Documentation
¶
Index ¶
- type KeyTokenWrapper
- type NewRoleOptions
- type NewTokenRoleOptions
- type Vault
- func (v *Vault) AddShard(shard string)
- func (v *Vault) AppRoleLogin(roleID string, secretID string) (string, error)
- func (v *Vault) Close()
- func (v *Vault) CreateEmptyPolicy(name string) error
- func (v *Vault) CreateKVPath(path string, description string) error
- func (v *Vault) CreateNewRole(roleName string, options *NewRoleOptions) error
- func (v *Vault) CreateNewTokenCidrRole(options *YamlNewTokenRoleOptions) error
- func (v *Vault) CreatePolicyFromFile(name string, filepath string) error
- func (v *Vault) CreateTokenCidrRoleFromFile(filename string) error
- func (v *Vault) CreateTokenFromFile(filename string) (string, error)
- func (v *Vault) CreateTokenFromMap(data map[string]interface{}) (string, error)
- func (v *Vault) DeleteKVPath(path string) error
- func (v *Vault) DeleteRole(roleName string) (*api.Response, error)
- func (v *Vault) EnableAppRole() error
- func (v *Vault) GetExistsPolicyFromFileName(filename string) (bool, error)
- func (v *Vault) GetExistsTokenRoleFromFile(filename string) (bool, error)
- func (v *Vault) GetListApproles() (string, error)
- func (v *Vault) GetOrRevokeTokensInScope(dir string, tokenFilter string, tokenExpiration bool, logger *log.Logger) error
- func (v *Vault) GetRoleID(roleName string) (string, string, error)
- func (v *Vault) GetSecretID(roleName string) (string, error)
- func (v *Vault) GetStatus() (map[string]interface{}, error)
- func (v *Vault) GetToken() string
- func (v *Vault) GetTokenInfo(tokenName string) (map[string]interface{}, error)
- func (v *Vault) InitVault(keyShares int, keyThreshold int) (*KeyTokenWrapper, error)
- func (v *Vault) RefreshClient() error
- func (v *Vault) RenewSelf(increment int) error
- func (v *Vault) RevokeSelf() error
- func (v *Vault) RevokeToken(token string) error
- func (v *Vault) SetShards(shards []string)
- func (v *Vault) SetToken(token string)
- func (v *Vault) Unseal() (int, int, bool, error)
- func (v *Vault) ValidateEnvironment(environment string) bool
- type YamlNewTokenRoleOptions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KeyTokenWrapper ¶
type KeyTokenWrapper struct {
Keys []string // Base 64 encoded keys
Token string // Root token for the vault
}
KeyTokenWrapper Contains the unseal keys and root token
type NewRoleOptions ¶
type NewRoleOptions struct {
BindSecretID bool `json:"bind_secret_id,omitempty"`
SecretIDBoundCIDRs []string `json:"secret_id_bound_cidrs,omitempty"`
TokenBoundCIDRs []string `json:"token_bound_cidrs,omitempty"`
Policies []string `json:"policies"`
SecretIDTTL string `json:"secret_id_num_uses,omitempty"`
TokenNumUses int `json:"token_num_uses,omitempty"`
TokenTTL string `json:"token_ttl,omitempty"`
TokenMaxTTL string `json:"token_max_ttl,omitempty"`
Period string `json:"period,omitempty"`
EnableLocalSecretIDs string `json:"enable_local_secret_ids,omitempty"`
}
NewRoleOptions is used to create a new approle
type NewTokenRoleOptions ¶
type NewTokenRoleOptions struct {
RoleName string `json:"role_name,omitempty"`
AllowedPolicies []string `json:"allowed_policies,omitempty"`
DisallowedPolicies []string `json:"disallowed_policies,omitempty"`
Orphan bool `json:"orphan,omitempty"`
Renewable bool `json:"renewable,omitempty"`
PathSuffix string `json:"path_suffix,omitempty"`
AllowedEntityAliases []string `json:"allowed_entity_aliases,omitempty"`
TokenBoundCIDRs []string `json:"token_bound_cidrs,omitempty"`
TokenExplicitMaxTTL int `json:"token_explicit_max_ttl,omitempty"`
TokenNoDefaultPolicy bool `json:"token_no_default_policy,omitempty"`
TokenNumUses int `json:"token_num_uses,omitempty"`
TokenPeriod int `json:"token_period,omitempty"`
TokenType string `json:"token_type,omitempty"`
}
NewTokenRoleOptions is used to create a new approle
type Vault ¶
type Vault struct {
// contains filtered or unexported fields
}
Vault Represents a vault connection for managing the vault's properties
func NewVault ¶
func NewVault(insecure bool, address string, env string, newVault bool, pingVault bool, scanVault bool, logger *log.Logger) (*Vault, error)
NewVault Constructs a new vault at the given address with the given access token
func NewVaultWithNonlocal ¶
func NewVaultWithNonlocal(insecure bool, address string, env string, newVault bool, pingVault bool, scanVault bool, allowNonLocal bool, logger *log.Logger) (*Vault, error)
NewVault Constructs a new vault at the given address with the given access token allowing insecure for non local.
func (*Vault) AppRoleLogin ¶
AppRoleLogin tries logging into the vault using app role and returns a client token on success
func (*Vault) CreateEmptyPolicy ¶
CreateEmptyPolicy Creates a policy with no permissions
func (*Vault) CreateKVPath ¶
CreateKVPath Creates a kv engine with the specified name and description
func (*Vault) CreateNewRole ¶
func (v *Vault) CreateNewRole(roleName string, options *NewRoleOptions) error
CreateNewRole creates a new role with given options
func (*Vault) CreateNewTokenCidrRole ¶
func (v *Vault) CreateNewTokenCidrRole(options *YamlNewTokenRoleOptions) error
CreateNewTokenCidrRole creates a new token cidr only role with given cidr options.
func (*Vault) CreatePolicyFromFile ¶
CreatePolicyFromFile Creates a policy with the given name and rules
func (*Vault) CreateTokenCidrRoleFromFile ¶
CreateTokenCidrRoleFromFile Creates a new token cidr role from the given file and returns the name
func (*Vault) CreateTokenFromFile ¶
CreateTokenFromFile Creates a new token from the given file and returns the name
func (*Vault) CreateTokenFromMap ¶
CreateTokenFromMap takes a map and generates a vault token, returning the token
func (*Vault) DeleteKVPath ¶
DeleteKVPath Deletes a KV path at a specified point.
func (*Vault) DeleteRole ¶
DeleteRole deletes role with given role name
func (*Vault) EnableAppRole ¶
EnableAppRole enables the app role auth method and returns any errors
func (*Vault) GetExistsPolicyFromFileName ¶
CreatePolicyFromFile Creates a policy with the given name and rules
func (*Vault) GetExistsTokenRoleFromFile ¶
GetExistsTokenRole - Gets the token role by token role name.
func (*Vault) GetListApproles ¶
GetListApproles lists available approles
func (*Vault) GetOrRevokeTokensInScope ¶
func (v *Vault) GetOrRevokeTokensInScope(dir string, tokenFilter string, tokenExpiration bool, logger *log.Logger) error
GetOrRevokeTokensInScope()
func (*Vault) GetRoleID ¶
GetRoleID checks for the given role name and returns the coresponding id if it exists
func (*Vault) GetSecretID ¶
GetSecretID checks the vault for the secret ID corresponding to the role name
func (*Vault) GetStatus ¶
GetStatus checks the health of the vault and retrieves version and status of init/seal
func (*Vault) GetTokenInfo ¶
GetTokenInfo fetches data regarding this token
func (*Vault) InitVault ¶
func (v *Vault) InitVault(keyShares int, keyThreshold int) (*KeyTokenWrapper, error)
InitVault performs vault initialization and f
func (*Vault) RefreshClient ¶
Confirms we have a valid and active connection to vault. If it doesn't, it re-establishes a new connection.
func (*Vault) RevokeSelf ¶
RevokeSelf Revokes token of current client
func (*Vault) RevokeToken ¶
RevokeToken If proper access given, revokes access of a token and all children
func (*Vault) Unseal ¶
Unseal Performs an unseal wuth this vault's shard. Returns true if unseal is successful
func (*Vault) ValidateEnvironment ¶
ValidateEnvironment Ensures token has access to requested data.
type YamlNewTokenRoleOptions ¶
type YamlNewTokenRoleOptions struct {
RoleName string `yaml:"role_name,omitempty"`
TokenBoundCIDRs []string `yaml:"token_bound_cidrs,omitempty"`
}
YamlNewTokenRoleOptions is used to create a new approle
Source Files