vault

package

v0.3.0 Latest Latest Go to latest Published: Oct 2, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/theapsgroup/steampipe-plugin-vault

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func AwsAuth(config *vaultConfig) error
func AwsClient(config *vaultConfig, client *api.Client) (*api.Client, error)
func ConfigInstance() interface{}
func GetConfig(connection *plugin.Connection) vaultConfig
func Plugin(ctx context.Context) *plugin.Plugin
func RenewToken(config *vaultConfig) error
type AuthMethod
type AwsRole
type AzureConfig
type AzureRole
type Engine
type KvSecret
type PkiCert
type PkiRole
type SecretPath
type SysHealth

Constants ¶

View Source

const VaultAuthHeaderName = "X-Vault-AWS-IAM-Server-ID"

Variables ¶

View Source

var ConfigSchema = map[string]*schema.Attribute{
	"address": {
		Type: schema.TypeString,
	},
	"auth_type": {
		Type: schema.TypeString,
	},
	"token": {
		Type: schema.TypeString,
	},
	"aws_provider": {
		Type: schema.TypeString,
	},
	"aws_role": {
		Type: schema.TypeString,
	},
}

Functions ¶

func AwsAuth ¶ added in v0.0.3

func AwsAuth(config *vaultConfig) error

AwsAuth authenticates the Lambda execution role to the Vault auth context specified by the VAULT_ADDR, VAULT_AUTH_PROVIDER, and VAULT_AUTH_ROLE environment variables. If no error is returned, then VaultClient is ready to go. This function is typically called internally.

This code was adapted from Hashicorp Vault:

https://github.com/hashicorp/vault/blob/e2bb2ec3b93a242a167f763684f93df867bb253d/builtin/credential/aws/cli.go#L78

func AwsClient ¶ added in v0.0.3

func AwsClient(config *vaultConfig, client *api.Client) (*api.Client, error)

AwsClient returns a configured and authenticated Vault client object. If the client does not yet exist, it is created and authenticated. If it does exist but the token is expired or near expiration, the token will be renewed if possible, or a new token will be acquired.

func ConfigInstance ¶

func ConfigInstance() interface{}

func GetConfig ¶

func GetConfig(connection *plugin.Connection) vaultConfig

func Plugin ¶

func Plugin(ctx context.Context) *plugin.Plugin

func RenewToken ¶ added in v0.0.3

func RenewToken(config *vaultConfig) error

RenewToken renews the token if it is renewable. If it isn't, or if it's expired, refresh authentication instead. This is typically called internally.

Types ¶

type AuthMethod ¶

type AuthMethod struct {
	Path                  string
	Type                  string
	Description           string
	Accessor              string
	Local                 bool
	SealWrap              bool
	ExternalEntropyAccess bool
	DefaultTtl            int
	MaxTtl                int
	RequestHeaders        []string
	PluginVersion         string
	DeprecationStatus     string
	Options               map[string]string
}

type AwsRole ¶

type AwsRole struct {
	Path                   string
	Role                   string
	CredentialType         string
	DefaultStsTtl          int64
	MaxStsTtl              int64
	PolicyDocument         string
	UserPath               string
	PermissionsBoundaryArn string
	RoleArns               []string
	PolicyArns             []string
	IamGroups              []string
}

type AzureConfig ¶

type AzureConfig struct {
	Path           string
	SubscriptionId string
	TenantId       string
	ClientId       string
	Environment    string
}

type AzureRole ¶

type AzureRole struct {
	Path string
	Role string
}

type Engine ¶

type Engine struct {
	Path              string
	Type              string
	Description       string
	Accessor          string
	Version           int64
	Local             bool
	SealWrap          bool
	DefaultTtl        int
	MaxTtl            int
	PluginVersion     string
	DeprecationStatus string
	Options           map[string]string
}

type KvSecret ¶

type KvSecret struct {
	Key          string
	Path         string
	CreatedTime  time.Time
	DeletionTime time.Time
	Destroyed    bool
	Version      int64
}

KvSecret The structure of a KV secret. Key is the path within the mountpoint. Path is the name of the engine

type PkiCert ¶

type PkiCert struct {
	Path          string
	Serial        string
	RequestID     string
	LeaseID       string
	LeaseDuration int64
	Renewable     bool
}

type PkiRole ¶

type PkiRole struct {
	Path             string
	Name             string
	AllowAnyName     bool
	AllowIpSans      bool
	AllowLocalhost   bool
	AllowSubDomains  bool
	AllowedDomains   []string
	AllowedUriSans   []string
	AllowedOtherSans []string
	ClientFlag       bool
	CodeSigningFlag  bool
	KeyBits          int64
	KeyType          string
	Ttl              int64
	MaxTtl           int64
	ServerFlag       bool
}

type SecretPath ¶

type SecretPath struct {
	Engine string
	Path   string
}

type SysHealth ¶

type SysHealth struct {
	Initialized                bool
	Sealed                     bool
	Standby                    bool
	PerformanceStandby         bool
	ReplicationPerformanceMode string
	ReplicationDrMode          string
	ServerTimeUtc              int64
	Version                    string
	ClusterName                string
	ClusterID                  string
	LastWal                    uint64
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL