secrets

package
v1.12.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 8, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source
const CAKey = "ca.crt"

CAKey is the key of the data field of a Secret where the certificate authority must be stored.

View Source
const ClientSecretKey = "client-secret"

ClientSecretKey is the key of the data field of a Secret where the OIDC client secret must be stored.

View Source
const JWTKeyKey = "jwk"

JWTKeyKey is the key of the data field of a Secret where the JWK must be stored.

View Source
const SecretTypeCA api_v1.SecretType = "nginx.org/ca"

SecretTypeCA contains a certificate authority for TLS certificate verification. #nosec G101

View Source
const SecretTypeJWK api_v1.SecretType = "nginx.org/jwk"

SecretTypeJWK contains a JWK (JSON Web Key) for validating JWTs (JSON Web Tokens). #nosec G101

View Source
const SecretTypeOIDC api_v1.SecretType = "nginx.org/oidc"

SecretTypeOIDC contains an OIDC client secret for use in oauth flows. #nosec G101

Variables

This section is empty.

Functions

func IsSupportedSecretType

func IsSupportedSecretType(secretType api_v1.SecretType) bool

IsSupportedSecretType checks if the secret type is supported.

func ValidateCASecret

func ValidateCASecret(secret *api_v1.Secret) error

ValidateCASecret validates the secret. If it is valid, the function returns nil.

func ValidateJWKSecret

func ValidateJWKSecret(secret *api_v1.Secret) error

ValidateJWKSecret validates the secret. If it is valid, the function returns nil.

func ValidateOIDCSecret

func ValidateOIDCSecret(secret *api_v1.Secret) error

ValidateOIDCSecret validates the secret. If it is valid, the function returns nil.

func ValidateSecret

func ValidateSecret(secret *api_v1.Secret) error

ValidateSecret validates the secret. If it is valid, the function returns nil.

func ValidateTLSSecret

func ValidateTLSSecret(secret *api_v1.Secret) error

ValidateTLSSecret validates the secret. If it is valid, the function returns nil.

Types

type FakeSecretStore

type FakeSecretStore struct {
	// contains filtered or unexported fields
}

FakeSecretStore is a fake implementation of SecretStore.

func NewEmptyFakeSecretsStore added in v1.12.0

func NewEmptyFakeSecretsStore() *FakeSecretStore

NewEmptyFakeSecretsStore creates a new empty FakeSecretStore.

func NewFakeSecretsStore

func NewFakeSecretsStore(secrets map[string]*SecretReference) *FakeSecretStore

NewFakeSecretsStore creates a new FakeSecretStore.

func (*FakeSecretStore) AddOrUpdateSecret

func (s *FakeSecretStore) AddOrUpdateSecret(secret *api_v1.Secret)

AddOrUpdateSecret is a fake implementation of AddOrUpdateSecret.

func (*FakeSecretStore) DeleteSecret

func (s *FakeSecretStore) DeleteSecret(key string)

DeleteSecret is a fake implementation of DeleteSecret.

func (*FakeSecretStore) GetSecret

func (s *FakeSecretStore) GetSecret(key string) *SecretReference

GetSecret is a fake implementation of GetSecret.

type LocalSecretStore

type LocalSecretStore struct {
	// contains filtered or unexported fields
}

LocalSecretStore implements SecretStore interface. It validates the secrets and manages them on the file system (via SecretFileManager).

func NewLocalSecretStore

func NewLocalSecretStore(manager SecretFileManager) *LocalSecretStore

NewLocalSecretStore creates a new LocalSecretStore.

func (*LocalSecretStore) AddOrUpdateSecret

func (s *LocalSecretStore) AddOrUpdateSecret(secret *api_v1.Secret)

AddOrUpdateSecret adds or updates a secret. The secret will only be updated on the file system if it is valid and if it is already on the file system. If the secret becomes invalid, it will be removed from the filesystem.

func (*LocalSecretStore) DeleteSecret

func (s *LocalSecretStore) DeleteSecret(key string)

DeleteSecret deletes a secret.

func (*LocalSecretStore) GetSecret

func (s *LocalSecretStore) GetSecret(key string) *SecretReference

GetSecret returns a SecretReference. If the secret doesn't exist, is of an unsupported type, or invalid, the Error field will include an error. If the secret is valid but isn't present on the file system, the secret will be written to the file system.

type SecretFileManager

type SecretFileManager interface {
	AddOrUpdateSecret(secret *api_v1.Secret) string
	DeleteSecret(key string)
}

SecretFileManager manages secrets on the file system.

type SecretReference

type SecretReference struct {
	Secret *api_v1.Secret
	Path   string
	Error  error
}

SecretReference holds a reference to a secret stored on the file system.

type SecretStore

type SecretStore interface {
	AddOrUpdateSecret(secret *api_v1.Secret)
	DeleteSecret(key string)
	GetSecret(key string) *SecretReference
}

SecretStore stores secrets that the Ingress Controller uses.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL