Documentation
¶
Overview ¶
Package secretspec provides functionality to set and clear secrets in environment variables, files and fields in configuration files, based on a specification provided in a secrets.yml file.
Index ¶
Constants ¶
const (
// SecretEnvPath is the path used to store the environment variable files
SecretEnvPath = ".secretenv"
)
Variables ¶
var ( // DefaultParsers contains the default supported parsers. DefaultParsers = []Parser{ FileParser{}, EnvParser{}, InjectParser{}, } // DefaultFileMode is the default filemode to use for consumables. DefaultFileMode os.FileMode = 0400 )
var ( ErrDuplicateParser = errConsumption.Code("duplicate_parser").ErrorPref("duplicate parser type %s") ErrCannotConvertField = errConsumption.Code("cannot_convert_field").ErrorPref("cannot convert field %s with value %s in config to a %T") ErrParserNotAvailable = errConsumption.Code("parser_not_available").ErrorPref("parser %s is not available") ErrFieldNotSet = errConsumption.Code("field_not_set").ErrorPref("field %s is not set or is not a %T") ErrInvalidSourcePath = errConsumption.Code("invalid_source_path").ErrorPref("invalid source path %s") ErrEmptyParserType = errConsumption.Code("empty_spec_field").Error("cannot parse the spec because the parser type is empty") ErrCannotUnmarshalSpec = errConsumption.Code("cannot_unmarshal_spec").ErrorPref("cannot unmarshal spec: %v") ErrParserNotFound = errConsumption.Code("parser_not_found").Error("parser not found for the spec") ErrPathNotInRoot = errConsumption.Code("path_not_in_root").ErrorPref("the path %s is not a subdirectory of the root %s") ErrDuplicateSpecEntry = errConsumption.Code("duplicate_spec_entry").ErrorPref("duplicate entry `%s` defined in spec") ErrCannotOverwriteFile = errConsumption.Code("cannot_overwrite").ErrorPref("cannot overwrite existing file %s: %s") ErrSecretNotFound = errConsumption.Code("secret_not_found").ErrorPref("secret with path %s is not found in the result") )
Errors
var ( EncodingUTF8 = unicode.UTF8 EncodingUTF16 = unicode.UTF16(unicode.BigEndian, unicode.UseBOM) EncodingUTF16LittleEndian = unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM) EncodingUTF16BigEndian = unicode.UTF16(unicode.BigEndian, unicode.IgnoreBOM) EncodingUTF32 = utf32.UTF32(utf32.BigEndian, utf32.UseBOM) EncodingUTF32LittleEndian = utf32.UTF32(utf32.LittleEndian, utf32.IgnoreBOM) EncodingUTF32BigEndian = utf32.UTF32(utf32.BigEndian, utf32.IgnoreBOM) )
These are the different types of encoding currently supported.
var ( ErrCannotClearEnvironmentVariable = errConsumption.Code("cannot_clear_env_var").ErrorPref("the environment variable could not be cleared: %s") ErrCannotSetEnvironmentVariable = errConsumption.Code("cannot_set_env_var").ErrorPref("the environment variable could not be set: %s") ErrCannotCreateEnvDir = errConsumption.Code("cannot_create_env_dir").ErrorPref("could not create the required directory for storing environment variables: %s") )
Errors
var ( ErrMkdirError = errConsumption.Code("mkdir_error").ErrorPref("could not create directory %s: %v") ErrTargetAlreadyExists = errConsumption.Code("target_already_exists").ErrorPref("target %s already exists") ErrCannotFindAbsPath = errConsumption.Code("cannot_find_abs_path").ErrorPref("cannot find absolute path of file %s: %v") ErrCannotConvertFilemode = errConsumption.Code("cannot_convert_filemode").ErrorPref("cannot convert %s to filemode: %v") ErrInvalidTargetPath = errConsumption.Code("invalid_target_path").ErrorPref("target path %s is invalid") ErrInvalidFileMode = errConsumption.Code("invalid_filemode").ErrorPref("file mode %s is invalid") )
Errors
var ( // ErrCannotReadFile is returned when reading a file fails. Takes the path and an error. ErrCannotReadFile = errConsumption.Code("cannot_read_file").ErrorPref("cannot read file %s: %v") // ErrInjectParseFailed is returned when parsing the contents to inject failed. Takes an error. ErrInjectParseFailed = errConsumption.Code("inject_parse_failed").ErrorPref("failed to parse contents: %v") // ErrInjectFailed is returned when injecting secrets failed. Takes an error. ErrInjectFailed = errConsumption.Code("inject_failed").ErrorPref("failed to inject secrets: %v") )
var ( // DefaultEnvDirFileMode is the filemode used for the environment directory. DefaultEnvDirFileMode os.FileMode = 0700 )
var (
ErrUnsupportedEncoding = errConsumption.Code("unsupported_encoding").ErrorPref("encoding %s not supported")
)
Errors
Functions ¶
func DetectEncoding ¶
DetectEncoding detects the encoding of a text based on its BOM (byte-order mark), returning nil if it cannot detect it. In that case, the character encoding is most often UTF8.
The BOM is added to most UTF16, UTF32 and some UTF8 strings to indicate whether it is BigEndian or LittleEndian encoded. If a valid BOM is found, you can therefore be quite sure about the character encoding used. However, you can never be 100% sure of this result, because you can't tell apart a string without BOM that happens to start with the bytes of a valid BOM and a string with a BOM. So the result of this function should be treated as a best guess. If there is any information specified about the character encoding, that should always be used instead of the result of this function.
Types ¶
type Consumable ¶
type Consumable interface {
// Set sets the consumable to any matching secrets.
Set(secrets map[string]api.SecretVersion) error
// Clear clears the consumable of any content.
Clear() error
// Sources returns a set of full paths of the secrets corresponding to the consumable.
Sources() map[string]struct{}
// Equals returns whether to Consumables have the same target. This can be used to check whether they can exist in the same spec.
Equals(consumable Consumable) bool
String() string
}
Consumable is a secret that can be consumed by a process in an environment.
type EnvParser ¶
type EnvParser struct{}
EnvParser implements a Parser for Env Consumables.
type FileParser ¶
type FileParser struct{}
FileParser is a Parser to parse File Consumables.
func (FileParser) Parse ¶
func (p FileParser) Parse(rootPath string, allowMountAnywhere bool, config map[string]interface{}) (Consumable, error)
Parse parses a config to create a file Consumable.
type Inject ¶
type Inject struct {
// contains filtered or unexported fields
}
Inject implements a consumable that takes a file and injects it with secrets, written to the target file.
func (*Inject) Equals ¶
func (inj *Inject) Equals(consumable Consumable) bool
Equals checks whether two Injects have the same target.
func (*Inject) Set ¶
func (inj *Inject) Set(secrets map[string]api.SecretVersion) error
Set injects all secrets with data from matching secrets in the map and writes to the target file. Though the map may contain other secrets, it must contain all source secrets of this consumable.
type InjectParser ¶
type InjectParser struct{}
InjectParser parses Inject Consumables.
func (InjectParser) Parse ¶
func (p InjectParser) Parse(rootPath string, allowMountAnywhere bool, config map[string]interface{}) (Consumable, error)
Parse parses a config to create an Inject Consumable.
type Parser ¶
type Parser interface {
Parse(rootPath string, allowMountAnywhere bool, config map[string]interface{}) (Consumable, error)
Type() string
}
Parser can create a consumable from a config. Each parser has a Type that must be unique.
type Presenter ¶
type Presenter struct {
// contains filtered or unexported fields
}
Presenter contains Consumables, created by Parsers.
func NewPresenter ¶
NewPresenter creates a Presenter from a given set of Parsers.
func (*Presenter) EmptyConsumables ¶
func (p *Presenter) EmptyConsumables() []Consumable
EmptyConsumables returns a list of all consumables that contain no sources.
func (*Presenter) Parse ¶
Parse initializes a Presenter with consumables, initializing parsers defined by the config.
Source Files