Documentation
¶
Index ¶
Constants ¶
const ( // RootTokenType is the constant used to identify root token type. RootTokenType string = "root" // UnsealTokenType is the constant used to identify unseal token type. The // Vault documentation refers to this as a secret key. There should multiple // tokens of this type. UnsealTokenType string = "unseal" )
Variables ¶
var ( ErrTokenHolderEmailUnset = errors.New("token holder email address not set") ErrTokenHolderTooManyItems = errors.New("token holder get/query/scan returned too many items") ErrGetItemOutputMissingKey = errors.New("GetItemOutput missing expected key") ErrAttributeValueMissing = errors.New("expected AttributeValue is missing") ErrTokenHolderNotFound = errors.New("token holder not found") )
validation errors
Functions ¶
func CreateTokenHolderTable ¶
func CreateTokenHolderTable() error
CreateTokenHolderTable creates the Token Holder table. It assumes the table does not exist. Call during readiness check or as part of some initial bootstrap step.
func DeleteTokenHolderTable ¶
func DeleteTokenHolderTable() error
DeleteTokenHolderTable deletes the Token Holder table. It assumes the table exists. Since this is a destructive operation, please use caution!
func NewDynamoDBClient ¶
NewDynamoDBClient uses default Session to create a DynamoDB client.
func TokenHolderTableExists ¶
TokenHolderTableExists checks for the existence of the Token Holder table. It is intended to be used for health & readiness checks, and bootstrapping.
func TokenHolderTableName ¶
func TokenHolderTableName() string
TokenHolderTableName is the name of the table that tracks individuals responsible for keeping Vault's root and unseal tokens.
Types ¶
type TokenHolder ¶
type TokenHolder struct {
Email string `json:"email" dynamodbav:"email" validate:"required,email"` // token holder is identified by email address
Token string `json:"token" dynamodbav:"token,omitempty"` // actual token
TokenType string `json:"token_type" dynamodbav:"tokenType,omitempty"` // either root or unseal token
DateCreated string `json:"date_created" dynamodbav:"dateCreated,omitempty"` // date token holder was identified
DateInitialized string `json:"date_initialized" dynamodbav:"dateInitialized,omitempty"` // date Vault was initialized
DateDelivered string `json:"date_delivered" dynamodbav:"dateDelivered,omitempty"` // date last delivered to token holder
}
TokenHolder identifies the person (by email address) who possesses either a root token or an unseal token
func NewTokenHolder ¶
func NewTokenHolder() *TokenHolder
NewTokenHolder creates a new TokenHolder. This can be used for both read and write operations in AWS.
func (*TokenHolder) GetItem ¶
func (tokenHolder *TokenHolder) GetItem() error
GetItem populates TokenHolder with data from AWS DynamoDB.
func (*TokenHolder) PutItem ¶
func (tokenHolder *TokenHolder) PutItem() error
PutItem persists a TokenHolder in AWS DynamoDB.
func (*TokenHolder) Validate ¶
func (tokenHolder *TokenHolder) Validate() error
Validate the TokenHolder struct
Source Files