Documentation ¶
Index ¶
- Variables
- func CompareStringAndByteSlices(valueString *string, valueByte []byte) bool
- func ConvertKeys(strategy esv1beta1.ExternalSecretConversionStrategy, in map[string][]byte) (map[string][]byte, error)
- func ConvertToType[T any](obj any) (T, error)
- func Decode(strategy esv1beta1.ExternalSecretDecodingStrategy, in []byte) ([]byte, error)
- func DecodeMap(strategy esv1beta1.ExternalSecretDecodingStrategy, in map[string][]byte) (map[string][]byte, error)
- func Deref[V any](v *V) V
- func ErrorContains(out error, want string) bool
- func FetchCACertFromSource(ctx context.Context, opts CreateCertOpts) ([]byte, error)
- func FetchValueFromMetadata[T any](key string, data *apiextensionsv1.JSON, def T) (t T, _ error)
- func GetByteValue(v any) ([]byte, error)
- func GetByteValueFromMap(data map[string]any, key string) ([]byte, error)
- func IsNil(i any) bool
- func JSONMarshal(t any) ([]byte, error)
- func MergeByteMap(dst, src map[string][]byte) map[string][]byte
- func MergeStringMap(dest, src map[string]string)
- func NetworkValidate(endpoint string, timeout time.Duration) error
- func ObjectHash(object any) string
- func Ptr[T any](i T) *T
- func ReverseKeys(strategy esv1alpha1.PushSecretConversionStrategy, in map[string][]byte) (map[string][]byte, error)
- func RewriteMap(operations []esv1beta1.ExternalSecretRewrite, in map[string][]byte) (map[string][]byte, error)
- func RewriteRegexp(operation esv1beta1.ExternalSecretRewriteRegexp, in map[string][]byte) (map[string][]byte, error)
- func RewriteTransform(operation esv1beta1.ExternalSecretRewriteTransform, in map[string][]byte) (map[string][]byte, error)
- func ValidateKeys(in map[string][]byte) error
- func ValidateReferentSecretSelector(store esv1beta1.GenericStore, ref esmeta.SecretKeySelector) error
- func ValidateReferentServiceAccountSelector(store esv1beta1.GenericStore, ref esmeta.ServiceAccountSelector) error
- func ValidateSecretSelector(store esv1beta1.GenericStore, ref esmeta.SecretKeySelector) error
- func ValidateServiceAccountSelector(store esv1beta1.GenericStore, ref esmeta.ServiceAccountSelector) error
- type CreateCertOpts
Constants ¶
This section is empty.
Variables ¶
var ( ErrUnexpectedKey = errors.New("unexpected key in data") ErrSecretType = errors.New("can not handle secret value with type") )
Functions ¶
func CompareStringAndByteSlices ¶ added in v0.9.18
func ConvertKeys ¶ added in v0.5.0
func ConvertKeys(strategy esv1beta1.ExternalSecretConversionStrategy, in map[string][]byte) (map[string][]byte, error)
ConvertKeys converts a secret map into a valid key. Replaces any non-alphanumeric characters depending on convert strategy.
func ConvertToType ¶ added in v0.7.3
func Decode ¶ added in v0.5.8
func Decode(strategy esv1beta1.ExternalSecretDecodingStrategy, in []byte) ([]byte, error)
func DecodeMap ¶ added in v0.5.8
func DecodeMap(strategy esv1beta1.ExternalSecretDecodingStrategy, in map[string][]byte) (map[string][]byte, error)
DecodeMap decodes values from a secretMap.
func ErrorContains ¶ added in v0.4.0
func FetchCACertFromSource ¶ added in v0.10.1
func FetchCACertFromSource(ctx context.Context, opts CreateCertOpts) ([]byte, error)
FetchCACertFromSource creates a CertPool using either a CABundle directly, or a ConfigMap / Secret.
func FetchValueFromMetadata ¶ added in v0.9.14
func FetchValueFromMetadata[T any](key string, data *apiextensionsv1.JSON, def T) (t T, _ error)
FetchValueFromMetadata fetches a key from a metadata if it exists. It will recursively look in embedded values as well. Must be a unique key, otherwise it will just return the first occurrence.
func GetByteValue ¶ added in v0.9.10
func GetByteValueFromMap ¶ added in v0.9.10
func JSONMarshal ¶ added in v0.9.10
JSONMarshal takes an interface and returns a new escaped and encoded byte slice.
func MergeByteMap ¶ added in v0.2.2
MergeByteMap merges map of byte slices.
func MergeStringMap ¶ added in v0.2.2
MergeStringMap performs a deep clone from src to dest.
func NetworkValidate ¶ added in v0.5.2
func ObjectHash ¶ added in v0.3.6
ObjectHash calculates md5 sum of the data contained in the secret.
func ReverseKeys ¶ added in v0.9.15
func ReverseKeys(strategy esv1alpha1.PushSecretConversionStrategy, in map[string][]byte) (map[string][]byte, error)
ReverseKeys reverses a secret map into a valid key map as expected by push secrets. Replaces the unicode encoded representation characters back to the actual unicode character depending on convert strategy.
func RewriteMap ¶ added in v0.5.9
func RewriteRegexp ¶ added in v0.5.9
func RewriteRegexp(operation esv1beta1.ExternalSecretRewriteRegexp, in map[string][]byte) (map[string][]byte, error)
RewriteRegexp rewrites a single Regexp Rewrite Operation.
func RewriteTransform ¶ added in v0.9.8
func RewriteTransform(operation esv1beta1.ExternalSecretRewriteTransform, in map[string][]byte) (map[string][]byte, error)
RewriteTransform applies string transformation on each secret key name to rewrite.
func ValidateKeys ¶ added in v0.5.9
ValidateKeys checks if the keys in the secret map are valid keys for a Kubernetes secret.
func ValidateReferentSecretSelector ¶ added in v0.5.4
func ValidateReferentSecretSelector(store esv1beta1.GenericStore, ref esmeta.SecretKeySelector) error
ValidateReferentSecretSelector allows cluster scoped store without namespace this should replace above ValidateServiceAccountSelector once all providers support referent auth.
func ValidateReferentServiceAccountSelector ¶ added in v0.5.4
func ValidateReferentServiceAccountSelector(store esv1beta1.GenericStore, ref esmeta.ServiceAccountSelector) error
ValidateReferentServiceAccountSelector allows cluster scoped store without namespace this should replace above ValidateServiceAccountSelector once all providers support referent auth.
func ValidateSecretSelector ¶ added in v0.5.0
func ValidateSecretSelector(store esv1beta1.GenericStore, ref esmeta.SecretKeySelector) error
ValidateSecretSelector just checks if the namespace field is present/absent depending on the secret store type. We MUST NOT check the name or key property here. It MAY be defaulted by the provider.
func ValidateServiceAccountSelector ¶ added in v0.5.0
func ValidateServiceAccountSelector(store esv1beta1.GenericStore, ref esmeta.ServiceAccountSelector) error
ValidateServiceAccountSelector just checks if the namespace field is present/absent depending on the secret store type. We MUST NOT check the name or key property here. It MAY be defaulted by the provider.
Types ¶
type CreateCertOpts ¶ added in v0.10.1
type CreateCertOpts struct { CABundle []byte CAProvider *esv1beta1.CAProvider StoreKind string Namespace string Client client.Client }
CreateCertOpts contains options for a cert pool creation.