physical

package
v0.8.0-beta1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 25, 2017 License: MPL-2.0 Imports: 65 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DefaultDynamoDBRegion is used when no region is configured
	// explicitly.
	DefaultDynamoDBRegion = "us-east-1"
	// DefaultDynamoDBTableName is used when no table name
	// is configured explicitly.
	DefaultDynamoDBTableName = "vault-dynamodb-backend"

	// DefaultDynamoDBReadCapacity is the default read capacity
	// that is used when none is configured explicitly.
	DefaultDynamoDBReadCapacity = 5
	// DefaultDynamoDBWriteCapacity is the default write capacity
	// that is used when none is configured explicitly.
	DefaultDynamoDBWriteCapacity = 5

	// DynamoDBEmptyPath is the string that is used instead of
	// empty strings when stored in DynamoDB.
	DynamoDBEmptyPath = " "
	// DynamoDBLockPrefix is the prefix used to mark DynamoDB records
	// as locks. This prefix causes them not to be returned by
	// List operations.
	DynamoDBLockPrefix = "_"

	// The lock TTL matches the default that Consul API uses, 15 seconds.
	DynamoDBLockTTL = 15 * time.Second

	// The amount of time to wait between the lock renewals
	DynamoDBLockRenewInterval = 5 * time.Second

	// DynamoDBLockRetryInterval is the amount of time to wait
	// if a lock fails before trying again.
	DynamoDBLockRetryInterval = time.Second
	// DynamoDBWatchRetryMax is the number of times to re-try a
	// failed watch before signaling that leadership is lost.
	DynamoDBWatchRetryMax = 5
	// DynamoDBWatchRetryInterval is the amount of time to wait
	// if a watch fails before trying again.
	DynamoDBWatchRetryInterval = 5 * time.Second
)
View Source 
const (
	// Ideally, this prefix would match the "_" used in the file backend, but
	// that prefix has special meaining in etcd. Specifically, it excludes those
	// entries from directory listings.
	Etcd2NodeFilePrefix = "."

	// The lock prefix can (and probably should) cause an entry to be excluded
	// from diretory listings, so "_" works here.
	Etcd2NodeLockPrefix = "_"

	// The delimiter is the same as the `-C` flag of etcdctl.
	Etcd2MachineDelimiter = ","

	// The lock TTL matches the default that Consul API uses, 15 seconds.
	Etcd2LockTTL = 15 * time.Second

	// The amount of time to wait between the semaphore key renewals
	Etcd2LockRenewInterval = 5 * time.Second

	// The amount of time to wait if a watch fails before trying again.
	Etcd2WatchRetryInterval = time.Second

	// The number of times to re-try a failed watch before signaling that leadership is lost.
	Etcd2WatchRetryMax = 5
)
View Source 
const (
	DeleteOperation Operation = "delete"
	GetOperation              = "get"
	ListOperation             = "list"
	PutOperation              = "put"
)
View Source 
const (
	// DefaultCacheSize is used if no cache size is specified for NewCache
	DefaultCacheSize = 32 * 1024
)
View Source 
const DefaultParallelOperations = 128
View Source 
const (

	// DefaultServiceName is the default Consul service name used when
	// advertising a Vault instance.
	DefaultServiceName = "vault"
)
View Source 
const (
	// ZKNodeFilePrefix is prefixed to any "files" in ZooKeeper,
	// so that they do not collide with directory entries. Otherwise,
	// we cannot delete a file if the path is a full-prefix of another
	// key.
	ZKNodeFilePrefix = "_"
)

Variables

View Source 
var (
	EtcdSyncConfigError          = errors.New("client setup failed: unable to parse etcd sync field in config")
	EtcdSyncClusterError         = errors.New("client setup failed: unable to sync etcd cluster")
	EtcdMultipleBootstrapError   = errors.New("client setup failed: multiple discovery or bootstrap flags specified, use either \"address\" or \"discovery_srv\"")
	EtcdAddressError             = errors.New("client setup failed: address must be valid URL (ex. 'scheme://host:port')")
	EtcdSemaphoreKeysEmptyError  = errors.New("lock queue is empty")
	EtcdLockHeldError            = errors.New("lock already held")
	EtcdLockNotHeldError         = errors.New("lock not held")
	EtcdSemaphoreKeyRemovedError = errors.New("semaphore key removed before lock aquisition")
	EtcdVersionUnknow            = errors.New("etcd: unknown API version")
)
View Source 
var MaxBlobSize = 1024 * 1024 * 4

MaxBlobSize at this time

Functions

This section is empty.

Types

type AzureBackend added in v0.6.0 

type AzureBackend struct {
	// contains filtered or unexported fields
}

AzureBackend is a physical backend that stores data within an Azure blob container.

func (*AzureBackend) Delete added in v0.6.0 

func (a *AzureBackend) Delete(key string) error

Delete is used to permanently delete an entry

func (*AzureBackend) Get added in v0.6.0 

func (a *AzureBackend) Get(key string) (*Entry, error)

Get is used to fetch an entry

func (*AzureBackend) List added in v0.6.0 

func (a *AzureBackend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix, up to the next prefix.

func (*AzureBackend) Put added in v0.6.0 

func (a *AzureBackend) Put(entry *Entry) error

Put is used to insert or update an entry

type Backend 

type Backend interface {
	// Put is used to insert or update an entry
	Put(entry *Entry) error

	// Get is used to fetch an entry
	Get(key string) (*Entry, error)

	// Delete is used to permanently delete an entry
	Delete(key string) error

	// List is used ot list all the keys under a given
	// prefix, up to the next prefix.
	List(prefix string) ([]string, error)
}

Backend is the interface required for a physical backend. A physical backend is used to durably store data outside of Vault. As such, it is completely untrusted, and is only accessed via a security barrier. The backends must represent keys in a hierarchical manner. All methods are expected to be thread safe.

func NewBackend 

func NewBackend(t string, logger log.Logger, conf map[string]string) (Backend, error)

NewBackend returns a new backend with the given type and configuration. The backend is looked up in the builtinBackends variable.

type Cache 

type Cache struct {
	// contains filtered or unexported fields
}

Cache is used to wrap an underlying physical backend and provide an LRU cache layer on top. Most of the reads done by Vault are for policy objects so there is a large read reduction by using a simple write-through cache.

func NewCache 

func NewCache(b Backend, size int, logger log.Logger) *Cache

NewCache returns a physical cache of the given size. If no size is provided, the default size is used.

func (*Cache) Delete 

func (c *Cache) Delete(key string) error

func (*Cache) Get 

func (c *Cache) Get(key string) (*Entry, error)

func (*Cache) List 

func (c *Cache) List(prefix string) ([]string, error)

func (*Cache) Purge 

func (c *Cache) Purge()

Purge is used to clear the cache

func (*Cache) Put 

func (c *Cache) Put(entry *Entry) error

func (*Cache) Transaction added in v0.7.0 

func (c *Cache) Transaction(txns []TxnEntry) error

type CockroachDBBackend 

type CockroachDBBackend struct {
	// contains filtered or unexported fields
}

CockroachDBBackend Backend is a physical backend that stores data within a CockroachDB database.

func (*CockroachDBBackend) Delete 

func (c *CockroachDBBackend) Delete(key string) error

Delete is used to permanently delete an entry

func (*CockroachDBBackend) Get 

func (c *CockroachDBBackend) Get(key string) (*Entry, error)

Get is used to fetch and entry.

func (*CockroachDBBackend) List 

func (c *CockroachDBBackend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix, up to the next prefix.

func (*CockroachDBBackend) Put 

func (c *CockroachDBBackend) Put(entry *Entry) error

Put is used to insert or update an entry.

func (*CockroachDBBackend) Transaction 

func (c *CockroachDBBackend) Transaction(txns []TxnEntry) error

Transaction is used to run multiple entries via a transaction

type ConsulBackend 

type ConsulBackend struct {
	// contains filtered or unexported fields
}

ConsulBackend is a physical backend that stores data at specific prefix within Consul. It is used for most production situations as it allows Vault to run on multiple machines in a highly-available manner.

func (*ConsulBackend) Delete 

func (c *ConsulBackend) Delete(key string) error

Delete is used to permanently delete an entry

func (*ConsulBackend) DetectHostAddr added in v0.1.2 

func (c *ConsulBackend) DetectHostAddr() (string, error)

DetectHostAddr is used to detect the host address by asking the Consul agent

func (*ConsulBackend) Get 

func (c *ConsulBackend) Get(key string) (*Entry, error)

Get is used to fetch an entry

func (*ConsulBackend) HAEnabled added in v0.6.1 

func (c *ConsulBackend) HAEnabled() bool

HAEnabled indicates whether the HA functionality should be exposed. Currently always returns true.

func (*ConsulBackend) List 

func (c *ConsulBackend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix, up to the next prefix.

func (*ConsulBackend) LockWith 

func (c *ConsulBackend) LockWith(key, value string) (Lock, error)

Lock is used for mutual exclusion based on the given key.

func (*ConsulBackend) NotifyActiveStateChange added in v0.6.0 

func (c *ConsulBackend) NotifyActiveStateChange() error

func (*ConsulBackend) NotifySealedStateChange added in v0.6.0 

func (c *ConsulBackend) NotifySealedStateChange() error

func (*ConsulBackend) Put 

func (c *ConsulBackend) Put(entry *Entry) error

Put is used to insert or update an entry

func (*ConsulBackend) RunServiceDiscovery added in v0.6.0 

func (c *ConsulBackend) RunServiceDiscovery(waitGroup *sync.WaitGroup, shutdownCh ShutdownChannel, redirectAddr string, activeFunc activeFunction, sealedFunc sealedFunction) (err error)

func (*ConsulBackend) Transaction added in v0.7.0 

func (c *ConsulBackend) Transaction(txns []TxnEntry) error

Used to run multiple entries via a transaction

type ConsulLock 

type ConsulLock struct {
	// contains filtered or unexported fields
}

ConsulLock is used to provide the Lock interface backed by Consul

func (*ConsulLock) Lock 

func (c *ConsulLock) Lock(stopCh <-chan struct{}) (<-chan struct{}, error)

func (*ConsulLock) Unlock 

func (c *ConsulLock) Unlock() error

func (*ConsulLock) Value 

func (c *ConsulLock) Value() (bool, string, error)

type CouchDBBackend 

type CouchDBBackend struct {
	// contains filtered or unexported fields
}

CouchDBBackend allows the management of couchdb users

func (*CouchDBBackend) Delete 

func (m *CouchDBBackend) Delete(key string) error

Delete is used to permanently delete an entry

func (*CouchDBBackend) DeleteInternal 

func (m *CouchDBBackend) DeleteInternal(key string) error

DeleteInternal is used to permanently delete an entry

func (*CouchDBBackend) Get 

func (m *CouchDBBackend) Get(key string) (*Entry, error)

Get is used to fetch an entry

func (*CouchDBBackend) GetInternal 

func (m *CouchDBBackend) GetInternal(key string) (*Entry, error)

GetInternal is used to fetch an entry

func (*CouchDBBackend) List 

func (m *CouchDBBackend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix

func (*CouchDBBackend) Put 

func (m *CouchDBBackend) Put(entry *Entry) error

Put is used to insert or update an entry

func (*CouchDBBackend) PutInternal 

func (m *CouchDBBackend) PutInternal(entry *Entry) error

PutInternal is used to insert or update an entry

type DynamoDBBackend added in v0.5.0 

type DynamoDBBackend struct {
	// contains filtered or unexported fields
}

DynamoDBBackend is a physical backend that stores data in a DynamoDB table. It can be run in high-availability mode as DynamoDB has locking capabilities.

func (*DynamoDBBackend) Delete added in v0.5.0 

func (d *DynamoDBBackend) Delete(key string) error

Delete is used to permanently delete an entry

func (*DynamoDBBackend) Get added in v0.5.0 

func (d *DynamoDBBackend) Get(key string) (*Entry, error)

Get is used to fetch an entry

func (*DynamoDBBackend) HAEnabled added in v0.6.1 

func (d *DynamoDBBackend) HAEnabled() bool

func (*DynamoDBBackend) List added in v0.5.0 

func (d *DynamoDBBackend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix, up to the next prefix.

func (*DynamoDBBackend) LockWith added in v0.5.0 

func (d *DynamoDBBackend) LockWith(key, value string) (Lock, error)

LockWith is used for mutual exclusion based on the given key.

func (*DynamoDBBackend) Put added in v0.5.0 

func (d *DynamoDBBackend) Put(entry *Entry) error

Put is used to insert or update an entry

type DynamoDBLock added in v0.5.0 

type DynamoDBLock struct {
	// contains filtered or unexported fields
}

DynamoDBLock implements a lock using an DynamoDB client.

func (*DynamoDBLock) Lock added in v0.5.0 

func (l *DynamoDBLock) Lock(stopCh <-chan struct{}) (doneCh <-chan struct{}, retErr error)

Lock tries to acquire the lock by repeatedly trying to create a record in the DynamoDB table. It will block until either the stop channel is closed or the lock could be acquired successfully. The returned channel will be closed once the lock is deleted or changed in the DynamoDB table.

func (*DynamoDBLock) Unlock added in v0.5.0 

func (l *DynamoDBLock) Unlock() error

Unlock releases the lock by deleting the lock record from the DynamoDB table.

func (*DynamoDBLock) Value added in v0.5.0 

func (l *DynamoDBLock) Value() (bool, string, error)

Value checks whether or not the lock is held by any instance of DynamoDBLock, including this one, and returns the current value.

type DynamoDBLockRecord added in v0.7.0 

type DynamoDBLockRecord struct {
	Path     string
	Key      string
	Value    []byte
	Identity []byte
	Expires  int64
}

type DynamoDBRecord added in v0.5.0 

type DynamoDBRecord struct {
	Path  string
	Key   string
	Value []byte
}

DynamoDBRecord is the representation of a vault entry in DynamoDB. The vault key is split up into two components (Path and Key) in order to allow more efficient listings.

type Entry 

type Entry struct {
	Key   string
	Value []byte
}

Entry is used to represent data stored by the physical backend

type Etcd2Backend added in v0.6.5 

type Etcd2Backend struct {
	// contains filtered or unexported fields
}

Etcd2Backend is a physical backend that stores data at specific prefix within etcd. It is used for most production situations as it allows Vault to run on multiple machines in a highly-available manner.

func (*Etcd2Backend) Delete added in v0.6.5 

func (c *Etcd2Backend) Delete(key string) error

Delete is used to permanently delete an entry.

func (*Etcd2Backend) Get added in v0.6.5 

func (c *Etcd2Backend) Get(key string) (*Entry, error)

Get is used to fetch an entry.

func (*Etcd2Backend) HAEnabled added in v0.6.5 

func (e *Etcd2Backend) HAEnabled() bool

HAEnabled indicates whether the HA functionality should be exposed. Currently always returns true.

func (*Etcd2Backend) List added in v0.6.5 

func (c *Etcd2Backend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix, up to the next prefix.

func (*Etcd2Backend) LockWith added in v0.6.5 

func (c *Etcd2Backend) LockWith(key, value string) (Lock, error)

Lock is used for mutual exclusion based on the given key.

func (*Etcd2Backend) Put added in v0.6.5 

func (c *Etcd2Backend) Put(entry *Entry) error

Put is used to insert or update an entry.

type Etcd2Lock added in v0.6.5 

type Etcd2Lock struct {
	// contains filtered or unexported fields
}

Etcd2Lock emplements a lock using and Etcd2 backend.

func (*Etcd2Lock) Lock added in v0.6.5 

func (c *Etcd2Lock) Lock(stopCh <-chan struct{}) (doneCh <-chan struct{}, retErr error)

Lock attempts to acquire the lock by waiting for a new semaphore key in etcd to become the first in the queue and will block until it is successful or it receives a signal on the provided channel. The returned channel will be closed when the lock is lost, either by an explicit call to Unlock or by the associated semaphore key in etcd otherwise being deleted or expiring.

If the lock is currently held by this instance of Etcd2Lock, Lock will return an Etcd2LockHeldError error.

func (*Etcd2Lock) Unlock added in v0.6.5 

func (c *Etcd2Lock) Unlock() error

Unlock releases the lock by deleting the associated semaphore key in etcd.

If the lock is not currently held by this instance of Etcd2Lock, Unlock will return an Etcd2LockNotHeldError error.

func (*Etcd2Lock) Value added in v0.6.5 

func (c *Etcd2Lock) Value() (bool, string, error)

Value checks whether or not the lock is held by any instance of Etcd2Lock, including this one, and returns the current value.

type EtcdBackend added in v0.2.0 

type EtcdBackend struct {
	// contains filtered or unexported fields
}

EtcdBackend is a physical backend that stores data at specific prefix within etcd. It is used for most production situations as it allows Vault to run on multiple machines in a highly-available manner.

func (*EtcdBackend) Delete added in v0.2.0 

func (c *EtcdBackend) Delete(key string) error

func (*EtcdBackend) Get added in v0.2.0 

func (c *EtcdBackend) Get(key string) (*Entry, error)

func (*EtcdBackend) HAEnabled added in v0.6.1 

func (e *EtcdBackend) HAEnabled() bool

func (*EtcdBackend) List added in v0.2.0 

func (c *EtcdBackend) List(prefix string) ([]string, error)

func (*EtcdBackend) LockWith added in v0.2.0 

func (c *EtcdBackend) LockWith(key, value string) (Lock, error)

Lock is used for mutual exclusion based on the given key.

func (*EtcdBackend) Put added in v0.2.0 

func (c *EtcdBackend) Put(entry *Entry) error

type EtcdLock added in v0.2.0 

type EtcdLock struct {
	// contains filtered or unexported fields
}

EtcdLock emplements a lock using and etcd backend.

func (*EtcdLock) Lock added in v0.2.0 

func (c *EtcdLock) Lock(stopCh <-chan struct{}) (<-chan struct{}, error)

func (*EtcdLock) Unlock added in v0.2.0 

func (c *EtcdLock) Unlock() error

func (*EtcdLock) Value added in v0.2.0 

func (c *EtcdLock) Value() (bool, string, error)

type Factory 

type Factory func(config map[string]string, logger log.Logger) (Backend, error)

Factory is the factory function to create a physical backend.

type FileBackend 

type FileBackend struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

FileBackend is a physical backend that stores data on disk at a given file path. It can be used for durable single server situations, or to develop locally where durability is not critical.

WARNING: the file backend implementation is currently extremely unsafe and non-performant. It is meant mostly for local testing and development. It can be improved in the future.

func (*FileBackend) Delete 

func (b *FileBackend) Delete(path string) error

func (*FileBackend) DeleteInternal added in v0.7.0 

func (b *FileBackend) DeleteInternal(path string) error

func (*FileBackend) Get 

func (b *FileBackend) Get(k string) (*Entry, error)

func (*FileBackend) GetInternal added in v0.7.0 

func (b *FileBackend) GetInternal(k string) (*Entry, error)

func (*FileBackend) List 

func (b *FileBackend) List(prefix string) ([]string, error)

func (*FileBackend) ListInternal added in v0.7.0 

func (b *FileBackend) ListInternal(prefix string) ([]string, error)

func (*FileBackend) Put 

func (b *FileBackend) Put(entry *Entry) error

func (*FileBackend) PutInternal added in v0.7.0 

func (b *FileBackend) PutInternal(entry *Entry) error

type GCSBackend added in v0.6.3 

type GCSBackend struct {
	// contains filtered or unexported fields
}

GCSBackend is a physical backend that stores data within an Google Cloud Storage bucket.

func (*GCSBackend) Delete added in v0.6.3 

func (g *GCSBackend) Delete(key string) error

Delete is used to permanently delete an entry

func (*GCSBackend) Get added in v0.6.3 

func (g *GCSBackend) Get(key string) (*Entry, error)

Get is used to fetch an entry

func (*GCSBackend) List added in v0.6.3 

func (g *GCSBackend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix, up to the next prefix.

func (*GCSBackend) Put added in v0.6.3 

func (g *GCSBackend) Put(entry *Entry) error

Put is used to insert or update an entry

type HABackend 

type HABackend interface {
	// LockWith is used for mutual exclusion based on the given key.
	LockWith(key, value string) (Lock, error)

	// Whether or not HA functionality is enabled
	HAEnabled() bool
}

HABackend is an extensions to the standard physical backend to support high-availability. Vault only expects to use mutual exclusion to allow multiple instances to act as a hot standby for a leader that services all requests.

type InmemBackend 

type InmemBackend struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

InmemBackend is an in-memory only physical backend. It is useful for testing and development situations where the data is not expected to be durable.

func NewInmem 

func NewInmem(logger log.Logger) *InmemBackend

NewInmem constructs a new in-memory backend

func (*InmemBackend) Delete 

func (i *InmemBackend) Delete(key string) error

Delete is used to permanently delete an entry

func (*InmemBackend) DeleteInternal added in v0.7.0 

func (i *InmemBackend) DeleteInternal(key string) error

func (*InmemBackend) Get 

func (i *InmemBackend) Get(key string) (*Entry, error)

Get is used to fetch an entry

func (*InmemBackend) GetInternal added in v0.7.0 

func (i *InmemBackend) GetInternal(key string) (*Entry, error)

func (*InmemBackend) List 

func (i *InmemBackend) List(prefix string) ([]string, error)

List is used ot list all the keys under a given prefix, up to the next prefix.

func (*InmemBackend) ListInternal added in v0.7.0 

func (i *InmemBackend) ListInternal(prefix string) ([]string, error)

func (*InmemBackend) Put 

func (i *InmemBackend) Put(entry *Entry) error

Put is used to insert or update an entry

func (*InmemBackend) PutInternal added in v0.7.0 

func (i *InmemBackend) PutInternal(entry *Entry) error

type InmemHABackend 

type InmemHABackend struct {
	Backend
	// contains filtered or unexported fields
}

func NewInmemHA 

func NewInmemHA(logger log.Logger) *InmemHABackend

NewInmemHA constructs a new in-memory HA backend. This is only for testing.

func (*InmemHABackend) HAEnabled added in v0.6.1 

func (i *InmemHABackend) HAEnabled() bool

HAEnabled indicates whether the HA functionality should be exposed. Currently always returns true.

func (*InmemHABackend) LockMapSize added in v0.5.0 

func (i *InmemHABackend) LockMapSize() int

LockMapSize is used in some tests to determine whether this backend has ever been used for HA purposes rather than simply for storage

func (*InmemHABackend) LockWith 

func (i *InmemHABackend) LockWith(key, value string) (Lock, error)

LockWith is used for mutual exclusion based on the given key.

type InmemLock 

type InmemLock struct {
	// contains filtered or unexported fields
}

InmemLock is an in-memory Lock implementation for the HABackend

func (*InmemLock) Lock 

func (i *InmemLock) Lock(stopCh <-chan struct{}) (<-chan struct{}, error)

func (*InmemLock) Unlock 

func (i *InmemLock) Unlock() error

func (*InmemLock) Value 

func (i *InmemLock) Value() (bool, string, error)

type Lock 

type Lock interface {
	// Lock is used to acquire the given lock
	// The stopCh is optional and if closed should interrupt the lock
	// acquisition attempt. The return struct should be closed when
	// leadership is lost.
	Lock(stopCh <-chan struct{}) (<-chan struct{}, error)

	// Unlock is used to release the lock
	Unlock() error

	// Returns the value of the lock and if it is held
	Value() (bool, string, error)
}

type MsSQLBackend added in v0.7.1 

type MsSQLBackend struct {
	// contains filtered or unexported fields
}

func (*MsSQLBackend) Delete added in v0.7.1 

func (m *MsSQLBackend) Delete(key string) error

func (*MsSQLBackend) Get added in v0.7.1 

func (m *MsSQLBackend) Get(key string) (*Entry, error)

func (*MsSQLBackend) List added in v0.7.1 

func (m *MsSQLBackend) List(prefix string) ([]string, error)

func (*MsSQLBackend) Put added in v0.7.1 

func (m *MsSQLBackend) Put(entry *Entry) error

type MySQLBackend added in v0.2.0 

type MySQLBackend struct {
	// contains filtered or unexported fields
}

MySQLBackend is a physical backend that stores data within MySQL database.

func (*MySQLBackend) Delete added in v0.2.0 

func (m *MySQLBackend) Delete(key string) error

Delete is used to permanently delete an entry

func (*MySQLBackend) Get added in v0.2.0 

func (m *MySQLBackend) Get(key string) (*Entry, error)

Get is used to fetch and entry.

func (*MySQLBackend) List added in v0.2.0 

func (m *MySQLBackend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix, up to the next prefix.

func (*MySQLBackend) Put added in v0.2.0 

func (m *MySQLBackend) Put(entry *Entry) error

Put is used to insert or update an entry.

type Operation added in v0.7.0 

type Operation string

The operation type

type PermitPool added in v0.4.0 

type PermitPool struct {
	// contains filtered or unexported fields
}

PermitPool is used to limit maximum outstanding requests

func NewPermitPool added in v0.4.0 

func NewPermitPool(permits int) *PermitPool

NewPermitPool returns a new permit pool with the provided number of permits

func (*PermitPool) Acquire added in v0.4.0 

func (c *PermitPool) Acquire()

Acquire returns when a permit has been acquired

func (*PermitPool) Release added in v0.4.0 

func (c *PermitPool) Release()

Release returns a permit to the pool

type PostgreSQLBackend added in v0.5.0 

type PostgreSQLBackend struct {
	// contains filtered or unexported fields
}

PostgreSQL Backend is a physical backend that stores data within a PostgreSQL database.

func (*PostgreSQLBackend) Delete added in v0.5.0 

func (m *PostgreSQLBackend) Delete(fullPath string) error

Delete is used to permanently delete an entry

func (*PostgreSQLBackend) Get added in v0.5.0 

func (m *PostgreSQLBackend) Get(fullPath string) (*Entry, error)

Get is used to fetch and entry.

func (*PostgreSQLBackend) List added in v0.5.0 

func (m *PostgreSQLBackend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix, up to the next prefix.

func (*PostgreSQLBackend) Put added in v0.5.0 

func (m *PostgreSQLBackend) Put(entry *Entry) error

Put is used to insert or update an entry.

type PseudoTransactional added in v0.7.0 

type PseudoTransactional interface {
	// An internal function should do no locking or permit pool acquisition.
	// Depending on the backend and if it natively supports transactions, these
	// may simply chain to the normal backend functions.
	GetInternal(string) (*Entry, error)
	PutInternal(*Entry) error
	DeleteInternal(string) error
}

type Purgable added in v0.6.5 

type Purgable interface {
	Purge()
}

Purgable is an optional interface for backends that support purging of their caches.

type RedirectDetect added in v0.6.1 

type RedirectDetect interface {
	// DetectHostAddr is used to detect the host address
	DetectHostAddr() (string, error)
}

RedirectDetect is an optional interface that an HABackend can implement. If they do, a redirect address can be automatically detected.

type S3Backend added in v0.2.0 

type S3Backend struct {
	// contains filtered or unexported fields
}

S3Backend is a physical backend that stores data within an S3 bucket.

func (*S3Backend) Delete added in v0.2.0 

func (s *S3Backend) Delete(key string) error

Delete is used to permanently delete an entry

func (*S3Backend) Get added in v0.2.0 

func (s *S3Backend) Get(key string) (*Entry, error)

Get is used to fetch an entry

func (*S3Backend) List added in v0.2.0 

func (s *S3Backend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix, up to the next prefix.

func (*S3Backend) Put added in v0.2.0 

func (s *S3Backend) Put(entry *Entry) error

Put is used to insert or update an entry

type ServiceDiscovery added in v0.6.0 

type ServiceDiscovery interface {
	// NotifyActiveStateChange is used by Core to notify a backend
	// capable of ServiceDiscovery that this Vault instance has changed
	// its status to active or standby.
	NotifyActiveStateChange() error

	// NotifySealedStateChange is used by Core to notify a backend
	// capable of ServiceDiscovery that Vault has changed its Sealed
	// status to sealed or unsealed.
	NotifySealedStateChange() error

	// Run executes any background service discovery tasks until the
	// shutdown channel is closed.
	RunServiceDiscovery(waitGroup *sync.WaitGroup, shutdownCh ShutdownChannel, redirectAddr string, activeFunc activeFunction, sealedFunc sealedFunction) error
}

ServiceDiscovery is an optional interface that an HABackend can implement. If they do, the state of a backend is advertised to the service discovery network.

type ShutdownChannel added in v0.6.0 

type ShutdownChannel chan struct{}

ShutdownSignal

type SwiftBackend added in v0.6.0 

type SwiftBackend struct {
	// contains filtered or unexported fields
}

SwiftBackend is a physical backend that stores data within an OpenStack Swift container.

func (*SwiftBackend) Delete added in v0.6.0 

func (s *SwiftBackend) Delete(key string) error

Delete is used to permanently delete an entry

func (*SwiftBackend) Get added in v0.6.0 

func (s *SwiftBackend) Get(key string) (*Entry, error)

Get is used to fetch an entry

func (*SwiftBackend) List added in v0.6.0 

func (s *SwiftBackend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix, up to the next prefix.

func (*SwiftBackend) Put added in v0.6.0 

func (s *SwiftBackend) Put(entry *Entry) error

Put is used to insert or update an entry

type Transactional added in v0.7.0 

type Transactional interface {
	// The function to run a transaction
	Transaction([]TxnEntry) error
}

Transactional is an optional interface for backends that support doing transactional updates of multiple keys. This is required for some features such as replication.

type TransactionalCouchDBBackend 

type TransactionalCouchDBBackend struct {
	CouchDBBackend
}

TransactionalCouchDBBackend creates a couchdb backend that forces all operations to happen in serial

type TransactionalFileBackend added in v0.7.0 

type TransactionalFileBackend struct {
	FileBackend
}

func (*TransactionalFileBackend) Transaction added in v0.7.0 

func (b *TransactionalFileBackend) Transaction(txns []TxnEntry) error

type TransactionalInmemBackend added in v0.7.0 

type TransactionalInmemBackend struct {
	InmemBackend
}

func NewTransactionalInmem added in v0.7.0 

func NewTransactionalInmem(logger log.Logger) *TransactionalInmemBackend

Basically for now just creates a permit pool of size 1 so only one operation can run at a time

func (*TransactionalInmemBackend) Transaction added in v0.7.0 

func (t *TransactionalInmemBackend) Transaction(txns []TxnEntry) error

Implements the transaction interface

type TransactionalInmemHABackend added in v0.7.0 

type TransactionalInmemHABackend struct {
	Transactional
	InmemHABackend
}

func NewTransactionalInmemHA added in v0.7.0 

func NewTransactionalInmemHA(logger log.Logger) *TransactionalInmemHABackend

type TxnEntry added in v0.7.0 

type TxnEntry struct {
	Operation Operation
	Entry     *Entry
}

TxnEntry is an operation that takes atomically as part of a transactional update. Only supported by Transactional backends.

type View added in v0.8.0 

type View struct {
	// contains filtered or unexported fields
}

View represents a prefixed view of a physical backend

func NewView added in v0.8.0 

func NewView(backend Backend, prefix string) *View

NewView takes an underlying physical backend and returns a view of it that can only operate with the given prefix.

func (*View) Delete added in v0.8.0 

func (v *View) Delete(key string) error

Delete the entry from the prefix view

func (*View) Get added in v0.8.0 

func (v *View) Get(key string) (*Entry, error)

Get the key of the prefixed view

func (*View) List added in v0.8.0 

func (v *View) List(prefix string) ([]string, error)

List the contents of the prefixed view

func (*View) Put added in v0.8.0 

func (v *View) Put(entry *Entry) error

Put the entry into the prefix view

type ZookeeperBackend added in v0.1.2 

type ZookeeperBackend struct {
	// contains filtered or unexported fields
}

ZookeeperBackend is a physical backend that stores data at specific prefix within Zookeeper. It is used in production situations as it allows Vault to run on multiple machines in a highly-available manner.

func (*ZookeeperBackend) Delete added in v0.1.2 

func (c *ZookeeperBackend) Delete(key string) error

Delete is used to permanently delete an entry

func (*ZookeeperBackend) Get added in v0.1.2 

func (c *ZookeeperBackend) Get(key string) (*Entry, error)

Get is used to fetch an entry

func (*ZookeeperBackend) HAEnabled added in v0.6.1 

func (c *ZookeeperBackend) HAEnabled() bool

HAEnabled indicates whether the HA functionality should be exposed. Currently always returns true.

func (*ZookeeperBackend) List added in v0.1.2 

func (c *ZookeeperBackend) List(prefix string) ([]string, error)

List is used ot list all the keys under a given prefix, up to the next prefix.

func (*ZookeeperBackend) LockWith added in v0.2.0 

func (c *ZookeeperBackend) LockWith(key, value string) (Lock, error)

LockWith is used for mutual exclusion based on the given key.

func (*ZookeeperBackend) Put added in v0.1.2 

func (c *ZookeeperBackend) Put(entry *Entry) error

Put is used to insert or update an entry

type ZookeeperHALock added in v0.2.0 

type ZookeeperHALock struct {
	// contains filtered or unexported fields
}

ZookeeperHALock is a Zookeeper Lock implementation for the HABackend

func (*ZookeeperHALock) Lock added in v0.2.0 

func (i *ZookeeperHALock) Lock(stopCh <-chan struct{}) (<-chan struct{}, error)

func (*ZookeeperHALock) Unlock added in v0.2.0 

func (i *ZookeeperHALock) Unlock() error

func (*ZookeeperHALock) Value added in v0.2.0 

func (i *ZookeeperHALock) Value() (bool, string, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.