The highest tagged major version is
Documentation
¶
Index ¶
- func CreateVault(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, ...) error
- func DeleteVault(vaultOperatorClient versioned.Interface, name string, ns string) error
- func FindVault(vaultOperatorClient versioned.Interface, name string, ns string) bool
- func GetAuthSaName(vault v1alpha1.Vault) string
- func GetVault(vaultOperatorClient versioned.Interface, name string, ns string) (*v1alpha1.Vault, error)
- type GCPConfig
- type GCSConfig
- type Listener
- type Selector
- type Storage
- type Tcp
- type Telemetry
- type Vault
- type VaultAuth
- type VaultAuths
- type VaultClientFactory
- type VaultPolicies
- type VaultPolicy
- type VaultRole
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateVault ¶
func CreateVault(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, name string, ns string, gcpServiceAccountSecretName string, gcpConfig *GCPConfig, authServiceAccount string, authServiceAccountNamespace string, secretsPathPrefix string) error
CreateVault creates a new vault backed by GCP KMS and storage
func DeleteVault ¶
DeleteVault delete a Vault resource
func GetAuthSaName ¶
GetAuthSaName gets the Auth Service Account name for the vault
Types ¶
type GCPConfig ¶
type GCPConfig struct {
ProjectId string
KmsKeyring string
KmsKey string
KmsLocation string
GcsBucket string
}
GCPConfig keeps the configuration for Google Cloud
type Selector ¶
Selector is an interface for selecting a vault from the installed ones on the platform It should pick the most logical one, or give the user a way of picking a vault if there are multiple installed
func NewVaultSelector ¶
func NewVaultSelector(o common.OptionsInterface) (Selector, error)
NewVaultSelector creates a new vault selector
type Storage ¶
type Storage struct {
GCS GCSConfig `json:"gcs"`
}
Storage configuration for Vault storage
type Telemetry ¶
type Telemetry struct {
StatsdAddress string `json:"statsd_address"`
}
Telemetry address for telemetry server
type VaultClientFactory ¶
type VaultClientFactory struct {
Options common.OptionsInterface
Selector Selector
// contains filtered or unexported fields
}
VaultClientFactory keeps the configuration required to build a new VaultClientFactory
func NewInteractiveVaultClientFactory ¶
func NewInteractiveVaultClientFactory(options common.OptionsInterface) (*VaultClientFactory, error)
NewInteractiveVaultClientFactory creates a VaultClientFactory that allows the user to pick vaults if necessary
func NewVaultClientFactory ¶
func NewVaultClientFactory(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, defaultNamespace string) (*VaultClientFactory, error)
NewVaultClientFactory Creates a new VaultClientFactory with different options to the above. It doesnt' have CLI support so will fail if it needs interactive input (unlikely)
func (*VaultClientFactory) GetConfigData ¶
func (v *VaultClientFactory) GetConfigData(name string, namespace string) (config *api.Config, jwt string, saName string, err error)
GetConfigData generates the information necessary to configure an api.Client object Returns the api.Config object, the JWT needed to create the auth user in vault, and an error if present
func (*VaultClientFactory) NewVaultClient ¶
NewVaultClient creates a new api.Client if namespace is nil, then the default namespace of the factory will be used if the name is nil, and only one vault is found, then that vault will be used. Otherwise the user will be prompted to select a vault for the client.
type VaultPolicy ¶
VaultPolicy vault policy
type VaultRole ¶
type VaultRole struct {
BoundServiceAccountNames string `json:"bound_service_account_names"`
BoundServiceAccountNamespaces string `json:"bound_service_account_namespaces"`
Name string `json:"name"`
Policies string `json:"policies"`
TTL string `json:"ttl"`
}
VaultRole role configuration for VaultAuth
Source Files