GO-2024-2750: Kubernetes Secrets Store CSI Driver plugins arbitrary file write in github.com/Azure/secrets-store-csi-driver-provider-azure

provider

package

v1.1.0 Latest Latest Go to latest Published: Mar 2, 2022 License: MIT Imports: 28 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Azure/secrets-store-csi-driver-provider-azure

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ParseAzureEnvironment(cloudName string) (*azure.Environment, error)
type KeyVaultObject
type Provider
- func NewProvider() *Provider
- func (p *Provider) GetSecretsStoreObjectContent(ctx context.Context, attrib, secrets map[string]string, targetPath string, ...) ([]SecretFile, error)
type SecretFile
type StringArray

Constants ¶

View Source

const (
	// VaultObjectTypeSecret secret vault object type
	VaultObjectTypeSecret string = "secret"
	// VaultObjectTypeKey key vault object type
	VaultObjectTypeKey string = "key"
	// VaultObjectTypeCertificate certificate vault object type
	VaultObjectTypeCertificate string = "cert"
)

Type of Azure Key Vault objects

Variables ¶

View Source

var (
	ConstructPEMChain = flag.Bool("construct-pem-chain", true, "explicitly reconstruct the pem chain in the order: SERVER, INTERMEDIATE, ROOT")
)

Functions ¶

func ParseAzureEnvironment ¶

func ParseAzureEnvironment(cloudName string) (*azure.Environment, error)

ParseAzureEnvironment returns azure environment by name

Types ¶

type KeyVaultObject ¶

type KeyVaultObject struct {
	// the name of the Azure Key Vault objects
	ObjectName string `json:"objectName" yaml:"objectName"`
	// the filename the object will be written to
	ObjectAlias string `json:"objectAlias" yaml:"objectAlias"`
	// the version of the Azure Key Vault objects
	ObjectVersion string `json:"objectVersion" yaml:"objectVersion"`
	// the type of the Azure Key Vault objects
	ObjectType string `json:"objectType" yaml:"objectType"`
	// the format of the Azure Key Vault objects
	// supported formats are PEM, PFX
	ObjectFormat string `json:"objectFormat" yaml:"objectFormat"`
	// The encoding of the object in KeyVault
	// Supported encodings are Base64, Hex, Utf-8
	ObjectEncoding string `json:"objectEncoding" yaml:"objectEncoding"`
	// FilePermission is the file permissions
	FilePermission string `json:"filePermission" yaml:"filePermission"`
}

KeyVaultObject holds keyvault object related config

type Provider ¶

type Provider struct {
	// contains filtered or unexported fields
}

Provider implements the secrets-store-csi-driver provider interface

func NewProvider ¶

func NewProvider() *Provider

NewProvider creates a new provider

func (*Provider) GetSecretsStoreObjectContent ¶ added in v1.1.0

func (p *Provider) GetSecretsStoreObjectContent(ctx context.Context, attrib, secrets map[string]string, targetPath string, defaultFilePermission os.FileMode) ([]SecretFile, error)

GetSecretsStoreObjectContent gets the objects (secret, key, certificate) from keyvault and returns the content to the CSI driver. The driver will write the content to the file system.

type SecretFile ¶ added in v1.1.0

type SecretFile struct {
	Content  []byte
	Path     string
	FileMode int32
	UID      string
	Version  string
}

SecretFile holds content and metadata of a secret file

type StringArray ¶

type StringArray struct {
	Array []string `json:"array" yaml:"array"`
}

StringArray ...

Source Files ¶

View all Source files

provider.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL