Affected by GO-2024-3010 and 2 other vulnerabilities

GO-2024-3010: CVE-2024-6984 in github.com/juju/juju

GO-2024-3040: Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm in github.com/juju/juju

GO-2024-3175: Vulnerable juju introspection abstract UNIX domain socket in github.com/juju/juju

secretsmanager

package

v0.0.0-...-0a82276 Latest Latest Go to latest Published: Nov 29, 2024 License: AGPL-3.0 Imports: 27 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/juju/juju

Documentation ¶

Overview ¶

Package secretsmanager provides the backend implementation for the secretsmanager facade.

Index ¶

func Register(registry facade.FacadeRegistry)
type CrossModelSecretsClient
type CrossModelState
type SecretBackendService
type SecretService
type SecretTriggers
type SecretsConsumer
type SecretsManagerAPI
- func NewSecretManagerAPI(stdCtx context.Context, ctx facade.ModelContext) (*SecretsManagerAPI, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Register ¶

func Register(registry facade.FacadeRegistry)

Register is called to expose a package of facades onto a given registry.

Types ¶

type CrossModelSecretsClient ¶

type CrossModelSecretsClient interface {
	GetRemoteSecretContentInfo(ctx context.Context, uri *coresecrets.URI, revision int, refresh, peek bool, sourceControllerUUID, appToken string, unitId int, macs macaroon.Slice) (*secrets.ContentParams, *secretsprovider.ModelBackendConfig, int, bool, error)
	GetSecretAccessScope(ctx context.Context, uri *coresecrets.URI, appToken string, unitId int) (string, error)
	Close() error
}

CrossModelSecretsClient gets secret content from a cross model controller.

type CrossModelState ¶

type CrossModelState interface {
	GetToken(entity names.Tag) (string, error)
	GetRemoteEntity(token string) (names.Tag, error)
	GetMacaroon(entity names.Tag) (*macaroon.Macaroon, error)
}

type SecretBackendService ¶

type SecretBackendService interface {
	DrainBackendConfigInfo(
		ctx context.Context, p secretbackendservice.DrainBackendConfigParams,
	) (*provider.ModelBackendConfigInfo, error)
	BackendConfigInfo(
		ctx context.Context, p secretbackendservice.BackendConfigParams,
	) (*provider.ModelBackendConfigInfo, error)
}

SecretBackendService provides access to the secret backend service,

type SecretService ¶

type SecretService interface {
	CreateSecretURIs(ctx context.Context, count int) ([]*secrets.URI, error)
	GetSecretValue(context.Context, *secrets.URI, int, secretservice.SecretAccessor) (secrets.SecretValue, *secrets.ValueRef, error)
	ListCharmSecrets(context.Context, ...secretservice.CharmSecretOwner) ([]*secrets.SecretMetadata, [][]*secrets.SecretRevisionMetadata, error)
	ProcessCharmSecretConsumerLabel(
		ctx context.Context, unitName string, uri *secrets.URI, label string, token leadership.Token,
	) (*secrets.URI, *string, error)
	ChangeSecretBackend(ctx context.Context, uri *secrets.URI, revision int, params secretservice.ChangeSecretBackendParams) error
	GetSecretGrants(ctx context.Context, uri *secrets.URI, role secrets.SecretRole) ([]secretservice.SecretAccess, error)
	ListGrantedSecretsForBackend(
		ctx context.Context, backendID string, role secrets.SecretRole, consumers ...secretservice.SecretAccessor,
	) ([]*secrets.SecretRevisionRef, error)
}

SecretService provides core secrets operations.

type SecretTriggers ¶

type SecretTriggers interface {
	WatchSecretRevisionsExpiryChanges(ctx context.Context, owners ...secretservice.CharmSecretOwner) (watcher.SecretTriggerWatcher, error)
	WatchSecretsRotationChanges(ctx context.Context, owners ...secretservice.CharmSecretOwner) (watcher.SecretTriggerWatcher, error)
	WatchObsolete(ctx context.Context, owners ...secretservice.CharmSecretOwner) (watcher.StringsWatcher, error)
	SecretRotated(ctx context.Context, uri *secrets.URI, params secretservice.SecretRotatedParams) error
}

SecretTriggers instances provide secret rotation/expiry apis.

type SecretsConsumer ¶

type SecretsConsumer interface {
	GetSecretConsumer(ctx context.Context, uri *secrets.URI, unitName string) (*secrets.SecretConsumerMetadata, error)
	GetSecretConsumerAndLatest(ctx context.Context, uri *secrets.URI, unitName string) (*secrets.SecretConsumerMetadata, int, error)
	GetURIByConsumerLabel(ctx context.Context, label string, unitName string) (*secrets.URI, error)
	SaveSecretConsumer(ctx context.Context, uri *secrets.URI, unitName string, md *secrets.SecretConsumerMetadata) error
	GetConsumedRevision(
		ctx context.Context, uri *secrets.URI, unitName string,
		refresh, peek bool, labelToUpdate *string) (int, error)
	WatchConsumedSecretsChanges(ctx context.Context, unitName string) (watcher.StringsWatcher, error)
	GrantSecretAccess(context.Context, *secrets.URI, secretservice.SecretAccessParams) error
	RevokeSecretAccess(context.Context, *secrets.URI, secretservice.SecretAccessParams) error
}

SecretsConsumer instances provide secret consumer apis.

type SecretsManagerAPI ¶

type SecretsManagerAPI struct {
	// contains filtered or unexported fields
}

SecretsManagerAPI is the implementation for the SecretsManager facade.

func NewSecretManagerAPI ¶

func NewSecretManagerAPI(stdCtx context.Context, ctx facade.ModelContext) (*SecretsManagerAPI, error)

NewSecretManagerAPI creates a SecretsManagerAPI.

func (*SecretsManagerAPI) CreateSecretURIs ¶

func (s *SecretsManagerAPI) CreateSecretURIs(ctx context.Context, arg params.CreateSecretURIsArg) (params.StringResults, error)

CreateSecretURIs creates new secret URIs.

func (*SecretsManagerAPI) GetConsumerSecretsRevisionInfo ¶

func (s *SecretsManagerAPI) GetConsumerSecretsRevisionInfo(ctx context.Context, args params.GetSecretConsumerInfoArgs) (params.SecretConsumerInfoResults, error)

GetConsumerSecretsRevisionInfo returns the latest secret revisions for the specified secrets. This facade method is used for remote watcher to get the latest secret revisions and labels for a secret changed hook.

func (*SecretsManagerAPI) GetSecretBackendConfigs ¶

func (s *SecretsManagerAPI) GetSecretBackendConfigs(ctx context.Context, arg params.SecretBackendArgs) (params.SecretBackendConfigResults, error)

GetSecretBackendConfigs gets the config needed to create a client to secret backends.

func (*SecretsManagerAPI) GetSecretContentInfo ¶

func (s *SecretsManagerAPI) GetSecretContentInfo(ctx context.Context, args params.GetSecretContentArgs) (params.SecretContentResults, error)

GetSecretContentInfo returns the secret values for the specified secrets.

func (*SecretsManagerAPI) GetSecretMetadata ¶

func (s *SecretsManagerAPI) GetSecretMetadata(ctx context.Context) (params.ListSecretResults, error)

GetSecretMetadata returns metadata for the caller's secrets.

func (*SecretsManagerAPI) GetSecretRevisionContentInfo ¶

func (s *SecretsManagerAPI) GetSecretRevisionContentInfo(ctx context.Context, arg params.SecretRevisionArg) (params.SecretContentResults, error)

GetSecretRevisionContentInfo returns the secret values for the specified secret revisions.

func (*SecretsManagerAPI) SecretsRotated ¶

func (s *SecretsManagerAPI) SecretsRotated(ctx context.Context, args params.SecretRotatedArgs) (params.ErrorResults, error)

SecretsRotated records when secrets were last rotated.

func (*SecretsManagerAPI) WatchConsumedSecretsChanges ¶

func (s *SecretsManagerAPI) WatchConsumedSecretsChanges(ctx context.Context, args params.Entities) (params.StringsWatchResults, error)

WatchConsumedSecretsChanges sets up a watcher to notify of changes to secret revisions for the specified consumers.

func (*SecretsManagerAPI) WatchObsolete ¶

func (s *SecretsManagerAPI) WatchObsolete(ctx context.Context, args params.Entities) (params.StringsWatchResult, error)

WatchObsolete returns a watcher for notifying when:

a secret owned by the entity is deleted
a secret revision owed by the entity no longer has any consumers

Obsolete revisions results are "uri/revno" and deleted secret results are "uri".

func (*SecretsManagerAPI) WatchSecretRevisionsExpiryChanges ¶

func (s *SecretsManagerAPI) WatchSecretRevisionsExpiryChanges(ctx context.Context, args params.Entities) (params.SecretTriggerWatchResult, error)

WatchSecretRevisionsExpiryChanges sets up a watcher to notify of changes to secret revision expiry config.

func (*SecretsManagerAPI) WatchSecretsRotationChanges ¶

func (s *SecretsManagerAPI) WatchSecretsRotationChanges(ctx context.Context, args params.Entities) (params.SecretTriggerWatchResult, error)

WatchSecretsRotationChanges sets up a watcher to notify of changes to secret rotation config.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks Package mocks is a generated GoMock package.	Package mocks is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL