service

package
v0.0.0-...-0a271de Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 27, 2025 License: AGPL-3.0 Imports: 29 Imported by: 19

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AtomicState 

type AtomicState interface {
	domain.AtomicStateBase

	DeleteSecret(ctx domain.AtomicContext, uri *secrets.URI, revs []int) error
	GetSecretsForOwners(
		ctx domain.AtomicContext, appOwners domainsecret.ApplicationOwners, unitOwners domainsecret.UnitOwners,
	) ([]*secrets.URI, error)

	GetApplicationUUID(ctx domain.AtomicContext, appName string) (coreapplication.ID, error)
	GetUnitUUID(ctx domain.AtomicContext, unitName string) (coreunit.UUID, error)
	GetSecretOwner(ctx domain.AtomicContext, uri *secrets.URI) (domainsecret.Owner, error)

	CheckUserSecretLabelExists(ctx domain.AtomicContext, label string) (bool, error)
	CheckApplicationSecretLabelExists(ctx domain.AtomicContext, appUUID coreapplication.ID, label string) (bool, error)
	CheckUnitSecretLabelExists(ctx domain.AtomicContext, unitUUID coreunit.UUID, label string) (bool, error)
	CreateUserSecret(
		ctx domain.AtomicContext, version int, uri *secrets.URI, secret domainsecret.UpsertSecretParams,
	) error
	CreateCharmApplicationSecret(
		ctx domain.AtomicContext, version int, uri *secrets.URI, appUUID coreapplication.ID, secret domainsecret.UpsertSecretParams,
	) error
	CreateCharmUnitSecret(
		ctx domain.AtomicContext, version int, uri *secrets.URI, unitUUID coreunit.UUID, secret domainsecret.UpsertSecretParams,
	) error
	UpdateSecret(ctx domain.AtomicContext, uri *secrets.URI, secret domainsecret.UpsertSecretParams) error
}

AtomicState describes retrieval and persistence methods for secrets that require atomic transactions.

type ChangeSecretBackendParams 

type ChangeSecretBackendParams struct {
	Accessor SecretAccessor

	ValueRef *secrets.ValueRef
	Data     secrets.SecretData
}

ChangeSecretBackendParams are used to change the backend of a secret.

type CharmSecretOwner 

type CharmSecretOwner struct {
	Kind CharmSecretOwnerKind
	ID   string
}

CharmSecretOwner is the owner of a secret. This is used to query or watch secrets for specified owners.

type CharmSecretOwnerKind 

type CharmSecretOwnerKind string

CharmSecretOwnerKind represents the kind of a charm secret owner entity. 

const (
	ApplicationOwner CharmSecretOwnerKind = "application"
	UnitOwner        CharmSecretOwnerKind = "unit"
)

These represent the kinds of charm secret owner.

type ConsumerInfo 

type ConsumerInfo struct {
	secrets.SecretConsumerMetadata
	Accessor SecretAccessor
}

ConsumerInfo holds information about the consumer of a secret.

type CreateCharmSecretParams 

type CreateCharmSecretParams struct {
	UpdateCharmSecretParams
	Version int

	CharmOwner CharmSecretOwner
}

CreateCharmSecretParams are used to create charm a secret.

type CreateUserSecretParams 

type CreateUserSecretParams struct {
	UpdateUserSecretParams
	Version int
}

CreateUserSecretParams are used to create a user secret.

type DeleteSecretParams 

type DeleteSecretParams struct {
	Accessor SecretAccessor

	Revisions []int
}

DeleteSecretParams are used to delete a secret.

type GrantedSecretsGetter 

type GrantedSecretsGetter func(
	ctx context.Context, backendID string, role secrets.SecretRole, consumers ...SecretAccessor,
) ([]*secrets.SecretRevisionRef, error)

GrantedSecretsGetter returns the revisions on the given backend for which consumers have access with the given role.

type ProviderGetter 

type ProviderGetter func(backendType string) (provider.SecretBackendProvider, error)

ProviderGetter is a func used to get a secret backend provider for a specified type.

type RemoteSecret 

type RemoteSecret struct {
	URI             *secrets.URI
	Label           string
	CurrentRevision int
	LatestRevision  int
	Accessor        SecretAccessor
}

RemoteSecret holds information about a cross model secret.

type SecretAccess 

type SecretAccess struct {
	Scope   SecretAccessScope
	Subject SecretAccessor
	Role    secrets.SecretRole
}

SecretAccess is used to define access to a secret.

type SecretAccessParams 

type SecretAccessParams struct {
	Accessor SecretAccessor

	Scope   SecretAccessScope
	Subject SecretAccessor
	Role    secrets.SecretRole
}

SecretAccessParams are used to define access to a secret.

type SecretAccessScope 

type SecretAccessScope struct {
	Kind SecretAccessScopeKind
	ID   string
}

SecretAccessScope represents the scope of a secret permission.

type SecretAccessScopeKind 

type SecretAccessScopeKind string

SecretAccessScopeKind represents the kind of an access scope for a secret permission. 

const (
	ApplicationAccessScope SecretAccessScopeKind = "application"
	UnitAccessScope        SecretAccessScopeKind = "unit"
	RelationAccessScope    SecretAccessScopeKind = "relation"
	ModelAccessScope       SecretAccessScopeKind = "model"
)

These represent the kinds of secret accessor.

type SecretAccessor 

type SecretAccessor struct {
	Kind SecretAccessorKind
	ID   string
}

SecretAccessor represents an entity that can access a secret.

type SecretAccessorKind 

type SecretAccessorKind string

SecretAccessorKind represents the kind of an entity which can access a secret. 

const (
	ApplicationAccessor       SecretAccessorKind = "application"
	RemoteApplicationAccessor SecretAccessorKind = "remote-application"
	UnitAccessor              SecretAccessorKind = "unit"
	ModelAccessor             SecretAccessorKind = "model"
)

These represent the kinds of secret accessor.

type SecretBackendReferenceMutator 

type SecretBackendReferenceMutator interface {
	// AddSecretBackendReference adds a reference to the
	// secret backend for the given secret revision.
	AddSecretBackendReference(
		ctx context.Context, valueRef *secrets.ValueRef, modelID coremodel.UUID, revisionID string,
	) (func() error, error)

	// RemoveSecretBackendReference removes the reference
	// to the secret backend for the given secret revision.
	RemoveSecretBackendReference(ctx context.Context, revisionIDs ...string) error

	// UpdateSecretBackendReference updates the reference
	// to the secret backend for the given secret revision.
	UpdateSecretBackendReference(
		ctx context.Context, valueRef *secrets.ValueRef, modelID coremodel.UUID, revisionID string,
	) (func() error, error)
}

SecretBackendReferenceMutator describes methods for modifying secret back-end references.

type SecretBackendState 

type SecretBackendState interface {
	SecretBackendReferenceMutator

	// GetModelSecretBackendDetails returns the details of the secret
	// backend that the input model is configured to use.
	GetModelSecretBackendDetails(
		ctx context.Context, modelUUID coremodel.UUID,
	) (secretbackend.ModelSecretBackend, error)

	// ListSecretBackendsForModel returns a list of all secret backends that
	// contain secrets for the specified model, unless includeEmpty is true,
	// in which case all backends are returned.
	ListSecretBackendsForModel(
		ctx context.Context, modelUUID coremodel.UUID, includeEmpty bool,
	) ([]*secretbackend.SecretBackend, error)

	// GetActiveModelSecretBackend returns the active secret backend ID and config for the given model.
	// It returns an error satisfying [modelerrors.NotFound] if the model provided does not exist.
	GetActiveModelSecretBackend(ctx context.Context, modelUUID coremodel.UUID) (string, *provider.ModelBackendConfig, error)
}

SecretBackendState describes persistence methods for working with secret backends in the controller database.

type SecretExport 

type SecretExport struct {
	// Secrets is a slice of the core secret metadata.
	Secrets []*secrets.SecretMetadata
	// Revisions are the secret revisions keyed by secret ID.
	Revisions map[string][]*secrets.SecretRevisionMetadata
	// Content are the locally stored secret content keyed by secret ID.
	Content map[string]map[int]secrets.SecretData
	// Consumers are the secret consumers keyed by secret ID.
	Consumers map[string][]ConsumerInfo
	// RemoteConsumers are the secret remote consumers keyed by secret ID.
	RemoteConsumers map[string][]ConsumerInfo
	// Access are the secret access details keyed by secret ID.
	Access map[string][]SecretAccess
	// RemoteSecrets is a slice of references to cross model secrets.
	RemoteSecrets []RemoteSecret
}

SecretExport defines all the secret data from a model which is exported/imported as part of model migration.

type SecretRotatedParams 

type SecretRotatedParams struct {
	Accessor SecretAccessor

	OriginalRevision int
	Skip             bool
}

SecretRotatedParams are used to mark a secret as rotated.

type SecretService 

type SecretService struct {
	// contains filtered or unexported fields
}

SecretService provides the API for working with secrets.

func NewSecretService 

func NewSecretService(
	secretState State,
	secretBackendState SecretBackendState,
	leaderEnsurer leadership.Ensurer,
	logger logger.Logger,
) *SecretService

NewSecretService returns a new secret service wrapping the specified state.

func (*SecretService) ChangeSecretBackend 

func (s *SecretService) ChangeSecretBackend(
	ctx context.Context, uri *secrets.URI, revision int, params ChangeSecretBackendParams,
) error

ChangeSecretBackend sets the secret backend where the specified secret revision is stored. It returns secreterrors.SecretNotFound is there's no such secret. It returns secreterrors.PermissionDenied if the secret cannot be managed by the accessor.

func (*SecretService) CreateCharmSecret 

func (s *SecretService) CreateCharmSecret(ctx context.Context, uri *secrets.URI, params CreateCharmSecretParams) (errOut error)

CreateCharmSecret creates a charm secret with the specified parameters, returning an error satisfying secreterrors.SecretLabelAlreadyExists if the secret owner already has a secret with the same label.

func (*SecretService) CreateSecretURIs 

func (s *SecretService) CreateSecretURIs(ctx context.Context, count int) ([]*secrets.URI, error)

CreateSecretURIs returns the specified number of new secret URIs.

func (*SecretService) CreateUserSecret 

func (s *SecretService) CreateUserSecret(ctx context.Context, uri *secrets.URI, params CreateUserSecretParams) (errOut error)

CreateUserSecret creates a user secret with the specified parameters, returning an error satisfying secreterrors.SecretLabelAlreadyExists if the secret owner already has a secret with the same label.

func (*SecretService) DeleteObsoleteUserSecretRevisions 

func (s *SecretService) DeleteObsoleteUserSecretRevisions(ctx context.Context) error

DeleteObsoleteUserSecretRevisions deletes any obsolete user secret revisions that are marked as auto-prune.

func (*SecretService) DeleteSecret 

func (s *SecretService) DeleteSecret(ctx context.Context, uri *secrets.URI, params DeleteSecretParams) error

DeleteSecret removes the specified secret. If revisions is nil or the last remaining revisions are removed. It returns secreterrors.PermissionDenied if the secret cannot be managed by the accessor.

func (*SecretService) GetConsumedRevision 

func (s *SecretService) GetConsumedRevision(ctx context.Context, uri *secrets.URI, unitName string, refresh, peek bool, labelToUpdate *string) (int, error)

GetConsumedRevision returns the secret revision number for the specified consumer, possibly updating the label associated with the secret for the consumer.

func (*SecretService) GetSecret 

func (s *SecretService) GetSecret(ctx context.Context, uri *secrets.URI) (*secrets.SecretMetadata, error)

GetSecret returns the secret with the specified URI. If returns secreterrors.SecretNotFound is there's no such secret.

func (*SecretService) GetSecretAccessScope 

func (s *SecretService) GetSecretAccessScope(ctx context.Context, uri *secrets.URI, accessor SecretAccessor) (SecretAccessScope, error)

GetSecretAccessScope returns the access scope for the specified accessor's permission on the secret. It returns an error satisfying secreterrors.SecretNotFound if the secret is not found.

func (*SecretService) GetSecretConsumer 

func (s *SecretService) GetSecretConsumer(ctx context.Context, uri *secrets.URI, unitName string) (*secrets.SecretConsumerMetadata, error)

GetSecretConsumer returns the secret consumer info for the specified unit and secret. If the unit does not exist, an error satisfying [applicationerrors.UnitNotFound] is returned. If the secret does not exist, an error satisfying secreterrors.SecretNotFound is returned. If there's not currently a consumer record for the secret, an error satisfying secreterrors.SecretConsumerNotFound is returned.

func (*SecretService) GetSecretConsumerAndLatest 

func (s *SecretService) GetSecretConsumerAndLatest(ctx context.Context, uri *secrets.URI, unitName string) (*secrets.SecretConsumerMetadata, int, error)

GetSecretConsumerAndLatest returns the secret consumer info for the specified unit and secret, along with the latest revision for the secret. If the unit does not exist, an error satisfying [applicationerrors.UnitNotFound] is returned. If the secret does not exist, an error satisfying secreterrors.SecretNotFound is returned. If there's not currently a consumer record for the secret, the latest revision is still returned, along with an error satisfying secreterrors.SecretConsumerNotFound.

func (*SecretService) GetSecretContentFromBackend 

func (s *SecretService) GetSecretContentFromBackend(ctx context.Context, uri *secrets.URI, rev int) (secrets.SecretValue, error)

GetSecretContentFromBackend retrieves the content for the specified secret revision. If the content is not found, it may be that the secret has been drained so it tries again using the new active backend.

func (*SecretService) GetSecretGrants 

func (s *SecretService) GetSecretGrants(ctx context.Context, uri *secrets.URI, role secrets.SecretRole) ([]SecretAccess, error)

GetSecretGrants returns the subjects which have the specified access to the secret. It returns an error satisfying secreterrors.SecretNotFound if the secret is not found.

func (*SecretService) GetSecretValue 

func (s *SecretService) GetSecretValue(ctx context.Context, uri *secrets.URI, rev int, accessor SecretAccessor) (secrets.SecretValue, *secrets.ValueRef, error)

GetSecretValue returns the value of the specified secret revision. If returns secreterrors.SecretRevisionNotFound is there's no such secret revision.

func (*SecretService) GetSecretsForExport 

func (s *SecretService) GetSecretsForExport(ctx context.Context) (*SecretExport, error)

GetSecretsForExport returns a result containing all the information needed to export secrets to a model description.

func (*SecretService) GetSecretsForOwners 

func (s *SecretService) GetSecretsForOwners(ctx domain.AtomicContext, owners ...CharmSecretOwner) ([]*secrets.URI, error)

GetSecretsForOwners returns the secrets owned by the specified apps and/or units.

func (*SecretService) GetURIByConsumerLabel 

func (s *SecretService) GetURIByConsumerLabel(ctx context.Context, label string, unitName string) (*secrets.URI, error)

GetURIByConsumerLabel looks up the secret URI using the label previously registered by the specified unit, returning an error satisfying secreterrors.SecretNotFound if there's no corresponding URI. If the unit does not exist, an error satisfying [applicationerrors.UnitNotFound] is returned.

func (*SecretService) GetUserSecretURIByLabel 

func (s *SecretService) GetUserSecretURIByLabel(ctx context.Context, label string) (*secrets.URI, error)

GetUserSecretURIByLabel returns the user secret URI with the specified label. If returns secreterrors.SecretNotFound is there's no such secret.

func (*SecretService) GrantSecretAccess 

func (s *SecretService) GrantSecretAccess(ctx context.Context, uri *secrets.URI, params SecretAccessParams) error

GrantSecretAccess grants access to the secret for the specified subject with the specified scope. It returns an error satisfying secreterrors.SecretNotFound if the secret is not found. If an attempt is made to change an existing permission's scope or subject type, an error satisfying secreterrors.InvalidSecretPermissionChange is returned. It returns secreterrors.PermissionDenied if the secret cannot be managed by the accessor.

func (*SecretService) ImportSecrets 

func (s *SecretService) ImportSecrets(ctx context.Context, modelSecrets *SecretExport) error

ImportSecrets saves the supplied secret details to the model.

func (*SecretService) ListCharmSecrets 

func (s *SecretService) ListCharmSecrets(
	ctx context.Context, owners ...CharmSecretOwner,
) ([]*secrets.SecretMetadata, [][]*secrets.SecretRevisionMetadata, error)

ListCharmSecrets returns the secret metadata and revision metadata for any secrets matching the specified owner. The result contains secrets owned by any of the non nil owner attributes. The count of secret and revisions in the result must match.

func (*SecretService) ListCharmSecretsToDrain 

func (s *SecretService) ListCharmSecretsToDrain(
	ctx context.Context,
	owners ...CharmSecretOwner,
) ([]*secrets.SecretMetadataForDrain, error)

ListCharmSecretsToDrain returns secret drain revision info for the secrets owned by the specified apps and units.

func (*SecretService) ListGrantedSecretsForBackend 

func (s *SecretService) ListGrantedSecretsForBackend(
	ctx context.Context, backendID string, role secrets.SecretRole, consumers ...SecretAccessor,
) ([]*secrets.SecretRevisionRef, error)

ListGrantedSecretsForBackend returns the secret revision info for any secrets from the specified backend for which the specified consumers have been granted the specified access.

func (*SecretService) ListSecrets 

func (s *SecretService) ListSecrets(ctx context.Context, uri *secrets.URI,
	revision *int,
	labels domainsecret.Labels,
) ([]*secrets.SecretMetadata, [][]*secrets.SecretRevisionMetadata, error)

ListSecrets returns the secrets matching the specified terms. If multiple values for a given term are specified, secrets matching any of the values for that term are included.

func (*SecretService) ListUserSecretsToDrain 

func (s *SecretService) ListUserSecretsToDrain(ctx context.Context) ([]*secrets.SecretMetadataForDrain, error)

ListUserSecretsToDrain returns secret drain revision info for any user secrets.

func (*SecretService) ProcessCharmSecretConsumerLabel 

func (s *SecretService) ProcessCharmSecretConsumerLabel(
	ctx context.Context, unitName string, uri *secrets.URI, label string,
) (_ *secrets.URI, _ *string, err error)

ProcessCharmSecretConsumerLabel takes a secret consumer, a uri and label which have been used to consume the secret. If the uri is empty, the label and consumer are used to look up the consumed secret uri. This method returns the resulting uri, and optionally the label to update for the consumer.

func (*SecretService) RevokeSecretAccess 

func (s *SecretService) RevokeSecretAccess(ctx context.Context, uri *secrets.URI, params SecretAccessParams) error

RevokeSecretAccess revokes access to the secret for the specified subject. It returns an error satisfying secreterrors.SecretNotFound if the secret is not found.

func (*SecretService) SaveSecretConsumer 

func (s *SecretService) SaveSecretConsumer(ctx context.Context, uri *secrets.URI, unitName string, md *secrets.SecretConsumerMetadata) error

SaveSecretConsumer saves the consumer metadata for the given secret and unit. If the unit does not exist, an error satisfying [applicationerrors.UnitNotFound] is returned. If the secret does not exist, an error satisfying secreterrors.SecretNotFound is returned.

func (*SecretService) SecretRotated 

func (s *SecretService) SecretRotated(ctx context.Context, uri *secrets.URI, params SecretRotatedParams) error

SecretRotated rotates the secret with the specified URI.

func (*SecretService) UpdateCharmSecret 

func (s *SecretService) UpdateCharmSecret(ctx context.Context, uri *secrets.URI, params UpdateCharmSecretParams) error

UpdateCharmSecret updates a charm secret with the specified parameters, returning an error satisfying secreterrors.SecretNotFound if the secret does not exist. It also returns an error satisfying secreterrors.SecretLabelAlreadyExists if the secret owner already has a secret with the same label. It returns secreterrors.PermissionDenied if the secret cannot be managed by the accessor.

func (*SecretService) UpdateRemoteConsumedRevision 

func (s *SecretService) UpdateRemoteConsumedRevision(ctx context.Context, uri *secrets.URI, unitName string, refresh bool) (int, error)

UpdateRemoteConsumedRevision returns the latest revision for the specified secret, updating the tracked revision for the specified consumer if refresh is true.

func (*SecretService) UpdateRemoteSecretRevision 

func (s *SecretService) UpdateRemoteSecretRevision(ctx context.Context, uri *secrets.URI, latestRevision int) error

UpdateRemoteSecretRevision records the specified revision for the secret which has been consumed from a different model.

func (*SecretService) UpdateUserSecret 

func (s *SecretService) UpdateUserSecret(ctx context.Context, uri *secrets.URI, params UpdateUserSecretParams) error

UpdateUserSecret updates a user secret with the specified parameters, returning an error satisfying secreterrors.SecretNotFound if the secret does not exist. It also returns an error satisfying secreterrors.SecretLabelAlreadyExists if the secret owner already has a secret with the same label. It returns secreterrors.PermissionDenied if the secret cannot be managed by the accessor.

type State 

type State interface {
	AtomicState

	GetModelUUID(ctx context.Context) (coremodel.UUID, error)
	DeleteObsoleteUserSecretRevisions(ctx context.Context) ([]string, error)
	GetSecret(ctx context.Context, uri *secrets.URI) (*secrets.SecretMetadata, error)
	GetLatestRevision(ctx context.Context, uri *secrets.URI) (int, error)
	GetSecretValue(ctx context.Context, uri *secrets.URI, revision int) (secrets.SecretData, *secrets.ValueRef, error)
	ListSecrets(ctx context.Context, uri *secrets.URI,
		revision *int, labels domainsecret.Labels,
	) ([]*secrets.SecretMetadata, [][]*secrets.SecretRevisionMetadata, error)
	ListCharmSecrets(ctx context.Context,
		appOwners domainsecret.ApplicationOwners, unitOwners domainsecret.UnitOwners,
	) ([]*secrets.SecretMetadata, [][]*secrets.SecretRevisionMetadata, error)
	GetSecretConsumer(ctx context.Context, uri *secrets.URI, unitName string) (*secrets.SecretConsumerMetadata, int, error)
	SaveSecretConsumer(ctx context.Context, uri *secrets.URI, unitName string, md *secrets.SecretConsumerMetadata) error
	GetUserSecretURIByLabel(ctx context.Context, label string) (*secrets.URI, error)
	GetURIByConsumerLabel(ctx context.Context, label string, unitName string) (*secrets.URI, error)
	GetSecretRemoteConsumer(ctx context.Context, uri *secrets.URI, unitName string) (*secrets.SecretConsumerMetadata, int, error)
	SaveSecretRemoteConsumer(ctx context.Context, uri *secrets.URI, unitName string, md *secrets.SecretConsumerMetadata) error
	UpdateRemoteSecretRevision(ctx context.Context, uri *secrets.URI, latestRevision int) error
	GrantAccess(ctx context.Context, uri *secrets.URI, params domainsecret.GrantParams) error
	RevokeAccess(ctx context.Context, uri *secrets.URI, params domainsecret.AccessParams) error
	GetSecretAccess(ctx context.Context, uri *secrets.URI, params domainsecret.AccessParams) (string, error)
	GetSecretAccessScope(ctx context.Context, uri *secrets.URI, params domainsecret.AccessParams) (*domainsecret.AccessScope, error)
	GetSecretGrants(ctx context.Context, uri *secrets.URI, role secrets.SecretRole) ([]domainsecret.GrantParams, error)
	ListGrantedSecretsForBackend(
		ctx context.Context, backendID string, accessors []domainsecret.AccessParams, role secrets.SecretRole,
	) ([]*secrets.SecretRevisionRef, error)
	ListCharmSecretsToDrain(
		ctx context.Context,
		appOwners domainsecret.ApplicationOwners, unitOwners domainsecret.UnitOwners,
	) ([]*secrets.SecretMetadataForDrain, error)
	ListUserSecretsToDrain(ctx context.Context) ([]*secrets.SecretMetadataForDrain, error)
	SecretRotated(ctx context.Context, uri *secrets.URI, next time.Time) error
	GetRotatePolicy(ctx context.Context, uri *secrets.URI) (secrets.RotatePolicy, error)
	GetRotationExpiryInfo(ctx context.Context, uri *secrets.URI) (*domainsecret.RotationExpiryInfo, error)
	GetSecretRevisionID(ctx context.Context, uri *secrets.URI, revision int) (string, error)
	ChangeSecretBackend(
		ctx context.Context, revisionID uuid.UUID, valueRef *secrets.ValueRef, data secrets.SecretData,
	) error

	// For watching obsolete secret revision changes.
	InitialWatchStatementForObsoleteRevision(
		appOwners domainsecret.ApplicationOwners, unitOwners domainsecret.UnitOwners,
	) (tableName string, statement eventsource.NamespaceQuery)
	GetRevisionIDsForObsolete(
		ctx context.Context, appOwners domainsecret.ApplicationOwners, unitOwners domainsecret.UnitOwners, revisionUUIDs ...string,
	) ([]string, error)

	// For watching obsolete user secret revisions to prune.
	GetObsoleteUserSecretRevisionsReadyToPrune(ctx context.Context) ([]string, error)

	// For watching consumed local secret changes.
	InitialWatchStatementForConsumedSecretsChange(unitName string) (string, eventsource.NamespaceQuery)
	GetConsumedSecretURIsWithChanges(ctx context.Context, unitName string, revisionIDs ...string) ([]string, error)

	// For watching consumed remote secret changes.
	InitialWatchStatementForConsumedRemoteSecretsChange(unitName string) (string, eventsource.NamespaceQuery)
	GetConsumedRemoteSecretURIsWithChanges(ctx context.Context, unitName string, secretIDs ...string) (secretURIs []string, err error)

	// For watching local secret changes that consumed by remote consumers.
	InitialWatchStatementForRemoteConsumedSecretsChangesFromOfferingSide(appName string) (string, eventsource.NamespaceQuery)
	GetRemoteConsumedSecretURIsWithChangesFromOfferingSide(ctx context.Context, appName string, secretIDs ...string) ([]string, error)

	// For watching secret rotation changes.
	InitialWatchStatementForSecretsRotationChanges(
		appOwners domainsecret.ApplicationOwners, unitOwners domainsecret.UnitOwners,
	) (string, eventsource.NamespaceQuery)
	GetSecretsRotationChanges(
		ctx context.Context, appOwners domainsecret.ApplicationOwners, unitOwners domainsecret.UnitOwners, secretIDs ...string,
	) ([]domainsecret.RotationInfo, error)

	// For watching secret revision expiry changes.
	InitialWatchStatementForSecretsRevisionExpiryChanges(
		appOwners domainsecret.ApplicationOwners, unitOwners domainsecret.UnitOwners,
	) (string, eventsource.NamespaceQuery)
	GetSecretsRevisionExpiryChanges(
		ctx context.Context, appOwners domainsecret.ApplicationOwners, unitOwners domainsecret.UnitOwners, revisionUUIDs ...string,
	) ([]domainsecret.ExpiryInfo, error)

	// Methods for loading secrets to be exported.
	AllSecretGrants(ctx context.Context) (map[string][]domainsecret.GrantParams, error)
	AllSecretConsumers(ctx context.Context) (map[string][]domainsecret.ConsumerInfo, error)
	AllSecretRemoteConsumers(ctx context.Context) (map[string][]domainsecret.ConsumerInfo, error)
	AllRemoteSecrets(ctx context.Context) ([]domainsecret.RemoteSecretInfo, error)
}

State describes retrieval and persistence methods needed for the secrets domain service.

type UpdateCharmSecretParams 

type UpdateCharmSecretParams struct {
	Accessor SecretAccessor

	RotatePolicy *secrets.RotatePolicy
	ExpireTime   *time.Time
	Description  *string
	Label        *string
	Params       map[string]interface{}
	Data         secrets.SecretData
	ValueRef     *secrets.ValueRef
	Checksum     string
}

UpdateCharmSecretParams are used to update a charm secret.

type UpdateUserSecretParams 

type UpdateUserSecretParams struct {
	Accessor SecretAccessor

	Description *string
	Label       *string
	Params      map[string]interface{}
	Data        secrets.SecretData
	Checksum    string
	AutoPrune   *bool
}

UpdateUserSecretParams are used to update a user secret.

type WatchableService 

type WatchableService struct {
	SecretService
	// contains filtered or unexported fields
}

WatchableService provides the API for working with the secret service.

func NewWatchableService 

func NewWatchableService(
	secretState State,
	secretBackendState SecretBackendState,
	leaderEnsurer leadership.Ensurer,
	watcherFactory WatcherFactory,
	logger logger.Logger,
) *WatchableService

NewWatchableService returns a new watchable service wrapping the specified state.

func (*WatchableService) WatchConsumedSecretsChanges 

func (s *WatchableService) WatchConsumedSecretsChanges(ctx context.Context, unitName string) (watcher.StringsWatcher, error)

WatchConsumedSecretsChanges watches secrets consumed by the specified unit and returns a watcher which notifies of secret URIs that have had a new revision added.

func (*WatchableService) WatchObsolete 

func (s *WatchableService) WatchObsolete(_ context.Context, owners ...CharmSecretOwner) (watcher.StringsWatcher, error)

WatchObsolete returns a watcher for notifying when:

  • a secret owned by the entity is deleted
  • a secret revision owned by the entity no longer has any consumers

Obsolete revisions results are "uri/revno" and deleted secret results are "uri".

func (*WatchableService) WatchObsoleteUserSecretsToPrune 

func (s *WatchableService) WatchObsoleteUserSecretsToPrune(ctx context.Context) (watcher.NotifyWatcher, error)

WatchObsoleteUserSecretsToPrune returns a watcher that notifies when a user secret revision is obsolete and ready to be pruned.

func (*WatchableService) WatchRemoteConsumedSecretsChanges 

func (s *WatchableService) WatchRemoteConsumedSecretsChanges(_ context.Context, appName string) (watcher.StringsWatcher, error)

WatchRemoteConsumedSecretsChanges watches secrets remotely consumed by any unit of the specified app and retuens a watcher which notifies of secret URIs that have had a new revision added.

func (*WatchableService) WatchSecretRevisionsExpiryChanges 

func (s *WatchableService) WatchSecretRevisionsExpiryChanges(_ context.Context, owners ...CharmSecretOwner) (watcher.SecretTriggerWatcher, error)

WatchSecretRevisionsExpiryChanges returns a watcher that notifies when the expiry time of a secret revision changes.

func (*WatchableService) WatchSecretsRotationChanges 

func (s *WatchableService) WatchSecretsRotationChanges(_ context.Context, owners ...CharmSecretOwner) (watcher.SecretTriggerWatcher, error)

WatchSecretsRotationChanges returns a watcher that notifies when the rotation time of a secret changes.

type WatcherFactory 

type WatcherFactory interface {
	// NewNamespaceWatcher returns a new namespace watcher
	// for events based on the input change mask.
	NewNamespaceWatcher(string, changestream.ChangeType, eventsource.NamespaceQuery) (watcher.StringsWatcher, error)

	// NewNamespaceNotifyMapperWatcher returns a new namespace notify watcher
	// for events based on the input change mask and mapper.
	NewNamespaceNotifyMapperWatcher(
		namespace string, changeMask changestream.ChangeType, mapper eventsource.Mapper,
	) (watcher.NotifyWatcher, error)
}

WatcherFactory describes methods for creating watchers.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.