GO-2022-0491: Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users in github.com/edgexfoundry/app-functions-sdk-go

The highest tagged major version is v4.

security

package

v1.2.1-dev.20 Latest Latest Go to latest Published: Sep 4, 2020 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/edgexfoundry/app-functions-sdk-go

Documentation ¶

Index ¶

Constants
type SecretProvider
type SecretProviderImpl
- func NewSecretProvider(loggingClient logger.LoggingClient, configuration *common.ConfigurationStruct) *SecretProviderImpl

Constants ¶

View Source

const EnvSecretStore = "EDGEX_SECURITY_SECRET_STORE"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type SecretProvider ¶

type SecretProvider interface {
	Initialize(_ context.Context) bool
	StoreSecrets(path string, secrets map[string]string) error
	GetSecrets(path string, _ ...string) (map[string]string, error)
	GetDatabaseCredentials(database db.DatabaseInfo) (common.Credentials, error)
	InsecureSecretsUpdated()
	SecretsLastUpdated() time.Time
}

type SecretProviderImpl ¶ added in v1.3.0

type SecretProviderImpl struct {
	SharedSecretClient    pkg.SecretClient
	ExclusiveSecretClient pkg.SecretClient

	//used to track when secrets have last been retrieved
	LastUpdated time.Time
	// contains filtered or unexported fields
}

SecretProvider cache storage for the secrets

func NewSecretProvider ¶ added in v1.1.0

func NewSecretProvider(loggingClient logger.LoggingClient, configuration *common.ConfigurationStruct) *SecretProviderImpl

NewSecretProvider returns a new secret provider

func (*SecretProviderImpl) GetDatabaseCredentials ¶ added in v1.3.0

func (s *SecretProviderImpl) GetDatabaseCredentials(database db.DatabaseInfo) (common.Credentials, error)

GetDatabaseCredentials retrieves the login credentials for the database If security is disabled then we use the insecure credentials supplied by the configuration.

func (*SecretProviderImpl) GetSecrets ¶ added in v1.3.0

func (s *SecretProviderImpl) GetSecrets(path string, keys ...string) (map[string]string, error)

GetSecrets retrieves secrets from a secret store. path specifies the type or location of the secrets to retrieve. keys specifies the secrets which to retrieve. If no keys are provided then all the keys associated with the specified path will be returned.

func (*SecretProviderImpl) Initialize ¶ added in v1.3.0

func (s *SecretProviderImpl) Initialize(ctx context.Context) bool

Initialize creates SecretClients to be used for obtaining secrets from a secrets store manager.

func (*SecretProviderImpl) InsecureSecretsUpdated ¶ added in v1.3.0

func (s *SecretProviderImpl) InsecureSecretsUpdated()

InsecureSecretsUpdated resets LastUpdate is not running in secure mode.If running in secure mode, changes to InsecureSecrets have no impact and are not used.

func (*SecretProviderImpl) SecretsLastUpdated ¶ added in v1.3.0

func (s *SecretProviderImpl) SecretsLastUpdated() time.Time

func (*SecretProviderImpl) StoreSecrets ¶ added in v1.3.0

func (s *SecretProviderImpl) StoreSecrets(path string, secrets map[string]string) error

StoreSecrets stores the secrets to a secret store. it sets the values requested at provided keys path specifies the type or location of the secrets to store secrets map specifies the "key": "value" pairs of secrets to store

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
authtokenloader
mocks
client
fileioperformer
mocks
mock

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL