vault

package
v0.4.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 29, 2018 License: GPL-3.0 Imports: 9 Imported by: 3

Documentation

Overview

Package vault is a generated GoMock package.

Index

Constants

This section is empty.

Variables

View Source 
var VaultCIPath = "secret/data/%s"

VaultCIPath is the base path for vault. Will be formatted to include the user or group when setting or retrieving credentials.

Functions

This section is empty.

Types

type ErrNotFound 

type ErrNotFound struct {
	// contains filtered or unexported fields
}

ErrNotFound is a string wrapping error type

func NotFound 

func NotFound(msg string) *ErrNotFound

NotFound returns a ErrNotFound string wrapper

func (*ErrNotFound) Error 

func (e *ErrNotFound) Error() string

Error returns the error message from ErrNotFound struct

type MockVaulty 

type MockVaulty struct {
	// contains filtered or unexported fields
}

MockVaulty is a mock of Vaulty interface

func NewMockVaulty 

func NewMockVaulty(ctrl *gomock.Controller) *MockVaulty

NewMockVaulty creates a new mock instance

func (*MockVaulty) AddUserAuthData 

func (m *MockVaulty) AddUserAuthData(user string, data map[string]interface{}) (*api.Secret, error)

AddUserAuthData mocks base method

func (*MockVaulty) AddVaultData 

func (m *MockVaulty) AddVaultData(path string, data map[string]interface{}) (*api.Secret, error)

AddVaultData mocks base method

func (*MockVaulty) CreateThrowawayToken 

func (m *MockVaulty) CreateThrowawayToken() (string, error)

CreateThrowawayToken mocks base method

func (*MockVaulty) CreateToken 

func (m *MockVaulty) CreateToken(request *api.TokenCreateRequest) (string, error)

CreateToken mocks base method

func (*MockVaulty) CreateVaultPolicy 

func (m *MockVaulty) CreateVaultPolicy() error

CreateVaultPolicy mocks base method

func (*MockVaulty) DeletePath 

func (m *MockVaulty) DeletePath(path string) error

DeletePath mocks base method

func (*MockVaulty) EXPECT 

func (m *MockVaulty) EXPECT() *MockVaultyMockRecorder

EXPECT returns an object that allows the caller to indicate expected use

func (*MockVaulty) GetAddress 

func (m *MockVaulty) GetAddress() string

GetAddress mocks base method

func (*MockVaulty) GetUserAuthData 

func (m *MockVaulty) GetUserAuthData(user string) (map[string]interface{}, error)

GetUserAuthData mocks base method

func (*MockVaulty) GetVaultData 

func (m *MockVaulty) GetVaultData(path string) (map[string]interface{}, error)

GetVaultData mocks base method

func (*MockVaulty) GetVaultSecret 

func (m *MockVaulty) GetVaultSecret(path string) (*api.Secret, error)

GetVaultSecret mocks base method

func (*MockVaulty) Healthy 

func (m *MockVaulty) Healthy() bool

Healthy mocks base method

func (*MockVaulty) RenewLeaseForever 

func (m *MockVaulty) RenewLeaseForever(secret *api.Secret) error

RenewLeaseForever mocks base method

func (*MockVaulty) RenewLeaseOnce 

func (m *MockVaulty) RenewLeaseOnce(leaseID string, increment int) (*api.Secret, error)

RenewLeaseOnce mocks base method

type MockVaultyMockRecorder 

type MockVaultyMockRecorder struct {
	// contains filtered or unexported fields
}

MockVaultyMockRecorder is the mock recorder for MockVaulty

func (*MockVaultyMockRecorder) AddUserAuthData 

func (mr *MockVaultyMockRecorder) AddUserAuthData(user, data interface{}) *gomock.Call

AddUserAuthData indicates an expected call of AddUserAuthData

func (*MockVaultyMockRecorder) AddVaultData 

func (mr *MockVaultyMockRecorder) AddVaultData(path, data interface{}) *gomock.Call

AddVaultData indicates an expected call of AddVaultData

func (*MockVaultyMockRecorder) CreateThrowawayToken 

func (mr *MockVaultyMockRecorder) CreateThrowawayToken() *gomock.Call

CreateThrowawayToken indicates an expected call of CreateThrowawayToken

func (*MockVaultyMockRecorder) CreateToken 

func (mr *MockVaultyMockRecorder) CreateToken(request interface{}) *gomock.Call

CreateToken indicates an expected call of CreateToken

func (*MockVaultyMockRecorder) CreateVaultPolicy 

func (mr *MockVaultyMockRecorder) CreateVaultPolicy() *gomock.Call

CreateVaultPolicy indicates an expected call of CreateVaultPolicy

func (*MockVaultyMockRecorder) DeletePath 

func (mr *MockVaultyMockRecorder) DeletePath(path interface{}) *gomock.Call

DeletePath indicates an expected call of DeletePath

func (*MockVaultyMockRecorder) GetAddress 

func (mr *MockVaultyMockRecorder) GetAddress() *gomock.Call

GetAddress indicates an expected call of GetAddress

func (*MockVaultyMockRecorder) GetUserAuthData 

func (mr *MockVaultyMockRecorder) GetUserAuthData(user interface{}) *gomock.Call

GetUserAuthData indicates an expected call of GetUserAuthData

func (*MockVaultyMockRecorder) GetVaultData 

func (mr *MockVaultyMockRecorder) GetVaultData(path interface{}) *gomock.Call

GetVaultData indicates an expected call of GetVaultData

func (*MockVaultyMockRecorder) GetVaultSecret 

func (mr *MockVaultyMockRecorder) GetVaultSecret(path interface{}) *gomock.Call

GetVaultSecret indicates an expected call of GetVaultSecret

func (*MockVaultyMockRecorder) Healthy 

func (mr *MockVaultyMockRecorder) Healthy() *gomock.Call

Healthy indicates an expected call of Healthy

func (*MockVaultyMockRecorder) RenewLeaseForever 

func (mr *MockVaultyMockRecorder) RenewLeaseForever(secret interface{}) *gomock.Call

RenewLeaseForever indicates an expected call of RenewLeaseForever

func (*MockVaultyMockRecorder) RenewLeaseOnce 

func (mr *MockVaultyMockRecorder) RenewLeaseOnce(leaseID, increment interface{}) *gomock.Call

RenewLeaseOnce indicates an expected call of RenewLeaseOnce

type Vaulty 

type Vaulty interface {
	AddUserAuthData(user string, data map[string]interface{}) (*api.Secret, error)
	GetUserAuthData(user string) (map[string]interface{}, error)
	AddVaultData(path string, data map[string]interface{}) (*api.Secret, error)
	GetVaultData(path string) (map[string]interface{}, error)
	GetVaultSecret(path string) (*api.Secret, error)
	CreateToken(request *api.TokenCreateRequest) (token string, err error)
	CreateThrowawayToken() (token string, err error)
	CreateVaultPolicy() error
	GetAddress() string
	Healthy() bool
	DeletePath(path string) error
	RenewLeaseForever(secret *api.Secret) error
	RenewLeaseOnce(leaseID string, increment int) (*api.Secret, error)
}

Vaulty is the go-til wrapper interface to the Vault API

func GetInitVault 

func GetInitVault(once sync.Once, vaultCached Vaulty) (Vaulty, error)

GetInitVault will return an authenticated Vault client Use this function as a singleton essentially. todo, flesh out docs, for now look at hookhandler for use.

func NewAuthedClient 

func NewAuthedClient(token string) (val Vaulty, err error)

NewAuthedClient will return a client with default configurations and the Token attached to it. Vault URL configured through VAULT_ADDR environment variable.

func NewEnvAuthClient 

func NewEnvAuthClient() (Vaulty, error)

NewEnvAuthClient will set the Client token based on the environment variable `$VAULT_TOKEN`. Will return error if it is not set. Returns configured ocevault struct

type VaultyImpl 

type VaultyImpl struct {
	Client *api.Client
	Config *api.Config
}

VaultyImpl is the go-til wrapper to the Vault client

func (*VaultyImpl) AddUserAuthData 

func (val *VaultyImpl) AddUserAuthData(user string, data map[string]interface{}) (*api.Secret, error)

AddUserAuthData will add the values of the data map to the path of the CI user creds CI vault path set off of base path VaultCIPath

func (*VaultyImpl) AddVaultData 

func (val *VaultyImpl) AddVaultData(path string, data map[string]interface{}) (*api.Secret, error)

AddVaultData will add the values of the data map to the path of the CI user creds CI vault path set off of base path VaultCIPath

func (*VaultyImpl) CreateThrowawayToken 

func (val *VaultyImpl) CreateThrowawayToken() (token string, err error)

CreateThrowawayToken creates a single use token w/ same privileges as client. *single use* really means enough uses to initialize the client and make one call to actually get data todo: add ocevault policy for reading the secrets/ci/user path

func (*VaultyImpl) CreateToken 

func (val *VaultyImpl) CreateToken(request *api.TokenCreateRequest) (token string, err error)

CreateToken creates an Auth token using the val.Client's creds. Look at api.TokenCreateRequest docs for how to configure the token. Will return any errors from the create request.

func (*VaultyImpl) CreateVaultPolicy 

func (val *VaultyImpl) CreateVaultPolicy() error

CreateVaultPolicy creates a policy for r/w ops on only the path that credentials are on, which is `secret/ci/creds`. Tokens that are one-off and passed to the workers for building will get this access.

func (*VaultyImpl) DeletePath 

func (val *VaultyImpl) DeletePath(path string) error

DeletePath will format the path with prepending our mount path (secret/data) and then deleting at the fully qualified path will return any errors from the Vault API

func (*VaultyImpl) GetAddress 

func (val *VaultyImpl) GetAddress() string

GetAddress returns the Vault client address

func (*VaultyImpl) GetUserAuthData 

func (val *VaultyImpl) GetUserAuthData(user string) (map[string]interface{}, error)

GetUserAuthData will return the Data attribute of the secret you get at the path of the CI user creds, ie all the key-value fields that were set on it

func (*VaultyImpl) GetVaultData 

func (val *VaultyImpl) GetVaultData(path string) (map[string]interface{}, error)

GetVaultData Reads from a given Vault path, but only returns the Data element

func (*VaultyImpl) GetVaultSecret 

func (val *VaultyImpl) GetVaultSecret(path string) (*api.Secret, error)

GetVaultSecret Reads from a given Vault path. It is a lazy copy/paste of GetVaultData, but instead returns the full secret

func (*VaultyImpl) Healthy 

func (val *VaultyImpl) Healthy() bool

Healthy returns true if the Vault server returns a HealthResponse. Otherwise returns false.

func (*VaultyImpl) RenewLeaseForever 

func (val *VaultyImpl) RenewLeaseForever(secret *api.Secret) error

RenewLeaseForever is intended to be run as a goroutine. Will wait for 75% of ttl (secret.LeaseDuration), then try to renew the secret with same ttl

func (*VaultyImpl) RenewLeaseOnce 

func (val *VaultyImpl) RenewLeaseOnce(leaseID string, increment int) (*api.Secret, error)

RenewLeaseOnce is a wrapper to the Vault API secret renew

func (*VaultyImpl) RenewToken 

func (val *VaultyImpl) RenewToken() error

RenewToken is a wrapper to the Vault api. Renews the token for 24 hours.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.