Affected by 
Documentation
¶
Overview ¶
Package secrets provides the service layer for the various secrets backends.
Index ¶
- Constants
- Variables
- func NewClient(jujuAPI JujuAPIClient) (*secretsClient, error)
- func NewClientForContentDeletion(secretsState SecretsState, backendConfigGetter BackendConfigForDeleteGetter) *deleteContentClient
- type BackendConfigForDeleteGetter
- type BackendsClient
- type ContentParams
- type CreateParams
- type JujuAPIClient
- type SecretsState
- type UpdateParams
Constants ¶
View Source
const PermissionDenied = errors.ConstError("permission denied")
PermissionDenied is returned when an api fails due to a permission issue.
View Source
const (
// Version describes the secret format.
Version = 1
)
Variables ¶
View Source
var (
GetBackend = getBackend
)
For testing.
Functions ¶
func NewClient ¶
func NewClient(jujuAPI JujuAPIClient) (*secretsClient, error)
NewClient returns a new secret client configured to use the specified secret backend as a content backend.
func NewClientForContentDeletion ¶
func NewClientForContentDeletion(secretsState SecretsState, backendConfigGetter BackendConfigForDeleteGetter) *deleteContentClient
NewClientForContentDeletion creates a backend client that is solely used for deleting secret content.
Types ¶
type BackendConfigForDeleteGetter ¶
type BackendConfigForDeleteGetter func(backendID string) (*provider.ModelBackendConfigInfo, error)
BackendConfigForDeleteGetter is a func used to get secret backend config to create a backend client used to delete secret content.
type BackendsClient ¶
type BackendsClient interface {
// GetContent returns the content of a secret, either from an external backend if
// one is configured, or from Juju.
GetContent(ctx context.Context, uri *secrets.URI, label string, refresh, peek bool) (secrets.SecretValue, error)
// GetRevisionContent returns the content of a secret revision, either from an external backend if
// one is configured, or from Juju.
GetRevisionContent(ctx context.Context, uri *secrets.URI, revision int) (secrets.SecretValue, error)
// SaveContent saves the content of a secret to an external backend returning the backend id.
SaveContent(ctx context.Context, uri *secrets.URI, revision int, value secrets.SecretValue) (secrets.ValueRef, error)
// DeleteContent deletes a secret from an external backend
// if it exists there.
DeleteContent(ctx context.Context, uri *secrets.URI, revision int) error
// DeleteExternalContent deletes a secret from an external backend.
DeleteExternalContent(ctx context.Context, ref secrets.ValueRef) error
// GetBackend returns the secret client for the provided backend ID.
GetBackend(ctx context.Context, backendID *string, forDrain bool) (provider.SecretsBackend, string, error)
}
BackendsClient provides access to a client which can access secret backends.
type ContentParams ¶
type ContentParams struct {
secrets.SecretValue
ValueRef *secrets.ValueRef
}
ContentParams represents the content of a secret, which is either a secret value or a reference used to access the content from an external provider like vault.
func (*ContentParams) Validate ¶
func (p *ContentParams) Validate() error
Validate returns an error if the content is invalid.
type CreateParams ¶
type CreateParams struct {
Version int
secrets.SecretConfig
Content ContentParams
Owner names.Tag
LeaderToken leadership.Token
}
CreateParams are used to create a secret.
func (*CreateParams) Validate ¶
func (p *CreateParams) Validate() error
Validate returns an error if params are invalid.
type JujuAPIClient ¶
type JujuAPIClient interface {
// GetContentInfo returns info about the content of a secret and the backend config
// needed to make a backend client if necessary.
GetContentInfo(ctx context.Context, uri *secrets.URI, label string, refresh, peek bool) (*ContentParams, *provider.ModelBackendConfig, bool, error)
// GetRevisionContentInfo returns info about the content of a secret revision and the backend config
// needed to make a backend client if necessary.
// If pendingDelete is true, the revision is marked for deletion.
GetRevisionContentInfo(ctx context.Context, uri *secrets.URI, revision int, pendingDelete bool) (*ContentParams, *provider.ModelBackendConfig, bool, error)
// GetSecretBackendConfig fetches the config needed to make secret backend clients.
// If backendID is nil, return the current active backend (if any).
GetSecretBackendConfig(ctx context.Context, backendID *string) (*provider.ModelBackendConfigInfo, error)
// GetBackendConfigForDrain fetches the config needed to make a secret backend client for the drain worker.
GetBackendConfigForDrain(ctx context.Context, backendID *string) (*provider.ModelBackendConfig, string, error)
}
JujuAPIClient provides access to the SecretsManager facade.
type SecretsState ¶
type SecretsState interface {
GetSecretValue(*secrets.URI, int) (secrets.SecretValue, *secrets.ValueRef, error)
}
SecretsState process access to secret state.
type UpdateParams ¶
type UpdateParams struct {
secrets.SecretConfig
Content ContentParams
LeaderToken leadership.Token
}
UpdateParams are used to update a secret.
func (*UpdateParams) Validate ¶
func (p *UpdateParams) Validate() error
Validate returns an error if params are invalid.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package mocks is a generated GoMock package.
|
Package mocks is a generated GoMock package. |
|
juju
Package juju provides the juju secrets backend.
|
Package juju provides the juju secrets backend. |
|
kubernetes
Package kubernetes provides the kubernetes secrets backend.
|
Package kubernetes provides the kubernetes secrets backend. |
|
kubernetes/mocks
Package mocks is a generated GoMock package.
|
Package mocks is a generated GoMock package. |
|
vault
Package vault provides the vault secrets backend.
|
Package vault provides the vault secrets backend. |
|
vault/mocks
Package mocks is a generated GoMock package.
|
Package mocks is a generated GoMock package. |
Click to show internal directories.
Click to hide internal directories.