Documentation
¶
Overview ¶
Package volume manages the creation, deletion, and inspection of secret volumes.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ErrExists ¶
type ErrExists string
ErrExists is returned when when attempting to create a volume whose mount point exists. Note this does not mean the volume already exists, just that a conflicting path exists.
type ErrNonExist ¶
type ErrNonExist string
ErrNonExist is returned when attempting to get or destroy a volume that does not exist.
func (ErrNonExist) Error ¶
func (e ErrNonExist) Error() string
func (ErrNonExist) NotFound ¶
func (e ErrNonExist) NotFound() bool
NotFound signals that this error should return a HTTP 404 not found if it causes a HTTP request to fail.
type Manager ¶
type Manager interface {
// Create mounts and populates the requested secret volume.
Create(v *api.Volume) error
// Destroy destroys the secret volume specified by id.
Destroy(id string) error
// Gets returns secret volumes by their id.
Get(id string) (*api.Volume, error)
// List lists all extant secret volumes.
List() (api.Volumes, error)
// MetadataFile returns the metadata filename. Each api.Volume is encoded as
// JSON in a metadata file at the root of its mountpoint.
MetadataFile() string
}
A Manager manages CRD operations for secret volumes.
func NewManager ¶
NewManager creates a new Manager backed by the provided secret producers.
type ManagerOption ¶
type ManagerOption func(*manager) error
A ManagerOption represents an argument to NewManager.
func DirMode ¶
func DirMode(m os.FileMode) ManagerOption
DirMode specifies the octal mode with which to create directories beneath the root of a secret volume. It defaults to 0700.
func FileMode ¶
func FileMode(m os.FileMode) ManagerOption
FileMode specifies the octal mode with which to create files in a secret volume. It defaults to 0600.
func Filesystem ¶
func Filesystem(fs afero.Fs) ManagerOption
Filesystem allows a Manager to be backed by any filesystem implementation supported by https://github.com/spf13/afero. The OS filesystem is used by default.
func MetadataFile ¶
func MetadataFile(f string) ManagerOption
MetadataFile specifies an alternative metadata filename in which to store JSON encoded representations of each api.Volume at their root directory. It defaults to '.meta'.
func WriteJSONSecrets ¶
func WriteJSONSecrets(filename string) ManagerOption
WriteJSONSecrets will cause the manager to merge all secrets produced for a volume into a file containing a JSON encoded map. The provided filename is relative to the volume's root.
type Mounter ¶
type Mounter interface {
// Mount mounts the requested secret volume.
Mount(*api.Volume) error
// Unmount unmounts the secret volume specified by id.
Unmount(id string) error
// Path is a convenience function that returns the (theoretical) mountpoint
// of the secret volume specified by id. Note that it does not guarantee a
// volume with that id is currently or has ever been mounted.
Path(id string) string
// Root returns the parent directory of all the mounts managed by this
// Mounter.
Root() string
}
A Mounter mounts and unmounts secret volumes.
func NewNoopMounter ¶
NewNoopMounter creates a Mounter that simply logs mount and unmount requests. It is primarily used for testing when run in virtual mode..
func NewTmpFsMounter ¶
func NewTmpFsMounter(root string, mo ...TmpFsMounterOption) (Mounter, error)
NewTmpFsMounter creates a Mounter that mounts a tmpfs (i.e. in-memory) volume in which to store secrets. This Mounter is only supported on Linux and as such is only built when GOOS=linux.
type TmpFsMounterOption ¶
type TmpFsMounterOption func(*tmpFsMounter) error
A TmpFsMounterOption represents an argument to NewTmpFsMounter.
func MaxSizeMB ¶
func MaxSizeMB(mb uint) TmpFsMounterOption
MaxSizeMB specifies the maximum size in megabytes each secret volume will be allowed to grow to. It corresponds to the size= tmpfs option and defaults to 100MB.
func MountFlags ¶
func MountFlags(flags uintptr) TmpFsMounterOption
MountFlags specifies the mount flags for each secret volume. It defaults to MS_NOSUID, MS_NODEV, and MS_NOEXEC.
func MountpointMode ¶
func MountpointMode(md uint32) TmpFsMounterOption
MountpointMode specifies the octal permissions with which all mounts will be mounted. It corresponds to the mode= tmpfs option and defaults to 700.
func UnmountFlags ¶
func UnmountFlags(flags int) TmpFsMounterOption
UnmountFlags specifies the umount flags for each secret volume. No flags are set by default.
Source Files