conjur

package

v0.10.2 Latest Latest Go to latest Published: Aug 28, 2024 License: Apache-2.0, Apache-2.0 Imports: 28 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/external-secrets/external-secrets

Links

Open Source Insights

Documentation ¶

Overview ¶

Package conjur provides a Conjur provider for External Secrets.

Index ¶

Constants
type Client
type ClientAPIImpl
- func (c *ClientAPIImpl) NewClientFromJWT(config conjurapi.Config, jwtToken, jwtServiceID, jwtHostID string) (SecretsClient, error)
- func (c *ClientAPIImpl) NewClientFromKey(config conjurapi.Config, loginPair authn.LoginPair) (SecretsClient, error)
type Provider
type SecretsClient
type SecretsClientFactory

Constants ¶

View Source

const JwtLifespan = 600 // 10 minutes

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	StoreKind string
	// contains filtered or unexported fields
}

Client is a provider for Conjur.

func (*Client) Close ¶ added in v0.9.6

func (c *Client) Close(_ context.Context) error

Close closes the provider.

func (*Client) DeleteSecret ¶ added in v0.9.6

func (c *Client) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error

func (*Client) GetAllSecrets ¶ added in v0.9.6

func (c *Client) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error)

GetAllSecrets gets multiple secrets from the provider and loads into a kubernetes secret. First load all secrets from secretStore path configuration Then, gets secrets from a matching name or matching custom_metadata.

func (*Client) GetConjurClient ¶ added in v0.9.6

func (c *Client) GetConjurClient(ctx context.Context) (SecretsClient, error)

func (*Client) GetSecret ¶ added in v0.9.6

func (c *Client) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error)

GetSecret returns a single secret from the provider.

func (*Client) GetSecretMap ¶ added in v0.9.6

func (c *Client) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error)

GetSecretMap returns multiple k/v pairs from the provider.

func (*Client) PushSecret ¶ added in v0.9.6

func (c *Client) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error

PushSecret will write a single secret into the provider.

func (*Client) SecretExists ¶ added in v0.9.14

func (c *Client) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error)

func (*Client) Validate ¶ added in v0.9.6

func (c *Client) Validate() (esv1beta1.ValidationResult, error)

Validate validates the provider.

type ClientAPIImpl ¶ added in v0.9.6

type ClientAPIImpl struct{}

ClientAPIImpl is an implementation of the ClientAPI interface.

func (*ClientAPIImpl) NewClientFromJWT ¶ added in v0.9.6

func (c *ClientAPIImpl) NewClientFromJWT(config conjurapi.Config, jwtToken, jwtServiceID, jwtHostID string) (SecretsClient, error)

NewClientFromJWT creates a new Conjur client from a JWT token. cannot use the built-in function "conjurapi.NewClientFromJwt" because it requires environment variables see: https://github.com/cyberark/conjur-api-go/blob/b698692392a38e5d38b8440f32ab74206544848a/conjurapi/client.go#L130

func (*ClientAPIImpl) NewClientFromKey ¶ added in v0.9.6

func (c *ClientAPIImpl) NewClientFromKey(config conjurapi.Config, loginPair authn.LoginPair) (SecretsClient, error)

type Provider ¶

type Provider struct {
	NewConjurProvider func(context context.Context, store esv1beta1.GenericStore, kube client.Client, namespace string, corev1 typedcorev1.CoreV1Interface, clientApi SecretsClientFactory) (esv1beta1.SecretsClient, error)
}

func (*Provider) Capabilities ¶

func (p *Provider) Capabilities() esv1beta1.SecretStoreCapabilities

Capabilities returns the provider Capabilities (Read, Write, ReadWrite).

func (*Provider) NewClient ¶

func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Client, namespace string) (esv1beta1.SecretsClient, error)

NewClient creates a new Conjur client.

func (*Provider) ValidateStore ¶

func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error)

ValidateStore validates the store.

type SecretsClient ¶ added in v0.9.6

type SecretsClient interface {
	RetrieveSecret(secret string) (result []byte, err error)
	RetrieveBatchSecrets(variableIDs []string) (map[string][]byte, error)
	Resources(filter *conjurapi.ResourceFilter) (resources []map[string]interface{}, err error)
}

SecretsClient is an interface for the Conjur client.

type SecretsClientFactory ¶ added in v0.9.6

type SecretsClientFactory interface {
	NewClientFromKey(config conjurapi.Config, loginPair authn.LoginPair) (SecretsClient, error)
	NewClientFromJWT(config conjurapi.Config, jwtToken string, jwtServiceID, jwtHostID string) (SecretsClient, error)
}

SecretsClientFactory is an interface for creating a Conjur client.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
fake
util

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL