Documentation ¶
Index ¶
- Constants
- Variables
- func CreateVault(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, ...) error
- func DeleteVault(vaultOperatorClient versioned.Interface, name string, ns string) error
- func FindVault(vaultOperatorClient versioned.Interface, name string, ns string) bool
- func GetAuthSaName(vault v1alpha1.Vault) string
- func GetVault(vaultOperatorClient versioned.Interface, name string, ns string) (*v1alpha1.Vault, error)
- func VaultGcpServiceAccountSecretName(vaultName string, clusterName string) string
- type GCPConfig
- type GCSConfig
- type JxVaulter
- type Listener
- type PathPolicy
- type PathRule
- type Storage
- type Tcp
- type Telemetry
- type Vault
- type VaultAuth
- type VaultAuths
- type VaultClientFactory
- type VaultOptions
- type VaultPolicies
- type VaultPolicy
- type VaultRole
- type VaultSelector
- type Vaulter
Constants ¶
const ( DenyCapability = "deny" CreateCapability = "create" ReadCapability = "read" UpdateCapability = "update" DeleteCapability = "delete" ListCapability = "list" SudoCapability = "sudo" RootCapability = "root" PathRulesName = "allow_secrets" DefaultSecretsPathPrefix = "secret/*" PoliciesName = "policies" )
const (
SystemVaultName = "jx-vault"
)
Variables ¶
var (
DefaultSecretsCapabiltities = []string{CreateCapability, ReadCapability, UpdateCapability, DeleteCapability, ListCapability}
)
Functions ¶
func CreateVault ¶ added in v1.3.537
func CreateVault(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, name string, ns string, gcpServiceAccountSecretName string, gcpConfig *GCPConfig, authServiceAccount string, authServiceAccountNamespace string, secretsPathPrefix string) error
CreateVault creates a new vault backed by GCP KMS and storage
func DeleteVault ¶ added in v1.3.537
DeleteVault delete a Vault resource
func GetAuthSaName ¶ added in v1.3.594
GetAuthSaName gets the Auth Service Account name for the vault
func GetVault ¶ added in v1.3.594
func GetVault(vaultOperatorClient versioned.Interface, name string, ns string) (*v1alpha1.Vault, error)
GetVault gets a specific vault
func VaultGcpServiceAccountSecretName ¶ added in v1.3.537
VaultGcpServiceAccountSecretName builds the secret name where the GCP service account is stored
Types ¶
type GCPConfig ¶ added in v1.3.537
type GCPConfig struct { ProjectId string KmsKeyring string KmsKey string KmsLocation string GcsBucket string }
GCPConfig keeps the configuration for Google Cloud
type JxVaulter ¶ added in v1.3.537
type JxVaulter struct {
// contains filtered or unexported fields
}
func (*JxVaulter) GetVaultClient ¶ added in v1.3.607
GetVaultClient gets the underlying vault client
type PathPolicy ¶
type PathPolicy struct { Prefix string `hcl:",key"` Capabilities []string `hcl:"capabilities" hcle:"omitempty"` }
PathPolicy defiens a vault path policy
type PathRule ¶
type PathRule struct {
Path []PathPolicy `hcl:"path" hcle:"omitempty"`
}
PathRule defines a path rule
type Telemetry ¶ added in v1.3.537
type Telemetry struct {
StatsdAddress string `json:"statsd_address"`
}
type VaultAuths ¶ added in v1.3.537
type VaultAuths []VaultAuth
type VaultClientFactory ¶ added in v1.3.537
type VaultClientFactory struct { Options common.OptionsInterface Selector VaultSelector // contains filtered or unexported fields }
func NewInteractiveVaultClientFactory ¶ added in v1.3.607
func NewInteractiveVaultClientFactory(options common.OptionsInterface) (VaultClientFactory, error)
NewInteractiveVaultClientFactory creates a VaultClientFactory that allows the user to pick vaults if necessary
func NewSystemVaultClientFactory ¶ added in v1.3.607
func NewSystemVaultClientFactory(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, defaultNamespace string) (VaultClientFactory, error)
NewSystemVaultClientFactory Creates a new VaultClientFactory with different options to the above. It doesnt' have CLI support so will fail if it needs interactive input (unlikely)
func (*VaultClientFactory) GetConfigData ¶ added in v1.3.537
func (v *VaultClientFactory) GetConfigData(name string, namespace string) (config *api.Config, jwt string, saName string, err error)
GetConfigData generates the information necessary to configure an api.Client object Returns the api.Config object, the JWT needed to create the auth user in vault, and an error if present
func (VaultClientFactory) NewVaultClient ¶ added in v1.3.537
NewVaultClient creates a new api.Client if namespace is nil, then the default namespace of the factory will be used if the name is nil, and only one vault is found, then that vault will be used. Otherwise the user will be prompted to select a vault for the client.
type VaultOptions ¶ added in v1.3.537
type VaultOptions interface { common.OptionsInterface VaultName() string VaultNamespace() string }
type VaultPolicies ¶ added in v1.3.537
type VaultPolicies []VaultPolicy
type VaultPolicy ¶ added in v1.3.537
type VaultSelector ¶ added in v1.3.537
VaultSelector is an interface for selecting a vault from the installed ones on the platform It should pick the most logical one, or give the user a way of picking a vault if there are multiple installed
func NewVaultSelector ¶ added in v1.3.537
func NewVaultSelector(o common.OptionsInterface) (VaultSelector, error)
type Vaulter ¶ added in v1.3.537
type Vaulter interface { // Config gets the config required for configuring the official Vault CLI Config() (vaultUrl url.URL, vaultToken string, err error) // Secrets lists the secrets stored in the vault. Beta - subject to change Secrets() ([]string, error) }
Vaulter is an interface for creating new vault clients We _don't_ want this to just be a mirror of the official api.Client object, as for most of the time you would just want to use the underlying client.
func NewVaulter ¶ added in v1.3.537
func NewVaulter(o VaultOptions) (Vaulter, error)