Documentation ¶
Overview ¶
Package store provides a generic way to store credentials to connect to virtually any kind of remote system. The term `context` comes from the similar feature in Kubernetes kubectl config files.
Conceptually, a context is a set of metadata and TLS data, that can be used to connect to various endpoints of a remote system. TLS data and metadata are stored separately, so that in the future, we will be able to store sensitive information in a more secure way, depending on the os we are running on (e.g.: on Windows we could use the user Certificate Store, on Mac OS the user Keychain...).
Current implementation is purely file based with the following structure: ${CONTEXT_ROOT}
- meta/
- <context id>/meta.json: contains context medata (key/value pairs) as well as a list of endpoints (themselves containing key/value pair metadata)
- tls/
- <context id>/endpoint1/: directory containing TLS data for the endpoint1 in the corresponding context
The context store itself has absolutely no knowledge about what a docker or a kubernetes endpoint should contain in term of metadata or TLS config. Client code is responsible for generating and parsing endpoint metadata and TLS files. The multi-endpoints approach of this package allows to combine many different endpoints in the same "context" (e.g., the Docker CLI is able for a single context to define both a docker endpoint and a Kubernetes endpoint for the same cluster, and also specify which orchestrator to use by default when deploying a compose stack on this cluster).
Context IDs are actually SHA256 hashes of the context name, and are there only to avoid dealing with special characters in context names.
Index ¶
- func Export(name string, s Reader) io.ReadCloser
- func Import(name string, s Writer, reader io.Reader) error
- func IsErrContextDoesNotExist(err error) bool
- func IsErrTLSDataDoesNotExist(err error) bool
- func ValidateContextName(name string) error
- type Config
- type ContextTLSData
- type EndpointFiles
- type EndpointTLSData
- type LimitedReader
- type Lister
- type Metadata
- type NamedTypeGetter
- type Reader
- type ReaderLister
- type ReaderWriter
- type StorageInfo
- type StorageInfoProvider
- type Store
- type TypeGetter
- type Writer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Export ¶
func Export(name string, s Reader) io.ReadCloser
Export exports an existing namespace into an opaque data stream This stream is actually a tarball containing context metadata and TLS materials, but it does not map 1:1 the layout of the context store (don't try to restore it manually without calling store.Import)
func Import ¶
Import imports an exported context into a store
func IsErrContextDoesNotExist ¶
IsErrContextDoesNotExist checks if the given error is a "context does not exist" condition
func IsErrTLSDataDoesNotExist ¶
IsErrTLSDataDoesNotExist checks if the given error is a "context does not exist" condition
Types ¶
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
Config is used to configure the metadata marshaler of the context store
func NewConfig ¶
func NewConfig(contextType TypeGetter, endpoints ...NamedTypeGetter) Config
NewConfig creates a config object
func (Config) ForeachEndpointType ¶
func (c Config) ForeachEndpointType(cb func(string, TypeGetter) error) error
ForeachEndpointType calls cb on every endpoint type registered with the Config
func (Config) SetEndpoint ¶
func (c Config) SetEndpoint(name string, getter TypeGetter)
SetEndpoint set an endpoint typing information
type ContextTLSData ¶
type ContextTLSData struct {
Endpoints map[string]EndpointTLSData
}
ContextTLSData represents tls data for a whole context
type EndpointFiles ¶
type EndpointFiles []string
EndpointFiles is a slice of strings representing file names
type EndpointTLSData ¶
EndpointTLSData represents tls data for a given endpoint
type LimitedReader ¶
LimitedReader is a fork of io.LimitedReader to override Read.
func (*LimitedReader) Read ¶
func (l *LimitedReader) Read(p []byte) (n int, err error)
Read is a fork of io.LimitedReader.Read that returns an error when limit exceeded.
type Lister ¶
Lister provides listing of contexts
type Metadata ¶
type Metadata struct { Name string `json:",omitempty"` Metadata interface{} `json:",omitempty"` Endpoints map[string]interface{} `json:",omitempty"` }
Metadata contains metadata about a context and its endpoints
type NamedTypeGetter ¶
type NamedTypeGetter struct {
// contains filtered or unexported fields
}
NamedTypeGetter is a TypeGetter associated with a name
func EndpointTypeGetter ¶
func EndpointTypeGetter(name string, getter TypeGetter) NamedTypeGetter
EndpointTypeGetter returns a NamedTypeGetter with the spcecified name and getter
type Reader ¶
type Reader interface { GetMetadata(name string) (Metadata, error) ListTLSFiles(name string) (map[string]EndpointFiles, error) GetTLSData(contextName, endpointName, fileName string) ([]byte, error) }
Reader provides read-only (without list) access to context data
type ReaderLister ¶
ReaderLister combines Reader and Lister interfaces
type ReaderWriter ¶
ReaderWriter combines Reader and Writer interfaces
type StorageInfo ¶
StorageInfo contains data about where a given context is stored
type StorageInfoProvider ¶
type StorageInfoProvider interface {
GetStorageInfo(contextName string) StorageInfo
}
StorageInfoProvider provides more information about storage details of contexts
type Store ¶
type Store interface { Reader Lister Writer StorageInfoProvider }
Store provides a context store for easily remembering endpoints configuration
type TypeGetter ¶
type TypeGetter func() interface{}
TypeGetter is a func used to determine the concrete type of a context or endpoint metadata by returning a pointer to an instance of the object eg: for a context of type DockerContext, the corresponding TypeGetter should return new(DockerContext)