Documentation
¶
Index ¶
- Variables
- func Bootstrap(wrappingToken string) error
- func BootstrapRaw(token string) error
- func Bootstrapped() bool
- func DeleteFromCubbyhole(name string) (*api.Secret, error)
- func FetchCertificate(path string, body map[string]interface{}) (*tls.Certificate, error)
- func GenerateRootCancel() error
- func GenerateRootInit(otp string) (*api.GenerateRootStatusResponse, error)
- func GenerateRootStatus() (*api.GenerateRootStatusResponse, error)
- func GenerateRootUpdate(shard, nonce string) (*api.GenerateRootStatusResponse, error)
- func LoadRuntimeConfig(configPath string) error
- func LookupSelf() (map[string]interface{}, error)
- func NewGoldfishVaultClient() (client *api.Client, err error)
- func NewVaultClient() (*api.Client, error)
- func ReadFromCubbyhole(name string) (*api.Secret, error)
- func SetConfig(c *config.VaultConfig)
- func UnwrapData(wrappingToken string) (map[string]interface{}, error)
- func VaultHealth() (*api.HealthResponse, error)
- func VerifyTokenRights(token string) (accessor string, err error)
- func WrapData(wrapttl string, data map[string]interface{}) (string, error)
- func WriteToCubbyhole(name string, data map[string]interface{}) (interface{}, error)
- type AuthInfo
- func (auth *AuthInfo) CapabilitiesSelf(path string) ([]string, error)
- func (auth *AuthInfo) Clear()
- func (auth AuthInfo) Client() (client *api.Client, err error)
- func (auth AuthInfo) CreateToken(opts *api.TokenCreateRequest, orphan bool, rolename string, wrapttl string) (*api.Secret, error)
- func (auth *AuthInfo) DecryptAuth() error
- func (auth AuthInfo) DecryptTransit(key string, cipher string) (string, error)
- func (auth AuthInfo) DeletePolicy(name string) error
- func (auth AuthInfo) DeleteRaw(path string) (*api.Secret, error)
- func (auth AuthInfo) DeleteSecret(path string) (interface{}, error)
- func (auth *AuthInfo) EncryptAuth() error
- func (auth AuthInfo) EncryptTransit(key string, plaintext string) (string, error)
- func (auth AuthInfo) GetBulletins() ([]map[string]interface{}, error)
- func (auth AuthInfo) GetMount(path string) (*api.MountConfigOutput, error)
- func (auth AuthInfo) GetPolicy(name string) (string, error)
- func (auth AuthInfo) GetRole(rolename string) (interface{}, error)
- func (auth AuthInfo) GetTokenAccessors() ([]interface{}, error)
- func (auth AuthInfo) ListApproleRoles() ([]Role, error)
- func (auth AuthInfo) ListLDAPGroups() ([]LDAPGroup, error)
- func (auth AuthInfo) ListLDAPUsers() ([]LDAPUser, error)
- func (auth AuthInfo) ListMounts() (map[string]*api.MountOutput, error)
- func (auth AuthInfo) ListPolicies() ([]string, error)
- func (auth AuthInfo) ListRoles() (interface{}, error)
- func (auth AuthInfo) ListSecret(path string) ([]interface{}, error)
- func (auth AuthInfo) ListUserpassUsers() ([]UserpassUser, error)
- func (auth *AuthInfo) Login() (map[string]interface{}, error)
- func (auth AuthInfo) LookupSelf() (*api.Secret, error)
- func (auth AuthInfo) LookupTokenByAccessor(accs string) ([]interface{}, error)
- func (auth AuthInfo) PolicyCapabilities(policyName, path string) ([]string, error)
- func (auth AuthInfo) PutPolicy(name, rules string) error
- func (auth AuthInfo) ReadSecret(path string) (map[string]interface{}, error)
- func (auth AuthInfo) RenewSelf() (*api.Secret, error)
- func (auth AuthInfo) RevokeSelf() error
- func (auth AuthInfo) RevokeTokenByAccessor(acc string) error
- func (auth AuthInfo) TuneMount(path string, config api.MountConfigInput) error
- func (auth *AuthInfo) UnwrapData(wrappingToken string) (*api.Secret, error)
- func (auth *AuthInfo) WrapData(wrapttl string, raw string) (string, error)
- func (auth AuthInfo) WriteSecret(path string, raw string) (interface{}, error)
- type LDAPGroup
- type LDAPUser
- type Role
- type RuntimeConfig
- type UserpassUser
Constants ¶
This section is empty.
Variables ¶
View Source
var LoginMap = map[string]string{
"token": "",
"userpass": "password",
"github": "token",
"ldap": "password",
"okta": "password",
}
Logging in with different methods requires different secondary keys
Functions ¶
func BootstrapRaw ¶ added in v0.7.1
similar to bootstrap function, but uses a raw token instead of an approle secret_id highly dangerous and not recommended to be called externally unless approle is inaccessible
func Bootstrapped ¶ added in v0.6.0
func Bootstrapped() bool
func FetchCertificate ¶ added in v0.8.0
func FetchCertificate(path string, body map[string]interface{}) (*tls.Certificate, error)
func GenerateRootCancel ¶
func GenerateRootCancel() error
func GenerateRootInit ¶
func GenerateRootInit(otp string) (*api.GenerateRootStatusResponse, error)
func GenerateRootStatus ¶
func GenerateRootStatus() (*api.GenerateRootStatusResponse, error)
lookup current root generation status
func GenerateRootUpdate ¶
func GenerateRootUpdate(shard, nonce string) (*api.GenerateRootStatusResponse, error)
func LoadRuntimeConfig ¶ added in v0.4.0
func LookupSelf ¶ added in v0.6.0
func NewGoldfishVaultClient ¶ added in v0.6.0
func NewVaultClient ¶ added in v0.3.0
func SetConfig ¶ added in v0.6.0
func SetConfig(c *config.VaultConfig)
func UnwrapData ¶ added in v0.2.5
func VaultHealth ¶
func VaultHealth() (*api.HealthResponse, error)
func VerifyTokenRights ¶ added in v0.7.1
check to ensure server's token has basic rights, and is able to read config path
func WriteToCubbyhole ¶
Types ¶
type AuthInfo ¶
type AuthInfo struct {
Type string `json:"type" form:"Type" query:"Type"`
ID string `json:"ID" form:"ID" query:"ID"`
Pass string `json:"password" form:"Password" query:"Password"`
Path string `json:"path" form:"Path" query:"Path"`
}
func (*AuthInfo) CapabilitiesSelf ¶ added in v0.3.2
returns a list of capabilities the current auth has on a given path
func (AuthInfo) CreateToken ¶
func (*AuthInfo) DecryptAuth ¶
decrypt auth details with transit backend
func (AuthInfo) DecryptTransit ¶
decrypt given cipher with userTransitKey
func (AuthInfo) DeletePolicy ¶
func (AuthInfo) DeleteSecret ¶ added in v0.4.1
func (*AuthInfo) EncryptAuth ¶
encrypt auth details with transit backend
func (AuthInfo) EncryptTransit ¶
encrypt given string with userTransitKey
func (AuthInfo) GetBulletins ¶
func (AuthInfo) GetMount ¶
func (auth AuthInfo) GetMount(path string) (*api.MountConfigOutput, error)
func (AuthInfo) GetTokenAccessors ¶ added in v0.5.0
func (AuthInfo) ListApproleRoles ¶ added in v0.5.1
func (AuthInfo) ListLDAPGroups ¶ added in v0.6.0
func (AuthInfo) ListLDAPUsers ¶ added in v0.6.0
func (AuthInfo) ListMounts ¶
func (auth AuthInfo) ListMounts() (map[string]*api.MountOutput, error)
returns list of current mounts, if authorized
func (AuthInfo) ListPolicies ¶
func (AuthInfo) ListSecret ¶
func (AuthInfo) ListUserpassUsers ¶ added in v0.5.1
func (auth AuthInfo) ListUserpassUsers() ([]UserpassUser, error)
func (*AuthInfo) Login ¶
verifies whether auth ID and password are valid if valid, creates a client access token and returns the metadata
func (AuthInfo) LookupTokenByAccessor ¶ added in v0.5.0
func (AuthInfo) PolicyCapabilities ¶ added in v0.8.0
func (AuthInfo) ReadSecret ¶
func (AuthInfo) RevokeSelf ¶
func (AuthInfo) RevokeTokenByAccessor ¶ added in v0.5.1
func (AuthInfo) TuneMount ¶
func (auth AuthInfo) TuneMount(path string, config api.MountConfigInput) error
func (*AuthInfo) UnwrapData ¶ added in v0.3.2
type RuntimeConfig ¶ added in v0.6.0
type RuntimeConfig struct {
ServerTransitKey string
UserTransitKey string
TransitBackend string
DefaultSecretPath string
BulletinPath string
SlackWebhook string
SlackChannel string
GithubAccessToken string
GithubRepoOwner string
GithubRepo string
GithubPoliciesPath string
// fields that goldfish will write
LastUpdated string `hash:"ignore"`
}
func GetConfig ¶
func GetConfig() RuntimeConfig
Source Files
Click to show internal directories.
Click to hide internal directories.