config

package

v0.0.0-...-2d2c7d9 Latest Latest Go to latest Published: Dec 5, 2017 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/travelaudience/kubernetes-vault-client

Documentation ¶

Index ¶

Constants
type AuthConfig
type Config
- func Parse(path string) (*Config, error)
- func (cfg *Config) Check() error
type IamAuthConfig
type InitCModeConfig
type KVRequest
type KubernetesAuthConfig
type ModeConfig
type PKIRequest

Constants ¶

View Source

const (
	// IamAuthType represents the "iam" authentication type as defined in
	// https://www.vaultproject.io/docs/auth/gcp.html
	IamAuthType = "iam"
	// KubernetesAuthType represents the "kubernetes" authentication type as
	// defined in https://www.vaultproject.io/docs/auth/kubernetes.html
	KubernetesAuthType = "kubernetes"
)

View Source

const (
	// InitCModeName represents the "initC" mode. In this mode the app dumps a
	// list of secrets into specified paths and exits.
	InitCModeName = "initC"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthConfig ¶

type AuthConfig struct {
	// Backend is the path where the GCP or Kubernetes auth backends are
	// mounted. For example, if the plugin was enabled using
	//
	// vault auth-enable -path 'my-gcp-backend' gcp
	//
	// then Backend must be 'my-gcp-backend'.
	Backend string `json:"backend"`
	// Data is the authentication data itself.
	Data interface{} `json:"data"`
	// Type is the authentication type being used ("iam" or "kubernetes").
	Type string `json:"type"`
}

AuthConfig represents authentication data.

type Config ¶

type Config struct {
	// Address is the address where Vault can be reached.
	Address string `json:"address"`
	// Auth is the configuration for authentication.
	Auth AuthConfig `json:"auth"`
	// Debug indicates whether debugging is enabled.
	Debug bool `json:"-" yaml:"-"`
	// Mode is the configuration for the app's 'modus operandi'.
	Mode ModeConfig `json:"mode"`
	// TargetURL is the parsed version of Address.
	TargetURL *url.URL `json:"-" yaml:"-"`
}

Config represents the application's configuration.

func Parse ¶

func Parse(path string) (*Config, error)

Parse attempts to parse the configuration file at the specified path.

func (*Config) Check ¶

func (cfg *Config) Check() error

Check determines whether the specified Config is valid.

type IamAuthConfig ¶

type IamAuthConfig struct {
	// Role is the Vault role being requested.
	Role string `json:"role"`
	// ServiceAccountID is the ID of the service account which authenticates
	// with Vault.
	ServiceAccountID string `json:"serviceAccountId"`
	// SigningServiceAccountKeyPath is the path to a JSON file containing
	// the credentials of the service account that will sign JWT tokens for
	// the ServiceAccountID account.
	SigningServiceAccountKeyPath string `json:"signingServiceAccountKeyPath"`
}

IamAuthConfig carries authentication data for the "iam" auth method.

type InitCModeConfig ¶

type InitCModeConfig struct {
	// KV is the list of secret requests from Vault.
	KV []KVRequest `json:"kv"`
	// PKI is the list of PKI requests from Vault.
	PKI []PKIRequest `json:"pki"`
}

InitCModeConfig represents the configuration for the "initC" mode.

type KVRequest ¶

type KVRequest struct {
	// Path is the path to the secret in Vault (e.g., secrets/foo).
	Path string `json:"path"`
	// Key is the requested key.
	Key string `json:"key"`
	// MountPath is the path where the requested secret will be mounted.
	MountPath string `json:"mountPath"`
}

KVRequest represents a request for a key from a given Vault path.

type KubernetesAuthConfig ¶

type KubernetesAuthConfig struct {
	// Role is the Vault role being requested.
	Role string `json:"role"`
}

KubernetesAuthConfig carries authentication data for the "kubernetes" auth method.

type ModeConfig ¶

type ModeConfig struct {
	// Data is the configuration for the chosen mode.
	Data interface{} `json:"data"`
	// Name is the name of the mode in use (only "initC" is supported for now).
	Name string `json:"name"`
}

ModeConfig represents the app's 'modus operandi'.

type PKIRequest ¶

type PKIRequest struct {
	// MountName is the name of the PKI mount in Vault (e.g., 'pki').
	MountName string `json:"mountName"`
	// Role is the name of the role configured in Vault's PKI mount.
	Role string `json:"role"`
	// CN is the "common name" being requested for the certificate.
	CN string `json:"cn"`
	// SANs is a list of additional DNS names or IP addresses being requested.
	SANs []string `json:"sans"`
	// CNIsIdentifier indicates whether the requested CN is an identifier rather
	// than an hostname (e.g. 'kube-admin' instead of 'vault.example.com').
	CNIsIdentifier bool `json:"cnIsIdentifier"`
	// MountDir is the directory where the requested certificate and
	// private key will be mounted.
	MountDir string `json:"mountDir"`
}

PKIRequest represents a request for a certificate from Vault's PKI backend.

Source Files ¶

View all Source files

config.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL