package consts

import "github.com/hashicorp/vault/sdk/helper/consts"

Index

Constants 

const (
	// ExpirationRestoreWorkerCount specifies the number of workers to use while
	// restoring leases into the expiration manager
	ExpirationRestoreWorkerCount = 64

	// NamespaceHeaderName is the header set to specify which namespace the
	// request is indented for.
	NamespaceHeaderName = "X-Vault-Namespace"

	// AuthHeaderName is the name of the header containing the token.
	AuthHeaderName = "X-Vault-Token"

	// RequestHeaderName is the name of the header used by the Agent for
	// SSRF protection.
	RequestHeaderName = "X-Vault-Request"

	// WrapTTLHeaderName is the name of the header containing a directive to
	// wrap the response
	WrapTTLHeaderName = "X-Vault-Wrap-TTL"

	// PerformanceReplicationALPN is the negotiated protocol used for
	// performance replication.
	PerformanceReplicationALPN = "replication_v1"

	// DRReplicationALPN is the negotiated protocol used for dr replication.
	DRReplicationALPN = "replication_dr_v1"

	PerfStandbyALPN = "perf_standby_v1"

	RequestForwardingALPN = "req_fw_sb-act_v1"

	RaftStorageALPN = "raft_storage_v1"

	// ReplicationResolverALPN is the negotiated protocol used for
	// resolving replicaiton addresses
	ReplicationResolverALPN = "replication_resolver_v1"

	VaultEnableFilePermissionsCheckEnv = "VAULT_ENABLE_FILE_PERMISSIONS_CHECK"

	VaultDisableUserLockout = "VAULT_DISABLE_USER_LOCKOUT"

	PerformanceReplicationPathTarget = "performance"

	DRReplicationPathTarget = "dr"
)
const (
	Supported = iota
	Deprecated
	PendingRemoval
	Removed
	Unknown
)

These are the states of deprecation for builtin plugins 

const (
	// N.B. This needs to be excluded from replication despite the name; it's
	// merely saying that this is cluster information for the replicated
	// cluster.
	CoreReplicatedClusterPrefix   = "core/cluster/replicated/"
	CoreReplicatedClusterPrefixDR = "core/cluster/replicated-dr/"

	CoreReplicatedClusterInfoPath            = CoreReplicatedClusterPrefix + "info"
	CoreReplicatedClusterSecondariesPrefix   = CoreReplicatedClusterPrefix + "secondaries/"
	CoreReplicatedClusterInfoPathDR          = CoreReplicatedClusterPrefixDR + "info"
	CoreReplicatedClusterSecondariesPrefixDR = CoreReplicatedClusterPrefixDR + "secondaries/"

	// This is an identifier for the current secondary in the replicated paths
	// manager.  It should contain a character that is not allowed in secondary
	// ids to ensure it doesn't collide.
	CurrentReplicatedSecondaryIdentifier = ".current"
	CoreFeatureFlagPath                  = "core/cluster/feature-flags"
	CoreDevelopmentClusterPath           = "core/reporting/development-cluster"
)
const (
	ServiceTokenPrefix        = "hvs."
	BatchTokenPrefix          = "hvb."
	RecoveryTokenPrefix       = "hvr."
	LegacyServiceTokenPrefix  = "s."
	LegacyBatchTokenPrefix    = "b."
	LegacyRecoveryTokenPrefix = "r."
)
const AgentPathCacheClear = "/agent/v1/cache-clear"

AgentPathCacheClear is the path that the agent will use as its cache-clear endpoint. 

const AgentPathMetrics = "/agent/v1/metrics"

AgentPathMetrics is the path the agent will use to expose its internal metrics. 

const AgentPathQuit = "/agent/v1/quit"

AgentPathQuit is the path that the agent will use to trigger stopping it. 

const DefaultMaxBackoff = 5 * time.Minute

DefaultMaxBackoff is the default max backoff time for agent and proxy 

const DefaultMinBackoff = 1 * time.Second

DefaultMinBackoff is the default minimum backoff time for agent and proxy 

const EnvVaultAllowPendingRemovalMounts = "VAULT_ALLOW_PENDING_REMOVAL_MOUNTS"

EnvVaultAllowPendingRemovalMounts allows Pending Removal builtins to be mounted as if they are Deprecated to facilitate migration to supported builtin plugins. 

const ProxyPathCacheClear = "/proxy/v1/cache-clear"

ProxyPathCacheClear is the path that the proxy will use as its cache-clear endpoint. 

const ProxyPathMetrics = "/proxy/v1/metrics"

ProxyPathMetrics is the path the proxy will use to expose its internal metrics. 

const ProxyPathQuit = "/proxy/v1/quit"

ProxyPathQuit is the path that the proxy will use to trigger stopping it.

Variables 

var (
	// ErrSealed is returned if an operation is performed on a sealed barrier.
	// No operation is expected to succeed before unsealing
	ErrSealed = errors.New("Vault is sealed")

	// ErrAPILocked is returned if an operation is performed when the API is
	// locked for the request namespace.
	ErrAPILocked = errors.New("API access to this namespace has been locked by an administrator")

	// ErrStandby is returned if an operation is performed on a standby Vault.
	// No operation is expected to succeed until active.
	ErrStandby = errors.New("Vault is in standby mode")

	// ErrPathContainsParentReferences is returned when a path contains parent
	// references.
	ErrPathContainsParentReferences = errors.New("path cannot contain parent references")

	// ErrInvalidWrappingToken is returned when checking for the validity of
	// a wrapping token that turns out to be invalid.
	ErrInvalidWrappingToken = errors.New("wrapping token is not valid or does not exist")

	// ErrOverloaded indicates the Vault server is at capacity.
	ErrOverloaded = errors.New("overloaded, try again later")
)
var PluginRuntimeTypes = _PluginRuntimeTypeValues
var PluginTiers = []PluginTier{
	PluginTierUnknown,
	PluginTierCommunity,
	PluginTierPartner,
	PluginTierOfficial,
}
var PluginTypes = []PluginType{
	PluginTypeUnknown,
	PluginTypeCredential,
	PluginTypeDatabase,
	PluginTypeSecrets,
}

Types

type DeprecationStatus 

type DeprecationStatus uint32

DeprecationStatus represents the current deprecation state for builtins

func (DeprecationStatus) String 

func (s DeprecationStatus) String() string

String returns the string representation of a builtin deprecation status

type HAState 

type HAState uint32
const (
	Standby HAState
	PerfStandby
	Active
)

type PluginRuntimeType 

type PluginRuntimeType uint32
const (
	DefaultContainerPluginOCIRuntime = "runsc"

	PluginRuntimeTypeUnsupported PluginRuntimeType = iota
	PluginRuntimeTypeContainer
)

This is a list of PluginRuntimeTypes used by Vault.

func ParsePluginRuntimeType 

func ParsePluginRuntimeType(PluginRuntimeType string) (PluginRuntimeType, error)

ParsePluginRuntimeType is a wrapper around PluginRuntimeTypeString kept for backwards compatibility.

func PluginRuntimeTypeString 

func PluginRuntimeTypeString(s string) (PluginRuntimeType, error)

PluginRuntimeTypeString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.

func PluginRuntimeTypeValues 

func PluginRuntimeTypeValues() []PluginRuntimeType

PluginRuntimeTypeValues returns all values of the enum

func (PluginRuntimeType) IsAPluginRuntimeType 

func (i PluginRuntimeType) IsAPluginRuntimeType() bool

IsAPluginRuntimeType returns "true" if the value is listed in the enum definition. "false" otherwise

func (PluginRuntimeType) String 

func (i PluginRuntimeType) String() string

type PluginTier 

type PluginTier uint32
const (
	// PluginTierUnknown defines unknown plugin tier
	// DO NOT change the order of the enum as it
	// could cause the wrong plugin tier to be read
	// from storage for a given underlying number
	PluginTierUnknown PluginTier = iota
	// PluginTierCommunity defines community plugin tier
	// DO NOT change the order of the enum as it
	// could cause the wrong plugin tier to be read
	// from storage for a given underlying number
	PluginTierCommunity
	// PluginTierPartner defines partner plugin tier
	// DO NOT change the order of the enum as it
	// could cause the wrong plugin tier to be read
	// from storage for a given underlying number
	PluginTierPartner
	// PluginTierOfficial defines enterprise plugin tier
	// DO NOT change the order of the enum as it
	// could cause the wrong plugin tier to be read
	// from storage for a given underlying number
	PluginTierOfficial
)

func ParsePluginTier 

func ParsePluginTier(pluginTier string) (PluginTier, error)

func (PluginTier) MarshalJSON 

func (p PluginTier) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler.

func (PluginTier) String 

func (p PluginTier) String() string

func (*PluginTier) UnmarshalJSON 

func (p *PluginTier) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler. It supports unmarshaling either a string or a uint32. All new serialization will be as a string, but we previously serialized as a uint32 so we need to support that for backwards compatibility.

type PluginType 

type PluginType uint32
const (
	PluginTypeUnknown PluginType = iota
	PluginTypeCredential
	PluginTypeDatabase
	PluginTypeSecrets
)

This is a list of PluginTypes used by Vault. If we need to add any in the future, it would be best to add them to the _end_ of the list below because they resolve to incrementing numbers, which may be saved in state somewhere. Thus if the name for one of those numbers changed because a value were added to the middle, that could cause the wrong plugin types to be read from storage for a given underlying number. Example of the problem here: https://play.golang.org/p/YAaPw5ww3er

func ParsePluginType 

func ParsePluginType(pluginType string) (PluginType, error)

func (PluginType) MarshalJSON 

func (p PluginType) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler.

func (PluginType) String 

func (p PluginType) String() string

func (*PluginType) UnmarshalJSON 

func (p *PluginType) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler. It supports unmarshaling either a string or a uint32. All new serialization will be as a string, but we previously serialized as a uint32 so we need to support that for backwards compatibility.

type ReplicationState 

type ReplicationState uint32
const (
	OldReplicationPrimary ReplicationState
	OldReplicationSecondary
	OldReplicationBootstrapping

	ReplicationUnknown            ReplicationState = 0
	ReplicationPerformancePrimary ReplicationState = 1 << iota // Note -- iota is 5 here!
	ReplicationPerformanceSecondary
	OldSplitReplicationBootstrapping
	ReplicationDRPrimary
	ReplicationDRSecondary
	ReplicationPerformanceBootstrapping
	ReplicationDRBootstrapping
	ReplicationPerformanceDisabled
	ReplicationDRDisabled
	ReplicationPerformanceStandby
)

func (*ReplicationState) AddState 

func (r *ReplicationState) AddState(flag ReplicationState)

func (*ReplicationState) ClearState 

func (r *ReplicationState) ClearState(flag ReplicationState)

func (ReplicationState) GetDRString 

func (r ReplicationState) GetDRString() string

func (ReplicationState) GetPerformanceString 

func (r ReplicationState) GetPerformanceString() string

func (ReplicationState) HasState 

func (r ReplicationState) HasState(flag ReplicationState) bool

func (ReplicationState) IsPrimaryState 

func (r ReplicationState) IsPrimaryState() bool

func (ReplicationState) StateStrings 

func (r ReplicationState) StateStrings() []string

func (*ReplicationState) ToggleState 

func (r *ReplicationState) ToggleState(flag ReplicationState)

Source Files

agent.go consts.go deprecation_status.go error.go plugin_runtime_types.go plugin_tiers.go plugin_types.go pluginruntimetype_enumer.go proxy.go replication.go token_consts.go

Version
v0.18.0 (latest)
Published
Jun 5, 2025
Platform
linux/amd64
Imports
4 packages
Last checked
3 weeks ago

Tools for package owners.