package vaultclient
import "github.com/hashicorp/nomad/client/vaultclient"
Index ¶
- func NewVaultClient(config *config.VaultConfig, logger hclog.Logger) (*vaultClient, error)
- type JWTLoginRequest
- type MockVaultClient
- func (vc *MockVaultClient) DeriveTokenWithJWT(ctx context.Context, req JWTLoginRequest) (string, bool, error)
- func (vc *MockVaultClient) JWTTokens() map[string]string
- func (vc *MockVaultClient) RenewToken(token string, interval int) (<-chan error, error)
- func (vc *MockVaultClient) RenewTokenErrCh(token string) chan error
- func (vc *MockVaultClient) RenewTokens() map[string]chan error
- func (vc *MockVaultClient) SetDeriveTokenError(allocID string, tasks []string, err error)
- func (vc *MockVaultClient) SetDeriveTokenWithJWTFn(f func(context.Context, JWTLoginRequest) (string, bool, error))
- func (vc *MockVaultClient) SetRenewTokenError(token string, err error)
- func (vc *MockVaultClient) SetRenewable(renewable bool)
- func (vc *MockVaultClient) Start()
- func (vc *MockVaultClient) Stop()
- func (vc *MockVaultClient) StopRenewToken(token string) error
- func (vc *MockVaultClient) StoppedTokens() []string
- type VaultClient
- type VaultClientFunc
Functions ¶
func NewVaultClient ¶
func NewVaultClient(config *config.VaultConfig, logger hclog.Logger) (*vaultClient, error)
NewVaultClient returns a new vault client from the given config.
Types ¶
type JWTLoginRequest ¶
type JWTLoginRequest struct {
// JWT is the signed JWT to be used for the login request.
JWT string
// Role is Vault ACL role to use for the login request. If empty, the
// Nomad client's create_from_role value is used, or the Vault cluster
// default role.
Role string
// Namespace is the Vault namespace to use for the login request. If empty,
// the Nomad client's Vault configuration namespace will be used.
Namespace string
}
JWTLoginRequest is used to derive a Vault ACL token using a JWT login request.
type MockVaultClient ¶
type MockVaultClient struct {
// contains filtered or unexported fields
}
MockVaultClient is used for testing the vaultclient integration and is safe for concurrent access.
func (*MockVaultClient) DeriveTokenWithJWT ¶
func (vc *MockVaultClient) DeriveTokenWithJWT(ctx context.Context, req JWTLoginRequest) (string, bool, error)
func (*MockVaultClient) JWTTokens ¶
func (vc *MockVaultClient) JWTTokens() map[string]string
JWTTokens returns the tokens generated suing the JWT flow.
func (*MockVaultClient) RenewToken ¶
func (vc *MockVaultClient) RenewToken(token string, interval int) (<-chan error, error)
func (*MockVaultClient) RenewTokenErrCh ¶
func (vc *MockVaultClient) RenewTokenErrCh(token string) chan error
RenewTokenErrCh returns the error channel for the given token renewal process.
func (*MockVaultClient) RenewTokens ¶
func (vc *MockVaultClient) RenewTokens() map[string]chan error
RenewTokens are the tokens that have been renewed and their error channels
func (*MockVaultClient) SetDeriveTokenError ¶
func (vc *MockVaultClient) SetDeriveTokenError(allocID string, tasks []string, err error)
func (*MockVaultClient) SetDeriveTokenWithJWTFn ¶
func (vc *MockVaultClient) SetDeriveTokenWithJWTFn(f func(context.Context, JWTLoginRequest) (string, bool, error))
SetDeriveTokenWithJWTFn sets the function used to derive tokens using JWT.
func (*MockVaultClient) SetRenewTokenError ¶
func (vc *MockVaultClient) SetRenewTokenError(token string, err error)
func (*MockVaultClient) SetRenewable ¶
func (vc *MockVaultClient) SetRenewable(renewable bool)
func (*MockVaultClient) Start ¶
func (vc *MockVaultClient) Start()
func (*MockVaultClient) Stop ¶
func (vc *MockVaultClient) Stop()
func (*MockVaultClient) StopRenewToken ¶
func (vc *MockVaultClient) StopRenewToken(token string) error
func (*MockVaultClient) StoppedTokens ¶
func (vc *MockVaultClient) StoppedTokens() []string
StoppedTokens tracks the tokens that have stopped renewing
type VaultClient ¶
type VaultClient interface {
// Start initiates the renewal loop of tokens and secrets
Start()
// Stop terminates the renewal loop for tokens and secrets
Stop()
// DeriveTokenWithJWT returns a Vault ACL token using the JWT login
// endpoint, along with whether or not the token is renewable.
DeriveTokenWithJWT(context.Context, JWTLoginRequest) (string, bool, error)
// RenewToken renews a token with the given increment and adds it to
// the min-heap for periodic renewal.
RenewToken(string, int) (<-chan error, error)
// StopRenewToken removes the token from the min-heap, stopping its
// renewal.
StopRenewToken(string) error
}
VaultClient is the interface which nomad client uses to interact with vault and periodically renews the tokens and secrets.
func NewMockVaultClient ¶
func NewMockVaultClient(_ string) (VaultClient, error)
NewMockVaultClient returns a MockVaultClient for testing
type VaultClientFunc ¶
type VaultClientFunc func(string) (VaultClient, error)
VaultClientFunc is the interface of a function that retreives the VaultClient by cluster name. This function is injected into the allocrunner/taskrunner
Source Files ¶
vaultclient.go vaultclient_testing.go
- Version
- v1.10.0 (latest)
- Published
- Apr 9, 2025
- Platform
- linux/amd64
- Imports
- 14 packages
- Last checked
- 2 days ago –
Tools for package owners.