provider

package
v0.0.0-...-0a271de Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 27, 2025 License: AGPL-3.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Auto uses either controller or k8s backends
	// depending on the model type.
	Auto = "auto"

	// Internal is the controller backend.
	Internal = "internal"
)

Variables

This section is empty.

Functions

func HasAuthRefresh 

func HasAuthRefresh(p SecretBackendProvider) bool

HasAuthRefresh returns true if the provider supports token refresh.

func Register 

func Register(p SecretBackendProvider)

Register registers the named secret backend provider.

Types

type BackendConfig 

type BackendConfig struct {
	BackendType string
	Config      ConfigAttrs
}

BackendConfig is used when constructing a secrets backend.

type ConfigAttrs 

type ConfigAttrs map[string]interface{}

ConfigAttrs defines config attributes for a secrets backend provider.

type ModelBackendConfig 

type ModelBackendConfig struct {
	ControllerUUID string
	ModelUUID      string
	ModelName      string
	BackendConfig
}

ModelBackendConfig is used when constructing a secrets backend for a particular model.

type ModelBackendConfigInfo 

type ModelBackendConfigInfo struct {
	ActiveID string
	Configs  map[string]ModelBackendConfig
}

ModelBackendConfigInfo holds secret backends, one of which is the active backend for a model.

type ProviderConfig 

type ProviderConfig interface {
	// ConfigSchema returns the fields defining the provider config.
	ConfigSchema() configschema.Fields

	// ConfigDefaults returns default attribute values.
	ConfigDefaults() schema.Defaults

	// ValidateConfig returns an error if the new
	//provider config is not valid.
	ValidateConfig(oldCfg, newCfg ConfigAttrs, tokenRotateInterval *time.Duration) error
}

ProviderConfig is implemented by providers that support config validation.

type SecretBackendProvider 

type SecretBackendProvider interface {
	// Type is the type of the backend.
	Type() string

	// Initialise sets up the secrets backend to host secrets for
	// the specified model config.
	Initialise(cfg *ModelBackendConfig) error

	// CleanupSecrets removes any ACLs / resources associated
	// with the removed secrets.
	CleanupSecrets(ctx context.Context, cfg *ModelBackendConfig, accessor secrets.Accessor, removed SecretRevisions) error

	// CleanupModel removes any secrets / ACLs / resources
	// associated with the model config.
	CleanupModel(ctx context.Context, cfg *ModelBackendConfig) error

	// RestrictedConfig returns the config needed to create a
	// secrets backend client restricted to manage the specified
	// owned secrets and read shared secrets for the given entity tag.
	RestrictedConfig(ctx context.Context, adminCfg *ModelBackendConfig, sameController, forDrain bool, accessor secrets.Accessor, owned SecretRevisions, read SecretRevisions) (*BackendConfig, error)

	// NewBackend creates a secrets backend client using the
	// specified model config.
	NewBackend(cfg *ModelBackendConfig) (SecretsBackend, error)
}

SecretBackendProvider instances create secret backends.

func Provider 

func Provider(backendType string) (SecretBackendProvider, error)

Provider returns the named secret backend provider.

type SecretRevisions 

type SecretRevisions map[string]set.Strings

SecretRevisions holds external revision ids for a list of secrets.

func (SecretRevisions) Add 

func (nm SecretRevisions) Add(uri *secrets.URI, revisionIDs ...string)

Add adds a secret with revisions.

func (SecretRevisions) RevisionIDs 

func (nm SecretRevisions) RevisionIDs() (result []string)

RevisionIDs returns all the secret revisions.

type SecretsBackend 

type SecretsBackend interface {
	Ping() error
	SaveContent(_ context.Context, uri *secrets.URI, revision int, value secrets.SecretValue) (string, error)
	GetContent(_ context.Context, revisionId string) (secrets.SecretValue, error)

	// DeleteContent removes the specified content.
	// It *must* return a NotFound error if the content does not exist.
	// This is needed so that juju can handle the case where is secret
	// has been drained and added to a new active backend.
	DeleteContent(_ context.Context, revisionId string) error
}

SecretsBackend is an external secrets backend like vault.

type SupportAuthRefresh 

type SupportAuthRefresh interface {
	RefreshAuth(ctx context.Context, adminCfg BackendConfig, validFor time.Duration) (*BackendConfig, error)
}

SupportAuthRefresh defines the methods to refresh auth tokens.

Source Files

View all Source files

Directories

Path Synopsis
Package juju provides the juju secrets backend.
 Package juju provides the juju secrets backend.
Package kubernetes provides the kubernetes secrets backend.
 Package kubernetes provides the kubernetes secrets backend.
mocks
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.
Package vault provides the vault secrets backend.
 Package vault provides the vault secrets backend.
mocks
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.