Documentation ¶
Index ¶
- Constants
- func DeleteWAL(s logical.Storage, id string) error
- func ListWAL(s logical.Storage) ([]string, error)
- func PutWAL(s logical.Storage, kind string, data interface{}) (string, error)
- type Backend
- func (b *Backend) HandleRequest(req *logical.Request) (*logical.Response, error)
- func (b *Backend) Logger() *log.Logger
- func (b *Backend) Route(path string) *Path
- func (b *Backend) Secret(k string) *Secret
- func (b *Backend) SetLogger(logger *log.Logger)
- func (b *Backend) SpecialPaths() *logical.Paths
- type FieldData
- type FieldSchema
- type FieldType
- type OperationFunc
- type Path
- type PathMap
- type PathStruct
- type PolicyMap
- type RollbackFunc
- type Secret
- type WALEntry
Constants ¶
const WALPrefix = "wal/"
WALPrefix is the prefix within Storage where WAL entries will be written.
Variables ¶
This section is empty.
Functions ¶
func DeleteWAL ¶
DeleteWAL commits the WAL entry with the given ID. Once comitted, it is assumed that the operation was a success and doesn't need to be rolled back.
func PutWAL ¶
PutWAL writes some data to the WAL.
The kind parameter is used by the framework to allow users to store multiple kinds of WAL data and to easily disambiguate what data they're expecting.
Data within the WAL that is uncommitted (CommitWAL hasn't be called) will be given to the rollback callback when an rollback operation is received, allowing the backend to clean up some partial states.
The data must be JSON encodable.
This returns a unique ID that can be used to reference this WAL data. WAL data cannot be modified. You can only add to the WAL and commit existing WAL entries.
Types ¶
type Backend ¶
type Backend struct { // Help is the help text that is shown when a help request is made // on the root of this resource. The root help is special since we // show all the paths that can be requested. Help string // Paths are the various routes that the backend responds to. // This cannot be modified after construction (i.e. dynamically changing // paths, including adding or removing, is not allowed once the // backend is in use). // // PathsSpecial is the list of path patterns that denote the // paths above that require special privileges. These can't be // regular expressions, it is either exact match or prefix match. // For prefix match, append '*' as a suffix. Paths []*Path PathsSpecial *logical.Paths // Secrets is the list of secret types that this backend can // return. It is used to automatically generate proper responses, // and ease specifying callbacks for revocation, renewal, etc. Secrets []*Secret // Rollback is called when a WAL entry (see wal.go) has to be rolled // back. It is called with the data from the entry. // // RollbackMinAge is the minimum age of a WAL entry before it is attempted // to be rolled back. This should be longer than the maximum time it takes // to successfully create a secret. Rollback RollbackFunc RollbackMinAge time.Duration // AuthRenew is the callback to call when a RenewRequest for an // authentication comes in. By default, renewal won't be allowed. // See the built-in AuthRenew helpers in lease.go for common callbacks. AuthRenew OperationFunc // contains filtered or unexported fields }
Backend is an implementation of logical.Backend that allows the implementer to code a backend using a much more programmer-friendly framework that handles a lot of the routing and validation for you.
This is recommended over implementing logical.Backend directly.
func (*Backend) HandleRequest ¶
logical.Backend impl.
func (*Backend) Logger ¶
Logger can be used to get the logger. If no logger has been set, the logs will be discarded.
func (*Backend) SpecialPaths ¶
logical.Backend impl.
type FieldData ¶
type FieldData struct { Raw map[string]interface{} Schema map[string]*FieldSchema }
FieldData is the structure passed to the callback to handle a path containing the populated parameters for fields. This should be used instead of the raw (*vault.Request).Data to access data in a type-safe way.
func (*FieldData) Get ¶
Get gets the value for the given field. If the key is an invalid field, FieldData will panic. If you want a safer version of this method, use GetOk. If the field k is not set, the default value (if set) will be returned, otherwise the zero value will be returned.
func (*FieldData) GetOk ¶
GetOk gets the value for the given field. The second return value will be false if the key is invalid or the key is not set at all.
type FieldSchema ¶
FieldSchema is a basic schema to describe the format of a path field.
func (*FieldSchema) DefaultOrZero ¶
func (s *FieldSchema) DefaultOrZero() interface{}
DefaultOrZero returns the default value if it is set, or otherwise the zero value of the type.
type OperationFunc ¶
OperationFunc is the callback called for an operation on a path.
func LeaseExtend ¶
func LeaseExtend(max, maxSession time.Duration) OperationFunc
LeaseExtend returns an OperationFunc that can be used to simply extend the lease of the auth/secret for the duration that was requested. Max is the max time past the _current_ time that a lease can be extended. i.e. setting it to 2 hours forces a renewal within the next 2 hours again.
maxSession is the maximum session length allowed since the original issue time. If this is zero, it is ignored,.
type Path ¶
type Path struct { // Pattern is the pattern of the URL that matches this path. // // This should be a valid regular expression. Named captures will be // exposed as fields that should map to a schema in Fields. If a named // capture is not a field in the Fields map, then it will be ignored. Pattern string // Fields is the mapping of data fields to a schema describing that // field. Named captures in the Pattern also map to fields. If a named // capture name matches a PUT body name, the named capture takes // priority. // // Note that only named capture fields are available in every operation, // whereas all fields are avaiable in the Write operation. Fields map[string]*FieldSchema // Callbacks are the set of callbacks that are called for a given // operation. If a callback for a specific operation is not present, // then logical.ErrUnsupportedOperation is automatically generated. // // The help operation is the only operation that the Path will // automatically handle if the Help field is set. If both the Help // field is set and there is a callback registered here, then the // callback will be called. Callbacks map[logical.Operation]OperationFunc // Help is text describing how to use this path. This will be used // to auto-generate the help operation. The Path will automatically // generate a parameter listing and URL structure based on the // regular expression, so the help text should just contain a description // of what happens. // // HelpSynopsis is a one-sentence description of the path. This will // be automatically line-wrapped at 80 characters. // // HelpDescription is a long-form description of the path. This will // be automatically line-wrapped at 80 characters. HelpSynopsis string HelpDescription string }
Path is a single path that the backend responds to.
func PathAppend ¶
PathAppend is a helper for appending lists of paths into a single list.
type PathMap ¶
type PathMap struct { Prefix string Name string Schema map[string]*FieldSchema // contains filtered or unexported fields }
PathMap can be used to generate a path that stores mappings in the storage. It is a structure that also exports functions for querying the mappings.
The primary use case for this is for credential providers to do their mapping to policies.
type PathStruct ¶
type PathStruct struct { Name string Path string Schema map[string]*FieldSchema HelpSynopsis string HelpDescription string Read bool }
PathStruct can be used to generate a path that stores a struct in the storage. This structure is a map[string]interface{} but the types are set according to the schema in this structure.
func (*PathStruct) Get ¶
func (p *PathStruct) Get(s logical.Storage) (map[string]interface{}, error)
Get reads the structure.
func (*PathStruct) Paths ¶
func (p *PathStruct) Paths() []*Path
Paths are the paths to append to the Backend paths.
type PolicyMap ¶
PolicyMap is a specialization of PathMap that expects the values to be lists of policies. This assists in querying and loading policies from the PathMap.
type RollbackFunc ¶
RollbackFunc is the callback for rollbacks.
type Secret ¶
type Secret struct { // Type is the name of this secret type. This is used to setup the // vault ID and to look up the proper secret structure when revocation/ // renewal happens. Once this is set this should not be changed. // // The format of this must match (case insensitive): ^a-Z0-9_$ Type string // Fields is the mapping of data fields and schema that comprise // the structure of this secret. Fields map[string]*FieldSchema // DefaultDuration and DefaultGracePeriod are the default values for // the duration of the lease for this secret and its grace period. These // can be manually overwritten with the result of Response(). // // If these aren't set, Vault core will set a default lease period. DefaultDuration time.Duration DefaultGracePeriod time.Duration // Renew is the callback called to renew this secret. If Renew is // not specified then renewable is set to false in the secret. // See lease.go for helpers for this value. Renew OperationFunc // Revoke is the callback called to revoke this secret. This is required. Revoke OperationFunc }
Secret is a type of secret that can be returned from a backend.
func (*Secret) HandleRenew ¶
HandleRenew is the request handler for renewing this secret.
func (*Secret) HandleRevoke ¶
HandleRevoke is the request handler for renewing this secret.