vault

package
v0.12.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 6, 2018 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrLeaseNotFound = errors.New("lease not found or is not renewable")
View Source 
var ErrPermissionDenied = errors.New("permission denied")

Functions

This section is empty.

Types

type ClientFactory 

type ClientFactory interface {
	Create() (*api.Client, *api.Secret, error)
}

type Credentials 

type Credentials struct {
	Username string
	Password string
	Secret   *api.Secret
}

type CredentialsProvider 

type CredentialsProvider interface {
	Fetch() (*Credentials, error)
}

type CredentialsRenewer 

type CredentialsRenewer interface {
	RenewSecret(ctx context.Context, secret *api.Secret, lease time.Duration) error
	RenewAuthToken(ctx context.Context, token string, lease time.Duration) error
	RevokeSelf(ctx context.Context, token string)
}

func NewLeaseManager 

func NewLeaseManager(client *api.Client) CredentialsRenewer

type DefaultCredentialsProvider 

type DefaultCredentialsProvider struct {
	// contains filtered or unexported fields
}

func NewCredentialsProvider 

func NewCredentialsProvider(client *api.Client, secretPath string) *DefaultCredentialsProvider

func (*DefaultCredentialsProvider) Fetch 

func (c *DefaultCredentialsProvider) Fetch() (*Credentials, error)

type DefaultLeaseManager 

type DefaultLeaseManager struct {
	// contains filtered or unexported fields
}

func (*DefaultLeaseManager) RenewAuthToken 

func (m *DefaultLeaseManager) RenewAuthToken(ctx context.Context, token string, lease time.Duration) error

func (*DefaultLeaseManager) RenewSecret 

func (m *DefaultLeaseManager) RenewSecret(ctx context.Context, secret *api.Secret, lease time.Duration) error

func (*DefaultLeaseManager) RevokeSelf 

func (m *DefaultLeaseManager) RevokeSelf(ctx context.Context, token string)

RevokeSelf this will attempt to revoke its own token

type DefaultVaultClientFactory 

type DefaultVaultClientFactory struct {
	// contains filtered or unexported fields
}

DefaultVaultClientFactory creates a Vault client authenticated against a kubernetes service account token

func NewKubernetesAuthClientFactory 

func NewKubernetesAuthClientFactory(vault *VaultConfig, kube *KubernetesAuthConfig) *DefaultVaultClientFactory

func (*DefaultVaultClientFactory) Create 

func (f *DefaultVaultClientFactory) Create(tokenPath string) (*api.Client, *api.Secret, error)

Create returns a Vault client that has been authenticated with the service account token. It can be used to make other Vault requests

type KubernetesAuthConfig 

type KubernetesAuthConfig struct {
	TokenFile string
	LoginPath string
	Role      string
}

type TLSConfig 

type TLSConfig struct {
	CACert string
	CAPath string
}

type VaultConfig 

type VaultConfig struct {
	VaultAddr string
	TLS       *TLSConfig
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.