system

package
v1.5.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 5, 2024 License: MIT Imports: 12 Imported by: 5

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type KeyTokenWrapper

type KeyTokenWrapper struct {
	Keys  []string // Base 64 encoded keys
	Token string   // Root token for the vault
}

KeyTokenWrapper Contains the unseal keys and root token

type NewRoleOptions

type NewRoleOptions struct {
	BindSecretID         bool     `json:"bind_secret_id,omitempty"`
	SecretIDBoundCIDRs   []string `json:"secret_id_bound_cidrs,omitempty"`
	TokenBoundCIDRs      []string `json:"token_bound_cidrs,omitempty"`
	Policies             []string `json:"policies"`
	SecretIDTTL          string   `json:"secret_id_num_uses,omitempty"`
	TokenNumUses         int      `json:"token_num_uses,omitempty"`
	TokenTTL             string   `json:"token_ttl,omitempty"`
	TokenMaxTTL          string   `json:"token_max_ttl,omitempty"`
	Period               string   `json:"period,omitempty"`
	EnableLocalSecretIDs string   `json:"enable_local_secret_ids,omitempty"`
}

NewRoleOptions is used to create a new approle

type NewTokenRoleOptions

type NewTokenRoleOptions struct {
	RoleName             string   `json:"role_name,omitempty"`
	AllowedPolicies      []string `json:"allowed_policies,omitempty"`
	DisallowedPolicies   []string `json:"disallowed_policies,omitempty"`
	Orphan               bool     `json:"orphan,omitempty"`
	Renewable            bool     `json:"renewable,omitempty"`
	PathSuffix           string   `json:"path_suffix,omitempty"`
	AllowedEntityAliases []string `json:"allowed_entity_aliases,omitempty"`
	TokenBoundCIDRs      []string `json:"token_bound_cidrs,omitempty"`
	TokenExplicitMaxTTL  int      `json:"token_explicit_max_ttl,omitempty"`
	TokenNoDefaultPolicy bool     `json:"token_no_default_policy,omitempty"`
	TokenNumUses         int      `json:"token_num_uses,omitempty"`
	TokenPeriod          int      `json:"token_period,omitempty"`
	TokenType            string   `json:"token_type,omitempty"`
}

NewTokenRoleOptions is used to create a new approle

type Vault

type Vault struct {
	// contains filtered or unexported fields
}

Vault Represents a vault connection for managing the vault's properties

func NewVault

func NewVault(insecure bool, address string, env string, newVault bool, pingVault bool, scanVault bool, logger *log.Logger) (*Vault, error)

NewVault Constructs a new vault at the given address with the given access token

func NewVaultWithNonlocal

func NewVaultWithNonlocal(insecure bool, address string, env string, newVault bool, pingVault bool, scanVault bool, allowNonLocal bool, logger *log.Logger) (*Vault, error)

NewVault Constructs a new vault at the given address with the given access token allowing insecure for non local.

func (*Vault) AddShard

func (v *Vault) AddShard(shard string)

AddShard Adds a single shard to the list of shards

func (*Vault) AppRoleLogin

func (v *Vault) AppRoleLogin(roleID string, secretID string) (string, error)

AppRoleLogin tries logging into the vault using app role and returns a client token on success

func (*Vault) Close

func (v *Vault) Close()

Proper shutdown of modifier.

func (*Vault) CreateEmptyPolicy

func (v *Vault) CreateEmptyPolicy(name string) error

CreateEmptyPolicy Creates a policy with no permissions

func (*Vault) CreateKVPath

func (v *Vault) CreateKVPath(path string, description string) error

CreateKVPath Creates a kv engine with the specified name and description

func (*Vault) CreateNewRole

func (v *Vault) CreateNewRole(roleName string, options *NewRoleOptions) error

CreateNewRole creates a new role with given options

func (*Vault) CreateNewTokenCidrRole

func (v *Vault) CreateNewTokenCidrRole(options *YamlNewTokenRoleOptions) error

CreateNewTokenCidrRole creates a new token cidr only role with given cidr options.

func (*Vault) CreatePolicyFromFile

func (v *Vault) CreatePolicyFromFile(name string, filepath string) error

CreatePolicyFromFile Creates a policy with the given name and rules

func (*Vault) CreateTokenCidrRoleFromFile

func (v *Vault) CreateTokenCidrRoleFromFile(filename string) error

CreateTokenCidrRoleFromFile Creates a new token cidr role from the given file and returns the name

func (*Vault) CreateTokenFromFile

func (v *Vault) CreateTokenFromFile(filename string) (string, error)

CreateTokenFromFile Creates a new token from the given file and returns the name

func (*Vault) CreateTokenFromMap

func (v *Vault) CreateTokenFromMap(data map[string]interface{}) (string, error)

CreateTokenFromMap takes a map and generates a vault token, returning the token

func (*Vault) DeleteKVPath

func (v *Vault) DeleteKVPath(path string) error

DeleteKVPath Deletes a KV path at a specified point.

func (*Vault) DeleteRole

func (v *Vault) DeleteRole(roleName string) (*api.Response, error)

DeleteRole deletes role with given role name

func (*Vault) EnableAppRole

func (v *Vault) EnableAppRole() error

EnableAppRole enables the app role auth method and returns any errors

func (*Vault) GetExistsPolicyFromFileName

func (v *Vault) GetExistsPolicyFromFileName(filename string) (bool, error)

CreatePolicyFromFile Creates a policy with the given name and rules

func (*Vault) GetExistsTokenRoleFromFile

func (v *Vault) GetExistsTokenRoleFromFile(filename string) (bool, error)

GetExistsTokenRole - Gets the token role by token role name.

func (*Vault) GetListApproles

func (v *Vault) GetListApproles() (string, error)

GetListApproles lists available approles

func (*Vault) GetOrRevokeTokensInScope

func (v *Vault) GetOrRevokeTokensInScope(dir string, tokenFilter string, tokenExpiration bool, logger *log.Logger) error

GetOrRevokeTokensInScope()

func (*Vault) GetRoleID

func (v *Vault) GetRoleID(roleName string) (string, string, error)

GetRoleID checks for the given role name and returns the coresponding id if it exists

func (*Vault) GetSecretID

func (v *Vault) GetSecretID(roleName string) (string, error)

GetSecretID checks the vault for the secret ID corresponding to the role name

func (*Vault) GetStatus

func (v *Vault) GetStatus() (map[string]interface{}, error)

GetStatus checks the health of the vault and retrieves version and status of init/seal

func (*Vault) GetToken

func (v *Vault) GetToken() string

GetToken Fetches current token from client

func (*Vault) GetTokenInfo

func (v *Vault) GetTokenInfo(tokenName string) (map[string]interface{}, error)

GetTokenInfo fetches data regarding this token

func (*Vault) InitVault

func (v *Vault) InitVault(keyShares int, keyThreshold int) (*KeyTokenWrapper, error)

InitVault performs vault initialization and f

func (*Vault) RefreshClient

func (v *Vault) RefreshClient() error

Confirms we have a valid and active connection to vault. If it doesn't, it re-establishes a new connection.

func (*Vault) RenewSelf

func (v *Vault) RenewSelf(increment int) error

RenewSelf Renews the token associated with this vault struct

func (*Vault) RevokeSelf

func (v *Vault) RevokeSelf() error

RevokeSelf Revokes token of current client

func (*Vault) RevokeToken

func (v *Vault) RevokeToken(token string) error

RevokeToken If proper access given, revokes access of a token and all children

func (*Vault) SetShards

func (v *Vault) SetShards(shards []string)

SetShards Sets known shards used by this vault for unsealing

func (*Vault) SetToken

func (v *Vault) SetToken(token string)

SetToken Stores the access token for this vault

func (*Vault) Unseal

func (v *Vault) Unseal() (int, int, bool, error)

Unseal Performs an unseal wuth this vault's shard. Returns true if unseal is successful

func (*Vault) ValidateEnvironment

func (v *Vault) ValidateEnvironment(environment string) bool

ValidateEnvironment Ensures token has access to requested data.

type YamlNewTokenRoleOptions

type YamlNewTokenRoleOptions struct {
	RoleName        string   `yaml:"role_name,omitempty"`
	TokenBoundCIDRs []string `yaml:"token_bound_cidrs,omitempty"`
}

YamlNewTokenRoleOptions is used to create a new approle

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL