diogenes

package module

v0.3.2 Latest Latest Go to latest Published: Nov 27, 2023 License: MIT Imports: 16 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/odysseia-greek/diogenes

README ¶

Diogenes

Common layer for odysseia-greek it holds the vault interface

Documentation ¶

Index ¶

Constants
func CreateTLSConfig(insecure bool, ca, cert, key, caPath string) *api.TLSConfig
type Client
type ClusterKeys
- func UnmarshalClusterKeys(data []byte) (ClusterKeys, error)
- func (r *ClusterKeys) Marshal() ([]byte, error)
type CreateSecretRequest
- func (r *CreateSecretRequest) Marshal() ([]byte, error)
type ElasticConfigVault
- func UnmarshalSecretData(data []byte) (ElasticConfigVault, error)
- func (r *ElasticConfigVault) Marshal() ([]byte, error)
type MockVaultTransport
- func (t *MockVaultTransport) RoundTrip(req *http.Request) (*http.Response, error)
type Vault

Constants ¶

View Source

const (
	VAULT = "vault"

	EnvVaultService = "VAULT_SERVICE"
	EnvRootToken    = "VAULT_ROOT_TOKEN"
	EnvAuthMethod   = "AUTH_METHOD"
	EnvTLSEnabled   = "VAULT_TLS"
	EnvVaultRole    = "VAULT_ROLE"
	EnvRootTlSDir   = "CERT_ROOT"
	AuthMethodKube  = "kubernetes"
	AuthMethodToken = "token"
)

View Source

const SecretPrefix string = "secret"

Variables ¶

This section is empty.

Functions ¶

func CreateTLSConfig ¶

func CreateTLSConfig(insecure bool, ca, cert, key, caPath string) *api.TLSConfig

Types ¶

type Client ¶

type Client interface {
	CheckHealthyStatus(ticks, tick time.Duration) bool
	Health() (bool, error)
	CreateOneTimeToken(policy []string) (string, error)
	CreateNewSecret(name string, payload []byte) (bool, error)
	GetSecret(name string) (*api.Secret, error)
	SetOnetimeToken(token string)
	LoginWithRootToken(rootToken string) error
	GetCurrentToken() string
	Unseal(keys []string) (bool, error)
	AutoUnsealGCP(keyRing, cryptoKey, location string, keys []string) (bool, error)
	Status() (*api.SealStatusResponse, error)
	Initialize(shares, threshold int) (*api.InitResponse, error)
	InitializeAutoUnseal(shares, threshold int) (*api.InitResponse, error)
	EnableKVSecretsEngine(namespace, configName string) error
	WritePolicy(policyName string, policyContent []byte) error
	ReadPolicy(policyName string) (string, error)
	KubernetesAuthMethod(role, serviceAccountName, namespace, kubeHost string) error
	RaftJoin(leaderAddress string, cert, key, ca []byte) (*api.RaftJoinResponse, error)
	Leader() (*api.LeaderResponse, error)
}

func CreateMockVaultClient ¶ added in v0.2.2

func CreateMockVaultClient(fixtureFiles []string, statusCode int) (Client, error)

func CreateVaultClient ¶ added in v0.1.2

func CreateVaultClient(env string, healthCheck, debugMode bool) (Client, error)

func CreateVaultClientKubernetes ¶

func CreateVaultClientKubernetes(address, vaultRole, jwt string, tlsConfig *api.TLSConfig) (Client, error)

func NewVaultClient ¶

func NewVaultClient(address, token string, tlsConfig *api.TLSConfig) (Client, error)

type ClusterKeys ¶ added in v0.1.1

type ClusterKeys struct {
	UnsealKeysB64         []string      `json:"unseal_keys_b64"`
	UnsealKeysHex         []string      `json:"unseal_keys_hex"`
	UnsealShares          int64         `json:"unseal_shares"`
	UnsealThreshold       int64         `json:"unseal_threshold"`
	RecoveryKeysB64       []interface{} `json:"recovery_keys_b64"`
	RecoveryKeysHex       []interface{} `json:"recovery_keys_hex"`
	RecoveryKeysShares    int64         `json:"recovery_keys_shares"`
	RecoveryKeysThreshold int64         `json:"recovery_keys_threshold"`
	RootToken             string        `json:"root_token"`
}

func UnmarshalClusterKeys ¶ added in v0.1.1

func UnmarshalClusterKeys(data []byte) (ClusterKeys, error)

func (*ClusterKeys) Marshal ¶ added in v0.1.1

func (r *ClusterKeys) Marshal() ([]byte, error)

type CreateSecretRequest ¶ added in v0.1.1

type CreateSecretRequest struct {
	Data ElasticConfigVault `json:"data"`
}

func (*CreateSecretRequest) Marshal ¶ added in v0.1.1

func (r *CreateSecretRequest) Marshal() ([]byte, error)

type ElasticConfigVault ¶ added in v0.1.1

type ElasticConfigVault struct {
	Username    string `json:"elasticUsername"`
	Password    string `json:"elasticPassword"`
	ElasticCERT string `json:"elasticCert"`
}

func UnmarshalSecretData ¶ added in v0.1.1

func UnmarshalSecretData(data []byte) (ElasticConfigVault, error)

func (*ElasticConfigVault) Marshal ¶ added in v0.1.1

func (r *ElasticConfigVault) Marshal() ([]byte, error)

type MockVaultTransport ¶ added in v0.2.2

type MockVaultTransport struct {
	Responses   []*http.Response
	ResponseIdx int
}

func (*MockVaultTransport) RoundTrip ¶ added in v0.2.2

func (t *MockVaultTransport) RoundTrip(req *http.Request) (*http.Response, error)

type Vault ¶

type Vault struct {
	SecretPath string
	Connection *api.Client
}

func (*Vault) AutoUnsealGCP ¶ added in v0.3.1

func (v *Vault) AutoUnsealGCP(keyRing, cryptoKey, location string, keys []string) (bool, error)

AutoUnsealGCP attempts to unseal Vault using a gcp provider key

func (*Vault) CheckHealthyStatus ¶

func (v *Vault) CheckHealthyStatus(ticks, tick time.Duration) bool

func (*Vault) CreateNewSecret ¶

func (v *Vault) CreateNewSecret(name string, payload []byte) (bool, error)

func (*Vault) CreateOneTimeToken ¶

func (v *Vault) CreateOneTimeToken(policy []string) (string, error)

func (*Vault) EnableKVSecretsEngine ¶ added in v0.2.2

func (v *Vault) EnableKVSecretsEngine(namespace, configName string) error

EnableKVSecretsEngine enables the Key-Value (KV) secrets engine in HashiCorp Vault.

Parameters:

namespace: In Vault, a namespace is a way to create a logical grouping or isolation of data within a Vault cluster. If you're not using namespaces, you can typically set this to an empty string or ignore it.

configName: This is the name you want to give to your KV (Key-Value) secrets engine. For instance, to create a KV secrets engine at the path "configs," pass "configs" as configName.

Returns:

error: If there is an error during the process of enabling the KV secrets engine, an error is returned. Otherwise, nil is returned.

Usage example:

// Enable KV secrets engine without using namespaces err := EnableKVSecretsEngine("", "configs")

if err != nil {
    log.Printf("Error enabling KV secrets engine: %v", err)
}

func (*Vault) GetCurrentToken ¶

func (v *Vault) GetCurrentToken() string

func (*Vault) GetSecret ¶

func (v *Vault) GetSecret(name string) (*api.Secret, error)

func (*Vault) Health ¶

func (v *Vault) Health() (bool, error)

func (*Vault) Initialize ¶ added in v0.2.2

func (v *Vault) Initialize(shares, threshold int) (*api.InitResponse, error)

Initialize initializes the Vault server.

func (*Vault) InitializeAutoUnseal ¶ added in v0.3.1

func (v *Vault) InitializeAutoUnseal(shares, threshold int) (*api.InitResponse, error)

func (*Vault) KubernetesAuthMethod ¶ added in v0.2.2

func (v *Vault) KubernetesAuthMethod(role, serviceAccountName, namespace, kubeHost string) error

func (*Vault) Leader ¶ added in v0.2.2

func (v *Vault) Leader() (*api.LeaderResponse, error)

func (*Vault) LoginWithRootToken ¶ added in v0.2.2

func (v *Vault) LoginWithRootToken(rootToken string) error

func (*Vault) RaftJoin ¶ added in v0.2.2

func (v *Vault) RaftJoin(leaderAddress string, cert, key, ca []byte) (*api.RaftJoinResponse, error)

func (*Vault) ReadPolicy ¶ added in v0.2.2

func (v *Vault) ReadPolicy(policyName string) (string, error)

func (*Vault) SetOnetimeToken ¶

func (v *Vault) SetOnetimeToken(token string)

func (*Vault) Status ¶ added in v0.2.2

func (v *Vault) Status() (*api.SealStatusResponse, error)

Status attempts to unseal the Vault using the provided keys.

func (*Vault) Unseal ¶ added in v0.2.2

func (v *Vault) Unseal(keys []string) (bool, error)

Unseal attempts to unseal the Vault using the provided keys.

func (*Vault) WritePolicy ¶ added in v0.2.2

func (v *Vault) WritePolicy(policyName string, policyContent []byte) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL