tokenstorage

package

v0.8.3 Latest Latest Go to latest Published: Dec 9, 2022 License: Apache-2.0 Imports: 29 Imported by: 2

Documentation ¶

Index ¶

Variables
type NotifyingTokenStorage
type TestTokenStorage
type TokenStorage
type VaultAuthMethod
type VaultCliArgs
type VaultStorageConfig
- func VaultStorageConfigFromCliArgs(args *VaultCliArgs) *VaultStorageConfig

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	VaultError = errors.New("error in Vault")
)

View Source

var VaultUnknownAuthMethodError = errors.New("unknown Vault authentication method")

Functions ¶

This section is empty.

Types ¶

type NotifyingTokenStorage ¶ added in v0.3.0

type NotifyingTokenStorage struct {
	// Client is the kubernetes client to use to create the v1beta1.SPIAccessTokenDataUpdate objects.
	Client client.Client

	// TokenStorage is the token storage to delegate the actual storage operations to.
	TokenStorage TokenStorage
}

NotifyingTokenStorage is a wrapper around TokenStorage that also automatically creates the v1beta1.SPIAccessTokenDataUpdate objects.

func (NotifyingTokenStorage) Delete ¶ added in v0.3.0

func (n NotifyingTokenStorage) Delete(ctx context.Context, owner *api.SPIAccessToken) error

func (NotifyingTokenStorage) Get ¶ added in v0.3.0

func (n NotifyingTokenStorage) Get(ctx context.Context, owner *api.SPIAccessToken) (token *api.Token, err error)

func (NotifyingTokenStorage) Initialize ¶ added in v0.8.1

func (n NotifyingTokenStorage) Initialize(ctx context.Context) error

func (NotifyingTokenStorage) Store ¶ added in v0.3.0

func (n NotifyingTokenStorage) Store(ctx context.Context, owner *api.SPIAccessToken, token *api.Token) error

type TestTokenStorage ¶ added in v0.3.0

type TestTokenStorage struct {
	InitializeImpl func(context.Context) error
	StoreImpl      func(context.Context, *api.SPIAccessToken, *api.Token) error
	GetImpl        func(ctx context.Context, token *api.SPIAccessToken) (*api.Token, error)
	DeleteImpl     func(context.Context, *api.SPIAccessToken) error
}

func (TestTokenStorage) Delete ¶ added in v0.3.0

func (t TestTokenStorage) Delete(ctx context.Context, owner *api.SPIAccessToken) error

func (TestTokenStorage) Get ¶ added in v0.3.0

func (t TestTokenStorage) Get(ctx context.Context, owner *api.SPIAccessToken) (*api.Token, error)

func (TestTokenStorage) Initialize ¶ added in v0.8.1

func (t TestTokenStorage) Initialize(ctx context.Context) error

func (TestTokenStorage) Store ¶ added in v0.3.0

func (t TestTokenStorage) Store(ctx context.Context, owner *api.SPIAccessToken, token *api.Token) error

type TokenStorage ¶

type TokenStorage interface {
	Initialize(ctx context.Context) error
	Store(ctx context.Context, owner *api.SPIAccessToken, token *api.Token) error
	Get(ctx context.Context, owner *api.SPIAccessToken) (*api.Token, error)
	Delete(ctx context.Context, owner *api.SPIAccessToken) error
}

TokenStorage is a simple interface on top of Kubernetes client to perform CRUD operations on the tokens. This is done so that we can provide either secret-based or Vault-based implementation.

func CreateTestVaultTokenStorage ¶ added in v0.3.0

func CreateTestVaultTokenStorage(t vtesting.T) (*vault.TestCluster, TokenStorage)

func CreateTestVaultTokenStorageWithAuthAndMetrics ¶ added in v0.8.2

func CreateTestVaultTokenStorageWithAuthAndMetrics(t vtesting.T, metricsRegistry *prometheus.Registry) (*vault.TestCluster, TokenStorage, string, string)

func NewSecretsStorage ¶ added in v0.3.0

func NewSecretsStorage(cl client.Client) (TokenStorage, error)

NewSecretsStorage creates a new `TokenStorage` instance using the provided Kubernetes client.

func NewVaultStorage ¶ added in v0.3.0

func NewVaultStorage(vaultTokenStorageConfig *VaultStorageConfig) (TokenStorage, error)

NewVaultStorage creates a new `TokenStorage` instance using the provided Vault instance.

type VaultAuthMethod ¶ added in v0.7.0

type VaultAuthMethod string

const (
	VaultAuthMethodKubernetes VaultAuthMethod = "kubernetes"
	VaultAuthMethodApprole    VaultAuthMethod = "approle"
)

type VaultCliArgs ¶ added in v0.7.3

type VaultCliArgs struct {
	VaultHost                      string          `arg:"--vault-host, env" help:"Mandatory Vault host URL."`
	VaultInsecureTLS               bool            `` /* 150-byte string literal not displayed */
	VaultAuthMethod                VaultAuthMethod `` /* 135-byte string literal not displayed */
	VaultApproleRoleIdFilePath     string          `` /* 131-byte string literal not displayed */
	VaultApproleSecretIdFilePath   string          `` /* 137-byte string literal not displayed */
	VaultKubernetesSATokenFilePath string          `` /* 274-byte string literal not displayed */
	VaultKubernetesRole            string          `` /* 132-byte string literal not displayed */
}

type VaultStorageConfig ¶ added in v0.7.0

type VaultStorageConfig struct {
	Host     string
	AuthType VaultAuthMethod
	Insecure bool

	Role                        string
	ServiceAccountTokenFilePath string

	RoleIdFilePath   string
	SecretIdFilePath string

	MetricsRegisterer prometheus.Registerer
}

func VaultStorageConfigFromCliArgs ¶ added in v0.7.3

func VaultStorageConfigFromCliArgs(args *VaultCliArgs) *VaultStorageConfig

VaultStorageConfigFromCliArgs returns an instance of the VaultStorageConfig with some fields initialized from the corresponding CLI arguments. Notably, the VaultStorageConfig.MetricsRegisterer is NOT configured, because this cannot be done using just the CLI arguments.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL