Documentation ¶
Index ¶
- Constants
- func IsSecurityEnabled() bool
- func NewSecretProvider(configuration interfaces.Configuration, ctx context.Context, ...) (interfaces.SecretProvider, error)
- type InsecureProvider
- func (p *InsecureProvider) DeregisterSecretUpdatedCallback(path string)
- func (p *InsecureProvider) GetAccessToken(_ string, _ string) (string, error)
- func (p *InsecureProvider) GetMetricsToRegister() map[string]interface{}
- func (p *InsecureProvider) GetSecret(path string, keys ...string) (map[string]string, error)
- func (p *InsecureProvider) HasSecret(path string) (bool, error)
- func (p *InsecureProvider) ListSecretPaths() ([]string, error)
- func (p *InsecureProvider) RegisteredSecretUpdatedCallback(path string, callback func(path string)) error
- func (p *InsecureProvider) SecretUpdatedAtPath(path string)
- func (p *InsecureProvider) SecretsLastUpdated() time.Time
- func (p *InsecureProvider) SecretsUpdated()
- func (p *InsecureProvider) StoreSecret(_ string, _ map[string]string) error
- type SecureProvider
- func (p *SecureProvider) DefaultTokenExpiredCallback(expiredToken string) (replacementToken string, retry bool)
- func (p *SecureProvider) DeregisterSecretUpdatedCallback(path string)
- func (p *SecureProvider) GetAccessToken(tokenType string, serviceKey string) (string, error)
- func (p *SecureProvider) GetMetricsToRegister() map[string]interface{}
- func (p *SecureProvider) GetSecret(path string, keys ...string) (map[string]string, error)
- func (p *SecureProvider) HasSecret(path string) (bool, error)
- func (p *SecureProvider) ListSecretPaths() ([]string, error)
- func (p *SecureProvider) LoadServiceSecrets(secretStoreConfig config.SecretStoreInfo) error
- func (p *SecureProvider) RegisteredSecretUpdatedCallback(path string, callback func(path string)) error
- func (p *SecureProvider) RuntimeTokenExpiredCallback(expiredToken string) (replacementToken string, retry bool)
- func (p *SecureProvider) SecretUpdatedAtPath(path string)
- func (p *SecureProvider) SecretsLastUpdated() time.Time
- func (p *SecureProvider) SecretsUpdated()
- func (p *SecureProvider) SetClient(client secrets.SecretClient)
- func (p *SecureProvider) StoreSecret(path string, secrets map[string]string) error
- type ServiceSecret
- type ServiceSecrets
Constants ¶
const ( EnvSecretStore = "EDGEX_SECURITY_SECRET_STORE" UsernameKey = "username" PasswordKey = "password" )
const ( TokenTypeConsul = "consul" AccessTokenAuthError = "HTTP response with status code 403" //nolint: gosec SecretsAuthError = "Received a '403' response" )
Variables ¶
This section is empty.
Functions ¶
func IsSecurityEnabled ¶
func IsSecurityEnabled() bool
IsSecurityEnabled determines if security has been enabled.
func NewSecretProvider ¶
func NewSecretProvider( configuration interfaces.Configuration, ctx context.Context, startupTimer startup.Timer, dic *di.Container, serviceKey string) (interfaces.SecretProvider, error)
NewSecretProvider creates a new fully initialized the Secret Provider.
Types ¶
type InsecureProvider ¶
type InsecureProvider struct {
// contains filtered or unexported fields
}
InsecureProvider implements the SecretProvider interface for insecure secrets
func NewInsecureProvider ¶
func NewInsecureProvider(config interfaces.Configuration, lc logger.LoggingClient) *InsecureProvider
NewInsecureProvider creates, initializes Provider for insecure secrets.
func (*InsecureProvider) DeregisterSecretUpdatedCallback ¶
func (p *InsecureProvider) DeregisterSecretUpdatedCallback(path string)
DeregisterSecretUpdatedCallback removes a secret's registered callback path.
func (*InsecureProvider) GetAccessToken ¶
func (p *InsecureProvider) GetAccessToken(_ string, _ string) (string, error)
GetAccessToken returns the AccessToken for the specified type, which in insecure mode is not need so just returning an empty token.
func (*InsecureProvider) GetMetricsToRegister ¶
func (p *InsecureProvider) GetMetricsToRegister() map[string]interface{}
GetMetricsToRegister returns all metric objects that needs to be registered.
func (*InsecureProvider) GetSecret ¶
GetSecret retrieves secrets from a Insecure Secrets secret store. path specifies the type or location of the secrets to retrieve. keys specifies the secrets which to retrieve. If no keys are provided then all the keys associated with the specified path will be returned.
func (*InsecureProvider) HasSecret ¶
func (p *InsecureProvider) HasSecret(path string) (bool, error)
HasSecret returns true if the service's SecretStore contains a secret at the specified path.
func (*InsecureProvider) ListSecretPaths ¶
func (p *InsecureProvider) ListSecretPaths() ([]string, error)
ListSecretPaths returns a list of paths for the current service from an insecure/secure secret store.
func (*InsecureProvider) RegisteredSecretUpdatedCallback ¶
func (p *InsecureProvider) RegisteredSecretUpdatedCallback(path string, callback func(path string)) error
RegisteredSecretUpdatedCallback registers a callback for a secret.
func (*InsecureProvider) SecretUpdatedAtPath ¶
func (p *InsecureProvider) SecretUpdatedAtPath(path string)
SecretUpdatedAtPath performs updates and callbacks for an updated secret or path.
func (*InsecureProvider) SecretsLastUpdated ¶
func (p *InsecureProvider) SecretsLastUpdated() time.Time
SecretsLastUpdated returns the last time insecure secrets were updated
func (*InsecureProvider) SecretsUpdated ¶
func (p *InsecureProvider) SecretsUpdated()
SecretsUpdated resets LastUpdate time for the Insecure Secrets.
func (*InsecureProvider) StoreSecret ¶
func (p *InsecureProvider) StoreSecret(_ string, _ map[string]string) error
StoreSecret stores the secrets, but is not supported for Insecure Secrets
type SecureProvider ¶
type SecureProvider struct {
// contains filtered or unexported fields
}
SecureProvider implements the SecretProvider interface
func NewSecureProvider ¶
func NewSecureProvider(ctx context.Context, config interfaces.Configuration, lc logger.LoggingClient, loader authtokenloader.AuthTokenLoader, runtimeTokenLoader runtimetokenprovider.RuntimeTokenProvider, serviceKey string) *SecureProvider
NewSecureProvider creates & initializes Provider instance for secure secrets.
func (*SecureProvider) DefaultTokenExpiredCallback ¶
func (p *SecureProvider) DefaultTokenExpiredCallback(expiredToken string) (replacementToken string, retry bool)
DefaultTokenExpiredCallback is the default implementation of tokenExpiredCallback function It utilizes the tokenFile to re-read the token and enable retry if any update from the expired token
func (*SecureProvider) DeregisterSecretUpdatedCallback ¶
func (p *SecureProvider) DeregisterSecretUpdatedCallback(path string)
DeregisterSecretUpdatedCallback removes a secret's registered callback path.
func (*SecureProvider) GetAccessToken ¶
func (p *SecureProvider) GetAccessToken(tokenType string, serviceKey string) (string, error)
GetAccessToken returns the access token for the requested token type.
func (*SecureProvider) GetMetricsToRegister ¶
func (p *SecureProvider) GetMetricsToRegister() map[string]interface{}
GetMetricsToRegister returns all metric objects that needs to be registered.
func (*SecureProvider) GetSecret ¶
GetSecret retrieves secrets from a secret store. path specifies the type or location of the secrets to retrieve. keys specifies the secrets which to retrieve. If no keys are provided then all the keys associated with the specified path will be returned.
func (*SecureProvider) HasSecret ¶
func (p *SecureProvider) HasSecret(path string) (bool, error)
HasSecret returns true if the service's SecretStore contains a secret at the specified path.
func (*SecureProvider) ListSecretPaths ¶
func (p *SecureProvider) ListSecretPaths() ([]string, error)
ListSecretPaths returns a list of paths for the current service from an insecure/secure secret store.
func (*SecureProvider) LoadServiceSecrets ¶
func (p *SecureProvider) LoadServiceSecrets(secretStoreConfig config.SecretStoreInfo) error
LoadServiceSecrets loads the service secrets from the specified file and stores them in the service's SecretStore
func (*SecureProvider) RegisteredSecretUpdatedCallback ¶
func (p *SecureProvider) RegisteredSecretUpdatedCallback(path string, callback func(path string)) error
RegisteredSecretUpdatedCallback registers a callback for a secret.
func (*SecureProvider) RuntimeTokenExpiredCallback ¶
func (p *SecureProvider) RuntimeTokenExpiredCallback(expiredToken string) (replacementToken string, retry bool)
func (*SecureProvider) SecretUpdatedAtPath ¶
func (p *SecureProvider) SecretUpdatedAtPath(path string)
SecretUpdatedAtPath performs updates and callbacks for an updated secret or path.
func (*SecureProvider) SecretsLastUpdated ¶
func (p *SecureProvider) SecretsLastUpdated() time.Time
SecretsLastUpdated returns the last time secure secrets were updated
func (*SecureProvider) SecretsUpdated ¶
func (p *SecureProvider) SecretsUpdated()
SecretsUpdated is not need for secure secrets as this is handled when secrets are stored.
func (*SecureProvider) SetClient ¶
func (p *SecureProvider) SetClient(client secrets.SecretClient)
SetClient sets the secret client that is used to access the secure secrets
func (*SecureProvider) StoreSecret ¶
func (p *SecureProvider) StoreSecret(path string, secrets map[string]string) error
StoreSecret stores the secrets to a secret store. it sets the values requested at provided keys path specifies the type or location of the secrets to store secrets map specifies the "key": "value" pairs of secrets to store
type ServiceSecret ¶
type ServiceSecret struct { Path string `json:"path" validate:"edgex-dto-none-empty-string"` Imported bool `json:"imported"` SecretData []common.SecretDataKeyValue `json:"secretData" validate:"required,dive"` }
ServiceSecret contains the information about a service's secret to import into a service's SecretStore
type ServiceSecrets ¶
type ServiceSecrets struct {
Secrets []ServiceSecret `json:"secrets" validate:"required,gt=0,dive"`
}
ServiceSecrets contains the list of secrets to import into a service's SecretStore
func UnmarshalServiceSecretsJson ¶
func UnmarshalServiceSecretsJson(data []byte) (*ServiceSecrets, error)
UnmarshalServiceSecretsJson un-marshals the JSON containing the services list of secrets
func (*ServiceSecrets) MarshalJson ¶
func (s *ServiceSecrets) MarshalJson() ([]byte, error)
MarshalJson marshal the service's secrets to JSON.