Documentation ¶
Index ¶
- Constants
- Variables
- func ObjectMeta(namespace string, managerIdentity string, config secretutils.ConfigInterface, ...) (metav1.ObjectMeta, error)
- func Secret(objectMeta metav1.ObjectMeta, data map[string][]byte) *corev1.Secret
- type GenerateOption
- type GenerateOptions
- type GetOption
- type GetOptions
- type Interface
Constants ¶
const ( // InPlace is a constant for a rotation strategy regenerating a secret and NOT keeping the old one in the system. InPlace rotationStrategy = "inplace" // KeepOld is a constant for a rotation strategy regenerating a secret and keeping the old one in the system. KeepOld rotationStrategy = "keepold" )
const ( // LabelKeyName is a constant for a key of a label on a Secret describing the name. LabelKeyName = "name" // LabelKeyManagedBy is a constant for a key of a label on a Secret describing who is managing it. LabelKeyManagedBy = "managed-by" // LabelKeyManagerIdentity is a constant for a key of a label on a Secret describing which secret manager instance // is managing it. LabelKeyManagerIdentity = "manager-identity" // LabelKeyChecksumConfig is a constant for a key of a label on a Secret describing the checksum of the // configuration used to create the data. LabelKeyChecksumConfig = "checksum-of-config" // LabelKeyChecksumSigningCA is a constant for a key of a label on a Secret describing the checksum of the // certificate authority which has signed the client or server certificate in the data. LabelKeyChecksumSigningCA = "checksum-of-signing-ca" // LabelKeyBundleFor is a constant for a key of a label on a Secret describing that it is a bundle secret for // another secret. LabelKeyBundleFor = "bundle-for" // LabelKeyPersist is a constant for a key of a label on a Secret describing that it should get persisted. LabelKeyPersist = "persist" // LabelKeyLastRotationInitiationTime is a constant for a key of a value on a Secret describing the unix timestamps // of when the last secret rotation was initiated. LabelKeyLastRotationInitiationTime = "last-rotation-initiation-time" // LabelValueTrue is a constant for a value of a label on a Secret describing the value 'true'. LabelValueTrue = "true" // LabelValueSecretsManager is a constant for a value of a label on a Secret describing the value 'secret-manager'. LabelValueSecretsManager = "secrets-manager" )
Variables ¶
var ( // Current sets the Class field to 'current' in the GetOptions. Current = classOption{/* contains filtered or unexported fields */} // Old sets the Class field to 'old' in the GetOptions. Old = classOption{/* contains filtered or unexported fields */} // Bundle sets the Class field to 'bundle' in the GetOptions. Bundle = classOption{/* contains filtered or unexported fields */} )
Functions ¶
func ObjectMeta ¶
func ObjectMeta( namespace string, managerIdentity string, config secretutils.ConfigInterface, lastRotationInitiationTime string, signingCAChecksum *string, persist *bool, bundleFor *string, ) ( metav1.ObjectMeta, error, )
ObjectMeta returns the object meta based on the given settings.
Types ¶
type GenerateOption ¶
type GenerateOption func(Interface, secretutils.ConfigInterface, *GenerateOptions) error
GenerateOption is some configuration that modifies options for a Generate request.
func IgnoreOldSecrets ¶
func IgnoreOldSecrets() GenerateOption
IgnoreOldSecrets returns a function which sets the 'IgnoreOldSecrets' field to true.
func Persist ¶
func Persist() GenerateOption
Persist returns a function which sets the 'Persist' field to true.
func Rotate ¶
func Rotate(strategy rotationStrategy) GenerateOption
Rotate returns a function which sets the 'RotationStrategy' field to the specified value.
func SignedByCA ¶
func SignedByCA(name string) GenerateOption
SignedByCA returns a function which sets the 'SigningCA' field in case the ConfigInterface provided to the Generate request is a CertificateSecretConfig. Additionally, in such case it stores a checksum of the signing CA in the options.
type GenerateOptions ¶
type GenerateOptions struct { // Persist specifies whether the 'persist=true' label should be added to the secret resources. Persist bool // RotationStrategy specifies how the secret should be rotated in case it needs to get rotated. RotationStrategy rotationStrategy // IgnoreOldSecrets specifies whether old secrets should be loaded to the internal store. IgnoreOldSecrets bool // contains filtered or unexported fields }
GenerateOptions are options for Generate calls.
func (*GenerateOptions) ApplyOptions ¶
func (o *GenerateOptions) ApplyOptions(manager Interface, configInterface secretutils.ConfigInterface, opts []GenerateOption) error
ApplyOptions applies the given update options on these options, and then returns itself (for convenient chaining).
type GetOption ¶
type GetOption interface { // ApplyToOptions applies this configuration to the given options. ApplyToOptions(*GetOptions) }
GetOption is some configuration that modifies options for a Get request.
type GetOptions ¶
type GetOptions struct { // Class specifies whether which secret should be returned. By default, the bundle secret is returned. If there is // no bundle secret then it falls back to the current secret. Class *secretClass }
GetOptions are options for Get calls.
func (*GetOptions) ApplyOptions ¶
func (o *GetOptions) ApplyOptions(opts []GetOption) *GetOptions
ApplyOptions applies the given update options on these options, and then returns itself (for convenient chaining).
type Interface ¶
type Interface interface { // Generate generates a secret based on the provided configuration. If the secret for the provided configuration // already exists then it is returned with re-generation. The function also automatically rotates/re-generates the // secret only if necessary (e.g., when the config or the signing CA changes). Generate(context.Context, secretutils.ConfigInterface, ...GenerateOption) (*corev1.Secret, error) // Get returns the secret object for the secret with the given name. By default, the bundle secret will be returned. // If there is no bundle secret then it falls back to the current secret. Note that only those secrets are known // which were detected or generated by prior Generate calls. Get(string, ...GetOption) (*corev1.Secret, bool) // Cleanup deletes no longer required secrets. No longer required secrets are those still existing in the system // which weren't detected by prior Generate calls. Consequently, only call Cleanup after you have executed Generate // calls for all desired secrets. Cleanup(context.Context) error }
Interface describes the methods for managing secrets.