token

package
v2.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2020 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsInvalidConfig 

func IsInvalidConfig(err error) bool

IsInvalidConfig asserts invalidConfigError.

func IsPolicyAlreadyExists 

func IsPolicyAlreadyExists(err error) bool

IsPolicyAlreadyExists asserts policyAlreadyExistsError.

Types

type CreateConfig 

type CreateConfig struct {
	// ClusterID represents the cluster ID a token is requested for. This ID is
	// used to restrict access on Vault related operations for a specific cluster.
	// E.g. the generated token will only be allowed to issue certificates for the
	// Vault PKI backend associated with the given cluster ID.
	ClusterID string `json:"cluster_id"`

	// Num represents the number of tokens the generator should create.
	Num int `json:"num"`

	// TTL configures the time to live for the requested token. This is a golang
	// time string with the allowed units s, m and h.
	TTL string `json:"ttl"`
}

CreateConfig is a data structure used to configure the token creation process implemented by Service.Create.

type Service 

type Service interface {
	// Create generates new Vault tokens allowed to be used to issue signed
	// certificates with respect to the given configuration.
	Create(config CreateConfig) ([]string, error)

	// CreateOrgPolicy creates a new policy to restrict access to only being able to
	// issue signed certificates on the Vault PKI backend specific to the given
	// cluster ID and organization.
	CreateOrgPolicy(clusterID string) error

	// CreatePolicy creates a new policy to restrict access to only being able to
	// issue signed certificates on the Vault PKI backend specific to the given
	// cluster ID. Here the given cluster ID is used to create the policy name and
	// the policy specific rules matching certain paths within the Vault file
	// system like path structure. This policy name can be used to e.g. apply it
	// to some Vault token.
	CreatePolicy(clusterID string) error

	// DeleteOrgPolicy removes an org policy from Vault using its name.
	DeleteOrgPolicy(clusterID string) error

	// DeletePolicy removes a policy from Vault using its name.
	DeletePolicy(clusterID string) error

	// IsOrgPolicyCreated checks whether the PKI org issue policy already exists.
	IsOrgPolicyCreated(clusterID string) (bool, error)

	// IsPolicyCreated checks whether the PKI issue policy already exists.
	IsPolicyCreated(clusterID string) (bool, error)

	// OrgPolicyName returns the name of an org policy used to restrict access to Vault
	// for PKI issue requests. This policy is scoped to the given cluster ID.
	OrgPolicyName(clusterID string) string

	// PolicyName returns the name of a policy used to restrict access to Vault
	// for PKI issue requests. This policy is scoped to the given cluster ID.
	PolicyName(clusterID string) string
}

Service creates new Vault policies to restrict access capabilities of e.g. Vault tokens.

func NewService 

func NewService(config ServiceConfig) (Service, error)

NewService creates a new configured service.

type ServiceConfig 

type ServiceConfig struct {
	// Dependencies.
	VaultClient *vaultclient.Client
}

ServiceConfig represents the configuration used to create a new service.

func DefaultServiceConfig 

func DefaultServiceConfig() ServiceConfig

DefaultServiceConfig provides a default configuration to create a service.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.