Documentation ¶
Index ¶
- Constants
- type Audit
- type Auth
- type AuthMount
- type Client
- func (c *Client) Auth() *Auth
- func (c *Client) ClearToken()
- func (c *Client) Help(path string) (*Help, error)
- func (c *Client) Logical() *Logical
- func (c *Client) NewRequest(method, path string) *Request
- func (c *Client) RawRequest(r *Request) (*Response, error)
- func (c *Client) SetToken(v string)
- func (c *Client) Sys() *Sys
- func (c *Client) Token() string
- type Config
- type ErrorResponse
- type Help
- type InitRequest
- type InitResponse
- type InitStatusResponse
- type KeyStatus
- type LeaderResponse
- type Logical
- type Mount
- type RekeyInitRequest
- type RekeyStatusResponse
- type RekeyUpdateResponse
- type Request
- type Response
- type SealStatusResponse
- type Secret
- type SecretAuth
- type Sys
- func (c *Sys) DeletePolicy(name string) error
- func (c *Sys) DisableAudit(path string) error
- func (c *Sys) DisableAuth(path string) error
- func (c *Sys) EnableAudit(path string, auditType string, desc string, opts map[string]string) error
- func (c *Sys) EnableAuth(path, authType, desc string) error
- func (c *Sys) GetPolicy(name string) (string, error)
- func (c *Sys) Init(opts *InitRequest) (*InitResponse, error)
- func (c *Sys) InitStatus() (bool, error)
- func (c *Sys) KeyStatus() (*KeyStatus, error)
- func (c *Sys) Leader() (*LeaderResponse, error)
- func (c *Sys) ListAudit() (map[string]*Audit, error)
- func (c *Sys) ListAuth() (map[string]*AuthMount, error)
- func (c *Sys) ListMounts() (map[string]*Mount, error)
- func (c *Sys) ListPolicies() ([]string, error)
- func (c *Sys) Login(vars map[string]string) error
- func (c *Sys) Mount(path, mountType, description string) error
- func (c *Sys) PutPolicy(name, rules string) error
- func (c *Sys) RekeyCancel() error
- func (c *Sys) RekeyInit(config *RekeyInitRequest) error
- func (c *Sys) RekeyStatus() (*RekeyStatusResponse, error)
- func (c *Sys) RekeyUpdate(shard string) (*RekeyUpdateResponse, error)
- func (c *Sys) Remount(from, to string) error
- func (c *Sys) Renew(id string, increment int) (*Secret, error)
- func (c *Sys) Revoke(id string) error
- func (c *Sys) RevokePrefix(id string) error
- func (c *Sys) Rotate() error
- func (c *Sys) Seal() error
- func (c *Sys) SealStatus() (*SealStatusResponse, error)
- func (c *Sys) Unmount(path string) error
- func (c *Sys) Unseal(shard string) (*SealStatusResponse, error)
- type TokenAuth
- type TokenCreateRequest
Constants ¶
const AuthCookieName = "token"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Auth ¶
type Auth struct {
// contains filtered or unexported fields
}
Auth is used to perform credential backend related operations.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is the client to the Vault API. Create a client with NewClient.
func NewClient ¶
NewClient returns a new client for the given configuration.
If the environment variable `VAULT_TOKEN` is present, the token will be automatically added to the client. Otherwise, you must manually call `SetToken()`.
func (*Client) ClearToken ¶
func (c *Client) ClearToken()
ClearToken deletes the token cookie if it is set or does nothing otherwise.
func (*Client) NewRequest ¶
NewRequest creates a new raw request object to query the Vault server configured for this client. This is an advanced method and generally doesn't need to be called externally.
func (*Client) RawRequest ¶
RawRequest performs the raw request given. This request may be against a Vault server not configured with this client. This is an advanced operation that generally won't need to be called externally.
func (*Client) SetToken ¶
SetToken sets the token directly. This won't perform any auth verification, it simply sets the cookie properly for future requests.
type Config ¶
type Config struct { // Address is the address of the Vault server. This should be a complete // URL such as "http://vault.example.com". If you need a custom SSL // cert or want to enable insecure mode, you need to specify a custom // HttpClient. Address string // HttpClient is the HTTP client to use. http.DefaultClient will be // used if not specified. The HTTP client must have the cookie jar set // to be able to store cookies, otherwise authentication (login) will // not work properly. If the jar is nil, a default empty cookie jar // will be set. HttpClient *http.Client }
Config is used to configure the creation of the client.
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig returns a default configuration for the client. It is safe to modify the return value of this function.
The default Address is https://127.0.0.1:8200, but this can be overridden by setting the `VAULT_ADDR` environment variable.
type ErrorResponse ¶
type ErrorResponse struct {
Errors []string
}
ErrorResponse is the raw structure of errors when they're returned by the HTTP API.
type InitRequest ¶
type InitRequest struct { SecretThreshold int }
type InitResponse ¶
type InitStatusResponse ¶
type InitStatusResponse struct {
Initialized bool
}
type LeaderResponse ¶
type Logical ¶
type Logical struct {
// contains filtered or unexported fields
}
Logical is used to perform logical backend operations on Vault.
type RekeyInitRequest ¶ added in v0.2.0
type RekeyInitRequest struct { SecretThreshold int `json:"secret_threshold"` }
type RekeyStatusResponse ¶ added in v0.2.0
type RekeyUpdateResponse ¶ added in v0.2.0
type Request ¶
type Request struct { Method string URL *url.URL Params url.Values Obj interface{} Body io.Reader BodySize int64 }
Request is a raw request configuration structure used to initiate API requests to the Vault server.
func (*Request) ResetJSONBody ¶
ResetJSONBody is used to reset the body for a redirect
func (*Request) SetJSONBody ¶
SetJSONBody is used to set a request body that is a JSON-encoded value.
type Response ¶
Response is a raw response that wraps an HTTP response.
func (*Response) DecodeJSON ¶
DecodeJSON will decode the response body to a JSON structure. This will consume the response body, but will not close it. Close must still be called.
type Secret ¶
type Secret struct { LeaseID string `json:"lease_id"` LeaseDuration int `json:"lease_duration"` Renewable bool `json:"renewable"` // Data is the actual contents of the secret. The format of the data // is arbitrary and up to the secret backend. Data map[string]interface{} `json:"data"` // Auth, if non-nil, means that there was authentication information // attached to this response. Auth *SecretAuth `json:"auth,omitempty"` }
Secret is the structure returned for every secret within Vault.
type SecretAuth ¶
type SecretAuth struct { ClientToken string `json:"client_token"` Policies []string `json:"policies"` Metadata map[string]string `json:"metadata"` LeaseDuration int `json:"lease_duration"` Renewable bool `json:"renewable"` }
Auth is the structure containing auth information if we have it.
type Sys ¶
type Sys struct {
// contains filtered or unexported fields
}
Sys is used to perform system-related operations on Vault.
func (*Sys) DeletePolicy ¶
func (*Sys) DisableAudit ¶
func (*Sys) DisableAuth ¶
func (*Sys) EnableAudit ¶
func (*Sys) EnableAuth ¶
func (*Sys) Init ¶
func (c *Sys) Init(opts *InitRequest) (*InitResponse, error)
func (*Sys) InitStatus ¶
func (*Sys) Leader ¶
func (c *Sys) Leader() (*LeaderResponse, error)
func (*Sys) ListPolicies ¶
func (*Sys) Login ¶
Login performs the /sys/login API call.
This API call is stateful: it will set the access token on the client for future API calls to be authenticated. The access token can be retrieved at any time from the client using `client.Token()` and it can be cleared with `sys.Logout()`.
func (*Sys) RekeyCancel ¶ added in v0.2.0
func (*Sys) RekeyInit ¶ added in v0.2.0
func (c *Sys) RekeyInit(config *RekeyInitRequest) error
func (*Sys) RekeyStatus ¶ added in v0.2.0
func (c *Sys) RekeyStatus() (*RekeyStatusResponse, error)
func (*Sys) RekeyUpdate ¶ added in v0.2.0
func (c *Sys) RekeyUpdate(shard string) (*RekeyUpdateResponse, error)
func (*Sys) RevokePrefix ¶
func (*Sys) SealStatus ¶
func (c *Sys) SealStatus() (*SealStatusResponse, error)
type TokenAuth ¶
type TokenAuth struct {
// contains filtered or unexported fields
}
TokenAuth is used to perform token backend operations on Vault.
func (*TokenAuth) RevokeOrphan ¶
func (*TokenAuth) RevokePrefix ¶
func (*TokenAuth) RevokeTree ¶
type TokenCreateRequest ¶
type TokenCreateRequest struct { ID string `json:"id,omitempty"` Policies []string `json:"policies,omitempty"` Metadata map[string]string `json:"meta,omitempty"` Lease string `json:"lease,omitempty"` NoParent bool `json:"no_parent,omitempty"` DisplayName string `json:"display_name"` NumUses int `json:"num_uses"` }
TokenCreateRequest is the options structure for creating a token.