server

package
v0.0.0-...-a0f6db5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 14, 2022 License: MPL-2.0 Imports: 40 Imported by: 0

Documentation

Index

Constants

View Source
const (
	VaultDevCAFilename   = "vault-ca.pem"
	VaultDevCertFilename = "vault-cert.pem"
	VaultDevKeyFilename  = "vault-key.pem"
)

Variables

View Source
var BuiltinListeners = map[string]ListenerFactory{
	"tcp": tcpListenerFactory,
}

BuiltinListeners is the list of built-in listener types.

View Source
var DefaultCustomHeaders = map[string]map[string]string{
	"default": {
		"Strict-Transport-Security": configutil.StrictTransportSecurity,
	},
}

Functions

func GenerateCert

func GenerateCert(caCertTemplate *x509.Certificate, caSigner crypto.Signer) (string, string, error)

GenerateCert creates a new leaf cert from provided CA template and signer

func NewListener

func NewListener(l *configutil.Listener, logger io.Writer, ui cli.Ui) (net.Listener, map[string]string, reloadutil.ReloadFunc, error)

NewListener creates a new listener of the given type with the given configuration. The type is looked up in the BuiltinListeners map.

func ParseStorage

func ParseStorage(result *Config, list *ast.ObjectList, name string) error

Types

type CaCert

type CaCert struct {
	PEM      string
	Template *x509.Certificate
	Signer   crypto.Signer
}

func GenerateCA

func GenerateCA() (*CaCert, error)

GenerateCA generates a new self-signed CA cert and returns a CaCert struct containing the PEM encoded cert, X509 Certificate Template, and crypto.Signer

type Config

type Config struct {
	UnusedKeys configutil.UnusedKeyMap `hcl:",unusedKeyPositions"`
	FoundKeys  []string                `hcl:",decodedFields"`

	*configutil.SharedConfig `hcl:"-"`

	Storage   *Storage `hcl:"-"`
	HAStorage *Storage `hcl:"-"`

	ServiceRegistration *ServiceRegistration `hcl:"-"`

	CacheSize                int         `hcl:"cache_size"`
	DisableCache             bool        `hcl:"-"`
	DisableCacheRaw          interface{} `hcl:"disable_cache"`
	DisablePrintableCheck    bool        `hcl:"-"`
	DisablePrintableCheckRaw interface{} `hcl:"disable_printable_check"`

	EnableUI    bool        `hcl:"-"`
	EnableUIRaw interface{} `hcl:"ui"`

	MaxLeaseTTL        time.Duration `hcl:"-"`
	MaxLeaseTTLRaw     interface{}   `hcl:"max_lease_ttl,alias:MaxLeaseTTL"`
	DefaultLeaseTTL    time.Duration `hcl:"-"`
	DefaultLeaseTTLRaw interface{}   `hcl:"default_lease_ttl,alias:DefaultLeaseTTL"`

	ClusterCipherSuites string `hcl:"cluster_cipher_suites"`

	PluginDirectory string `hcl:"plugin_directory"`

	PluginFileUid int `hcl:"plugin_file_uid"`

	PluginFilePermissions    int         `hcl:"-"`
	PluginFilePermissionsRaw interface{} `hcl:"plugin_file_permissions,alias:PluginFilePermissions"`

	EnableRawEndpoint    bool        `hcl:"-"`
	EnableRawEndpointRaw interface{} `hcl:"raw_storage_endpoint,alias:EnableRawEndpoint"`

	APIAddr              string      `hcl:"api_addr"`
	ClusterAddr          string      `hcl:"cluster_addr"`
	DisableClustering    bool        `hcl:"-"`
	DisableClusteringRaw interface{} `hcl:"disable_clustering,alias:DisableClustering"`

	DisablePerformanceStandby    bool        `hcl:"-"`
	DisablePerformanceStandbyRaw interface{} `hcl:"disable_performance_standby,alias:DisablePerformanceStandby"`

	DisableSealWrap    bool        `hcl:"-"`
	DisableSealWrapRaw interface{} `hcl:"disable_sealwrap,alias:DisableSealWrap"`

	DisableIndexing    bool        `hcl:"-"`
	DisableIndexingRaw interface{} `hcl:"disable_indexing,alias:DisableIndexing"`

	DisableSentinelTrace    bool        `hcl:"-"`
	DisableSentinelTraceRaw interface{} `hcl:"disable_sentinel_trace,alias:DisableSentinelTrace"`

	EnableResponseHeaderHostname    bool        `hcl:"-"`
	EnableResponseHeaderHostnameRaw interface{} `hcl:"enable_response_header_hostname"`

	LogRequestsLevel    string      `hcl:"-"`
	LogRequestsLevelRaw interface{} `hcl:"log_requests_level"`

	EnableResponseHeaderRaftNodeID    bool        `hcl:"-"`
	EnableResponseHeaderRaftNodeIDRaw interface{} `hcl:"enable_response_header_raft_node_id"`

	License          string `hcl:"-"`
	LicensePath      string `hcl:"license_path"`
	DisableSSCTokens bool   `hcl:"-"`
	// contains filtered or unexported fields
}

Config is the configuration for the vault server.

func CheckConfig

func CheckConfig(c *Config, e error) (*Config, error)

func DevConfig

func DevConfig(storageType string) (*Config, error)

DevConfig is a Config that is used for dev mode of Vault.

func DevTLSConfig

func DevTLSConfig(storageType, certDir string) (*Config, error)

DevTLSConfig is a Config that is used for dev tls mode of Vault.

func LoadConfig

func LoadConfig(path string) (*Config, error)

LoadConfig loads the configuration at the given path, regardless if its a file or directory.

func LoadConfigDir

func LoadConfigDir(dir string) (*Config, error)

LoadConfigDir loads all the configurations in the given directory in alphabetical order.

func LoadConfigFile

func LoadConfigFile(path string) (*Config, error)

LoadConfigFile loads the configuration from the given file.

func NewConfig

func NewConfig() *Config

func ParseConfig

func ParseConfig(d, source string) (*Config, error)

func (*Config) Merge

func (c *Config) Merge(c2 *Config) *Config

Merge merges two configurations.

func (*Config) Prune

func (c *Config) Prune()

func (*Config) Sanitized

func (c *Config) Sanitized() map[string]interface{}

Sanitized returns a copy of the config with all values that are considered sensitive stripped. It also strips all `*Raw` values that are mainly used for parsing.

Specifically, the fields that this method strips are: - Storage.Config - HAStorage.Config - Seals.Config - Telemetry.CirconusAPIToken

func (*Config) Validate

func (c *Config) Validate(sourceFilePath string) []configutil.ConfigError

type ListenerFactory

type ListenerFactory func(*configutil.Listener, io.Writer, cli.Ui) (net.Listener, map[string]string, reloadutil.ReloadFunc, error)

ListenerFactory is the factory function to create a listener.

type ServiceRegistration

type ServiceRegistration struct {
	UnusedKeys configutil.UnusedKeyMap `hcl:",unusedKeyPositions"`
	Type       string
	Config     map[string]string
}

ServiceRegistration is the optional service discovery for the server.

func (*ServiceRegistration) GoString

func (b *ServiceRegistration) GoString() string

func (*ServiceRegistration) Validate

func (b *ServiceRegistration) Validate(source string) []configutil.ConfigError

type Storage

type Storage struct {
	Type              string
	RedirectAddr      string
	ClusterAddr       string
	DisableClustering bool
	Config            map[string]string
}

Storage is the underlying storage configuration for the server.

func (*Storage) GoString

func (b *Storage) GoString() string

type TCPKeepAliveListener

type TCPKeepAliveListener struct {
	*net.TCPListener
}

TCPKeepAliveListener sets TCP keep-alive timeouts on accepted connections. It's used by ListenAndServe and ListenAndServeTLS so dead TCP connections (e.g. closing laptop mid-download) eventually go away.

This is copied directly from the Go source code.

func (TCPKeepAliveListener) Accept

func (ln TCPKeepAliveListener) Accept() (c net.Conn, err error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL