Documentation ¶
Index ¶
- type CredManager
- func (c *CredManager) CreateRole(name string, namespace string, secretName string) error
- func (c *CredManager) CreateRoleBinding(name string, namespace string, roleName string, subjects []rbac.Subject) error
- func (c *CredManager) CreateSecret(name string, namespace string, credSecret *vaultapi.Secret) error
- func (c *CredManager) GetCredential() (*vaultapi.Secret, error)
- func (c *CredManager) IsLeaseExpired(leaseID string) (bool, error)
- func (c *CredManager) RevokeLease(leaseID string) error
- type CredentialManager
- func NewCredentialManagerForAWS(kubeClient kubernetes.Interface, ...) (CredentialManager, error)
- func NewCredentialManagerForAzure(kubeClient kubernetes.Interface, ...) (CredentialManager, error)
- func NewCredentialManagerForDatabase(kubeClient kubernetes.Interface, ...) (CredentialManager, error)
- func NewCredentialManagerForGCP(kubeClient kubernetes.Interface, ...) (CredentialManager, error)
- type SecretEngine
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CredManager ¶
type CredManager struct {
// contains filtered or unexported fields
}
func (*CredManager) CreateRole ¶
func (c *CredManager) CreateRole(name string, namespace string, secretName string) error
Creates kubernetes role
func (*CredManager) CreateRoleBinding ¶
func (c *CredManager) CreateRoleBinding(name string, namespace string, roleName string, subjects []rbac.Subject) error
Create kubernetes role binding
func (*CredManager) CreateSecret ¶
func (c *CredManager) CreateSecret(name string, namespace string, credSecret *vaultapi.Secret) error
Creates a kubernetes secret containing database credential
func (*CredManager) GetCredential ¶
func (c *CredManager) GetCredential() (*vaultapi.Secret, error)
Gets credential from vault
func (*CredManager) IsLeaseExpired ¶
func (c *CredManager) IsLeaseExpired(leaseID string) (bool, error)
https://www.vaultproject.io/api/system/leases.html#read-lease
Whether or not lease is expired in vault In vault, lease is revoked if lease is expired
func (*CredManager) RevokeLease ¶
func (c *CredManager) RevokeLease(leaseID string) error
RevokeLease revokes respective lease It's safe to call multiple time. It doesn't give error even if respective lease_id doesn't exist but it will give an error if lease_id is empty
type CredentialManager ¶
type CredentialManager interface { // Gets credential from vault GetCredential() (*vaultapi.Secret, error) // Creates a kubernetes secret containing postgres credential CreateSecret(name string, namespace string, credential *vaultapi.Secret) error // Creates kubernetes role CreateRole(name string, namespace string, secretName string) error // Creates kubernetes role binding CreateRoleBinding(name string, namespace string, roleName string, subjects []rbac.Subject) error IsLeaseExpired(leaseID string) (bool, error) RevokeLease(leaseID string) error }
func NewCredentialManagerForAWS ¶
func NewCredentialManagerForAWS(kubeClient kubernetes.Interface, appClient appcat_cs.AppcatalogV1alpha1Interface, cr vaultcrd.Interface, awsAKReq *engineapi.AWSAccessKeyRequest) (CredentialManager, error)
func NewCredentialManagerForAzure ¶
func NewCredentialManagerForAzure(kubeClient kubernetes.Interface, appClient appcat_cs.AppcatalogV1alpha1Interface, cr vaultcrd.Interface, azureAKReq *engineapi.AzureAccessKeyRequest) (CredentialManager, error)
func NewCredentialManagerForDatabase ¶
func NewCredentialManagerForDatabase(kubeClient kubernetes.Interface, appClient appcat_cs.AppcatalogV1alpha1Interface, cr dbcrd.Interface, dbAR *dbapi.DatabaseAccessRequest) (CredentialManager, error)
func NewCredentialManagerForGCP ¶
func NewCredentialManagerForGCP(kubeClient kubernetes.Interface, appClient appcat_cs.AppcatalogV1alpha1Interface, cr vaultcrd.Interface, gcpAKReq *engineapi.GCPAccessKeyRequest) (CredentialManager, error)
type SecretEngine ¶
type SecretEngine interface { secret.SecretGetter ParseCredential(secret *vaultapi.Secret) (map[string][]byte, error) GetOwnerReference() metav1.OwnerReference }
Click to show internal directories.
Click to hide internal directories.