service

package
v0.0.0-...-38d8a97 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 7, 2017 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrDestUnset                 = errors.New("policy download dest not set in config")
	ErrDestDoesNotExist          = errors.New("policy download dest does not exist")
	ErrDestStatFail              = errors.New("policy download dest failed being stat'd")
	ErrSrcURLUnset               = errors.New("policy source url not set in config")
	ErrSrcDoesNotExist           = errors.New("policy source does not exist (download or sync failed")
	ErrSrcStatFail               = errors.New("policy source failed being stat'd")
	ErrSrcMalformed              = errors.New("policy source does not follow prescribed layout")
	ErrSrcMultiJSON              = errors.New("policy source subdirectory contains more than one json file")
	ErrSrcNoValidation           = errors.New("internal state error encountered. no actions determined")
	ErrStateSysMountAddReqEmpty  = errors.New("no valid vault configuration requests submitted for adding /sys/mounts/")
	ErrStateSysMountUpdReqEmpty  = errors.New("no valid vault configuration requests submitted for tuning /sys/mounts/")
	ErrStateMalformed            = errors.New("configuration requests is malformed")
	ErrSrcReqEmpty               = errors.New("no valid vault configuration files were found in source directory submitted")
	ErrStateSysAuthAddReqEmpty   = errors.New("no valid vault configuration requests submitted for adding /sys/auth/")
	ErrStateSysAuthDelReqEmpty   = errors.New("no valid vault configuration requests submitted for deleting /sys/auth/")
	ErrStateSysPolicyAddReqEmpty = errors.New("no valid vault configuration requests submitted for adding /sys/policy/")
	ErrStateSysPolicyDelReqEmpty = errors.New("no valid vault configuration requests submitted for deleting /sys/policy/")
)

validation errors

View Source
var (
	// ErrExample is an error to an arbitrary business rule for the "xxxxx"
	// method.
	ErrExample = errors.New("This is just a sample error.")
)

Functions

func DefaultTLSConfig

func DefaultTLSConfig() (*vaultapi.TLSConfig, error)

DefaultTLSConfig builds a Vault client-compatible TLS configuration. It first checks if necessary flags were set in Armor and secondarily checks for existence of same environment variables as the Vault client CLI (e.g. VAULT_CACERT).

func Error2String

func Error2String(err error) string

Error2String translates some Go error to a string.

func NewVaultClient

func NewVaultClient() (*vaultapi.Client, error)

NewVaultClient creates a Vault client by starting with Vault's DefaultConfig. Next, it checks if necessary flags were set in Armor and finally, checks for existence of same environment variables as the Vault client CLI (e.g. VAULT_ADDR).

func String2Error

func String2Error(s string) error

String2Error translates some string to a Go error.

Types

type AuthConfigInput

type AuthConfigInput struct {
	DefaultLeaseTTL string `json:"default_lease_ttl,omitempty"`
	MaxLeaseTTL     string `json:"max_lease_ttl,omitempty"`
}

AuthConfigInput describes the lease details of requested mount.

type AuthConfigOutput

type AuthConfigOutput struct {
	DefaultLeaseTTL int `json:"default_lease_ttl,omitempty"`
	MaxLeaseTTL     int `json:"max_lease_ttl,omitempty"`
}

AuthConfigOutput describes the lease details of an individual mount.

type AuthInput

type AuthInput struct {
	Type        string          `json:"type"`
	Description string          `json:"description"`
	Config      AuthConfigInput `json:"config,omitempty"`
}

AuthInput describes the request details for adding auth backends to a Vault instance.

type AuthMountOutput

type AuthMountOutput struct {
	Path        string           `json:"path"`
	Type        string           `json:"type"`
	Description string           `json:"description,omitempty"`
	Config      AuthConfigOutput `json:"config,omitempty"`
}

AuthMountOutput maps directly to Vault's own AuthMount. Used by ConfigState to describe the auth mounts currently defined in a Vault instance.

type ConfigActionType

type ConfigActionType int

ConfigActionType describes the different types of configuration or policies we apply to an unsealed instance of Vault

type ConfigOptions

type ConfigOptions struct {
	URL   string `json:"url" validate:"required"`
	Token string `json:"token" validate:"required"`
}

ConfigOptions are used to configure an unsealed Vault instance with system mounts, auths and policies. Generally, configuration takes the form of a URL. Initially, this URL will support a local directory. But it is designed to support Git/Mercurial repositories, AWS S3, and HTTP endpoints.

type ConfigPathMeta

type ConfigPathMeta struct {
	FullPath      string           `json:"full_path"`
	BasePath      string           `json:"base_path"`
	VaultEndPoint string           `json:"vault_base_path"`
	ConfigPath    string           `json:"config_path"`
	Action        ConfigActionType `json:"action"`
	File          string           `json:"file"`
}

ConfigPathMeta is used to categorize individual configuration files (e.g. json).

type ConfigState

type ConfigState struct {
	ConfigID string                     `json:"config_id"`
	Mounts   map[string]MountOutput     `json:"mounts"`
	Auths    map[string]AuthMountOutput `json:"auths"`
	Policies []string                   `json:"policies"`
}

ConfigState represents the current state of Vault after performing a config operation.

type InitKeys

type InitKeys struct {
	Keys            []string `json:"keys"`
	KeysB64         []string `json:"keys_base64"`
	RecoveryKeys    []string `json:"recovery_keys"`
	RecoveryKeysB64 []string `json:"recovery_keys_base64"`
	RootToken       string   `json:"root_token"`
}

InitKeys is the result of successfully initializing a Vault instance. It currently maps exactly to InitResponse struct in Vault.

type InitOptions

type InitOptions struct {
	SecretShares          int      `json:"secret_shares" validate:"required,gte=1,lte=10"`
	SecretThreshold       int      `json:"secret_threshold"`
	StoredShares          int      `json:"stored_shares"`
	PGPKeys               []string `json:"pgp_keys"`
	RecoveryShares        int      `json:"recovery_shares"`
	RecoveryThreshold     int      `json:"recovery_threshold"`
	RecoveryPGPKeys       []string `json:"recovery_pgp_keys"`
	RootTokenPGPKey       string   `json:"root_token_pgp_key"`
	RootTokenHolderEmail  string   `json:"root_token_holder_email" validate:"required,email"` // recipient of the root token
	SecretKeyHolderEmails []string `json:"secret_key_holder_emails" validate:"required"`      // recipients of the secret keys used for unsealing
}

InitOptions maps to InitRequest structs in Vault.

type Middleware

type Middleware func(Service) Service

Middleware describes a service (as opposed to endpoint) middleware. It's a chainable behavior modifier for Service

func InstrumentingMiddleware

func InstrumentingMiddleware(requestCount metrics.Counter, requestLatency metrics.Histogram) Middleware

InstrumentingMiddleware returns a service middleware that instruments requests made over the lifetime of the service.

func LoggingMiddleware

func LoggingMiddleware(logger log.Logger) Middleware

LoggingMiddleware takes a logger as a dependency and returns a service middleware.

type MountConfigInput

type MountConfigInput struct {
	DefaultLeaseTTL string `json:"default_lease_ttl,omitempty"`
	MaxLeaseTTL     string `json:"max_lease_ttl,omitempty"`
}

MountConfigInput describes the lease details of requested mount.

type MountConfigOutput

type MountConfigOutput struct {
	DefaultLeaseTTL int `json:"default_lease_ttl,omitempty"`
	MaxLeaseTTL     int `json:"max_lease_ttl,omitempty"`
}

MountConfigOutput describes the lease details of an individual mount.

type MountInput

type MountInput struct {
	Type        string           `json:"type"`
	Description string           `json:"description"`
	Config      MountConfigInput `json:"config,omitempty"`
}

MountInput maps directly to Vault's own MountInput.

type MountOutput

type MountOutput struct {
	Path        string            `json:"path"`
	Type        string            `json:"type"`
	Description string            `json:"description,omitempty"`
	Config      MountConfigOutput `json:"config,omitempty"`
}

MountOutput maps directly to Vault's own MountOutput. Used by ConfigState to describe the mounts currently defined in a Vault instance.

type PolicyInput

type PolicyInput struct {
	Rules string `json:"rules"`
}

PolicyInput describes the request details for managing policies in a Vault instance.

type SealState

type SealState struct {
	Sealed      bool   `json:"sealed"`
	T           int    `json:"t"`
	N           int    `json:"n"`
	Progress    int    `json:"progress"`
	Version     string `json:"version"`
	ClusterName string `json:"cluster_name"`
	ClusterID   string `json:"cluster_id"`
}

SealState represents the current state of Vault during the process of unsealing it with required number of keys.

type Service

type Service interface {
	InitStatus(ctx context.Context) (bool, error)
	Init(ctx context.Context, opts InitOptions) (InitKeys, error)
	SealStatus(ctx context.Context) (SealState, error)
	Unseal(ctx context.Context, opts UnsealOptions) (SealState, error)
	Configure(ctx context.Context, opts ConfigOptions) (ConfigState, error)
}

Service describes the service proxy to Vault.

func New

func New(logger log.Logger, requestCount metrics.Counter, requestLatency metrics.Histogram) Service

New creates a new Service instance

func NewProxyService

func NewProxyService() Service

NewProxyService returns a naive, stateless implementation of Service.

type UnsealOptions

type UnsealOptions struct {
	Key   string `json:"key"`
	Reset bool   `json:"reset"`
}

UnsealOptions maps to UnsealRequest structs in Vault.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL