secret

package
v2.3.0-dev.26 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 25, 2022 License: Apache-2.0 Imports: 25 Imported by: 4

Documentation

Index

Constants

View Source
const (
	EnvSecretStore = "EDGEX_SECURITY_SECRET_STORE"
	UsernameKey    = "username"
	PasswordKey    = "password"
)
View Source
const (
	TokenTypeConsul      = "consul"
	AccessTokenAuthError = "HTTP response with status code 403"
	//nolint: gosec
	SecretsAuthError = "Received a '403' response"
)

Variables

This section is empty.

Functions

func IsSecurityEnabled

func IsSecurityEnabled() bool

IsSecurityEnabled determines if security has been enabled.

func NewSecretProvider

func NewSecretProvider(
	configuration interfaces.Configuration,
	ctx context.Context,
	startupTimer startup.Timer,
	dic *di.Container,
	serviceKey string) (interfaces.SecretProvider, error)

NewSecretProvider creates a new fully initialized the Secret Provider.

Types

type InsecureProvider

type InsecureProvider struct {
	// contains filtered or unexported fields
}

InsecureProvider implements the SecretProvider interface for insecure secrets

func NewInsecureProvider

func NewInsecureProvider(config interfaces.Configuration, lc logger.LoggingClient) *InsecureProvider

NewInsecureProvider creates, initializes Provider for insecure secrets.

func (*InsecureProvider) DeregisterSecretUpdatedCallback added in v2.3.0

func (p *InsecureProvider) DeregisterSecretUpdatedCallback(path string)

DeregisterSecretUpdatedCallback removes a secret's registered callback path.

func (*InsecureProvider) GetAccessToken

func (p *InsecureProvider) GetAccessToken(_ string, _ string) (string, error)

GetAccessToken returns the AccessToken for the specified type, which in insecure mode is not need so just returning an empty token.

func (*InsecureProvider) GetMetricsToRegister added in v2.3.0

func (p *InsecureProvider) GetMetricsToRegister() map[string]interface{}

GetMetricsToRegister returns all metric objects that needs to be registered.

func (*InsecureProvider) GetSecret

func (p *InsecureProvider) GetSecret(path string, keys ...string) (map[string]string, error)

GetSecret retrieves secrets from a Insecure Secrets secret store. path specifies the type or location of the secrets to retrieve. keys specifies the secrets which to retrieve. If no keys are provided then all the keys associated with the specified path will be returned.

func (*InsecureProvider) HasSecret added in v2.3.0

func (p *InsecureProvider) HasSecret(path string) (bool, error)

HasSecret returns true if the service's SecretStore contains a secret at the specified path.

func (*InsecureProvider) ListSecretPaths added in v2.3.0

func (p *InsecureProvider) ListSecretPaths() ([]string, error)

ListSecretPaths returns a list of paths for the current service from an insecure/secure secret store.

func (*InsecureProvider) RegisteredSecretUpdatedCallback added in v2.3.0

func (p *InsecureProvider) RegisteredSecretUpdatedCallback(path string, callback func(path string)) error

RegisteredSecretUpdatedCallback registers a callback for a secret.

func (*InsecureProvider) SecretUpdatedAtPath added in v2.3.0

func (p *InsecureProvider) SecretUpdatedAtPath(path string)

SecretUpdatedAtPath performs updates and callbacks for an updated secret or path.

func (*InsecureProvider) SecretsLastUpdated

func (p *InsecureProvider) SecretsLastUpdated() time.Time

SecretsLastUpdated returns the last time insecure secrets were updated

func (*InsecureProvider) SecretsUpdated

func (p *InsecureProvider) SecretsUpdated()

SecretsUpdated resets LastUpdate time for the Insecure Secrets.

func (*InsecureProvider) StoreSecret

func (p *InsecureProvider) StoreSecret(_ string, _ map[string]string) error

StoreSecret stores the secrets, but is not supported for Insecure Secrets

type SecureProvider

type SecureProvider struct {
	// contains filtered or unexported fields
}

SecureProvider implements the SecretProvider interface

func NewSecureProvider

NewSecureProvider creates & initializes Provider instance for secure secrets.

func (*SecureProvider) DefaultTokenExpiredCallback

func (p *SecureProvider) DefaultTokenExpiredCallback(expiredToken string) (replacementToken string, retry bool)

DefaultTokenExpiredCallback is the default implementation of tokenExpiredCallback function It utilizes the tokenFile to re-read the token and enable retry if any update from the expired token

func (*SecureProvider) DeregisterSecretUpdatedCallback added in v2.3.0

func (p *SecureProvider) DeregisterSecretUpdatedCallback(path string)

DeregisterSecretUpdatedCallback removes a secret's registered callback path.

func (*SecureProvider) GetAccessToken

func (p *SecureProvider) GetAccessToken(tokenType string, serviceKey string) (string, error)

GetAccessToken returns the access token for the requested token type.

func (*SecureProvider) GetMetricsToRegister added in v2.3.0

func (p *SecureProvider) GetMetricsToRegister() map[string]interface{}

GetMetricsToRegister returns all metric objects that needs to be registered.

func (*SecureProvider) GetSecret

func (p *SecureProvider) GetSecret(path string, keys ...string) (map[string]string, error)

GetSecret retrieves secrets from a secret store. path specifies the type or location of the secrets to retrieve. keys specifies the secrets which to retrieve. If no keys are provided then all the keys associated with the specified path will be returned.

func (*SecureProvider) HasSecret added in v2.3.0

func (p *SecureProvider) HasSecret(path string) (bool, error)

HasSecret returns true if the service's SecretStore contains a secret at the specified path.

func (*SecureProvider) ListSecretPaths added in v2.3.0

func (p *SecureProvider) ListSecretPaths() ([]string, error)

ListSecretPaths returns a list of paths for the current service from an insecure/secure secret store.

func (*SecureProvider) LoadServiceSecrets added in v2.1.0

func (p *SecureProvider) LoadServiceSecrets(secretStoreConfig config.SecretStoreInfo) error

LoadServiceSecrets loads the service secrets from the specified file and stores them in the service's SecretStore

func (*SecureProvider) RegisteredSecretUpdatedCallback added in v2.3.0

func (p *SecureProvider) RegisteredSecretUpdatedCallback(path string, callback func(path string)) error

RegisteredSecretUpdatedCallback registers a callback for a secret.

func (*SecureProvider) RuntimeTokenExpiredCallback added in v2.2.0

func (p *SecureProvider) RuntimeTokenExpiredCallback(expiredToken string) (replacementToken string, retry bool)

func (*SecureProvider) SecretUpdatedAtPath added in v2.3.0

func (p *SecureProvider) SecretUpdatedAtPath(path string)

SecretUpdatedAtPath performs updates and callbacks for an updated secret or path.

func (*SecureProvider) SecretsLastUpdated

func (p *SecureProvider) SecretsLastUpdated() time.Time

SecretsLastUpdated returns the last time secure secrets were updated

func (*SecureProvider) SecretsUpdated

func (p *SecureProvider) SecretsUpdated()

SecretsUpdated is not need for secure secrets as this is handled when secrets are stored.

func (*SecureProvider) SetClient

func (p *SecureProvider) SetClient(client secrets.SecretClient)

SetClient sets the secret client that is used to access the secure secrets

func (*SecureProvider) StoreSecret

func (p *SecureProvider) StoreSecret(path string, secrets map[string]string) error

StoreSecret stores the secrets to a secret store. it sets the values requested at provided keys path specifies the type or location of the secrets to store secrets map specifies the "key": "value" pairs of secrets to store

type ServiceSecret added in v2.1.0

type ServiceSecret struct {
	Path       string                      `json:"path" validate:"edgex-dto-none-empty-string"`
	Imported   bool                        `json:"imported"`
	SecretData []common.SecretDataKeyValue `json:"secretData" validate:"required,dive"`
}

ServiceSecret contains the information about a service's secret to import into a service's SecretStore

type ServiceSecrets added in v2.1.0

type ServiceSecrets struct {
	Secrets []ServiceSecret `json:"secrets" validate:"required,gt=0,dive"`
}

ServiceSecrets contains the list of secrets to import into a service's SecretStore

func UnmarshalServiceSecretsJson added in v2.1.0

func UnmarshalServiceSecretsJson(data []byte) (*ServiceSecrets, error)

UnmarshalServiceSecretsJson un-marshals the JSON containing the services list of secrets

func (*ServiceSecrets) MarshalJson added in v2.1.0

func (s *ServiceSecrets) MarshalJson() ([]byte, error)

MarshalJson marshal the service's secrets to JSON.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL