secretspec

package
v0.34.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 27, 2020 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package secretspec provides functionality to set and clear secrets in environment variables, files and fields in configuration files, based on a specification provided in a secrets.yml file.

Index

Constants

View Source
const (

	// SecretEnvPath is the path used to store the environment variable files
	SecretEnvPath = ".secretenv"
)

Variables

View Source
var (

	// DefaultParsers contains the default supported parsers.
	DefaultParsers = []Parser{
		FileParser{},
		EnvParser{},
		InjectParser{},
	}

	// DefaultFileMode is the default filemode to use for consumables.
	DefaultFileMode os.FileMode = 0400
)
View Source
var (
	ErrDuplicateParser     = errConsumption.Code("duplicate_parser").ErrorPref("duplicate parser type %s")
	ErrCannotConvertField  = errConsumption.Code("cannot_convert_field").ErrorPref("cannot convert field %s with value %s in config to a %T")
	ErrParserNotAvailable  = errConsumption.Code("parser_not_available").ErrorPref("parser %s is not available")
	ErrFieldNotSet         = errConsumption.Code("field_not_set").ErrorPref("field %s is not set or is not a %T")
	ErrInvalidSourcePath   = errConsumption.Code("invalid_source_path").ErrorPref("invalid source path %s")
	ErrEmptyParserType     = errConsumption.Code("empty_spec_field").Error("cannot parse the spec because the parser type is empty")
	ErrCannotUnmarshalSpec = errConsumption.Code("cannot_unmarshal_spec").ErrorPref("cannot unmarshal spec: %v")
	ErrParserNotFound      = errConsumption.Code("parser_not_found").Error("parser not found for the spec")
	ErrPathNotInRoot       = errConsumption.Code("path_not_in_root").ErrorPref("the path %s is not a subdirectory of the root %s")
	ErrDuplicateSpecEntry  = errConsumption.Code("duplicate_spec_entry").ErrorPref("duplicate entry `%s` defined in spec")
	ErrCannotOverwriteFile = errConsumption.Code("cannot_overwrite").ErrorPref("cannot overwrite existing file %s: %s")
	ErrSecretNotFound      = errConsumption.Code("secret_not_found").ErrorPref("secret with path %s is not found in the result")
)

Errors

View Source
var (
	EncodingUTF8              = unicode.UTF8
	EncodingUTF16             = unicode.UTF16(unicode.BigEndian, unicode.UseBOM)
	EncodingUTF16LittleEndian = unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM)
	EncodingUTF16BigEndian    = unicode.UTF16(unicode.BigEndian, unicode.IgnoreBOM)
	EncodingUTF32             = utf32.UTF32(utf32.BigEndian, utf32.UseBOM)
	EncodingUTF32LittleEndian = utf32.UTF32(utf32.LittleEndian, utf32.IgnoreBOM)
	EncodingUTF32BigEndian    = utf32.UTF32(utf32.BigEndian, utf32.IgnoreBOM)
)

These are the different types of encoding currently supported.

View Source
var (
	ErrCannotClearEnvironmentVariable = errConsumption.Code("cannot_clear_env_var").ErrorPref("the environment variable could not be cleared: %s")
	ErrCannotSetEnvironmentVariable   = errConsumption.Code("cannot_set_env_var").ErrorPref("the environment variable could not be set: %s")
	ErrCannotCreateEnvDir             = errConsumption.Code("cannot_create_env_dir").ErrorPref("could not create the required directory for storing environment variables: %s")
)

Errors

View Source
var (
	ErrMkdirError            = errConsumption.Code("mkdir_error").ErrorPref("could not create directory %s: %v")
	ErrTargetAlreadyExists   = errConsumption.Code("target_already_exists").ErrorPref("target %s already exists")
	ErrCannotFindAbsPath     = errConsumption.Code("cannot_find_abs_path").ErrorPref("cannot find absolute path of file %s: %v")
	ErrCannotConvertFilemode = errConsumption.Code("cannot_convert_filemode").ErrorPref("cannot convert %s to filemode: %v")
	ErrInvalidTargetPath     = errConsumption.Code("invalid_target_path").ErrorPref("target path %s is invalid")
	ErrInvalidFileMode       = errConsumption.Code("invalid_filemode").ErrorPref("file mode %s is invalid")
)

Errors

View Source
var (
	// ErrCannotReadFile is returned when reading a file fails. Takes the path and an error.
	ErrCannotReadFile = errConsumption.Code("cannot_read_file").ErrorPref("cannot read file %s: %v")
	// ErrInjectParseFailed is returned when parsing the contents to inject failed. Takes an error.
	ErrInjectParseFailed = errConsumption.Code("inject_parse_failed").ErrorPref("failed to parse contents: %v")
	// ErrInjectFailed is returned when injecting secrets failed. Takes an error.
	ErrInjectFailed = errConsumption.Code("inject_failed").ErrorPref("failed to inject secrets: %v")
)
View Source
var (
	// DefaultEnvDirFileMode is the filemode used for the environment directory.
	DefaultEnvDirFileMode os.FileMode = 0700
)
View Source
var (
	ErrUnsupportedEncoding = errConsumption.Code("unsupported_encoding").ErrorPref("encoding %s not supported")
)

Errors

Functions

func DetectEncoding

func DetectEncoding(input []byte) encoding.Encoding

DetectEncoding detects the encoding of a text based on its BOM (byte-order mark), returning nil if it cannot detect it. In that case, the character encoding is most often UTF8.

The BOM is added to most UTF16, UTF32 and some UTF8 strings to indicate whether it is BigEndian or LittleEndian encoded. If a valid BOM is found, you can therefore be quite sure about the character encoding used. However, you can never be 100% sure of this result, because you can't tell apart a string without BOM that happens to start with the bytes of a valid BOM and a string with a BOM. So the result of this function should be treated as a best guess. If there is any information specified about the character encoding, that should always be used instead of the result of this function.

func EncodingFromString

func EncodingFromString(encodingString string) (encoding.Encoding, error)

EncodingFromString converts a string to the corresponding encoding.Encoding. Argument is case-insensitive.

Types

type Consumable

type Consumable interface {
	// Set sets the consumable to any matching secrets.
	Set(secrets map[string]api.SecretVersion) error
	// Clear clears the consumable of any content.
	Clear() error
	// Sources returns a set of full paths of the secrets corresponding to the consumable.
	Sources() map[string]struct{}
	// Equals returns whether to Consumables have the same target. This can be used to check whether they can exist in the same spec.
	Equals(consumable Consumable) bool
	String() string
}

Consumable is a secret that can be consumed by a process in an environment.

type EnvParser

type EnvParser struct{}

EnvParser implements a Parser for Env Consumables.

func (EnvParser) Parse

func (p EnvParser) Parse(rootPath string, allowMountAnywhere bool, config map[string]interface{}) (Consumable, error)

Parse parses a config to create an Env Consumable.

func (EnvParser) Type

func (p EnvParser) Type() string

Type returns the parser type.

type FileParser

type FileParser struct{}

FileParser is a Parser to parse File Consumables.

func (FileParser) Parse

func (p FileParser) Parse(rootPath string, allowMountAnywhere bool, config map[string]interface{}) (Consumable, error)

Parse parses a config to create a file Consumable.

func (FileParser) Type

func (p FileParser) Type() string

Type returns the parser type.

type Inject

type Inject struct {
	// contains filtered or unexported fields
}

Inject implements a consumable that takes a file and injects it with secrets, written to the target file.

func (*Inject) Clear

func (inj *Inject) Clear() error

Clear removes the injected file from the filesystem.

func (*Inject) Equals

func (inj *Inject) Equals(consumable Consumable) bool

Equals checks whether two Injects have the same target.

func (*Inject) Set

func (inj *Inject) Set(secrets map[string]api.SecretVersion) error

Set injects all secrets with data from matching secrets in the map and writes to the target file. Though the map may contain other secrets, it must contain all source secrets of this consumable.

func (*Inject) Sources

func (inj *Inject) Sources() map[string]struct{}

Sources returns the full paths of the secrets from which the Consumable is sourced.

func (*Inject) String

func (inj *Inject) String() string

String returns the string representation of the Inject.

type InjectParser

type InjectParser struct{}

InjectParser parses Inject Consumables.

func (InjectParser) Parse

func (p InjectParser) Parse(rootPath string, allowMountAnywhere bool, config map[string]interface{}) (Consumable, error)

Parse parses a config to create an Inject Consumable.

func (InjectParser) Type

func (p InjectParser) Type() string

Type returns the parser type.

type Parser

type Parser interface {
	Parse(rootPath string, allowMountAnywhere bool, config map[string]interface{}) (Consumable, error)
	Type() string
}

Parser can create a consumable from a config. Each parser has a Type that must be unique.

type Presenter

type Presenter struct {
	// contains filtered or unexported fields
}

Presenter contains Consumables, created by Parsers.

func NewPresenter

func NewPresenter(rootPath string, allowMountAnywhere bool, parsers ...Parser) (*Presenter, error)

NewPresenter creates a Presenter from a given set of Parsers.

func (*Presenter) Clear

func (p *Presenter) Clear() error

Clear clears all consumables.

func (*Presenter) EmptyConsumables

func (p *Presenter) EmptyConsumables() []Consumable

EmptyConsumables returns a list of all consumables that contain no sources.

func (*Presenter) Parse

func (p *Presenter) Parse(data []byte) error

Parse initializes a Presenter with consumables, initializing parsers defined by the config.

func (*Presenter) Set

func (p *Presenter) Set(secrets map[string]api.SecretVersion) error

Set sets all consumables that correspond to the given secrets.

func (*Presenter) Sources

func (p *Presenter) Sources() map[string]struct{}

Sources returns the full paths of all secrets sourced within the presenter.

type Spec

type Spec map[string]map[string]interface{}

Spec is used to unmarshal a consumable block correctly.

type SpecFile

type SpecFile struct {
	Secrets []Spec `json:"secrets" yaml:"secrets"`
}

SpecFile is used to unmarshal a spec file correctly.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL