterface) (VaultSelector, error)

type Vaulter added in v1.3.537

type Vaulter interface {
	// Config gets the config required for configuring the official Vault CLI
	Config() (vaultUrl url.URL, vaultToken string, err error)
	// Secrets lists the secrets stored in the vault. Beta - subject to change
	Secrets() ([]string, error)
}

Vaulter is an interface for creating new vault clients We _don't_ want this to just be a mirror of the official api.Client object, as for most of the time you would just want to use the underlying client.

func NewVaulter added in v1.3.537

func NewVaulter(o VaultOptions) (Vaulter, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL