Skip to content
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
155 lines (130 sloc) 5.67 KB
//: ----------------------------------------------------------------------------
//: Copyright (C) 2014 Verizon. All Rights Reserved.
//: Licensed under the Apache License, Version 2.0 (the "License");
//: you may not use this file except in compliance with the License.
//: You may obtain a copy of the License at
//: Unless required by applicable law or agreed to in writing, software
//: distributed under the License is distributed on an "AS IS" BASIS,
//: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//: See the License for the specific language governing permissions and
//: limitations under the License.
//: ----------------------------------------------------------------------------
package nelson
package vault
import scala.concurrent.duration.FiniteDuration
import scala.collection.immutable.SortedMap
* An algebra which represents an operation interacting with a
* [HashiCorp Vault]( server
sealed abstract class Vault[A] extends Product with Serializable
* This contains the result of the `initialize` call, it *must* have
* the number of MasterKeys requested. They should distributed to N
* trusted individuals, a quorum of which will have to present keys to
* unseal a vault.
* the rootToken is a omnipotent bearer token for this vault, so treat
* it with the utmost of care. It will be required to create other
* less privileged tokens.
final case class InitialCreds(keys: List[MasterKey],
rootToken: RootToken)
* Parameters needed to initialize a new vault
* @param secretShares the numbers of unseal keys
* @param secretThreshold the quorum of unseal keys needed to unseal
final case class Initialization(secretShares: Int,
secretThreshold: Int)
* @param sealed Whether or not the vault is sealed.
* @param total The number of existing MasterKeys
* @param qorum The number of keys needed to unseal the vault
* @param progress The number of keys out of total that have been provided so far to unseal
final case class SealStatus(`sealed`: Boolean,
total: Int,
quorum: Int,
progress: Int)
final case class RootToken(value: String) extends AnyVal
final case class Rule(path: String,
capabilities: List[String],
policy: Option[String])
final case class Mount(path: String,
`type`: String,
description: String,
defaultLeaseTTL: Int,
maxLeaseTTL: Int)
object Vault {
def isInitialized: VaultF[Boolean] =
def initialize(masters: Int, quorum: Int): VaultF[InitialCreds] =
Free.liftF(Initialize(Initialization(masters, quorum)))
def unseal(key: MasterKey): VaultF[SealStatus] =
def seal: VaultF[Unit] =
def sealStatus: VaultF[SealStatus] =
def get(path: String): VaultF[String] = //VaultF[Option[SortedMap[String, String]]] =
def set(path: String, value: String): VaultF[Unit] =
Free.liftF(Set(path, value))
def createPolicy(name: String, rules: List[Rule]): VaultF[Unit] =
Free.liftF(CreatePolicy(name, rules))
def deletePolicy(name: String): VaultF[Unit] =
def getMounts: VaultF[SortedMap[String, Mount]] =
def createToken(
policies: Option[List[String]] = None,
renewable: Boolean = true,
ttl: Option[FiniteDuration] = None,
numUses: Long = 0L
): VaultF[Token] = Free.liftF(CreateToken(policies, renewable, ttl, numUses))
def createKubernetesRole(
authClusterName: String,
roleName: String,
serviceAccountNames: List[String],
seviceAccountNamespaces: List[String],
defaultLeaseTTL: Option[FiniteDuration],
maxLeaseTTL: Option[FiniteDuration],
policies: Option[List[String]]
): VaultF[Unit] = Free.liftF(CreateKubernetesRole(
authClusterName, roleName,
defaultLeaseTTL, maxLeaseTTL,
def deleteKubernetesRole(
authClusterName: String,
roleName: String
): VaultF[Unit] = Free.liftF(DeleteKubernetesRole(authClusterName, roleName))
case object IsInitialized extends Vault[Boolean]
final case class Initialize(init: Initialization) extends Vault[InitialCreds]
final case class Unseal(key: MasterKey) extends Vault[SealStatus]
case object GetSealStatus extends Vault[SealStatus]
case object Seal extends Vault[Unit]
final case class Get(path: String) extends Vault[String] // Vault[Option[SortedMap[String, String]]]
final case class Set(path: String, value: String) extends Vault[Unit]
case object GetMounts extends Vault[SortedMap[String, Mount]]
final case class CreatePolicy(name: String, rules: List[Rule]) extends Vault[Unit]
final case class DeletePolicy(name: String) extends Vault[Unit]
final case class CreateToken(policies: Option[List[String]], renewable: Boolean, ttl: Option[FiniteDuration], numUses: Long = 0L) extends Vault[Token]
final case class CreateKubernetesRole(
authClusterName: String,
roleName: String,
serviceAccountNames: List[String],
seviceAccountNamespaces: List[String],
defaultLeaseTTL: Option[FiniteDuration],
maxLeaseTTL: Option[FiniteDuration],
policies: Option[List[String]]) extends Vault[Unit]
final case class DeleteKubernetesRole(authClusterName: String, roleName: String) extends Vault[Unit]
You can’t perform that action at this time.