Documentation ¶
Index ¶
- Constants
- func IsSupportedSecretType(secretType api_v1.SecretType) bool
- func ValidateCASecret(secret *api_v1.Secret) error
- func ValidateJWKSecret(secret *api_v1.Secret) error
- func ValidateOIDCSecret(secret *api_v1.Secret) error
- func ValidateSecret(secret *api_v1.Secret) error
- func ValidateTLSSecret(secret *api_v1.Secret) error
- type FakeSecretStore
- type LocalSecretStore
- type SecretFileManager
- type SecretReference
- type SecretStore
Constants ¶
const CAKey = "ca.crt"
CAKey is the key of the data field of a Secret where the certificate authority must be stored.
const ClientSecretKey = "client-secret"
ClientSecretKey is the key of the data field of a Secret where the OIDC client secret must be stored.
const JWTKeyKey = "jwk"
JWTKeyKey is the key of the data field of a Secret where the JWK must be stored.
const SecretTypeCA api_v1.SecretType = "nginx.org/ca"
SecretTypeCA contains a certificate authority for TLS certificate verification. #nosec G101
const SecretTypeJWK api_v1.SecretType = "nginx.org/jwk"
SecretTypeJWK contains a JWK (JSON Web Key) for validating JWTs (JSON Web Tokens). #nosec G101
const SecretTypeOIDC api_v1.SecretType = "nginx.org/oidc"
SecretTypeOIDC contains an OIDC client secret for use in oauth flows. #nosec G101
Variables ¶
This section is empty.
Functions ¶
func IsSupportedSecretType ¶
func IsSupportedSecretType(secretType api_v1.SecretType) bool
IsSupportedSecretType checks if the secret type is supported.
func ValidateCASecret ¶
ValidateCASecret validates the secret. If it is valid, the function returns nil.
func ValidateJWKSecret ¶
ValidateJWKSecret validates the secret. If it is valid, the function returns nil.
func ValidateOIDCSecret ¶
ValidateOIDCSecret validates the secret. If it is valid, the function returns nil.
func ValidateSecret ¶
ValidateSecret validates the secret. If it is valid, the function returns nil.
func ValidateTLSSecret ¶
ValidateTLSSecret validates the secret. If it is valid, the function returns nil.
Types ¶
type FakeSecretStore ¶
type FakeSecretStore struct {
// contains filtered or unexported fields
}
FakeSecretStore is a fake implementation of SecretStore.
func NewEmptyFakeSecretsStore ¶ added in v1.12.0
func NewEmptyFakeSecretsStore() *FakeSecretStore
NewEmptyFakeSecretsStore creates a new empty FakeSecretStore.
func NewFakeSecretsStore ¶
func NewFakeSecretsStore(secrets map[string]*SecretReference) *FakeSecretStore
NewFakeSecretsStore creates a new FakeSecretStore.
func (*FakeSecretStore) AddOrUpdateSecret ¶
func (s *FakeSecretStore) AddOrUpdateSecret(secret *api_v1.Secret)
AddOrUpdateSecret is a fake implementation of AddOrUpdateSecret.
func (*FakeSecretStore) DeleteSecret ¶
func (s *FakeSecretStore) DeleteSecret(key string)
DeleteSecret is a fake implementation of DeleteSecret.
func (*FakeSecretStore) GetSecret ¶
func (s *FakeSecretStore) GetSecret(key string) *SecretReference
GetSecret is a fake implementation of GetSecret.
type LocalSecretStore ¶
type LocalSecretStore struct {
// contains filtered or unexported fields
}
LocalSecretStore implements SecretStore interface. It validates the secrets and manages them on the file system (via SecretFileManager).
func NewLocalSecretStore ¶
func NewLocalSecretStore(manager SecretFileManager) *LocalSecretStore
NewLocalSecretStore creates a new LocalSecretStore.
func (*LocalSecretStore) AddOrUpdateSecret ¶
func (s *LocalSecretStore) AddOrUpdateSecret(secret *api_v1.Secret)
AddOrUpdateSecret adds or updates a secret. The secret will only be updated on the file system if it is valid and if it is already on the file system. If the secret becomes invalid, it will be removed from the filesystem.
func (*LocalSecretStore) DeleteSecret ¶
func (s *LocalSecretStore) DeleteSecret(key string)
DeleteSecret deletes a secret.
func (*LocalSecretStore) GetSecret ¶
func (s *LocalSecretStore) GetSecret(key string) *SecretReference
GetSecret returns a SecretReference. If the secret doesn't exist, is of an unsupported type, or invalid, the Error field will include an error. If the secret is valid but isn't present on the file system, the secret will be written to the file system.
type SecretFileManager ¶
type SecretFileManager interface { AddOrUpdateSecret(secret *api_v1.Secret) string DeleteSecret(key string) }
SecretFileManager manages secrets on the file system.
type SecretReference ¶
SecretReference holds a reference to a secret stored on the file system.
type SecretStore ¶
type SecretStore interface { AddOrUpdateSecret(secret *api_v1.Secret) DeleteSecret(key string) GetSecret(key string) *SecretReference }
SecretStore stores secrets that the Ingress Controller uses.