credentials

package
v1.0.0-alpha.18 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2022 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package credentials provides primitives for working with Porter credential sets, usually refered to as "credentials" as a shorthand.

Credential Sets define mappings from a credential needed by a bundle to where to look for it when the bundle is run. For example: Bundle needs Azure storage connection string and it should look for it in an environment variable named `AZURE_STORATE_CONNECTION_STRING` or a key named `dev-conn`.

Porter discourages storing the value of the credential directly, though it it is possible. Instead Porter encourages the best practice of defining mappings in the credential sets, and then storing the values in secret stores such as a key/value store like Hashicorp Vault, or Azure Key Vault. See the get.porter.sh/porter/pkg/secrets package for more on how Porter handles accessing secrets.

Index

Constants

View Source 
const (
	CollectionCredentials = "credentials"
)
View Source 
const (
	// SchemaVersion represents the version associated with the schema
	// credential set documents.
	SchemaVersion = schema.Version("1.0.1")
)

Variables

This section is empty.

Functions

func Validate 

func Validate(given secrets.Set, spec map[string]bundle.Credential, action string) error

Validate compares the given credentials with the spec.

This will result in an error only when the following conditions are true: - a credential in the spec is not present in the given set - the credential is required - the credential applies to the specified action

It is allowed for spec to specify both an env var and a file. In such case, if the given set provides either, it will be considered valid.

Types

type CredentialSet 

type CredentialSet struct {
	CredentialSetSpec `yaml:",inline"`
	Status            CredentialSetStatus `json:"status" yaml:"status" toml:"status"`
}

CredentialSet represents a collection of credentials

func NewCredentialSet 

func NewCredentialSet(namespace string, name string, creds ...secrets.Strategy) CredentialSet

NewCredentialSet creates a new CredentialSet with the required fields initialized.

func (CredentialSet) DefaultDocumentFilter 

func (s CredentialSet) DefaultDocumentFilter() interface{}

func (CredentialSet) String 

func (s CredentialSet) String() string

func (CredentialSet) Validate 

func (s CredentialSet) Validate() error

type CredentialSetSpec 

type CredentialSetSpec struct {
	// SchemaVersion is the version of the credential-set schema.
	SchemaVersion schema.Version `json:"schemaVersion" yaml:"schemaVersion" toml:"schemaVersion"`

	// Namespace to which the credential set is scoped.
	Namespace string `json:"namespace" yaml:"namespace" toml:"namespace"`

	// Name of the credential set.
	Name string `json:"name" yaml:"name" toml:"name"`

	// Labels applied to the credential set.
	Labels map[string]string `json:"labels,omitempty" yaml:"labels,omitempty" toml:"labels,omitempty"`

	// Credentials is a list of credential resolution strategies.
	Credentials []secrets.Strategy `json:"credentials" yaml:"credentials" toml:"credentials"`
}

CredentialSetSpec represents the set of user-modifiable fields on a CredentialSet.

type CredentialSetStatus 

type CredentialSetStatus struct {
	// Created timestamp.
	Created time.Time `json:"created" yaml:"created" toml:"created"`

	// Modified timestamp.
	Modified time.Time `json:"modified" yaml:"modified" toml:"modified"`
}

CredentialSetStatus contains additional status metadata that has been set by Porter.

type CredentialStore 

type CredentialStore struct {
	Documents storage.Store
	Secrets   secrets.Store
}

CredentialStore provides access to credential sets by instantiating plugins that implement CRUD storage.

func NewCredentialStore 

func NewCredentialStore(storage storage.Store, secrets secrets.Store) *CredentialStore

func (CredentialStore) GetCredentialSet 

func (s CredentialStore) GetCredentialSet(namespace string, name string) (CredentialSet, error)

func (CredentialStore) GetDataStore 

func (s CredentialStore) GetDataStore() storage.Store

func (CredentialStore) Initialize 

func (s CredentialStore) Initialize() error

Initialize the underlying storage with any additional schema changes, such as indexes.

func (CredentialStore) InsertCredentialSet 

func (s CredentialStore) InsertCredentialSet(creds CredentialSet) error

func (CredentialStore) ListCredentialSets 

func (s CredentialStore) ListCredentialSets(namespace string, name string, labels map[string]string) ([]CredentialSet, error)

func (CredentialStore) RemoveCredentialSet 

func (s CredentialStore) RemoveCredentialSet(namespace string, name string) error

func (CredentialStore) ResolveAll 

func (s CredentialStore) ResolveAll(creds CredentialSet) (secrets.Set, error)

func (CredentialStore) UpdateCredentialSet 

func (s CredentialStore) UpdateCredentialSet(creds CredentialSet) error

func (CredentialStore) UpsertCredentialSet 

func (s CredentialStore) UpsertCredentialSet(creds CredentialSet) error

func (CredentialStore) Validate 

func (s CredentialStore) Validate(creds CredentialSet) error

type Provider 

type Provider interface {
	GetDataStore() storage.Store
	ResolveAll(creds CredentialSet) (secrets.Set, error)
	Validate(creds CredentialSet) error
	InsertCredentialSet(creds CredentialSet) error
	ListCredentialSets(namespace string, name string, labels map[string]string) ([]CredentialSet, error)
	GetCredentialSet(namespace string, name string) (CredentialSet, error)
	UpdateCredentialSet(creds CredentialSet) error
	RemoveCredentialSet(namespace string, name string) error
	UpsertCredentialSet(creds CredentialSet) error
}

Provider is Porter's interface for managing and resolving credentials.

type TestCredentialProvider 

type TestCredentialProvider struct {
	*CredentialStore

	T           *testing.T
	TestContext *portercontext.TestContext
	// TestSecrets allows you to set up secrets for unit testing
	TestSecrets *inmemorysecrets.Store
	TestStorage storage.Store
}

func NewTestCredentialProvider 

func NewTestCredentialProvider(t *testing.T) *TestCredentialProvider

func NewTestCredentialProviderFor 

func NewTestCredentialProviderFor(t *testing.T, testStore storage.Store) *TestCredentialProvider

func (TestCredentialProvider) AddTestCredentials 

func (p TestCredentialProvider) AddTestCredentials(path string)

func (TestCredentialProvider) AddTestCredentialsDirectory 

func (p TestCredentialProvider) AddTestCredentialsDirectory(dir string)

func (TestCredentialProvider) Load 

func (p TestCredentialProvider) Load(path string) (CredentialSet, error)

Load a CredentialSet from a test file at a given path.

It does not load the individual credentials.

func (TestCredentialProvider) Teardown 

func (p TestCredentialProvider) Teardown() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.