secrets

package
v0.0.0-...-b9bb202 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2024 License: AGPL-3.0 Imports: 7 Imported by: 0

Documentation

Overview

Package secrets provides the service layer for the various secrets backends.

Index

Constants

View Source
const PermissionDenied = errors.ConstError("permission denied")

PermissionDenied is returned when an api fails due to a permission issue.

View Source
const (
	// Version describes the secret format.
	Version = 1
)

Variables

View Source
var (
	GetBackend = getBackend
)

For testing.

Functions

func NewClient

func NewClient(jujuAPI JujuAPIClient) (*secretsClient, error)

NewClient returns a new secret client configured to use the specified secret backend as a content backend.

func NewClientForContentDeletion

func NewClientForContentDeletion(secretsState SecretsState, backendConfigGetter BackendConfigForDeleteGetter) *deleteContentClient

NewClientForContentDeletion creates a backend client that is solely used for deleting secret content.

Types

type BackendConfigForDeleteGetter

type BackendConfigForDeleteGetter func(backendID string) (*provider.ModelBackendConfigInfo, error)

BackendConfigForDeleteGetter is a func used to get secret backend config to create a backend client used to delete secret content.

type BackendsClient

type BackendsClient interface {
	// GetContent returns the content of a secret, either from an external backend if
	// one is configured, or from Juju.
	GetContent(ctx context.Context, uri *secrets.URI, label string, refresh, peek bool) (secrets.SecretValue, error)

	// GetRevisionContent returns the content of a secret revision, either from an external backend if
	// one is configured, or from Juju.
	GetRevisionContent(ctx context.Context, uri *secrets.URI, revision int) (secrets.SecretValue, error)

	// SaveContent saves the content of a secret to an external backend returning the backend id.
	SaveContent(ctx context.Context, uri *secrets.URI, revision int, value secrets.SecretValue) (secrets.ValueRef, error)

	// DeleteContent deletes a secret from an external backend
	// if it exists there.
	DeleteContent(ctx context.Context, uri *secrets.URI, revision int) error

	// DeleteExternalContent deletes a secret from an external backend.
	DeleteExternalContent(ctx context.Context, ref secrets.ValueRef) error

	// GetBackend returns the secret client for the provided backend ID.
	GetBackend(ctx context.Context, backendID *string, forDrain bool) (provider.SecretsBackend, string, error)
}

BackendsClient provides access to a client which can access secret backends.

type ContentParams

type ContentParams struct {
	secrets.SecretValue
	ValueRef *secrets.ValueRef
}

ContentParams represents the content of a secret, which is either a secret value or a reference used to access the content from an external provider like vault.

func (*ContentParams) Validate

func (p *ContentParams) Validate() error

Validate returns an error if the content is invalid.

type CreateParams

type CreateParams struct {
	Version int

	secrets.SecretConfig
	Content ContentParams
	Owner   names.Tag

	LeaderToken leadership.Token
}

CreateParams are used to create a secret.

func (*CreateParams) Validate

func (p *CreateParams) Validate() error

Validate returns an error if params are invalid.

type JujuAPIClient

type JujuAPIClient interface {
	// GetContentInfo returns info about the content of a secret and the backend config
	// needed to make a backend client if necessary.
	GetContentInfo(ctx context.Context, uri *secrets.URI, label string, refresh, peek bool) (*ContentParams, *provider.ModelBackendConfig, bool, error)
	// GetRevisionContentInfo returns info about the content of a secret revision and the backend config
	// needed to make a backend client if necessary.
	// If pendingDelete is true, the revision is marked for deletion.
	GetRevisionContentInfo(ctx context.Context, uri *secrets.URI, revision int, pendingDelete bool) (*ContentParams, *provider.ModelBackendConfig, bool, error)
	// GetSecretBackendConfig fetches the config needed to make secret backend clients.
	// If backendID is nil, return the current active backend (if any).
	GetSecretBackendConfig(ctx context.Context, backendID *string) (*provider.ModelBackendConfigInfo, error)

	// GetBackendConfigForDrain fetches the config needed to make a secret backend client for the drain worker.
	GetBackendConfigForDrain(ctx context.Context, backendID *string) (*provider.ModelBackendConfig, string, error)
}

JujuAPIClient provides access to the SecretsManager facade.

type SecretsState

type SecretsState interface {
	GetSecretValue(*secrets.URI, int) (secrets.SecretValue, *secrets.ValueRef, error)
}

SecretsState process access to secret state.

type UpdateParams

type UpdateParams struct {
	secrets.SecretConfig
	Content ContentParams

	LeaderToken leadership.Token
}

UpdateParams are used to update a secret.

func (*UpdateParams) Validate

func (p *UpdateParams) Validate() error

Validate returns an error if params are invalid.

Directories

Path Synopsis
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.
all
juju
Package juju provides the juju secrets backend.
Package juju provides the juju secrets backend.
kubernetes
Package kubernetes provides the kubernetes secrets backend.
Package kubernetes provides the kubernetes secrets backend.
kubernetes/mocks
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.
vault
Package vault provides the vault secrets backend.
Package vault provides the vault secrets backend.
vault/mocks
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL