Documentation
¶
Overview ¶
Package versionedsecretstore impements versioned secrets, by appending a version suffix to their name
Index ¶
- Constants
- Variables
- func ContainsOutdatedSecretVersion(names []string, name string) bool
- func ContainsSecretName(names []string, name string) bool
- func GetConfigNamesFromSpec(spec corev1.PodSpec) (map[string]struct{}, map[string]struct{})
- func IsInitialVersion(secret corev1.Secret) bool
- func IsSecretIdenticalError(e error) bool
- func IsVersionedSecret(secret corev1.Secret) bool
- func IsVersionedSecretName(name string) bool
- func NamePrefix(name string) string
- func Version(secret corev1.Secret) (int, error)
- func VersionFromName(name string) (int, error)
- func VersionedName(namePrefix string, version int) string
- type SecretIdenticalError
- type VersionedSecretImpl
- func (p VersionedSecretImpl) Create(ctx context.Context, namespace string, ownerName string, ownerID types.UID, ...) error
- func (p VersionedSecretImpl) Decorate(ctx context.Context, namespace string, secretName string, key string, ...) error
- func (p VersionedSecretImpl) Delete(ctx context.Context, namespace string, secretName string) error
- func (p VersionedSecretImpl) Get(ctx context.Context, namespace string, deploymentName string, version int) (*corev1.Secret, error)
- func (p VersionedSecretImpl) Latest(ctx context.Context, namespace string, secretName string) (*corev1.Secret, error)
- func (p VersionedSecretImpl) List(ctx context.Context, namespace string, secretName string) ([]corev1.Secret, error)
- func (p VersionedSecretImpl) SetSecretReferences(ctx context.Context, namespace string, podSpec *corev1.PodSpec) error
- func (p VersionedSecretImpl) VersionCount(ctx context.Context, namespace string, secretName string) (int, error)
- type VersionedSecretStore
Constants ¶
const (
// VersionSecretKind is the kind of versioned secret
VersionSecretKind = "versionedSecret"
)
Variables ¶
var ( // LabelSecretKind is the label key for secret kind LabelSecretKind = fmt.Sprintf("%s/secret-kind", names.GroupName) // LabelVersion is the label key for secret version LabelVersion = fmt.Sprintf("%s/secret-version", names.GroupName) // LabelAPIVersion is the lable for kube APIVersion LabelAPIVersion = fmt.Sprintf("%s/v1alpha1", names.GroupName) // AnnotationSourceDescription is the annotation key for source description AnnotationSourceDescription = fmt.Sprintf("%s/source-description", names.GroupName) )
Functions ¶
func ContainsOutdatedSecretVersion ¶
ContainsOutdatedSecretVersion checks if the current secret version is greater than the versions in the secrets list
func ContainsSecretName ¶
ContainsSecretName checks a list of secret names for our secret's name while ignoring the versions
func GetConfigNamesFromSpec ¶
GetConfigNamesFromSpec parses the owner object and returns two sets, the first containing the names of all referenced ConfigMaps, the second containing the names of all referenced Secrets
func IsInitialVersion ¶
IsInitialVersion returns true if it's a v1 secret
func IsSecretIdenticalError ¶
IsSecretIdenticalError returns whether the error object is a IsSecretIdenticalError
func IsVersionedSecret ¶
IsVersionedSecret returns true if the secret has a label identifying it as versioned secret
func IsVersionedSecretName ¶
IsVersionedSecretName returns true if name matches the name of a versioned secret
func NamePrefix ¶
NamePrefix returns the name prefix of a versioned secret name, by removing the version suffix /-v\d+/
func VersionFromName ¶
VersionFromName gets version from versioned secret name return -1 if not find valid version
func VersionedName ¶
VersionedName returns a secret name with the version appended
Types ¶
type SecretIdenticalError ¶
type SecretIdenticalError struct {
// contains filtered or unexported fields
}
SecretIdenticalError indicates cases where the latest secret version is identical to the one to be created
func (SecretIdenticalError) Error ¶
func (e SecretIdenticalError) Error() string
type VersionedSecretImpl ¶
type VersionedSecretImpl struct {
// contains filtered or unexported fields
}
VersionedSecretImpl contains the required fields to persist a secret
func NewClientsetVersionedSecretStore ¶
func NewClientsetVersionedSecretStore(clientset kubernetes.Interface) VersionedSecretImpl
NewClientsetVersionedSecretStore returns a VersionedSecretStore using a kubernetes.Clientset backend
func NewVersionedSecretStore ¶
func NewVersionedSecretStore(client client.Client) VersionedSecretImpl
NewVersionedSecretStore returns a VersionedSecretStore implementation to be used when working with desired secret secrets
func (VersionedSecretImpl) Create ¶
func (p VersionedSecretImpl) Create(ctx context.Context, namespace string, ownerName string, ownerID types.UID, ownerKind string, secretName string, secretData map[string]string, annotations map[string]string, labels map[string]string, sourceDescription string) error
Create creates a new version of the secret from secret data
func (VersionedSecretImpl) Decorate ¶
func (p VersionedSecretImpl) Decorate(ctx context.Context, namespace string, secretName string, key string, value string) error
Decorate adds a label to the latest version of the secret
func (VersionedSecretImpl) Delete ¶
Delete removes all versions of the secret and therefore the secret itself.
func (VersionedSecretImpl) Get ¶
func (p VersionedSecretImpl) Get(ctx context.Context, namespace string, deploymentName string, version int) (*corev1.Secret, error)
Get returns a specific version of the secret
func (VersionedSecretImpl) Latest ¶
func (p VersionedSecretImpl) Latest(ctx context.Context, namespace string, secretName string) (*corev1.Secret, error)
Latest returns the latest version of the secret
func (VersionedSecretImpl) List ¶
func (p VersionedSecretImpl) List(ctx context.Context, namespace string, secretName string) ([]corev1.Secret, error)
List returns all versions of the secret
func (VersionedSecretImpl) SetSecretReferences ¶
func (p VersionedSecretImpl) SetSecretReferences(ctx context.Context, namespace string, podSpec *corev1.PodSpec) error
SetSecretReferences update versioned secret references in pod spec
func (VersionedSecretImpl) VersionCount ¶
func (p VersionedSecretImpl) VersionCount(ctx context.Context, namespace string, secretName string) (int, error)
VersionCount returns the number of versions for this secret
type VersionedSecretStore ¶
type VersionedSecretStore interface {
SetSecretReferences(ctx context.Context, namespace string, podSpec *corev1.PodSpec) error
Create(ctx context.Context, namespace string, ownerName string, ownerID types.UID, ownerKind string, secretName string, secretData map[string]string, annotations map[string]string, labels map[string]string, sourceDescription string) error
Get(ctx context.Context, namespace string, secretName string, version int) (*corev1.Secret, error)
Latest(ctx context.Context, namespace string, secretName string) (*corev1.Secret, error)
List(ctx context.Context, namespace string, secretName string) ([]corev1.Secret, error)
VersionCount(ctx context.Context, namespace string, secretName string) (int, error)
Delete(ctx context.Context, namespace string, secretName string) error
Decorate(ctx context.Context, namespace string, secretName string, key string, value string) error
}
VersionedSecretStore is the interface to version secrets in Kubernetes
Each update to the secret results in a new persisted version. An existing persisted version of a secret cannot be altered or deleted. The deletion of a secret will result in the removal of all persisted version of that secret.
The version number is an integer that is incremented with each version of the secret, which the greatest number being the current/latest version.
When saving a new secret, a source description is required, which should explain the sources of the rendered secret, e.g. the location of the Custom Resource Definition that generated it.
Source Files