README
¶
This directory will be used to define a package for the Secrets Provider "Push to File" functionality. It will contain source code to do the following:
- Parse the keys used in push-to-file annotations (e.g. sort annotations based on secrets group)
- Retrieve Conjur secrets for each secrets group
- Write a file for each secret group, combining a file template and the fetched Conjur secrets
Run tests
go test -v -coverprofile cover.out -count 1 ./... \
&& go tool cover -html=cover.out -o cover.html \
&& open ./cover.html
Documentation
¶
Index ¶
- func FetchSecretsForGroups(depRetrieveSecrets conjur.RetrieveSecretsFunc, secretGroups []*SecretGroup, ...) (map[string][]*Secret, error)
- func FileTemplateForFormat(fileFormat string, secretSpecs []SecretSpec) (string, error)
- func NewProvider(retrieveSecretsFunc conjur.RetrieveSecretsFunc, secretsBasePath string, ...) (*fileProvider, []error)
- type Config
- type Secret
- type SecretGroup
- type SecretSpec
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FetchSecretsForGroups ¶
func FetchSecretsForGroups( depRetrieveSecrets conjur.RetrieveSecretsFunc, secretGroups []*SecretGroup, traceContext context.Context, ) (map[string][]*Secret, error)
FetchSecretsForGroups fetches the secrets for all the groups and returns map of [group name] to [a slice of secrets for the group]. Callers of this function should decorate any errors with messages.CSPFK052E
func FileTemplateForFormat ¶
func FileTemplateForFormat( fileFormat string, secretSpecs []SecretSpec, ) (string, error)
FileTemplateForFormat returns the template for a file format, after ensuring the standard template exists and validating secret spec aliases against it
func NewProvider ¶
func NewProvider( retrieveSecretsFunc conjur.RetrieveSecretsFunc, secretsBasePath string, templatesBasePath string, annotations map[string]string) (*fileProvider, []error)
NewProvider creates a new provider for Push-to-File mode.
Types ¶
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
Config is used during SecretGroup creation, and contains default values for secret file and template file base paths, along with mockable functions for reading template files.
type SecretGroup ¶
type SecretGroup struct {
Name string
FilePath string
FileTemplate string
FileFormat string
PolicyPathPrefix string
FilePermissions os.FileMode
SecretSpecs []SecretSpec
}
SecretGroup incorporates all of the information about a secret group that has been parsed from that secret group's Annotations.
func NewSecretGroups ¶
func NewSecretGroups( secretsBasePath string, templatesBasePath string, annotations map[string]string, ) ([]*SecretGroup, []error)
NewSecretGroups creates a collection of secret groups from a map of annotations
func (*SecretGroup) PushToFile ¶
func (sg *SecretGroup) PushToFile(secrets []*Secret) error
PushToFile uses the configuration on a secret group to inject secrets into a template and write the result to a file.
type SecretSpec ¶
SecretSpec specifies a secret to be retrieved from Conjur by defining its alias (i.e. the name of the secret from an application's perspective) and its variable path in Conjur.
func NewSecretSpecs ¶
func NewSecretSpecs(raw []byte) ([]SecretSpec, error)
NewSecretSpecs creates a slice of SecretSpec structs by unmarshalling a YAML representation of secret specifications.
func (SecretSpec) MarshalYAML ¶
func (t SecretSpec) MarshalYAML() (interface{}, error)
MarshalYAML is a custom marshaller for SecretSpec.
func (*SecretSpec) UnmarshalYAML ¶
func (t *SecretSpec) UnmarshalYAML(node *yaml.Node) error
UnmarshalYAML is a custom unmarshaller for SecretSpec that allows us to unmarshal from different YAML node representations i.e. literal string or map.
Source Files