Affected by 
Documentation
¶
Index ¶
- Variables
- func AdminBackendConfigInfo(model Model) (*provider.ModelBackendConfigInfo, error)
- func AuthTagApp(authTag names.Tag) string
- func BackendConfigInfo(model Model, sameController bool, backendIDs []string, wantAll bool, ...) (*provider.ModelBackendConfigInfo, error)
- func BackendSummaryInfo(statePool StatePool, backendState SecretsBackendState, ...) ([]params.SecretBackendResult, error)
- func CanManage(api SecretsConsumer, leadershipChecker leadership.Checker, authTag names.Tag, ...) (leadership.Token, error)
- func CanRead(api SecretsConsumer, authTag names.Tag, uri *coresecrets.URI, entity names.Tag) (bool, error)
- func DrainBackendConfigInfo(backendID string, model Model, authTag names.Tag, ...) (*provider.ModelBackendConfigInfo, error)
- func GetSecretMetadata(ownerTag names.Tag, secretsState SecretsMetaState, ...) (params.ListSecretResults, error)
- func IsLeaderUnit(authTag names.Tag, leadershipChecker leadership.Checker) (bool, error)
- func IsSameApplication(authTag names.Tag, tag names.Tag) bool
- func LeadershipToken(authTag names.Tag, leadershipChecker leadership.Checker) (leadership.Token, error)
- func OwnerToken(authTag names.Tag, ownerTag names.Tag, leadershipChecker leadership.Checker) (leadership.Token, error)
- func PingBackend(p provider.SecretBackendProvider, cfg provider.ConfigAttrs) error
- func RemoveSecretsForAgent(removeState SecretsRemoveState, adminConfigGetter BackendAdminConfigGetter, ...) (params.ErrorResults, error)
- func RemoveUserSecrets(removeState SecretsRemoveState, adminConfigGetter BackendAdminConfigGetter, ...) (params.ErrorResults, error)
- func SecretCleanupBackendConfigInfo(model Model, backendID string) (*provider.ModelBackendConfigInfo, error)
- type BackendAdminConfigGetter
- type BackendConfigGetter
- type BackendDrainConfigGetter
- type BackendFilter
- type Credential
- type ListSecretsState
- type Model
- type SecretsBackendState
- type SecretsConsumer
- type SecretsDrainAPI
- type SecretsGetter
- type SecretsMetaState
- type SecretsRemoveState
- type SecretsState
- type StatePool
Constants ¶
This section is empty.
Variables ¶
var ( GetProvider = provider.Provider GetSecretsState = getSecretsState GetSecretBackendsState = getSecretBackendsState )
For testing.
Functions ¶
func AdminBackendConfigInfo ¶
func AdminBackendConfigInfo(model Model) (*provider.ModelBackendConfigInfo, error)
AdminBackendConfigInfo returns the admin config for the secret backends is use by the specified model. If external backend is configured, it returns the external backend together with the "internal" backend and the k8s backend for k8s models.
func AuthTagApp ¶
func AuthTagApp(authTag names.Tag) string
AuthTagApp returns the application name of the authenticated entity.
func BackendConfigInfo ¶
func BackendConfigInfo(model Model, sameController bool, backendIDs []string, wantAll bool, authTag names.Tag, leadershipChecker leadership.Checker) (*provider.ModelBackendConfigInfo, error)
BackendConfigInfo returns the config to create a secret backend for the specified backend IDs. This is called to provide config to a client like a unit agent which needs to access secrets. The authTag is the agent which needs access. The client is expected to be restricted to write only those secrets owned by the agent, and read only those secrets shared with the agent. The result includes config for all relevant backends, including the id of the current active backend.
func BackendSummaryInfo ¶
func BackendSummaryInfo( statePool StatePool, backendState SecretsBackendState, secretState SecretsState, controllerUUID string, reveal bool, filter BackendFilter, ) ([]params.SecretBackendResult, error)
BackendSummaryInfo returns a summary of the status of the secret backends relevant to the specified models. This method is used by the secretsbackend and modelmanager client facades; it is tested on the secretsbackend facade package.
func CanManage ¶
func CanManage( api SecretsConsumer, leadershipChecker leadership.Checker, authTag names.Tag, uri *coresecrets.URI, ) (leadership.Token, error)
CanManage checks that the authenticated caller can manage the secret, and returns a token to ensure leadership if that is required; ie if the request is for a secret owned by an application, the entity must be the unit leader.
func CanRead ¶
func CanRead(api SecretsConsumer, authTag names.Tag, uri *coresecrets.URI, entity names.Tag) (bool, error)
CanRead returns true if the specified entity can read the secret.
func DrainBackendConfigInfo ¶
func DrainBackendConfigInfo(backendID string, model Model, authTag names.Tag, leadershipChecker leadership.Checker) (*provider.ModelBackendConfigInfo, error)
DrainBackendConfigInfo returns the secret backend config for the drain worker to use.
func GetSecretMetadata ¶
func GetSecretMetadata( ownerTag names.Tag, secretsState SecretsMetaState, leadershipChecker leadership.Checker, filter func(*coresecrets.SecretMetadata, *coresecrets.SecretRevisionMetadata) bool, ) (params.ListSecretResults, error)
GetSecretMetadata returns the secrets metadata for the given filter.
func IsLeaderUnit ¶
func IsLeaderUnit(authTag names.Tag, leadershipChecker leadership.Checker) (bool, error)
IsLeaderUnit returns true if the authenticated caller is the unit leader of its application.
func IsSameApplication ¶
func IsSameApplication(authTag names.Tag, tag names.Tag) bool
IsSameApplication returns true if the authenticated entity and the specified entity are in the same application.
func LeadershipToken ¶
func LeadershipToken(authTag names.Tag, leadershipChecker leadership.Checker) (leadership.Token, error)
LeadershipToken returns a token used to determine if the authenticated caller is the unit leader of its application.
func OwnerToken ¶
func OwnerToken(authTag names.Tag, ownerTag names.Tag, leadershipChecker leadership.Checker) (leadership.Token, error)
OwnerToken returns a token used to determine if the specified entity is owned by the authenticated caller.
func PingBackend ¶
func PingBackend(p provider.SecretBackendProvider, cfg provider.ConfigAttrs) error
PingBackend instantiates a backend and pings it.
func RemoveSecretsForAgent ¶
func RemoveSecretsForAgent( removeState SecretsRemoveState, adminConfigGetter BackendAdminConfigGetter, args params.DeleteSecretArgs, modelUUID string, canDelete func(*coresecrets.URI) error, ) (params.ErrorResults, error)
RemoveSecretsForAgent removes the specified secrets for agent. The secrets are only removed from the state and the caller must have permission to manage the secret(secret owners remove secrets from the backend on uniter side).
func RemoveUserSecrets ¶
func RemoveUserSecrets( removeState SecretsRemoveState, adminConfigGetter BackendAdminConfigGetter, authTag names.Tag, args params.DeleteSecretArgs, modelUUID string, canDelete func(*coresecrets.URI) error, ) (params.ErrorResults, error)
RemoveUserSecrets removes the specified user supplied secrets. The secrets are removed from the state and backend, and the caller must have model admin access.
func SecretCleanupBackendConfigInfo ¶
func SecretCleanupBackendConfigInfo(model Model, backendID string) (*provider.ModelBackendConfigInfo, error)
SecretCleanupBackendConfigInfo returns the config to delete any application owned secrets when the app is removed.
Types ¶
type BackendAdminConfigGetter ¶
type BackendAdminConfigGetter func() (*provider.ModelBackendConfigInfo, error)
BackendAdminConfigGetter is a func used to get admin level secret backend config.
type BackendConfigGetter ¶
type BackendConfigGetter func(backendIDs []string, wantAll bool) (*provider.ModelBackendConfigInfo, error)
BackendConfigGetter is a func used to get secret backend config.
type BackendDrainConfigGetter ¶
type BackendDrainConfigGetter func(string) (*provider.ModelBackendConfigInfo, error)
BackendDrainConfigGetter is a func used to get secret backend config for draining.
type BackendFilter ¶
BackendFilter is used when listing secret backends.
type Credential ¶
Credential represents a cloud credential.
type ListSecretsState ¶
type ListSecretsState interface {
ListSecrets(state.SecretsFilter) ([]*secrets.SecretMetadata, error)
}
ListSecretsState instances provide secret metadata apis.
type Model ¶
type Model interface {
ControllerUUID() string
Cloud() (cloud.Cloud, error)
CloudCredential() (Credential, error)
Config() (*config.Config, error)
UUID() string
Name() string
Type() state.ModelType
State() *state.State
ModelConfig() (*config.Config, error)
WatchForModelConfigChanges() state.NotifyWatcher
}
Model defines a subset of state model methods.
type SecretsBackendState ¶
type SecretsBackendState interface {
GetSecretBackendByID(ID string) (*secrets.SecretBackend, error)
ListSecretBackends() ([]*secrets.SecretBackend, error)
}
type SecretsConsumer ¶
type SecretsConsumer interface {
SecretAccess(uri *secrets.URI, subject names.Tag) (secrets.SecretRole, error)
}
SecretsConsumer instances provide secret consumer apis.
type SecretsDrainAPI ¶
type SecretsDrainAPI struct {
// contains filtered or unexported fields
}
SecretsDrainAPI is the implementation for the SecretsDrain facade.
func NewSecretsDrainAPI ¶
func NewSecretsDrainAPI( authTag names.Tag, authorizer facade.Authorizer, resources facade.Resources, leadershipChecker leadership.Checker, model Model, secretsState SecretsMetaState, secretsConsumer SecretsConsumer, ) (*SecretsDrainAPI, error)
NewSecretsDrainAPI returns a new SecretsDrainAPI.
func (*SecretsDrainAPI) ChangeSecretBackend ¶
func (s *SecretsDrainAPI) ChangeSecretBackend(args params.ChangeSecretBackendArgs) (params.ErrorResults, error)
ChangeSecretBackend updates the backend for the specified secret after migration done.
func (*SecretsDrainAPI) GetSecretsToDrain ¶
func (s *SecretsDrainAPI) GetSecretsToDrain() (params.ListSecretResults, error)
GetSecretsToDrain returns metadata for the secrets that need to be drained.
func (*SecretsDrainAPI) WatchSecretBackendChanged ¶
func (s *SecretsDrainAPI) WatchSecretBackendChanged() (params.NotifyWatchResult, error)
WatchSecretBackendChanged sets up a watcher to notify of changes to the secret backend.
type SecretsGetter ¶
type SecretsMetaState ¶
type SecretsMetaState interface {
ListSecrets(state.SecretsFilter) ([]*secrets.SecretMetadata, error)
ListSecretRevisions(uri *secrets.URI) ([]*secrets.SecretRevisionMetadata, error)
SecretGrants(uri *secrets.URI, role secrets.SecretRole) ([]secrets.AccessInfo, error)
ChangeSecretBackend(state.ChangeSecretBackendParams) error
}
SecretsMetaState instances provide secret metadata apis.
type SecretsRemoveState ¶
type SecretsRemoveState interface {
DeleteSecret(*secrets.URI, ...int) ([]secrets.ValueRef, error)
GetSecret(*secrets.URI) (*secrets.SecretMetadata, error)
GetSecretRevision(uri *secrets.URI, revision int) (*secrets.SecretRevisionMetadata, error)
ListSecretRevisions(uri *secrets.URI) ([]*secrets.SecretRevisionMetadata, error)
ListSecrets(state.SecretsFilter) ([]*secrets.SecretMetadata, error)
}
SecretsRemoveState instances provide secret removal apis.
type SecretsState ¶
SecretsState instances provide secret apis.
Source Files
Directories