Documentation ¶
Index ¶
- Variables
- func DefaultTLSConfig() (*vaultapi.TLSConfig, error)
- func Error2String(err error) string
- func NewVaultClient() (*vaultapi.Client, error)
- func String2Error(s string) error
- type AuthConfigInput
- type AuthConfigOutput
- type AuthInput
- type AuthMountOutput
- type ConfigActionType
- type ConfigOptions
- type ConfigPathMeta
- type ConfigState
- type InitKeys
- type InitOptions
- type Middleware
- type MountConfigInput
- type MountConfigOutput
- type MountInput
- type MountOutput
- type PolicyInput
- type SealState
- type Service
- type UnsealOptions
Constants ¶
This section is empty.
Variables ¶
var ( ErrDestUnset = errors.New("policy download dest not set in config") ErrDestDoesNotExist = errors.New("policy download dest does not exist") ErrDestStatFail = errors.New("policy download dest failed being stat'd") ErrSrcURLUnset = errors.New("policy source url not set in config") ErrSrcDoesNotExist = errors.New("policy source does not exist (download or sync failed") ErrSrcStatFail = errors.New("policy source failed being stat'd") ErrSrcMalformed = errors.New("policy source does not follow prescribed layout") ErrSrcMultiJSON = errors.New("policy source subdirectory contains more than one json file") ErrSrcNoValidation = errors.New("internal state error encountered. no actions determined") ErrStateSysMountAddReqEmpty = errors.New("no valid vault configuration requests submitted for adding /sys/mounts/") ErrStateSysMountUpdReqEmpty = errors.New("no valid vault configuration requests submitted for tuning /sys/mounts/") ErrStateMalformed = errors.New("configuration requests is malformed") ErrSrcReqEmpty = errors.New("no valid vault configuration files were found in source directory submitted") ErrStateSysAuthAddReqEmpty = errors.New("no valid vault configuration requests submitted for adding /sys/auth/") ErrStateSysAuthDelReqEmpty = errors.New("no valid vault configuration requests submitted for deleting /sys/auth/") ErrStateSysPolicyAddReqEmpty = errors.New("no valid vault configuration requests submitted for adding /sys/policy/") ErrStateSysPolicyDelReqEmpty = errors.New("no valid vault configuration requests submitted for deleting /sys/policy/") )
validation errors
var ( // ErrExample is an error to an arbitrary business rule for the "xxxxx" // method. ErrExample = errors.New("This is just a sample error.") )
Functions ¶
func DefaultTLSConfig ¶
DefaultTLSConfig builds a Vault client-compatible TLS configuration. It first checks if necessary flags were set in Armor and secondarily checks for existence of same environment variables as the Vault client CLI (e.g. VAULT_CACERT).
func Error2String ¶
Error2String translates some Go error to a string.
func NewVaultClient ¶
NewVaultClient creates a Vault client by starting with Vault's DefaultConfig. Next, it checks if necessary flags were set in Armor and finally, checks for existence of same environment variables as the Vault client CLI (e.g. VAULT_ADDR).
func String2Error ¶
String2Error translates some string to a Go error.
Types ¶
type AuthConfigInput ¶
type AuthConfigInput struct { DefaultLeaseTTL string `json:"default_lease_ttl,omitempty"` MaxLeaseTTL string `json:"max_lease_ttl,omitempty"` }
AuthConfigInput describes the lease details of requested mount.
type AuthConfigOutput ¶
type AuthConfigOutput struct { DefaultLeaseTTL int `json:"default_lease_ttl,omitempty"` MaxLeaseTTL int `json:"max_lease_ttl,omitempty"` }
AuthConfigOutput describes the lease details of an individual mount.
type AuthInput ¶
type AuthInput struct { Type string `json:"type"` Description string `json:"description"` Config AuthConfigInput `json:"config,omitempty"` }
AuthInput describes the request details for adding auth backends to a Vault instance.
type AuthMountOutput ¶
type AuthMountOutput struct { Path string `json:"path"` Type string `json:"type"` Description string `json:"description,omitempty"` Config AuthConfigOutput `json:"config,omitempty"` }
AuthMountOutput maps directly to Vault's own AuthMount. Used by ConfigState to describe the auth mounts currently defined in a Vault instance.
type ConfigActionType ¶
type ConfigActionType int
ConfigActionType describes the different types of configuration or policies we apply to an unsealed instance of Vault
type ConfigOptions ¶
type ConfigOptions struct { URL string `json:"url" validate:"required"` Token string `json:"token" validate:"required"` }
ConfigOptions are used to configure an unsealed Vault instance with system mounts, auths and policies. Generally, configuration takes the form of a URL. Initially, this URL will support a local directory. But it is designed to support Git/Mercurial repositories, AWS S3, and HTTP endpoints.
type ConfigPathMeta ¶
type ConfigPathMeta struct { FullPath string `json:"full_path"` BasePath string `json:"base_path"` VaultEndPoint string `json:"vault_base_path"` ConfigPath string `json:"config_path"` Action ConfigActionType `json:"action"` File string `json:"file"` }
ConfigPathMeta is used to categorize individual configuration files (e.g. json).
type ConfigState ¶
type ConfigState struct { ConfigID string `json:"config_id"` Mounts map[string]MountOutput `json:"mounts"` Auths map[string]AuthMountOutput `json:"auths"` Policies []string `json:"policies"` }
ConfigState represents the current state of Vault after performing a config operation.
type InitKeys ¶
type InitKeys struct { Keys []string `json:"keys"` KeysB64 []string `json:"keys_base64"` RecoveryKeys []string `json:"recovery_keys"` RecoveryKeysB64 []string `json:"recovery_keys_base64"` RootToken string `json:"root_token"` }
InitKeys is the result of successfully initializing a Vault instance. It currently maps exactly to InitResponse struct in Vault.
type InitOptions ¶
type InitOptions struct { SecretThreshold int `json:"secret_threshold"` PGPKeys []string `json:"pgp_keys"` RecoveryThreshold int `json:"recovery_threshold"` RecoveryPGPKeys []string `json:"recovery_pgp_keys"` RootTokenPGPKey string `json:"root_token_pgp_key"` RootTokenHolderEmail string `json:"root_token_holder_email" validate:"required,email"` // recipient of the root token SecretKeyHolderEmails []string `json:"secret_key_holder_emails" validate:"required"` // recipients of the secret keys used for unsealing }
InitOptions maps to InitRequest structs in Vault.
type Middleware ¶
Middleware describes a service (as opposed to endpoint) middleware. It's a chainable behavior modifier for Service
func InstrumentingMiddleware ¶
func InstrumentingMiddleware(requestCount metrics.Counter, requestLatency metrics.Histogram) Middleware
InstrumentingMiddleware returns a service middleware that instruments requests made over the lifetime of the service.
func LoggingMiddleware ¶
func LoggingMiddleware(logger log.Logger) Middleware
LoggingMiddleware takes a logger as a dependency and returns a service middleware.
type MountConfigInput ¶
type MountConfigInput struct { DefaultLeaseTTL string `json:"default_lease_ttl,omitempty"` MaxLeaseTTL string `json:"max_lease_ttl,omitempty"` }
MountConfigInput describes the lease details of requested mount.
type MountConfigOutput ¶
type MountConfigOutput struct { DefaultLeaseTTL int `json:"default_lease_ttl,omitempty"` MaxLeaseTTL int `json:"max_lease_ttl,omitempty"` }
MountConfigOutput describes the lease details of an individual mount.
type MountInput ¶
type MountInput struct { Type string `json:"type"` Description string `json:"description"` Config MountConfigInput `json:"config,omitempty"` }
MountInput maps directly to Vault's own MountInput.
type MountOutput ¶
type MountOutput struct { Path string `json:"path"` Type string `json:"type"` Description string `json:"description,omitempty"` Config MountConfigOutput `json:"config,omitempty"` }
MountOutput maps directly to Vault's own MountOutput. Used by ConfigState to describe the mounts currently defined in a Vault instance.
type PolicyInput ¶
type PolicyInput struct {
Rules string `json:"rules"`
}
PolicyInput describes the request details for managing policies in a Vault instance.
type SealState ¶
type SealState struct { Sealed bool `json:"sealed"` T int `json:"t"` N int `json:"n"` Progress int `json:"progress"` Version string `json:"version"` ClusterName string `json:"cluster_name"` ClusterID string `json:"cluster_id"` }
SealState represents the current state of Vault during the process of unsealing it with required number of keys.
type Service ¶
type Service interface { InitStatus(ctx context.Context) (bool, error) Init(ctx context.Context, opts InitOptions) (InitKeys, error) SealStatus(ctx context.Context) (SealState, error) Unseal(ctx context.Context, opts UnsealOptions) (SealState, error) Configure(ctx context.Context, opts ConfigOptions) (ConfigState, error) }
Service describes the service proxy to Vault.
func NewProxyService ¶
func NewProxyService() Service
NewProxyService returns a naive, stateless implementation of Service.
type UnsealOptions ¶
UnsealOptions maps to UnsealRequest structs in Vault.