system

package

v1.9.5 Latest Latest Go to latest Published: May 10, 2024 License: MIT Imports: 12 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/trimble-oss/tierceron

Links

Open Source Insights

Documentation ¶

Index ¶

type KeyTokenWrapper
type NewRoleOptions
type NewTokenRoleOptions
type Vault
- func NewVault(insecure bool, address string, env string, newVault bool, pingVault bool, ...) (*Vault, error)
- func NewVaultWithNonlocal(insecure bool, address string, env string, newVault bool, pingVault bool, ...) (*Vault, error)
type YamlNewTokenRoleOptions

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type KeyTokenWrapper ¶

type KeyTokenWrapper struct {
	Keys  []string // Base 64 encoded keys
	Token string   // Root token for the vault
}

KeyTokenWrapper Contains the unseal keys and root token

type NewRoleOptions ¶

type NewRoleOptions struct {
	BindSecretID         bool     `json:"bind_secret_id,omitempty"`
	SecretIDBoundCIDRs   []string `json:"secret_id_bound_cidrs,omitempty"`
	TokenBoundCIDRs      []string `json:"token_bound_cidrs,omitempty"`
	Policies             []string `json:"policies"`
	SecretIDTTL          string   `json:"secret_id_num_uses,omitempty"`
	TokenNumUses         int      `json:"token_num_uses,omitempty"`
	TokenTTL             string   `json:"token_ttl,omitempty"`
	TokenMaxTTL          string   `json:"token_max_ttl,omitempty"`
	Period               string   `json:"period,omitempty"`
	EnableLocalSecretIDs string   `json:"enable_local_secret_ids,omitempty"`
}

NewRoleOptions is used to create a new approle

type NewTokenRoleOptions ¶

type NewTokenRoleOptions struct {
	RoleName             string   `json:"role_name,omitempty"`
	AllowedPolicies      []string `json:"allowed_policies,omitempty"`
	DisallowedPolicies   []string `json:"disallowed_policies,omitempty"`
	Orphan               bool     `json:"orphan,omitempty"`
	Renewable            bool     `json:"renewable,omitempty"`
	PathSuffix           string   `json:"path_suffix,omitempty"`
	AllowedEntityAliases []string `json:"allowed_entity_aliases,omitempty"`
	TokenBoundCIDRs      []string `json:"token_bound_cidrs,omitempty"`
	TokenExplicitMaxTTL  int      `json:"token_explicit_max_ttl,omitempty"`
	TokenNoDefaultPolicy bool     `json:"token_no_default_policy,omitempty"`
	TokenNumUses         int      `json:"token_num_uses,omitempty"`
	TokenPeriod          int      `json:"token_period,omitempty"`
	TokenType            string   `json:"token_type,omitempty"`
}

NewTokenRoleOptions is used to create a new approle

type Vault ¶

type Vault struct {
	// contains filtered or unexported fields
}

Vault Represents a vault connection for managing the vault's properties

func NewVault ¶

func NewVault(insecure bool, address string, env string, newVault bool, pingVault bool, scanVault bool, logger *log.Logger) (*Vault, error)

NewVault Constructs a new vault at the given address with the given access token

func NewVaultWithNonlocal ¶

func NewVaultWithNonlocal(insecure bool, address string, env string, newVault bool, pingVault bool, scanVault bool, allowNonLocal bool, logger *log.Logger) (*Vault, error)

NewVault Constructs a new vault at the given address with the given access token allowing insecure for non local.

func (*Vault) AddShard ¶

func (v *Vault) AddShard(shard string)

AddShard Adds a single shard to the list of shards

func (*Vault) AppRoleLogin ¶

func (v *Vault) AppRoleLogin(roleID string, secretID string) (string, error)

AppRoleLogin tries logging into the vault using app role and returns a client token on success

func (*Vault) Close ¶

func (v *Vault) Close()

Proper shutdown of modifier.

func (*Vault) CreateEmptyPolicy ¶

func (v *Vault) CreateEmptyPolicy(name string) error

CreateEmptyPolicy Creates a policy with no permissions

func (*Vault) CreateKVPath ¶

func (v *Vault) CreateKVPath(path string, description string) error

CreateKVPath Creates a kv engine with the specified name and description

func (*Vault) CreateNewRole ¶

func (v *Vault) CreateNewRole(roleName string, options *NewRoleOptions) error

CreateNewRole creates a new role with given options

func (*Vault) CreateNewTokenCidrRole ¶

func (v *Vault) CreateNewTokenCidrRole(options *YamlNewTokenRoleOptions) error

CreateNewTokenCidrRole creates a new token cidr only role with given cidr options.

func (*Vault) CreatePolicyFromFile ¶

func (v *Vault) CreatePolicyFromFile(name string, filepath string) error

CreatePolicyFromFile Creates a policy with the given name and rules

func (*Vault) CreateTokenCidrRoleFromFile ¶

func (v *Vault) CreateTokenCidrRoleFromFile(filename string) error

CreateTokenCidrRoleFromFile Creates a new token cidr role from the given file and returns the name

func (*Vault) CreateTokenFromFile ¶

func (v *Vault) CreateTokenFromFile(filename string) (string, error)

CreateTokenFromFile Creates a new token from the given file and returns the name

func (*Vault) CreateTokenFromMap ¶

func (v *Vault) CreateTokenFromMap(data map[string]interface{}) (string, error)

CreateTokenFromMap takes a map and generates a vault token, returning the token

func (*Vault) DeleteKVPath ¶

func (v *Vault) DeleteKVPath(path string) error

DeleteKVPath Deletes a KV path at a specified point.

func (*Vault) DeleteRole ¶

func (v *Vault) DeleteRole(roleName string) (*api.Response, error)

DeleteRole deletes role with given role name

func (*Vault) EnableAppRole ¶

func (v *Vault) EnableAppRole() error

EnableAppRole enables the app role auth method and returns any errors

func (*Vault) GetExistsPolicyFromFileName ¶

func (v *Vault) GetExistsPolicyFromFileName(filename string) (bool, error)

CreatePolicyFromFile Creates a policy with the given name and rules

func (*Vault) GetExistsTokenRoleFromFile ¶

func (v *Vault) GetExistsTokenRoleFromFile(filename string) (bool, error)

GetExistsTokenRole - Gets the token role by token role name.

func (*Vault) GetListApproles ¶

func (v *Vault) GetListApproles() (string, error)

GetListApproles lists available approles

func (*Vault) GetOrRevokeTokensInScope ¶

func (v *Vault) GetOrRevokeTokensInScope(dir string, tokenFilter string, tokenExpiration bool, logger *log.Logger) error

GetOrRevokeTokensInScope()

func (*Vault) GetRoleID ¶

func (v *Vault) GetRoleID(roleName string) (string, string, error)

GetRoleID checks for the given role name and returns the coresponding id if it exists

func (*Vault) GetSecretID ¶

func (v *Vault) GetSecretID(roleName string) (string, error)

GetSecretID checks the vault for the secret ID corresponding to the role name

func (*Vault) GetStatus ¶

func (v *Vault) GetStatus() (map[string]interface{}, error)

GetStatus checks the health of the vault and retrieves version and status of init/seal

func (*Vault) GetToken ¶

func (v *Vault) GetToken() string

GetToken Fetches current token from client

func (*Vault) GetTokenInfo ¶

func (v *Vault) GetTokenInfo(tokenName string) (map[string]interface{}, error)

GetTokenInfo fetches data regarding this token

func (*Vault) InitVault ¶

func (v *Vault) InitVault(keyShares int, keyThreshold int) (*KeyTokenWrapper, error)

InitVault performs vault initialization and f

func (*Vault) RefreshClient ¶

func (v *Vault) RefreshClient() error

Confirms we have a valid and active connection to vault. If it doesn't, it re-establishes a new connection.

func (*Vault) RenewSelf ¶

func (v *Vault) RenewSelf(increment int) error

RenewSelf Renews the token associated with this vault struct

func (*Vault) RevokeSelf ¶

func (v *Vault) RevokeSelf() error

RevokeSelf Revokes token of current client

func (*Vault) RevokeToken ¶

func (v *Vault) RevokeToken(token string) error

RevokeToken If proper access given, revokes access of a token and all children

func (*Vault) SetShards ¶

func (v *Vault) SetShards(shards []string)

SetShards Sets known shards used by this vault for unsealing

func (*Vault) SetToken ¶

func (v *Vault) SetToken(token string)

SetToken Stores the access token for this vault

func (*Vault) Unseal ¶

func (v *Vault) Unseal() (int, int, bool, error)

Unseal Performs an unseal wuth this vault's shard. Returns true if unseal is successful

func (*Vault) ValidateEnvironment ¶

func (v *Vault) ValidateEnvironment(environment string) bool

ValidateEnvironment Ensures token has access to requested data.

type YamlNewTokenRoleOptions ¶

type YamlNewTokenRoleOptions struct {
	RoleName        string   `yaml:"role_name,omitempty"`
	TokenBoundCIDRs []string `yaml:"token_bound_cidrs,omitempty"`
}

YamlNewTokenRoleOptions is used to create a new approle

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL