Affected by 
Documentation
¶
Index ¶
- Variables
- type ClientCertificate
- func (*ClientCertificate) Descriptor() ([]byte, []int)deprecated
- func (x *ClientCertificate) GetCertificate() []byte
- func (x *ClientCertificate) GetCertificateKey() []byte
- func (x *ClientCertificate) GetCertificateKeyHmac() []byte
- func (x *ClientCertificate) GetCtCertificateKey() []byte
- func (x *ClientCertificate) GetKeyId() string
- func (x *ClientCertificate) GetStoreId() string
- func (*ClientCertificate) ProtoMessage()
- func (x *ClientCertificate) ProtoReflect() protoreflect.Message
- func (x *ClientCertificate) Reset()
- func (x *ClientCertificate) String() string
- type Credential
- func (*Credential) Descriptor() ([]byte, []int)deprecated
- func (x *Credential) GetCreateTime() *timestamp.Timestamp
- func (x *Credential) GetExpirationTime() *timestamp.Timestamp
- func (x *Credential) GetExternalId() string
- func (x *Credential) GetIsRenewable() bool
- func (x *Credential) GetLastRenewalTime() *timestamp.Timestamp
- func (x *Credential) GetLibraryId() string
- func (x *Credential) GetPublicId() string
- func (x *Credential) GetSessionId() string
- func (x *Credential) GetStatus() string
- func (x *Credential) GetTokenHmac() []byte
- func (x *Credential) GetUpdateTime() *timestamp.Timestamp
- func (x *Credential) GetVersion() uint32
- func (*Credential) ProtoMessage()
- func (x *Credential) ProtoReflect() protoreflect.Message
- func (x *Credential) Reset()
- func (x *Credential) String() string
- type CredentialLibrary
- func (*CredentialLibrary) Descriptor() ([]byte, []int)deprecated
- func (x *CredentialLibrary) GetCreateTime() *timestamp.Timestamp
- func (x *CredentialLibrary) GetCredentialType() string
- func (x *CredentialLibrary) GetDescription() string
- func (x *CredentialLibrary) GetHttpMethod() string
- func (x *CredentialLibrary) GetHttpRequestBody() []byte
- func (x *CredentialLibrary) GetName() string
- func (x *CredentialLibrary) GetPublicId() string
- func (x *CredentialLibrary) GetStoreId() string
- func (x *CredentialLibrary) GetUpdateTime() *timestamp.Timestamp
- func (x *CredentialLibrary) GetVaultPath() string
- func (x *CredentialLibrary) GetVersion() uint32
- func (*CredentialLibrary) ProtoMessage()
- func (x *CredentialLibrary) ProtoReflect() protoreflect.Message
- func (x *CredentialLibrary) Reset()
- func (x *CredentialLibrary) String() string
- type CredentialStore
- func (*CredentialStore) Descriptor() ([]byte, []int)deprecated
- func (x *CredentialStore) GetCaCert() []byte
- func (x *CredentialStore) GetCreateTime() *timestamp.Timestamp
- func (x *CredentialStore) GetDeleteTime() *timestamp.Timestamp
- func (x *CredentialStore) GetDescription() string
- func (x *CredentialStore) GetName() string
- func (x *CredentialStore) GetNamespace() string
- func (x *CredentialStore) GetProjectId() string
- func (x *CredentialStore) GetPublicId() string
- func (x *CredentialStore) GetTlsServerName() string
- func (x *CredentialStore) GetTlsSkipVerify() bool
- func (x *CredentialStore) GetUpdateTime() *timestamp.Timestamp
- func (x *CredentialStore) GetVaultAddress() string
- func (x *CredentialStore) GetVersion() uint32
- func (x *CredentialStore) GetWorkerFilter() string
- func (*CredentialStore) ProtoMessage()
- func (x *CredentialStore) ProtoReflect() protoreflect.Message
- func (x *CredentialStore) Reset()
- func (x *CredentialStore) String() string
- type SSHCertificateCredentialLibrary
- func (*SSHCertificateCredentialLibrary) Descriptor() ([]byte, []int)deprecated
- func (x *SSHCertificateCredentialLibrary) GetCreateTime() *timestamp.Timestamp
- func (x *SSHCertificateCredentialLibrary) GetCredentialType() string
- func (x *SSHCertificateCredentialLibrary) GetCriticalOptions() string
- func (x *SSHCertificateCredentialLibrary) GetDescription() string
- func (x *SSHCertificateCredentialLibrary) GetExtensions() string
- func (x *SSHCertificateCredentialLibrary) GetKeyBits() uint32
- func (x *SSHCertificateCredentialLibrary) GetKeyId() string
- func (x *SSHCertificateCredentialLibrary) GetKeyType() string
- func (x *SSHCertificateCredentialLibrary) GetName() string
- func (x *SSHCertificateCredentialLibrary) GetPublicId() string
- func (x *SSHCertificateCredentialLibrary) GetStoreId() string
- func (x *SSHCertificateCredentialLibrary) GetTtl() string
- func (x *SSHCertificateCredentialLibrary) GetUpdateTime() *timestamp.Timestamp
- func (x *SSHCertificateCredentialLibrary) GetUsername() string
- func (x *SSHCertificateCredentialLibrary) GetVaultPath() string
- func (x *SSHCertificateCredentialLibrary) GetVersion() uint32
- func (*SSHCertificateCredentialLibrary) ProtoMessage()
- func (x *SSHCertificateCredentialLibrary) ProtoReflect() protoreflect.Message
- func (x *SSHCertificateCredentialLibrary) Reset()
- func (x *SSHCertificateCredentialLibrary) String() string
- type SshPrivateKeyOverride
- func (*SshPrivateKeyOverride) Descriptor() ([]byte, []int)deprecated
- func (x *SshPrivateKeyOverride) GetLibraryId() string
- func (x *SshPrivateKeyOverride) GetPrivateKeyAttribute() string
- func (x *SshPrivateKeyOverride) GetPrivateKeyPassphraseAttribute() string
- func (x *SshPrivateKeyOverride) GetUsernameAttribute() string
- func (*SshPrivateKeyOverride) ProtoMessage()
- func (x *SshPrivateKeyOverride) ProtoReflect() protoreflect.Message
- func (x *SshPrivateKeyOverride) Reset()
- func (x *SshPrivateKeyOverride) String() string
- type Token
- func (*Token) Descriptor() ([]byte, []int)deprecated
- func (x *Token) GetCreateTime() *timestamp.Timestamp
- func (x *Token) GetCtToken() []byte
- func (x *Token) GetExpirationTime() *timestamp.Timestamp
- func (x *Token) GetKeyId() string
- func (x *Token) GetLastRenewalTime() *timestamp.Timestamp
- func (x *Token) GetStatus() string
- func (x *Token) GetStoreId() string
- func (x *Token) GetToken() []byte
- func (x *Token) GetTokenHmac() []byte
- func (x *Token) GetUpdateTime() *timestamp.Timestamp
- func (*Token) ProtoMessage()
- func (x *Token) ProtoReflect() protoreflect.Message
- func (x *Token) Reset()
- func (x *Token) String() string
- type UsernamePasswordOverride
- func (*UsernamePasswordOverride) Descriptor() ([]byte, []int)deprecated
- func (x *UsernamePasswordOverride) GetLibraryId() string
- func (x *UsernamePasswordOverride) GetPasswordAttribute() string
- func (x *UsernamePasswordOverride) GetUsernameAttribute() string
- func (*UsernamePasswordOverride) ProtoMessage()
- func (x *UsernamePasswordOverride) ProtoReflect() protoreflect.Message
- func (x *UsernamePasswordOverride) Reset()
- func (x *UsernamePasswordOverride) String() string
Constants ¶
This section is empty.
Variables ¶
View Source
var File_controller_storage_credential_vault_store_v1_vault_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type ClientCertificate ¶
type ClientCertificate struct {
// store_id is the ID of the owning vault credential store. A vault
// credential store can have 0 or 1 client certificate.
// @inject_tag: `gorm:"primary_key"`
StoreId string `protobuf:"bytes,1,opt,name=store_id,json=storeId,proto3" json:"store_id,omitempty" gorm:"primary_key"`
// certificate is the PEM encoded certificate.
// It must be set.
// @inject_tag: `gorm:"not_null"`
Certificate []byte `protobuf:"bytes,2,opt,name=certificate,proto3" json:"certificate,omitempty" gorm:"not_null"`
// certificate_key is the plain-text of the certificate key data. We are
// not storing this plain-text key in the database.
// @inject_tag: `gorm:"-" wrapping:"pt,certificate_key_data"`
CertificateKey []byte `` /* 147-byte string literal not displayed */
// ct_certificate_key is the ciphertext of the certificate key data. It
// is stored in the database.
// @inject_tag: `gorm:"column:certificate_key;not_null" wrapping:"ct,certificate_key_data"`
CtCertificateKey []byte `` /* 185-byte string literal not displayed */
// certificate_key_hmac is a sha256-hmac of the unencrypted certificate_key that
// is returned from the API for read. It is recalculated everytime the raw
// certificate_key is updated.
// @inject_tag: `gorm:"not_null"`
CertificateKeyHmac []byte `` /* 135-byte string literal not displayed */
// The key_id of the kms database key used for encrypting this entry.
// It must be set.
// @inject_tag: `gorm:"not_null"`
KeyId string `protobuf:"bytes,10,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty" gorm:"not_null"`
// contains filtered or unexported fields
}
func (*ClientCertificate) Descriptor
deprecated
func (*ClientCertificate) Descriptor() ([]byte, []int)
Deprecated: Use ClientCertificate.ProtoReflect.Descriptor instead.
func (*ClientCertificate) GetCertificate ¶
func (x *ClientCertificate) GetCertificate() []byte
func (*ClientCertificate) GetCertificateKey ¶
func (x *ClientCertificate) GetCertificateKey() []byte
func (*ClientCertificate) GetCertificateKeyHmac ¶
func (x *ClientCertificate) GetCertificateKeyHmac() []byte
func (*ClientCertificate) GetCtCertificateKey ¶
func (x *ClientCertificate) GetCtCertificateKey() []byte
func (*ClientCertificate) GetKeyId ¶
func (x *ClientCertificate) GetKeyId() string
func (*ClientCertificate) GetStoreId ¶
func (x *ClientCertificate) GetStoreId() string
func (*ClientCertificate) ProtoMessage ¶
func (*ClientCertificate) ProtoMessage()
func (*ClientCertificate) ProtoReflect ¶
func (x *ClientCertificate) ProtoReflect() protoreflect.Message
func (*ClientCertificate) Reset ¶
func (x *ClientCertificate) Reset()
func (*ClientCertificate) String ¶
func (x *ClientCertificate) String() string
type Credential ¶
type Credential struct {
// public_id is a surrogate key suitable for use in a public API.
// @inject_tag: `gorm:"primary_key"`
PublicId string `protobuf:"bytes,1,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"`
// library_id of the owning vault credential library.
// It must be set.
LibraryId string `protobuf:"bytes,2,opt,name=library_id,json=libraryId,proto3" json:"library_id,omitempty"`
// session_id of the session the credential was created for.
// It must be set.
SessionId string `protobuf:"bytes,3,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
// token_hmac is the foreign key of the token used to acquire the secret.
// @inject_tag: `gorm:"not_null"`
TokenHmac []byte `protobuf:"bytes,4,opt,name=token_hmac,json=tokenHmac,proto3" json:"token_hmac,omitempty" gorm:"not_null"`
// create_time is set by the database.
// @inject_tag: `gorm:"default:current_timestamp"`
CreateTime *timestamp.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
// update_time is set by the database.
// @inject_tag: `gorm:"default:current_timestamp"`
UpdateTime *timestamp.Timestamp `protobuf:"bytes,6,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"`
// version allows optimistic locking of the resource.
// @inject_tag: `gorm:"default:null"`
Version uint32 `protobuf:"varint,7,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"`
// external_id is the lease ID returned from Vault.
// @inject_tag: `gorm:"not_null"`
ExternalId string `protobuf:"bytes,8,opt,name=external_id,json=externalId,proto3" json:"external_id,omitempty" gorm:"not_null"`
// last_renewal_time is the time the lease was last renewed with Vault.
// @inject_tag: `gorm:"default:null"`
LastRenewalTime *timestamp.Timestamp `` /* 128-byte string literal not displayed */
// expiration_time is the time the lease is expected to expire.
// expiration_time is calculated when the credential is initially
// retrieved and whenever the credential's lease is renewed.
//
// The calculation is:
//
// expiration_time := time.Now().Add(LeaseDuration * time.Second)
//
// LeaseDuration is a value returned by Vault when the credential is
// retrieved or the lease for the credential is renewed.
//
// https://www.vaultproject.io/docs/concepts/lease
//
// @inject_tag: `gorm:"default:null"`
ExpirationTime *timestamp.Timestamp `protobuf:"bytes,10,opt,name=expiration_time,json=expirationTime,proto3" json:"expiration_time,omitempty" gorm:"default:null"`
// is_renewable indicates if the lease can be renewed.
// @inject_tag: `gorm:"default:false"`
IsRenewable bool `protobuf:"varint,11,opt,name=is_renewable,json=isRenewable,proto3" json:"is_renewable,omitempty" gorm:"default:false"`
// The status of the credential.
// It must be set.
// @inject_tag: `gorm:"not_null"`
Status string `protobuf:"bytes,12,opt,name=status,proto3" json:"status,omitempty" gorm:"not_null"`
// contains filtered or unexported fields
}
func (*Credential) Descriptor
deprecated
func (*Credential) Descriptor() ([]byte, []int)
Deprecated: Use Credential.ProtoReflect.Descriptor instead.
func (*Credential) GetCreateTime ¶
func (x *Credential) GetCreateTime() *timestamp.Timestamp
func (*Credential) GetExpirationTime ¶
func (x *Credential) GetExpirationTime() *timestamp.Timestamp
func (*Credential) GetExternalId ¶
func (x *Credential) GetExternalId() string
func (*Credential) GetIsRenewable ¶
func (x *Credential) GetIsRenewable() bool
func (*Credential) GetLastRenewalTime ¶
func (x *Credential) GetLastRenewalTime() *timestamp.Timestamp
func (*Credential) GetLibraryId ¶
func (x *Credential) GetLibraryId() string
func (*Credential) GetPublicId ¶
func (x *Credential) GetPublicId() string
func (*Credential) GetSessionId ¶
func (x *Credential) GetSessionId() string
func (*Credential) GetStatus ¶
func (x *Credential) GetStatus() string
func (*Credential) GetTokenHmac ¶
func (x *Credential) GetTokenHmac() []byte
func (*Credential) GetUpdateTime ¶
func (x *Credential) GetUpdateTime() *timestamp.Timestamp
func (*Credential) GetVersion ¶
func (x *Credential) GetVersion() uint32
func (*Credential) ProtoMessage ¶
func (*Credential) ProtoMessage()
func (*Credential) ProtoReflect ¶
func (x *Credential) ProtoReflect() protoreflect.Message
func (*Credential) Reset ¶
func (x *Credential) Reset()
func (*Credential) String ¶
func (x *Credential) String() string
type CredentialLibrary ¶
type CredentialLibrary struct {
// public_id is a surrogate key suitable for use in a public API.
// @inject_tag: `gorm:"primary_key"`
PublicId string `protobuf:"bytes,1,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"`
// create_time is set by the database.
// @inject_tag: `gorm:"default:current_timestamp"`
CreateTime *timestamp.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
// update_time is set by the database.
// @inject_tag: `gorm:"default:current_timestamp"`
UpdateTime *timestamp.Timestamp `protobuf:"bytes,3,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"`
// name is optional. If set, it must be unique within project_id.
// @inject_tag: `gorm:"default:null"`
Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty" gorm:"default:null"`
// description is optional.
// @inject_tag: `gorm:"default:null"`
Description string `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty" gorm:"default:null"`
// store_id of the owning vault credential store.
// It must be set.
// @inject_tag: `gorm:"not_null"`
StoreId string `protobuf:"bytes,6,opt,name=store_id,json=storeId,proto3" json:"store_id,omitempty" gorm:"not_null"`
// version allows optimistic locking of the resource.
// @inject_tag: `gorm:"default:null"`
Version uint32 `protobuf:"varint,7,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"`
// vault_path is the path in Vault to request credentials from.
// It must be set.
// @inject_tag: `gorm:"not_null"`
VaultPath string `protobuf:"bytes,8,opt,name=vault_path,json=vaultPath,proto3" json:"vault_path,omitempty" gorm:"not_null"`
// The HTTP method the library uses to communicate with Vault.
// It must be set. Can only be GET or POST.
// @inject_tag: `gorm:"not_null"`
HttpMethod string `protobuf:"bytes,9,opt,name=http_method,json=httpMethod,proto3" json:"http_method,omitempty" gorm:"not_null"`
// The body of the HTTP request the library sends to Vault.
// Can only be set if http_method is POST.
// @inject_tag: `gorm:"default:null"`
HttpRequestBody []byte `` /* 129-byte string literal not displayed */
// credential_type is optional. If set, it indicates the type of
// credential the library returns.
// @inject_tag: `gorm:"default:null"`
CredentialType string `protobuf:"bytes,11,opt,name=credential_type,json=credentialType,proto3" json:"credential_type,omitempty" gorm:"default:null"`
// contains filtered or unexported fields
}
func (*CredentialLibrary) Descriptor
deprecated
func (*CredentialLibrary) Descriptor() ([]byte, []int)
Deprecated: Use CredentialLibrary.ProtoReflect.Descriptor instead.
func (*CredentialLibrary) GetCreateTime ¶
func (x *CredentialLibrary) GetCreateTime() *timestamp.Timestamp
func (*CredentialLibrary) GetCredentialType ¶ added in v0.7.4
func (x *CredentialLibrary) GetCredentialType() string
func (*CredentialLibrary) GetDescription ¶
func (x *CredentialLibrary) GetDescription() string
func (*CredentialLibrary) GetHttpMethod ¶
func (x *CredentialLibrary) GetHttpMethod() string
func (*CredentialLibrary) GetHttpRequestBody ¶
func (x *CredentialLibrary) GetHttpRequestBody() []byte
func (*CredentialLibrary) GetName ¶
func (x *CredentialLibrary) GetName() string
func (*CredentialLibrary) GetPublicId ¶
func (x *CredentialLibrary) GetPublicId() string
func (*CredentialLibrary) GetStoreId ¶
func (x *CredentialLibrary) GetStoreId() string
func (*CredentialLibrary) GetUpdateTime ¶
func (x *CredentialLibrary) GetUpdateTime() *timestamp.Timestamp
func (*CredentialLibrary) GetVaultPath ¶
func (x *CredentialLibrary) GetVaultPath() string
func (*CredentialLibrary) GetVersion ¶
func (x *CredentialLibrary) GetVersion() uint32
func (*CredentialLibrary) ProtoMessage ¶
func (*CredentialLibrary) ProtoMessage()
func (*CredentialLibrary) ProtoReflect ¶
func (x *CredentialLibrary) ProtoReflect() protoreflect.Message
func (*CredentialLibrary) Reset ¶
func (x *CredentialLibrary) Reset()
func (*CredentialLibrary) String ¶
func (x *CredentialLibrary) String() string
type CredentialStore ¶
type CredentialStore struct {
// public_id is a surrogate key suitable for use in a public API.
// @inject_tag: `gorm:"primary_key"`
PublicId string `protobuf:"bytes,1,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"`
// The create_time is set by the database.
// @inject_tag: `gorm:"default:current_timestamp"`
CreateTime *timestamp.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
// The update_time is set by the database.
// @inject_tag: `gorm:"default:current_timestamp"`
UpdateTime *timestamp.Timestamp `protobuf:"bytes,3,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"`
// The delete_time is set by the application.
// @inject_tag: `gorm:"default:null"`
DeleteTime *timestamp.Timestamp `protobuf:"bytes,4,opt,name=delete_time,json=deleteTime,proto3" json:"delete_time,omitempty" gorm:"default:null"`
// name is optional. If set, it must be unique within project_id.
// @inject_tag: `gorm:"default:null"`
Name string `protobuf:"bytes,5,opt,name=name,proto3" json:"name,omitempty" gorm:"default:null"`
// description is optional.
// @inject_tag: `gorm:"default:null"`
Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty" gorm:"default:null"`
// The project_id of the owning project.
// It must be set.
// @inject_tag: `gorm:"not_null"`
ProjectId string `protobuf:"bytes,7,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty" gorm:"not_null"`
// version allows optimistic locking of the resource.
// @inject_tag: `gorm:"default:null"`
Version uint32 `protobuf:"varint,8,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"`
// vault_address is the address of the vault server. This should be a
// complete URL.
// It must be set.
// @inject_tag: `gorm:"not_null"`
VaultAddress string `protobuf:"bytes,9,opt,name=vault_address,json=vaultAddress,proto3" json:"vault_address,omitempty" gorm:"not_null"`
// namespace is the vault namespace the credential store should use.
// It is optional.
// @inject_tag: `gorm:"default:null"`
Namespace string `protobuf:"bytes,10,opt,name=namespace,proto3" json:"namespace,omitempty" gorm:"default:null"`
// ca_cert is a single PEM-encoded CA certificate to verify the Vault
// server's SSL certificate.
// It is optional.
// @inject_tag: `gorm:"default:null"`
CaCert []byte `protobuf:"bytes,11,opt,name=ca_cert,json=caCert,proto3" json:"ca_cert,omitempty" gorm:"default:null"`
// tls_server_name is the name to use as the SNI host when connecting to
// Vault via TLS.
// It is optional.
// @inject_tag: `gorm:"default:null"`
TlsServerName string `protobuf:"bytes,12,opt,name=tls_server_name,json=tlsServerName,proto3" json:"tls_server_name,omitempty" gorm:"default:null"`
// tls_skip_verify disables verification of TLS certificates. Using this
// option is highly discouraged as it decreases the security of data
// transmissions to and from the Vault server.
// @inject_tag: `gorm:"default:false"`
TlsSkipVerify bool `protobuf:"varint,13,opt,name=tls_skip_verify,json=tlsSkipVerify,proto3" json:"tls_skip_verify,omitempty" gorm:"default:false"`
// worker_filter is optional. Filters to the worker(s) who can handle Vault requests for this cred store
// @inject_tag: `gorm:"default:null"`
WorkerFilter string `protobuf:"bytes,14,opt,name=worker_filter,json=workerFilter,proto3" json:"worker_filter,omitempty" gorm:"default:null"`
// contains filtered or unexported fields
}
func (*CredentialStore) Descriptor
deprecated
func (*CredentialStore) Descriptor() ([]byte, []int)
Deprecated: Use CredentialStore.ProtoReflect.Descriptor instead.
func (*CredentialStore) GetCaCert ¶
func (x *CredentialStore) GetCaCert() []byte
func (*CredentialStore) GetCreateTime ¶
func (x *CredentialStore) GetCreateTime() *timestamp.Timestamp
func (*CredentialStore) GetDeleteTime ¶
func (x *CredentialStore) GetDeleteTime() *timestamp.Timestamp
func (*CredentialStore) GetDescription ¶
func (x *CredentialStore) GetDescription() string
func (*CredentialStore) GetName ¶
func (x *CredentialStore) GetName() string
func (*CredentialStore) GetNamespace ¶
func (x *CredentialStore) GetNamespace() string
func (*CredentialStore) GetProjectId ¶ added in v0.10.2
func (x *CredentialStore) GetProjectId() string
func (*CredentialStore) GetPublicId ¶
func (x *CredentialStore) GetPublicId() string
func (*CredentialStore) GetTlsServerName ¶
func (x *CredentialStore) GetTlsServerName() string
func (*CredentialStore) GetTlsSkipVerify ¶
func (x *CredentialStore) GetTlsSkipVerify() bool
func (*CredentialStore) GetUpdateTime ¶
func (x *CredentialStore) GetUpdateTime() *timestamp.Timestamp
func (*CredentialStore) GetVaultAddress ¶
func (x *CredentialStore) GetVaultAddress() string
func (*CredentialStore) GetVersion ¶
func (x *CredentialStore) GetVersion() uint32
func (*CredentialStore) GetWorkerFilter ¶ added in v0.10.0
func (x *CredentialStore) GetWorkerFilter() string
func (*CredentialStore) ProtoMessage ¶
func (*CredentialStore) ProtoMessage()
func (*CredentialStore) ProtoReflect ¶
func (x *CredentialStore) ProtoReflect() protoreflect.Message
func (*CredentialStore) Reset ¶
func (x *CredentialStore) Reset()
func (*CredentialStore) String ¶
func (x *CredentialStore) String() string
type SSHCertificateCredentialLibrary ¶ added in v0.12.0
type SSHCertificateCredentialLibrary struct {
// public_id is a surrogate key suitable for use in a public API.
// @inject_tag: `gorm:"primary_key"`
PublicId string `protobuf:"bytes,1,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"`
// create_time is set by the database.
// @inject_tag: `gorm:"default:current_timestamp"`
CreateTime *timestamp.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
// update_time is set by the database.
// @inject_tag: `gorm:"default:current_timestamp"`
UpdateTime *timestamp.Timestamp `protobuf:"bytes,3,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"`
// name is optional. If set, it must be unique within project_id.
// @inject_tag: `gorm:"default:null"`
Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty" gorm:"default:null"`
// description is optional.
// @inject_tag: `gorm:"default:null"`
Description string `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty" gorm:"default:null"`
// store_id of the owning vault credential store.
// It must be set.
// @inject_tag: `gorm:"not_null"`
StoreId string `protobuf:"bytes,6,opt,name=store_id,json=storeId,proto3" json:"store_id,omitempty" gorm:"not_null"`
// version allows optimistic locking of the resource.
// @inject_tag: `gorm:"default:null"`
Version uint32 `protobuf:"varint,7,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"`
// vault_path is the path in Vault to request credentials from.
// It must be set.
// @inject_tag: `gorm:"not_null"`
VaultPath string `protobuf:"bytes,8,opt,name=vault_path,json=vaultPath,proto3" json:"vault_path,omitempty" gorm:"not_null"`
// username is the username to use when making an SSH connection.
// It must be set.
// @inject_tag: `gorm:"not_null"`
Username string `protobuf:"bytes,9,opt,name=username,proto3" json:"username,omitempty" gorm:"not_null"`
// key_type specifies the key type to use when generating an SSH private key.
// Values must be "rsa", "ed25519", or "ecdsa".
// @inject_tag: `gorm:"not_null"`
KeyType string `protobuf:"bytes,10,opt,name=key_type,json=keyType,proto3" json:"key_type,omitempty" gorm:"not_null"`
// key_bits specifies the number of bits to use to generate an SSH private key.
// Not used if key_type is ed25519.
// @inject_tag: `gorm:"not_null"`
KeyBits uint32 `protobuf:"varint,11,opt,name=key_bits,json=keyBits,proto3" json:"key_bits,omitempty" gorm:"not_null"`
// ttl specifies the requested time to live for the certificate.
// @inject_tag: `gorm:"default:null"`
Ttl string `protobuf:"bytes,12,opt,name=ttl,proto3" json:"ttl,omitempty" gorm:"default:null"`
// key_id specifies the key id that the created certificate should have.
// @inject_tag: `gorm:"default:null"`
KeyId string `protobuf:"bytes,13,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty" gorm:"default:null"`
// critical_options specifies a map of the critical options that the certificate should be signed for.
// @inject_tag: `gorm:"default:null"`
CriticalOptions string `` /* 127-byte string literal not displayed */
// extensions specifies a map of the extensions that the certificate should be signed for.
// @inject_tag: `gorm:"default:null"`
Extensions string `protobuf:"bytes,15,opt,name=extensions,proto3" json:"extensions,omitempty" gorm:"default:null"`
// credential_type is always ssh_certificate
// @inject_tag: `gorm:"default:null"`
CredentialType string `protobuf:"bytes,16,opt,name=credential_type,json=credentialType,proto3" json:"credential_type,omitempty" gorm:"default:null"`
// contains filtered or unexported fields
}
func (*SSHCertificateCredentialLibrary) Descriptor
deprecated
added in
v0.12.0
func (*SSHCertificateCredentialLibrary) Descriptor() ([]byte, []int)
Deprecated: Use SSHCertificateCredentialLibrary.ProtoReflect.Descriptor instead.
func (*SSHCertificateCredentialLibrary) GetCreateTime ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetCreateTime() *timestamp.Timestamp
func (*SSHCertificateCredentialLibrary) GetCredentialType ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetCredentialType() string
func (*SSHCertificateCredentialLibrary) GetCriticalOptions ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetCriticalOptions() string
func (*SSHCertificateCredentialLibrary) GetDescription ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetDescription() string
func (*SSHCertificateCredentialLibrary) GetExtensions ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetExtensions() string
func (*SSHCertificateCredentialLibrary) GetKeyBits ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetKeyBits() uint32
func (*SSHCertificateCredentialLibrary) GetKeyId ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetKeyId() string
func (*SSHCertificateCredentialLibrary) GetKeyType ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetKeyType() string
func (*SSHCertificateCredentialLibrary) GetName ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetName() string
func (*SSHCertificateCredentialLibrary) GetPublicId ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetPublicId() string
func (*SSHCertificateCredentialLibrary) GetStoreId ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetStoreId() string
func (*SSHCertificateCredentialLibrary) GetTtl ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetTtl() string
func (*SSHCertificateCredentialLibrary) GetUpdateTime ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetUpdateTime() *timestamp.Timestamp
func (*SSHCertificateCredentialLibrary) GetUsername ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetUsername() string
func (*SSHCertificateCredentialLibrary) GetVaultPath ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetVaultPath() string
func (*SSHCertificateCredentialLibrary) GetVersion ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) GetVersion() uint32
func (*SSHCertificateCredentialLibrary) ProtoMessage ¶ added in v0.12.0
func (*SSHCertificateCredentialLibrary) ProtoMessage()
func (*SSHCertificateCredentialLibrary) ProtoReflect ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) ProtoReflect() protoreflect.Message
func (*SSHCertificateCredentialLibrary) Reset ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) Reset()
func (*SSHCertificateCredentialLibrary) String ¶ added in v0.12.0
func (x *SSHCertificateCredentialLibrary) String() string
type SshPrivateKeyOverride ¶ added in v0.10.0
type SshPrivateKeyOverride struct {
// library_id of the owning vault credential library.
// @inject_tag: `gorm:"primary_key"`
LibraryId string `protobuf:"bytes,1,opt,name=library_id,json=libraryId,proto3" json:"library_id,omitempty" gorm:"primary_key"`
// username_attribute is the name of the attribute in the Data field of a
// Vault api.Secret that maps to a username.
// If set, it overrides any default attribute names the system uses to
// find a username attribute.
//
// See https://github.com/hashicorp/vault/blob/5e505ec039177e8212cbbab74ccb644c46e62e63/api/secret.go#L25
//
// @inject_tag: `gorm:"default:null"`
UsernameAttribute string `` /* 132-byte string literal not displayed */
// private_key_attribute is the name of the attribute in the Data field of a
// Vault api.Secret that maps to a private key.
// If set, it overrides any default attribute names the system uses to
// find a private_key attribute.
//
// See https://github.com/hashicorp/vault/blob/5e505ec039177e8212cbbab74ccb644c46e62e63/api/secret.go#L25
//
// @inject_tag: `gorm:"default:null"`
PrivateKeyAttribute string `` /* 140-byte string literal not displayed */
// private_key_passphrase_attribute is the name of the attribute in the Data
// field of a Vault api.Secret that maps to a private key passphrase. If set,
// it overrides any default attribute names the system uses to find a
// private_key_passphrase attribute.
//
// See
// https://github.com/hashicorp/vault/blob/5e505ec039177e8212cbbab74ccb644c46e62e63/api/secret.go#L25
//
// @inject_tag: `gorm:"default:null"`
PrivateKeyPassphraseAttribute string `` /* 172-byte string literal not displayed */
// contains filtered or unexported fields
}
func (*SshPrivateKeyOverride) Descriptor
deprecated
added in
v0.10.0
func (*SshPrivateKeyOverride) Descriptor() ([]byte, []int)
Deprecated: Use SshPrivateKeyOverride.ProtoReflect.Descriptor instead.
func (*SshPrivateKeyOverride) GetLibraryId ¶ added in v0.10.0
func (x *SshPrivateKeyOverride) GetLibraryId() string
func (*SshPrivateKeyOverride) GetPrivateKeyAttribute ¶ added in v0.10.0
func (x *SshPrivateKeyOverride) GetPrivateKeyAttribute() string
func (*SshPrivateKeyOverride) GetPrivateKeyPassphraseAttribute ¶ added in v0.10.0
func (x *SshPrivateKeyOverride) GetPrivateKeyPassphraseAttribute() string
func (*SshPrivateKeyOverride) GetUsernameAttribute ¶ added in v0.10.0
func (x *SshPrivateKeyOverride) GetUsernameAttribute() string
func (*SshPrivateKeyOverride) ProtoMessage ¶ added in v0.10.0
func (*SshPrivateKeyOverride) ProtoMessage()
func (*SshPrivateKeyOverride) ProtoReflect ¶ added in v0.10.0
func (x *SshPrivateKeyOverride) ProtoReflect() protoreflect.Message
func (*SshPrivateKeyOverride) Reset ¶ added in v0.10.0
func (x *SshPrivateKeyOverride) Reset()
func (*SshPrivateKeyOverride) String ¶ added in v0.10.0
func (x *SshPrivateKeyOverride) String() string
type Token ¶
type Token struct {
// token_hmac is the hmac-sha256 value of the token. The hmac key is the
// blake2b-256 value of the token accessor.
// @inject_tag: `gorm:"primary_key"`
TokenHmac []byte `protobuf:"bytes,1,opt,name=token_hmac,json=tokenHmac,proto3" json:"token_hmac,omitempty" gorm:"primary_key"`
// token is the plain-text of the token data. We are not storing this
// plain-text token in the database.
// @inject_tag: `gorm:"-" wrapping:"pt,token_data"`
Token []byte `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty" gorm:"-" wrapping:"pt,token_data"`
// ct_token is the ciphertext of the token data. It is stored in the database.
// @inject_tag: `gorm:"column:token;not_null" wrapping:"ct,token_data"`
CtToken []byte `` /* 136-byte string literal not displayed */
// store_id is the ID of the owning vault credential store. A vault
// credential store can have 0 or 1 token.
// It must be set.
// @inject_tag: `gorm:"not_null"`
StoreId string `protobuf:"bytes,4,opt,name=store_id,json=storeId,proto3" json:"store_id,omitempty" gorm:"not_null"`
// create_time is set by the database.
// @inject_tag: `gorm:"default:current_timestamp"`
CreateTime *timestamp.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
// update_time is set by the database.
// @inject_tag: `gorm:"default:current_timestamp"`
UpdateTime *timestamp.Timestamp `protobuf:"bytes,6,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"`
// last_renewal_time is the time the token was last renewed with Vault.
// @inject_tag: `gorm:"default:null"`
LastRenewalTime *timestamp.Timestamp `` /* 128-byte string literal not displayed */
// expiration_time is the time the token is expected to expire.
// expiration_time is calculated when the token is renewed.
//
// The calculation is:
//
// expiration_time := time.Now().Add(LeaseDuration * time.Second)
//
// LeaseDuration is a value returned by Vault when the token is renewed.
//
// https://www.vaultproject.io/api-docs/auth/token#renew-a-token-self
//
// @inject_tag: `gorm:"default:null"`
ExpirationTime *timestamp.Timestamp `protobuf:"bytes,9,opt,name=expiration_time,json=expirationTime,proto3" json:"expiration_time,omitempty" gorm:"default:null"`
// The key_id of the kms database key used for encrypting this entry.
// It must be set.
// @inject_tag: `gorm:"not_null"`
KeyId string `protobuf:"bytes,10,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty" gorm:"not_null"`
// The status of the token.
// It must be set.
// @inject_tag: `gorm:"not_null"`
Status string `protobuf:"bytes,11,opt,name=status,proto3" json:"status,omitempty" gorm:"not_null"`
// contains filtered or unexported fields
}
func (*Token) Descriptor
deprecated
func (*Token) GetCreateTime ¶
func (*Token) GetCtToken ¶
func (*Token) GetExpirationTime ¶
func (*Token) GetLastRenewalTime ¶
func (*Token) GetStoreId ¶
func (*Token) GetTokenHmac ¶
func (*Token) GetUpdateTime ¶
func (*Token) ProtoMessage ¶
func (*Token) ProtoMessage()
func (*Token) ProtoReflect ¶
func (x *Token) ProtoReflect() protoreflect.Message
type UsernamePasswordOverride ¶ added in v0.9.1
type UsernamePasswordOverride struct {
// library_id of the owning vault credential library.
// @inject_tag: `gorm:"primary_key"`
LibraryId string `protobuf:"bytes,1,opt,name=library_id,json=libraryId,proto3" json:"library_id,omitempty" gorm:"primary_key"`
// username_attribute is the name of the attribute in the Data field of a
// Vault api.Secret that maps to a username.
// If set, it overrides any default attribute names the system uses to
// find a username attribute.
//
// See https://github.com/hashicorp/vault/blob/5e505ec039177e8212cbbab74ccb644c46e62e63/api/secret.go#L25
//
// @inject_tag: `gorm:"default:null"`
UsernameAttribute string `` /* 132-byte string literal not displayed */
// password_attribute is the name of the attribute in the Data field of a
// Vault api.Secret that maps to a password.
// If set, it overrides any default attribute names the system uses to
// find a password attribute.
//
// See https://github.com/hashicorp/vault/blob/5e505ec039177e8212cbbab74ccb644c46e62e63/api/secret.go#L25
//
// @inject_tag: `gorm:"default:null"`
PasswordAttribute string `` /* 132-byte string literal not displayed */
// contains filtered or unexported fields
}
func (*UsernamePasswordOverride) Descriptor
deprecated
added in
v0.9.1
func (*UsernamePasswordOverride) Descriptor() ([]byte, []int)
Deprecated: Use UsernamePasswordOverride.ProtoReflect.Descriptor instead.
func (*UsernamePasswordOverride) GetLibraryId ¶ added in v0.9.1
func (x *UsernamePasswordOverride) GetLibraryId() string
func (*UsernamePasswordOverride) GetPasswordAttribute ¶ added in v0.9.1
func (x *UsernamePasswordOverride) GetPasswordAttribute() string
func (*UsernamePasswordOverride) GetUsernameAttribute ¶ added in v0.9.1
func (x *UsernamePasswordOverride) GetUsernameAttribute() string
func (*UsernamePasswordOverride) ProtoMessage ¶ added in v0.9.1
func (*UsernamePasswordOverride) ProtoMessage()
func (*UsernamePasswordOverride) ProtoReflect ¶ added in v0.9.1
func (x *UsernamePasswordOverride) ProtoReflect() protoreflect.Message
func (*UsernamePasswordOverride) Reset ¶ added in v0.9.1
func (x *UsernamePasswordOverride) Reset()
func (*UsernamePasswordOverride) String ¶ added in v0.9.1
func (x *UsernamePasswordOverride) String() string
Source Files
Click to show internal directories.
Click to hide internal directories.