Documentation
¶
Index ¶
- Variables
- func Build(ctx context.Context, name string) (secrets.Keeper, error)
- func CheckConfig(ctx context.Context, c *config.Config) error
- func Decode(ctx context.Context, name string) (any, error)
- func DecodePartial(ctx context.Context, name string) (any, error)
- func Exists(ctx context.Context, name string) bool
- func GetPassword(title, desc, prompt, ok string) (string, error)
- func RecoverService() error
- func StartServer(logger *log.Logger, kpr secrets.Keeper, name string, ...) error
- func StopServer(immediacy StopImmediacy) error
- func Validate(ctx context.Context, name string) error
- func WithBuilder(ctx context.Context, c *config.Config) context.Context
- type ServiceStatus
- type StopImmediacy
- type Sync
- func (s *Sync) AddLocationSecret(ctx context.Context, from secrets.Keeper, loc string, opts ...SyncOption) error
- func (s *Sync) AddSecret(ctx context.Context, sec secrets.Secret, opts ...SyncOption) error
- func (s *Sync) AddSecretKeeper(ctx context.Context, from secrets.Keeper, opts ...SyncOption) error
- func (s *Sync) CopyTo(ctx context.Context, to secrets.Keeper, opts ...SyncOption) error
- func (s *Sync) DeleteAbsent(ctx context.Context, to secrets.Keeper, opts ...SyncOption) error
- type SyncOption
Constants ¶
This section is empty.
Variables ¶
var ( ErrNoPidFile = fmt.Errorf("unable to locate pid file") ErrUnreadablePidFile = fmt.Errorf("unable to read pid file") ErrNoProcess = fmt.Errorf("unable to find process for pid") ErrProcessVerification = fmt.Errorf("unable to verify process for pid") ErrGRPCClient = fmt.Errorf("unable to build gRPC client") ErrServiceError = fmt.Errorf("service returned error when queried") )
var ErrDuplicate = errors.New("duplicate secret")
Functions ¶
func CheckConfig ¶
CheckConfig validates the configuration for all of ghost.
func Decode ¶
Decode decodes the configuration for the named secret keeper into its preferred configuration type. This is useful for tools that want to manipulate the configuration directly. This will have any secret references resolved and lookups performed.
func DecodePartial ¶ added in v0.4.0
DecodePartial works the same as Decode, but does not resolve secret references.
func GetPassword ¶ added in v0.4.0
GetPassword is a tool that makes it easier to display a dialog prompting the user for a password.
func RecoverService ¶ added in v0.4.0
func RecoverService() error
RecoverService performs the work to clean up the system to make it possible to restart after a crash.
func StartServer ¶
func StartServer( logger *log.Logger, kpr secrets.Keeper, name string, enforcementPeriod time.Duration, enforcedPolicies []string, ) error
StartServer starts the keeper server. As of this writing, it will always be configured to run in an automatically named unix socket in the system's temp directory. It will also write a pid file to the same directory.
func StopServer ¶
func StopServer(immediacy StopImmediacy) error
StopServer stops the keeper server. The given immediacy indicates how quickly the server should be stopped.
Types ¶
type ServiceStatus ¶ added in v0.3.0
type ServiceStatus struct {
*os.Process // the Process object for the service
Pid int // the expected PID of the service
Keeper string // the keeper the service is serving
EnforcementPeriod time.Duration // the enforcement period
EnforcedPolicies []string // the policies being enforced
}
func CheckServer ¶ added in v0.1.0
func CheckServer() (*ServiceStatus, error)
CheckServer checks if the server is alive and returns a little status structure to describe it. Returns an error if it is not.
type StopImmediacy ¶
type StopImmediacy int
StopImmediacy is used to indicate how quickly the server should be stopped.
const ( StopGraceful StopImmediacy = iota // stop eventually (SIGHUP) StopQuick // stop soon (SIGQUIT) StopNow // stop now (SIGKILL) )
type Sync ¶ added in v0.2.0
type Sync struct {
// contains filtered or unexported fields
}
Sync is an engine that helps with the copying of secrets between secret keepers. It organizes these copies on the basis of name, username, and location as the key values.
This works by using calls to one or more of the Add* methods to configure the secrets to sync. Then CopyTo can be used to send these secrets to another secret keeper. The DeleteAbsent will delete any secrets in the given secret keeper that have not be added using the Add* methods.
func NewSync ¶ added in v0.2.0
NewSync creates a new blank object for handling sync between secret keepers.
func (*Sync) AddLocationSecret ¶ added in v0.2.0
func (s *Sync) AddLocationSecret( ctx context.Context, from secrets.Keeper, loc string, opts ...SyncOption, ) error
AddLocationSecret adds all the secrets in a given location to the list to be copied. If the location contains secrets with identical name and username, ErrDuplicate will be returned unless WithIgnoredDuplicates is set to true. If WithIgnoredDuplicates is set, the most recent secret will be kept.
Valid options for this method include WithIgnoredDuplicates.
func (*Sync) AddSecret ¶ added in v0.2.0
AddSecret adds a single secret to the list to be copied. If the secret has already been added, it will return ErrDuplicate unless WithIgnoredDuplicate is set to true. If WithIgnoredDuplicates is set, the most recent secret will be kept.
Valid options for this method include WithIgnoredDuplicates.
func (*Sync) AddSecretKeeper ¶ added in v0.2.0
func (s *Sync) AddSecretKeeper( ctx context.Context, from secrets.Keeper, opts ...SyncOption, ) error
AddSecretKeeper adds all secrets in a keeper to the destination.
If the secret keeper contains more than one secret with the same name, username, and location, the ErrDuplicate will be returned, with the Sync object now partially filled. You can set WithIgnoredDuplicates to cause secondary secrets to be ignored. If set, the most recently modified secret will be kept.
Valid options for this method include WithIgnoredDuplicates.
func (*Sync) CopyTo ¶ added in v0.2.0
CopyTo copies all the secrets that have been added to the Sync object for copying via the Add* methods into the given keeper. If a logger is given, this will write a message to that logger each time a secret is copied. If the secret already exists in the destination, it will not be overwritten unless the WithMatchingOverwritten option is set.
Valid options for this method include WithLogger and WithMatchingOverwritten.
func (*Sync) DeleteAbsent ¶ added in v0.2.0
DeleteAbsent deletes all the secrets in the destination keeper that do not exactly match the ones added to the Sync object via the Add* methods. It matches using name, username, and location.
If a logger is given, this will write a message to that logger each time a secret is deleted.
Valid options for this method include WithLogger.
type SyncOption ¶ added in v0.4.0
type SyncOption func(*syncOptions)
func WithIgnoredDuplicates ¶ added in v0.4.0
func WithIgnoredDuplicates() SyncOption
WithIgnoredDuplicates causes the AddSecret* method to ignore duplicate secrets that have already been added. If set, the most recent secret will be kept.
func WithLogger ¶ added in v0.4.0
func WithLogger(logger *log.Logger) SyncOption
WithLogger sets the logger to use when copying secrets.
func WithMatchingOverwritten ¶ added in v0.4.0
func WithMatchingOverwritten() SyncOption
WithMatchingOverwritten causes the CopyTo method to overwrite existing secrets in the destination keeper. The secrets will be overwritten, if the have the same name, username, and location in the destination. If there are multiple secrets with the same name, username, and location in the destination, the most recently modified secret will be overwritten.
Source Files