AbortableScanView is used to scan all the keys in a view iteratively, but will abort the scan if cb returns false.

AdjustErrorStatusCode adjusts the status that will be sent in error conditions in a way that can be shared across http's respondError and other locations.

ClearView is used to delete all the keys in a view.

ClientTokenSourceString retrieves an enum value from the enum constants string name.

ClientTokenSourceValues returns all values of the enum.

CollectKeys is used to collect all the keys in a view.

CollectKeysWithPrefix is used to collect all the keys in a view with a given prefix string.

ContextDisableReplicationStatusEndpointsValue examines the provided context.Context for the disable replication status endpoints value and returns it as a bool value if it's found along with the ok return value set to true; otherwise the ok return value is false.

ContextOriginalRequestPathValue examines the provided context.Context for the original request path value and returns it as a string value if it's found along with the ok value set to true; otherwise the ok return value is false.

CreateContextDisableReplicationStatusEndpoints creates a new context.Context based on the provided parent that also includes the provided value for the ctxKeyDisableReplicationStatusEndpoints key.

CreateContextOriginalRequestPath creates a new context.Context based on the provided parent that also includes the provided original request path value for the ctxKeyOriginalRequestPath key.

CreatecontextRedactionSettings creates a new context.Context based on the provided parent that also includes the provided redaction settings values for the ctxKeyRedactionSettings key.

CtxRedactionSettingsValue examines the provided context.Context for the redaction settings value and returns them as a tuple of bool values if they are found along with the ok return value set to true; otherwise the ok return value is false.

ErrorResponse is used to format an error response.

ErrorResponseWithData is used to format an error response with additional data returned within the "data" sub-field of the Data field.

HelpResponse is used to format a help response.

IndexStateContext returns a context with an added value holding the index state that should be populated on writes.

IndexStateFromContext is a helper to look up if the provided context contains an index state pointer.

KeyUsageString retrieves an enum value from the enum constants string name.

KeyUsageValues returns all values of the enum.

ListResponse is used to format a response to a list operation.

ListResponseWithInfo is used to format a response to a list operation and return the keys as well as a map with corresponding key info.

This logic was pulled from the http package so that it can be used for encoding wrapped responses as well.

NewEvent returns an event with a new, random EID.

NewHTTPResponseWriter creates a new HTTPResponseWriter object that wraps the provided io.Writer.

NewMockEventSender returns a new MockEventSender ready to be used.

RenewAuthRequest creates the structure of the renew request for an auth.

RenewRequest creates the structure of the renew request.

ResolveRoleResponse returns a standard response to be returned by functions handling a ResolveRoleOperation.

RespondErrorCommon pulls most of the functionality from http's respondErrorCommon and some of http's handleLogical and makes it available to both the http package and elsewhere.

RespondWithStatusCode takes a response and converts it to a raw response with the provided Status Code.

RevokeRequest creates the structure of the revoke request.

RollbackRequest creates the structure of the revoke request.

ScanView is used to scan all the keys in a view iteratively.

SendEvent is a convenience method for plugins events to an EventSender, converting the metadataPairs to the EventData structure.

StorageEntryJSON creates a StorageEntry with a JSON-encoded value.

TestRequest is a helper to create a purely in-memory Request struct.

TestStorage is a helper that can be used from unit tests to verify the behavior of a Storage impl.

TokenTypeString retrieves an enum value from the enum constants string name.

TokenTypeValues returns all values of the enum.

ClientIDTWEDelimiter Delimiter between the string fields used to generate a client ID for tokens without entities.

The operations below are called per path.

EventMetadataDataPath is used in event metadata to show the API path that can be used to fetch any underlying data.

EventMetadataModified is used in event metadata when the event attests that the underlying data has been modified and might need to be re-fetched (at the EventMetadataDataPath).

EventMetadataOperation is used in event metadata to express what operation was performed that generated the event, e.g., `read` or `write`.

EventMetadataPath is used in event metadata to show the API path the client must have the `subscribe` capability on in order to consume the event.

If set, HTTPCacheControlHeader will replace the default Cache-Control=no-store header set by the generic wrapping handler.

HTTPContentType can be specified in the Data field of a Response so that the HTTP front end can specify a custom Content-Type associated with the HTTPRawBody.

If set, HTTPPragmaHeader will set the Pragma response header.

HTTPRawBody is the raw content of the HTTP body that goes with the HTTPContentType.

For unwrapping we may need to know whether the value contained in the raw body is already JSON-unmarshaled.

HTTPStatusCode is the response code of the HTTP body that goes with the HTTPContentType.

If set, HTTPWWWAuthenticateHeader will set the WWW-Authenticate response header.

Plugins using Paths.WriteForwardedStorage will need to use this sentinel in their path to write cross-cluster.

The operations below are called globally, the path is less relevant.

SortedPoliciesTWEDelimiter Delimiter between each policy in the sorted policies used to generate a client ID for tokens without entities.

TokenTypeBatch is a batch token.

TokenTypeDefault means "use the default, if any, that is currently set on the mount".

TokenTypeDefaultBatch configured on a mount, means that if TokenTypeDefault is sent back by the mount, create Batch tokens.

TokenTypeDefaultService configured on a mount, means that if TokenTypeDefault is sent back by the mount, create Service tokens.

TokenTypeService is a "normal" Vault token for long-lived services.

The these are the types of backends that can be derived from logical.Backend.

The these are the types of backends that can be derived from logical.Backend.

This is also the zero-value for BackendType.

ErrInvalidCredentials is returned when the provided credentials are incorrect This is used internally for user lockout purposes.

ErrInvalidRequest is returned if the request is invalid.

ErrInvalidToken is returned if the token is revoked, expired, or non-existent.

ErrLeaseCountQuotaExceeded is returned when a request is rejected due to a lease count quota being exceeded.

ErrMissingRequiredState is returned when a request can't be satisfied with the data in the local node's storage, based on the provided X-Vault-Index request header.

ErrMultiAuthzPending is returned if the request needs more authorizations.

ErrNotFound is an error used to indicate that a particular resource was not found.

Error indicating that the requested path used to serve a purpose in older versions, but the functionality has now been removed.

ErrPerfStandbyForward is returned when Vault is in a state such that a perf standby cannot satisfy a request.

ErrPermissionDenied is returned if the client is not authorized.

ErrRateLimitQuotaExceeded is returned when a request is rejected due to a rate limit quota being exceeded.

ErrReadOnly is returned when a backend does not support writing.

ErrSetupReadOnly is returned when a write operation is attempted on a storage while the backend is still being setup.

ErrUnrecoverable is returned when a request fails due to something that is likely to require manual intervention.

ErrUnsupportedOperation is returned if the operation is not supported by the logical backend.

ErrUnsupportedPath is returned if the path is not supported by the logical backend.

ErrUpstreamRateLimited is returned when Vault receives a rate limited response from an upstream.

PluginVersion_ServiceDesc is the grpc.ServiceDesc for PluginVersion service.

Auth is the resulting authentication information that is part of Response for credential backends.

BackendConfig is provided to the factory to initialize the backend.

Connection represents the connection information for a request.

CtxKeyInFlightTraceID is used for passing a trace ID through request forwarding.

EventData contains event data in a CloudEvents container.

EventPluginInfo contains data related to the plugin that generated an event.

EventReceived is used to consume events and includes additional metadata regarding the event type and plugin information.

EventReceivedBexpr is used for evaluating boolean expressions with go-bexpr.

HTTPResponseWriter is optionally added to a request object and can be used to write directly to the HTTP response writer.

InitializationRequest stores the parameters and context of an Initialize() call being made to a logical.Backend.

InmemStorage implements Storage and stores all data in memory.

LeaseOptions is an embeddable struct to capture common lease settings between a Secret and Auth.

LogInput is used as the input to the audit system on which audit entries are based.

LogInputBexpr is used for evaluating boolean expressions with go-bexpr.

MockEvent is a container for an event type + event pair.

MockEventSender is a simple implementation of logical.EventSender that simply stores whatever events it receives, meant to be used in testing.

Paths is the structure of special paths that is used for SpecialPaths.

This is a new type declared to not cause potential compatibility problems if the logic around the CodedError changes; in particular for logical request paths it is basically ignored, and changing that behavior might cause unforeseen issues.

Request is a struct that stores the parameters and context of a request being made to Vault.

RequestDelegatedAuthError Special error indicating the backend wants to delegate authentication elsewhere.

RequestWrapInfo is a struct that stores information about desired response and seal wrapping behavior.

Response is a struct that stores the response of a request.

Secret represents the secret part of a response.

Struct to identify user input errors.

StorageEntry is the entry for an item in a Storage implementation.

TokenEntry is used to represent a given token.

UnimplementedPluginVersionServer must be embedded to have forward compatible implementations.

VersionReply is the reply for the Version method.

Backend interface must be implemented to be "mountable" at a given path.

EventSender sends events to the common event bus.

PluginVersionClient is the client API for PluginVersion service.

PluginVersioner is an optional interface to return version info.

PluginVersionServer is the server API for PluginVersion service.

Storage is the way that logical backends are able read/write data.

SystemView exposes system configuration information in a safe way for logical backends to consume.

UnsafePluginVersionServer may be embedded to opt out of forward compatibility for this service.

BackendType is the type of backend that is being implemented.

go:generate enumer -type=ClientTokenSource -trimprefix=ClientTokenFrom -transform=snake.

EventType represents a topic, and is a wrapper around eventlogger.EventType.

Factory is the factory function to create a logical backend.

go:generate enumer -type=KeyUsage -trimprefix=KeyUsage -transform=snake.

Operation is an enum that is used to specify the type of request being made.

go:generate enumer -type=TokenType -trimprefix=TokenType -transform=kebab.