config

package

v0.0.1-13 Latest Latest Go to latest Published: Mar 28, 2022 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cyberark/secrets-provider-for-k8s

Documentation ¶

Index ¶

Constants
Variables
func GatherSecretsProviderSettings(annotations map[string]string) map[string]string
func ValidateAnnotations(annotations map[string]string) ([]error, []error)
func ValidateSecretsProviderSettings(envAndAnnots map[string]string) ([]error, []error)
type Config
- func NewConfig(settings map[string]string) *Config

Constants ¶

View Source

const (
	K8s                       = "k8s_secrets"
	File                      = "file"
	ConjurMapKey              = "conjur-map"
	DefaultRetryCountLimit    = 5
	DefaultRetryIntervalSec   = 1
	MinRetryValue             = 0
	MinRefreshInterval        = time.Second
	DefaultRefreshIntervalStr = "5m"
	DefaultSanitizeEnabled    = true
)

Constants for Secrets Provider operation modes, and Defaults for some SP settings

View Source

const (
	TYPESTRING annotationType = iota
	TYPEINT
	TYPEBOOL
)

Represents each annotation input value type, used during input value validation

View Source

const (
	AuthnIdentityKey      = "conjur.org/authn-identity"
	JwtTokenPath          = "conjur.org/jwt-token-path"
	ContainerModeKey      = "conjur.org/container-mode"
	SecretsDestinationKey = "conjur.org/secrets-destination"

	// SecretsRefreshIntervalKey is the Annotation key for setting the interval
	// for retrieving Conjur secrets and updating Kubernetes Secrets or
	// application secret files if necessary.
	SecretsRefreshIntervalKey = "conjur.org/secrets-refresh-interval"
	// SecretsRefreshEnabledKey is the Annotation key for enabling the refresh
	SecretsRefreshEnabledKey = "conjur.org/secrets-refresh-enabled"
	// RemoveDeletedSecretsKey is the annotaion key for enabling removing deleted secrets
	RemoveDeletedSecretsKey = "conjur.org/remove-deleted-secrets-enabled"
)

Variables ¶

View Source

var DefaultRefreshInterval, _ = time.ParseDuration(DefaultRefreshIntervalStr)

Functions ¶

func GatherSecretsProviderSettings ¶

func GatherSecretsProviderSettings(annotations map[string]string) map[string]string

GatherSecretsProviderSettings returns a string-to-string map of all provided environment variables and parsed, valid annotations that are concerned with Secrets Provider Config.

func ValidateAnnotations ¶

func ValidateAnnotations(annotations map[string]string) ([]error, []error)

ValidateAnnotations confirms that the provided annotations are properly formated, have the proper value type, and if the annotation in question had a defined set of accepted values, the provided value is confirmed. Function returns a list of Error logs, and a list of Info logs.

func ValidateSecretsProviderSettings ¶

func ValidateSecretsProviderSettings(envAndAnnots map[string]string) ([]error, []error)

ValidateSecretsProviderSettings confirms that the provided environment variable and annotation settings yield a valid Secrets Provider configuration. Returns a list of Error logs, and a list of Info logs.

Types ¶

type Config ¶

type Config struct {
	PodNamespace           string
	RequiredK8sSecrets     []string
	RetryCountLimit        int
	RetryIntervalSec       int
	StoreType              string
	SecretsRefreshInterval time.Duration
	SanitizeEnabled        bool
}

Config defines the configuration parameters for the authentication requests

func NewConfig ¶

func NewConfig(settings map[string]string) *Config

NewConfig creates a new Secrets Provider configuration for a validated map of environment variable and annotation settings.

Source Files ¶

View all Source files

config.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL