auth

package
v0.0.0-...-e41232a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 25, 2024 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultApproleAuthBackendName = "approle"
)
View Source 
const (
	DefaultKubernetesAuthBackendName = "kubernetes"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AppRoleSecretProvider 

type AppRoleSecretProvider struct {
	// contains filtered or unexported fields
}

AppRoleSecretProvider provides a vault secret by issuing a auth/approle/login.

https://www.vaultproject.io/docs/auth/approle.html

func NewAppRoleSecretProvider 

func NewAppRoleSecretProvider(vaultRoleID, vaultSecretID, approleAuthBackendName string) *AppRoleSecretProvider

NewAppRoleSecretProvider creates AppRoleSecretProvider instance.

func (*AppRoleSecretProvider) GetSecret 

func (a *AppRoleSecretProvider) GetSecret(client Client) (*vaultapi.Secret, error)

GetSecret logins using the provided vault client and returns the returned vault secret.

type Authenticator 

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator authenticates a vault client using a given SecretProvider strategy.

The Authenticator renews the currently issued vault auth token on demand at least 5 seconds before the last issued token expires.

func NewAuthenticator 

func NewAuthenticator(secretProvider SecretProvider) *Authenticator

func (*Authenticator) Authenticate 

func (a *Authenticator) Authenticate(client Client) error

Authenticate authenticates the vault client.

type Client 

type Client interface {
	SetToken(v string)
	Read(path string) (*vaultapi.Secret, error)
	RawWrite(path string, data map[string]interface{}) (*vaultapi.Secret, error)
}

type KubernetesClientSet 

type KubernetesClientSet interface {
	GetJWT() (string, error)
}

type KubernetesSecretProvider 

type KubernetesSecretProvider struct {
	// contains filtered or unexported fields
}

KubernetesSecretProvider provides a vault secret by issuing a auth/kubernetes/login.

https://www.vaultproject.io/docs/auth/kubernetes.html

func NewKubernetesSecretProvider 

func NewKubernetesSecretProvider(
	vaultRoleID,
	vaultKubernetesAuthBackendName string,
	kubernetesClientSet KubernetesClientSet,
) *KubernetesSecretProvider

NewKubernetesSecretProvider creates KubernetesSecretProvider instance.

func (*KubernetesSecretProvider) GetSecret 

func (a *KubernetesSecretProvider) GetSecret(client Client) (*vaultapi.Secret, error)

GetSecret logins using the provided vault client and returns the returned vault secret.

type SecretProvider 

type SecretProvider interface {
	GetSecret(client Client) (*vaultapi.Secret, error)
}

SecretProvider can provide a vault secret by using one of the vault auth methods.

https://www.vaultproject.io/docs/auth/index.html

type TokenAuthenticator 

type TokenAuthenticator struct {
	// contains filtered or unexported fields
}

TokenAuthenticator authenticates the vault client with fixed auth token.

NOTE: This authentication method is used mainly for development.

func NewTokenAuthenticator 

func NewTokenAuthenticator(token string) *TokenAuthenticator

func (*TokenAuthenticator) Authenticate 

func (a *TokenAuthenticator) Authenticate(client Client) error

type TokenInfo 

type TokenInfo struct {
	TokenID            string
	TokenAccessor      string
	TokenDuration      time.Duration
	TokenExpireTimeUTC time.Time
	TokenRenewable     bool
}

TokenInfo holds a vault token information.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.