Documentation ¶
Index ¶
- Constants
- Variables
- func GenerateCert(caCertTemplate *x509.Certificate, caSigner crypto.Signer) (string, string, error)
- func NewListener(l *configutil.Listener, logger io.Writer, ui cli.Ui) (net.Listener, map[string]string, reloadutil.ReloadFunc, error)
- func ParseStorage(result *Config, list *ast.ObjectList, name string) error
- type CaCert
- type Config
- func CheckConfig(c *Config, e error) (*Config, error)
- func DevConfig(storageType string) (*Config, error)
- func DevTLSConfig(storageType, certDir string) (*Config, error)
- func LoadConfig(path string) (*Config, error)
- func LoadConfigDir(dir string) (*Config, error)
- func LoadConfigFile(path string) (*Config, error)
- func NewConfig() *Config
- func ParseConfig(d, source string) (*Config, error)
- type ListenerFactory
- type ServiceRegistration
- type Storage
- type TCPKeepAliveListener
Constants ¶
const ( VaultDevCAFilename = "vault-ca.pem" VaultDevCertFilename = "vault-cert.pem" VaultDevKeyFilename = "vault-key.pem" )
Variables ¶
var BuiltinListeners = map[string]ListenerFactory{
"tcp": tcpListenerFactory,
}
BuiltinListeners is the list of built-in listener types.
var DefaultCustomHeaders = map[string]map[string]string{ "default": { "Strict-Transport-Security": configutil.StrictTransportSecurity, }, }
Functions ¶
func GenerateCert ¶
GenerateCert creates a new leaf cert from provided CA template and signer
func NewListener ¶
func NewListener(l *configutil.Listener, logger io.Writer, ui cli.Ui) (net.Listener, map[string]string, reloadutil.ReloadFunc, error)
NewListener creates a new listener of the given type with the given configuration. The type is looked up in the BuiltinListeners map.
func ParseStorage ¶
func ParseStorage(result *Config, list *ast.ObjectList, name string) error
Types ¶
type CaCert ¶
type CaCert struct { PEM string Template *x509.Certificate Signer crypto.Signer }
func GenerateCA ¶
GenerateCA generates a new self-signed CA cert and returns a CaCert struct containing the PEM encoded cert, X509 Certificate Template, and crypto.Signer
type Config ¶
type Config struct { UnusedKeys configutil.UnusedKeyMap `hcl:",unusedKeyPositions"` FoundKeys []string `hcl:",decodedFields"` Storage *Storage `hcl:"-"` HAStorage *Storage `hcl:"-"` ServiceRegistration *ServiceRegistration `hcl:"-"` CacheSize int `hcl:"cache_size"` DisableCache bool `hcl:"-"` DisableCacheRaw interface{} `hcl:"disable_cache"` DisablePrintableCheck bool `hcl:"-"` DisablePrintableCheckRaw interface{} `hcl:"disable_printable_check"` EnableUI bool `hcl:"-"` EnableUIRaw interface{} `hcl:"ui"` MaxLeaseTTL time.Duration `hcl:"-"` MaxLeaseTTLRaw interface{} `hcl:"max_lease_ttl,alias:MaxLeaseTTL"` DefaultLeaseTTL time.Duration `hcl:"-"` DefaultLeaseTTLRaw interface{} `hcl:"default_lease_ttl,alias:DefaultLeaseTTL"` ClusterCipherSuites string `hcl:"cluster_cipher_suites"` PluginDirectory string `hcl:"plugin_directory"` PluginFileUid int `hcl:"plugin_file_uid"` PluginFilePermissions int `hcl:"-"` PluginFilePermissionsRaw interface{} `hcl:"plugin_file_permissions,alias:PluginFilePermissions"` EnableRawEndpoint bool `hcl:"-"` EnableRawEndpointRaw interface{} `hcl:"raw_storage_endpoint,alias:EnableRawEndpoint"` APIAddr string `hcl:"api_addr"` ClusterAddr string `hcl:"cluster_addr"` DisableClustering bool `hcl:"-"` DisableClusteringRaw interface{} `hcl:"disable_clustering,alias:DisableClustering"` DisablePerformanceStandby bool `hcl:"-"` DisablePerformanceStandbyRaw interface{} `hcl:"disable_performance_standby,alias:DisablePerformanceStandby"` DisableSealWrap bool `hcl:"-"` DisableSealWrapRaw interface{} `hcl:"disable_sealwrap,alias:DisableSealWrap"` DisableIndexing bool `hcl:"-"` DisableIndexingRaw interface{} `hcl:"disable_indexing,alias:DisableIndexing"` DisableSentinelTrace bool `hcl:"-"` DisableSentinelTraceRaw interface{} `hcl:"disable_sentinel_trace,alias:DisableSentinelTrace"` EnableResponseHeaderHostname bool `hcl:"-"` EnableResponseHeaderHostnameRaw interface{} `hcl:"enable_response_header_hostname"` LogRequestsLevel string `hcl:"-"` LogRequestsLevelRaw interface{} `hcl:"log_requests_level"` EnableResponseHeaderRaftNodeID bool `hcl:"-"` EnableResponseHeaderRaftNodeIDRaw interface{} `hcl:"enable_response_header_raft_node_id"` License string `hcl:"-"` LicensePath string `hcl:"license_path"` DisableSSCTokens bool `hcl:"-"` // contains filtered or unexported fields }
Config is the configuration for the vault server.
func DevTLSConfig ¶
DevTLSConfig is a Config that is used for dev tls mode of Vault.
func LoadConfig ¶
LoadConfig loads the configuration at the given path, regardless if its a file or directory.
func LoadConfigDir ¶
LoadConfigDir loads all the configurations in the given directory in alphabetical order.
func LoadConfigFile ¶
LoadConfigFile loads the configuration from the given file.
func ParseConfig ¶
func (*Config) Sanitized ¶
Sanitized returns a copy of the config with all values that are considered sensitive stripped. It also strips all `*Raw` values that are mainly used for parsing.
Specifically, the fields that this method strips are: - Storage.Config - HAStorage.Config - Seals.Config - Telemetry.CirconusAPIToken
func (*Config) Validate ¶
func (c *Config) Validate(sourceFilePath string) []configutil.ConfigError
type ListenerFactory ¶
type ListenerFactory func(*configutil.Listener, io.Writer, cli.Ui) (net.Listener, map[string]string, reloadutil.ReloadFunc, error)
ListenerFactory is the factory function to create a listener.
type ServiceRegistration ¶
type ServiceRegistration struct { UnusedKeys configutil.UnusedKeyMap `hcl:",unusedKeyPositions"` Type string Config map[string]string }
ServiceRegistration is the optional service discovery for the server.
func (*ServiceRegistration) GoString ¶
func (b *ServiceRegistration) GoString() string
func (*ServiceRegistration) Validate ¶
func (b *ServiceRegistration) Validate(source string) []configutil.ConfigError
type Storage ¶
type Storage struct { Type string RedirectAddr string ClusterAddr string DisableClustering bool Config map[string]string }
Storage is the underlying storage configuration for the server.
type TCPKeepAliveListener ¶
type TCPKeepAliveListener struct {
*net.TCPListener
}
TCPKeepAliveListener sets TCP keep-alive timeouts on accepted connections. It's used by ListenAndServe and ListenAndServeTLS so dead TCP connections (e.g. closing laptop mid-download) eventually go away.
This is copied directly from the Go source code.