Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Check ¶ added in v0.23.0
func Check(ctx context.Context, source *workloadapi.X509Source) error
Check validates the connectivity to VSecM Safe by calling the "list secrets" API and expecting a successful response. The successful return (`nil`) from this method means that VSecM Safe is up, and VSecM Sentinel is able to establish an authorized request and get a meaningful response body.
Parameters:
- ctx: Context used for operation cancellation and passing metadata such as "correlationId" for logging purposes.
- source: A pointer to a workloadapi.X509Source that provides the necessary credentials for mTLS communication.
Returns:
- An error if the validation fails, the workload source is nil, there's an issue with constructing the API endpoint URL, problems occur during the HTTP request to the VSecM Safe API endpoint, or the response body cannot be read. The error includes a descriptive message indicating the nature of the failure.
func CheckInitialization ¶ added in v0.24.5
func CheckInitialization( ctx context.Context, source *workloadapi.X509Source, ) (bool, error)
CheckInitialization verifies if VSecM Sentinel has executed its init commands stanza successfully. This function utilizes a SPIFFE-based mTLS authentication mechanism to securely connect to a specified API endpoint.
Parameters:
- ctx context.Context: The context carrying the correlation ID used for logging and tracing the operation across different system components. The correlation ID is extracted from the context for error logging purposes.
- source *workloadapi.X509Source: A pointer to an X509Source, which provides the credentials necessary for mTLS configuration. The source must not be nil, as it is essential for establishing the TLS connection.
Returns:
- bool: Returns true if VSecM Sentinel is initialized; false otherwise .
- error: Returns an error if the workload source is nil, URL joining fails, the API call fails, the response body cannot be read, or the JSON response cannot be unmarshalled. The error will provide a detailed message about the nature of the failure.
func Get ¶
Get retrieves secrets from a VSecM Safe API endpoint based on the context and whether encrypted secrets should be shown. The function uses SPIFFE for secure communication, establishing mTLS with the server.
Parameters:
- ctx: Context used for operation cancellation and passing metadata across API boundaries. It must contain a "correlationId" value.
- showEncryptedSecrets: A boolean flag indicating whether to retrieve encrypted secrets. If true, secrets are shown in encrypted form.
func Post ¶
func Post(parentContext context.Context, sc entity.SentinelCommand, ) error
Post handles the posting of secrets to the VSecM Safe API using the provided SentinelCommand.
This function performs the following steps:
- Creates a context with a timeout based on the parent context and environment settings.
- Computes a hash of the secret for logging purposes if configured to do so.
- Acquires a workload source and proceeds only if the source acquisition is successful.
- Depending on the SentinelCommand, it either posts new secrets or deletes existing ones.
Parameters:
- parentContext: The parent context for the request, used for tracing and cancellation.
- sc: The SentinelCommand containing details for the secret management operation.
Returns:
- An error if the operation fails, or nil if successful.
Example usage:
parentContext := context.Background()
sc := entity.SentinelCommand{
WorkloadIds: []string{"workload1"},
Secret: "my-secret",
Namespaces: []string{"namespace1"},
SerializedRootKeys: "key1\nkey2\nkey3",
}
err := Post(parentContext, sc)
if err != nil {
log.Fatal(err)
}
Error Handling:
- If the context times out or is canceled, it logs the error and returns an appropriate message.
- If there is an error during source acquisition, secret generation, or payload processing, it returns an error with details.
Types ¶
This section is empty.
Source Files