Documentation ¶
Index ¶
- Constants
- func BuildSecretStoreConfig(serviceKey string, envVars *environment.Variables, lc logger.LoggingClient) (*config.SecretStoreInfo, error)
- func IsSecurityEnabled() bool
- func NewJWTSecretProvider(secretProvider interfaces.SecretProviderExt) clientinterfaces.AuthenticationInjector
- func NewJWTSecretProviderWithRT(secretProvider interfaces.SecretProviderExt, roundTripper_b http.RoundTripper) clientinterfaces.AuthenticationInjector
- func NewSecretProvider(configuration interfaces.Configuration, envVars *environment.Variables, ...) (interfaces.SecretProviderExt, error)
- type InsecureProvider
- func (p *InsecureProvider) DeregisterSecretUpdatedCallback(secretName string)
- func (p *InsecureProvider) EnableZeroTrust()
- func (p *InsecureProvider) GetAccessToken(_ string, _ string) (string, error)
- func (p *InsecureProvider) GetMetricsToRegister() map[string]interface{}
- func (p *InsecureProvider) GetSecret(secretName string, keys ...string) (map[string]string, error)
- func (p *InsecureProvider) GetSelfJWT() (string, error)
- func (p *InsecureProvider) HasSecret(secretName string) (bool, error)
- func (p *InsecureProvider) HttpTransport() http.RoundTripper
- func (p *InsecureProvider) IsJWTValid(jwt string) (bool, error)
- func (p *InsecureProvider) IsZeroTrustEnabled() bool
- func (p *InsecureProvider) ListSecretNames() ([]string, error)
- func (p *InsecureProvider) RegisterSecretUpdatedCallback(secretName string, callback func(secretName string)) error
- func (p *InsecureProvider) SecretUpdatedAtSecretName(secretName string)
- func (p *InsecureProvider) SecretsLastUpdated() time.Time
- func (p *InsecureProvider) SecretsUpdated()
- func (p *InsecureProvider) SetHttpTransport(_ http.RoundTripper)
- func (p *InsecureProvider) StoreSecret(secretName string, secrets map[string]string) error
- type SecureProvider
- func (p *SecureProvider) DefaultTokenExpiredCallback(expiredToken string) (replacementToken string, retry bool)
- func (p *SecureProvider) DeregisterSecretUpdatedCallback(secretName string)
- func (p *SecureProvider) EnableZeroTrust()
- func (p *SecureProvider) GetAccessToken(tokenType string, serviceKey string) (string, error)
- func (p *SecureProvider) GetMetricsToRegister() map[string]interface{}
- func (p *SecureProvider) GetSecret(secretName string, keys ...string) (map[string]string, error)
- func (p *SecureProvider) GetSelfJWT() (string, error)
- func (p *SecureProvider) HasSecret(secretName string) (bool, error)
- func (p *SecureProvider) HttpTransport() http.RoundTripper
- func (p *SecureProvider) IsJWTValid(jwt string) (bool, error)
- func (p *SecureProvider) IsZeroTrustEnabled() bool
- func (p *SecureProvider) ListSecretNames() ([]string, error)
- func (p *SecureProvider) LoadServiceSecrets(secretStoreConfig *config.SecretStoreInfo) error
- func (p *SecureProvider) RegisterSecretUpdatedCallback(secretName string, callback func(secretName string)) error
- func (p *SecureProvider) RuntimeTokenExpiredCallback(expiredToken string) (replacementToken string, retry bool)
- func (p *SecureProvider) SecretUpdatedAtSecretName(secretName string)
- func (p *SecureProvider) SecretsLastUpdated() time.Time
- func (p *SecureProvider) SecretsUpdated()
- func (p *SecureProvider) SetClient(client secrets.SecretClient)
- func (p *SecureProvider) SetHttpTransport(rt http.RoundTripper)
- func (p *SecureProvider) StoreSecret(secretName string, secrets map[string]string) error
- type ServiceSecret
- type ServiceSecrets
Constants ¶
const ( EnvSecretStore = "EDGEX_SECURITY_SECRET_STORE" UsernameKey = "username" PasswordKey = "password" // WildcardName is a special secret name that can be used to register a secret callback for any secret. WildcardName = "*" )
const ( TokenTypeConsul = "consul" TokenTypeKeeper = "keeper" AccessTokenAuthError = "HTTP response with status code 403" //nolint: gosec SecretsAuthError = "Received a '403' response" )
Variables ¶
This section is empty.
Functions ¶
func BuildSecretStoreConfig ¶
func BuildSecretStoreConfig(serviceKey string, envVars *environment.Variables, lc logger.LoggingClient) (*config.SecretStoreInfo, error)
BuildSecretStoreConfig is public helper function that builds the SecretStore configuration from default values and environment override.
func IsSecurityEnabled ¶
func IsSecurityEnabled() bool
IsSecurityEnabled determines if security has been enabled.
func NewJWTSecretProvider ¶
func NewJWTSecretProvider(secretProvider interfaces.SecretProviderExt) clientinterfaces.AuthenticationInjector
func NewJWTSecretProviderWithRT ¶
func NewJWTSecretProviderWithRT(secretProvider interfaces.SecretProviderExt, roundTripper_b http.RoundTripper) clientinterfaces.AuthenticationInjector
func NewSecretProvider ¶
func NewSecretProvider( configuration interfaces.Configuration, envVars *environment.Variables, ctx context.Context, startupTimer startup.Timer, dic *di.Container, serviceKey string) (interfaces.SecretProviderExt, error)
NewSecretProvider creates a new fully initialized the Secret Provider.
Types ¶
type InsecureProvider ¶
type InsecureProvider struct {
// contains filtered or unexported fields
}
InsecureProvider implements the SecretProvider interface for insecure secrets
func NewInsecureProvider ¶
func NewInsecureProvider(config interfaces.Configuration, lc logger.LoggingClient, dic *di.Container) *InsecureProvider
NewInsecureProvider creates, initializes Provider for insecure secrets.
func (*InsecureProvider) DeregisterSecretUpdatedCallback ¶
func (p *InsecureProvider) DeregisterSecretUpdatedCallback(secretName string)
DeregisterSecretUpdatedCallback removes a secret's registered callback secretName.
func (*InsecureProvider) EnableZeroTrust ¶
func (p *InsecureProvider) EnableZeroTrust()
func (*InsecureProvider) GetAccessToken ¶
func (p *InsecureProvider) GetAccessToken(_ string, _ string) (string, error)
GetAccessToken returns the AccessToken for the specified type, which in insecure mode is not need so just returning an empty token.
func (*InsecureProvider) GetMetricsToRegister ¶
func (p *InsecureProvider) GetMetricsToRegister() map[string]interface{}
GetMetricsToRegister returns all metric objects that needs to be registered.
func (*InsecureProvider) GetSecret ¶
GetSecret retrieves secrets from a Insecure Secrets secret store. secretName specifies the type or location of the secrets to retrieve. keys specifies the secrets which to retrieve. If no keys are provided then all the keys associated with the specified secretName will be returned.
func (*InsecureProvider) GetSelfJWT ¶
func (p *InsecureProvider) GetSelfJWT() (string, error)
GetSelfJWT returns an encoded JWT for the current identity-based secret store token
func (*InsecureProvider) HasSecret ¶
func (p *InsecureProvider) HasSecret(secretName string) (bool, error)
HasSecret returns true if the service's SecretStore contains a secret at the specified secretName.
func (*InsecureProvider) HttpTransport ¶
func (p *InsecureProvider) HttpTransport() http.RoundTripper
func (*InsecureProvider) IsJWTValid ¶
func (p *InsecureProvider) IsJWTValid(jwt string) (bool, error)
IsJWTValid evaluates a given JWT and returns a true/false if the JWT is valid (i.e. belongs to us and current) or not
func (*InsecureProvider) IsZeroTrustEnabled ¶
func (p *InsecureProvider) IsZeroTrustEnabled() bool
func (*InsecureProvider) ListSecretNames ¶
func (p *InsecureProvider) ListSecretNames() ([]string, error)
ListSecretNames returns a list of SecretName for the current service from an insecure/secure secret store.
func (*InsecureProvider) RegisterSecretUpdatedCallback ¶
func (p *InsecureProvider) RegisterSecretUpdatedCallback(secretName string, callback func(secretName string)) error
RegisterSecretUpdatedCallback registers a callback for a secret. If you specify secret.WildcardName as the secretName, then the callback will be called for any updated secret. Callbacks set for a specific secretName are given a higher precedence over wildcard ones, and will be called instead of the wildcard one if both are present.
func (*InsecureProvider) SecretUpdatedAtSecretName ¶
func (p *InsecureProvider) SecretUpdatedAtSecretName(secretName string)
SecretUpdatedAtSecretName performs updates and callbacks for an updated secret or secretName.
func (*InsecureProvider) SecretsLastUpdated ¶
func (p *InsecureProvider) SecretsLastUpdated() time.Time
SecretsLastUpdated returns the last time insecure secrets were updated
func (*InsecureProvider) SecretsUpdated ¶
func (p *InsecureProvider) SecretsUpdated()
SecretsUpdated resets LastUpdate time for the Insecure Secrets.
func (*InsecureProvider) SetHttpTransport ¶
func (p *InsecureProvider) SetHttpTransport(_ http.RoundTripper)
func (*InsecureProvider) StoreSecret ¶
func (p *InsecureProvider) StoreSecret(secretName string, secrets map[string]string) error
StoreSecret attempts to store the secrets in the ConfigurationProvider's InsecureSecrets. If no ConfigurationProvider is in use, it will return an error.
Note: This does not call SecretUpdatedAtSecretName, SecretsUpdated, or increase the secrets stored metric because those will all occur once the ConfigurationProvider tells the service that the configuration has updated.
type SecureProvider ¶
type SecureProvider struct {
// contains filtered or unexported fields
}
SecureProvider implements the SecretProvider interface
func NewSecureProvider ¶
func NewSecureProvider(ctx context.Context, secretStoreInfo *config.SecretStoreInfo, lc logger.LoggingClient, loader authtokenloader.AuthTokenLoader, runtimeTokenLoader runtimetokenprovider.RuntimeTokenProvider, serviceKey string) *SecureProvider
NewSecureProvider creates & initializes Provider instance for secure secrets.
func (*SecureProvider) DefaultTokenExpiredCallback ¶
func (p *SecureProvider) DefaultTokenExpiredCallback(expiredToken string) (replacementToken string, retry bool)
DefaultTokenExpiredCallback is the default implementation of tokenExpiredCallback function It utilizes the tokenFile to re-read the token and enable retry if any update from the expired token
func (*SecureProvider) DeregisterSecretUpdatedCallback ¶
func (p *SecureProvider) DeregisterSecretUpdatedCallback(secretName string)
DeregisterSecretUpdatedCallback removes a secret's registered callback secretName.
func (*SecureProvider) EnableZeroTrust ¶
func (p *SecureProvider) EnableZeroTrust()
func (*SecureProvider) GetAccessToken ¶
func (p *SecureProvider) GetAccessToken(tokenType string, serviceKey string) (string, error)
GetAccessToken returns the access token for the requested token type.
func (*SecureProvider) GetMetricsToRegister ¶
func (p *SecureProvider) GetMetricsToRegister() map[string]interface{}
GetMetricsToRegister returns all metric objects that needs to be registered.
func (*SecureProvider) GetSecret ¶
GetSecret retrieves secrets from a secret store. secretName specifies the type or location of the secrets to retrieve. keys specifies the secrets which to retrieve. If no keys are provided then all the keys associated with the specified secretName will be returned.
func (*SecureProvider) GetSelfJWT ¶
func (p *SecureProvider) GetSelfJWT() (string, error)
GetSelfJWT returns an encoded JWT for the current identity-based secret store token
func (*SecureProvider) HasSecret ¶
func (p *SecureProvider) HasSecret(secretName string) (bool, error)
HasSecret returns true if the service's SecretStore contains a secret at the specified secretName.
func (*SecureProvider) HttpTransport ¶
func (p *SecureProvider) HttpTransport() http.RoundTripper
func (*SecureProvider) IsJWTValid ¶
func (p *SecureProvider) IsJWTValid(jwt string) (bool, error)
IsJWTValid evaluates a given JWT and returns a true/false if the JWT is valid (i.e. belongs to us and current) or not
func (*SecureProvider) IsZeroTrustEnabled ¶
func (p *SecureProvider) IsZeroTrustEnabled() bool
func (*SecureProvider) ListSecretNames ¶
func (p *SecureProvider) ListSecretNames() ([]string, error)
ListSecretNames returns a list of secretNames for the current service from an insecure/secure secret store.
func (*SecureProvider) LoadServiceSecrets ¶
func (p *SecureProvider) LoadServiceSecrets(secretStoreConfig *config.SecretStoreInfo) error
LoadServiceSecrets loads the service secrets from the specified file and stores them in the service's SecretStore
func (*SecureProvider) RegisterSecretUpdatedCallback ¶
func (p *SecureProvider) RegisterSecretUpdatedCallback(secretName string, callback func(secretName string)) error
RegisterSecretUpdatedCallback registers a callback for a secret. If you specify secret.WildcardName as the secretName, then the callback will be called for any updated secret. Callbacks set for a specific secretName are given a higher precedence over wildcard ones, and will be called instead of the wildcard one if both are present.
func (*SecureProvider) RuntimeTokenExpiredCallback ¶
func (p *SecureProvider) RuntimeTokenExpiredCallback(expiredToken string) (replacementToken string, retry bool)
func (*SecureProvider) SecretUpdatedAtSecretName ¶
func (p *SecureProvider) SecretUpdatedAtSecretName(secretName string)
SecretUpdatedAtSecretName performs updates and callbacks for an updated secret or secretName.
func (*SecureProvider) SecretsLastUpdated ¶
func (p *SecureProvider) SecretsLastUpdated() time.Time
SecretsLastUpdated returns the last time secure secrets were updated
func (*SecureProvider) SecretsUpdated ¶
func (p *SecureProvider) SecretsUpdated()
SecretsUpdated is not need for secure secrets as this is handled when secrets are stored.
func (*SecureProvider) SetClient ¶
func (p *SecureProvider) SetClient(client secrets.SecretClient)
SetClient sets the secret client that is used to access the secure secrets
func (*SecureProvider) SetHttpTransport ¶
func (p *SecureProvider) SetHttpTransport(rt http.RoundTripper)
func (*SecureProvider) StoreSecret ¶
func (p *SecureProvider) StoreSecret(secretName string, secrets map[string]string) error
StoreSecret stores the secrets to a secret store. it sets the values requested at provided keys secretName specifies the type or location of the secrets to store secrets map specifies the "key": "value" pairs of secrets to store
type ServiceSecret ¶
type ServiceSecret struct { SecretName string `json:"secretName" validate:"edgex-dto-none-empty-string"` Imported bool `json:"imported"` SecretData []common.SecretDataKeyValue `json:"secretData" validate:"required,dive"` }
ServiceSecret contains the information about a service's secret to import into a service's SecretStore
type ServiceSecrets ¶
type ServiceSecrets struct {
Secrets []ServiceSecret `json:"secrets" validate:"required,gt=0,dive"`
}
ServiceSecrets contains the list of secrets to import into a service's SecretStore
func UnmarshalServiceSecretsJson ¶
func UnmarshalServiceSecretsJson(data []byte) (*ServiceSecrets, error)
UnmarshalServiceSecretsJson un-marshals the JSON containing the services list of secrets
func (*ServiceSecrets) MarshalJson ¶
func (s *ServiceSecrets) MarshalJson() ([]byte, error)
MarshalJson marshal the service's secrets to JSON.