Documentation ¶
Index ¶
Constants ¶
const ( // SecretsProviderAPI is the endpoint for fetching secrets from plugins SecretsProviderAPI = "/SecretProvider.GetSecret" // SecretsProviderCapability is the secrets provider plugin capability identification SecretsProviderCapability = "secretprovider" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DriverProvider ¶
type DriverProvider struct {
// contains filtered or unexported fields
}
DriverProvider provides external drivers
func New ¶
func New(pluginGetter plugingetter.PluginGetter) *DriverProvider
New returns a new driver provider
func (*DriverProvider) NewSecretDriver ¶
func (m *DriverProvider) NewSecretDriver(driver *api.Driver) (*SecretDriver, error)
NewSecretDriver creates a new driver for fetching secrets
type EndpointSpec ¶
type EndpointSpec struct { Mode int32 `json:",omitempty"` Ports []PortConfig `json:",omitempty"` }
EndpointSpec represents the spec of an endpoint.
type PortConfig ¶
type PortConfig struct { Name string `json:",omitempty"` Protocol int32 `json:",omitempty"` // TargetPort is the port inside the container TargetPort uint32 `json:",omitempty"` // PublishedPort is the port on the swarm hosts PublishedPort uint32 `json:",omitempty"` // PublishMode is the mode in which port is published PublishMode int32 `json:",omitempty"` }
PortConfig represents the config of a port.
type SecretDriver ¶
type SecretDriver struct {
// contains filtered or unexported fields
}
SecretDriver provides secrets from different stores
func NewSecretDriver ¶
func NewSecretDriver(plugin plugingetter.CompatPlugin) *SecretDriver
NewSecretDriver creates a new driver that provides third party secrets
func (*SecretDriver) Get ¶
func (d *SecretDriver) Get(spec *api.SecretSpec, task *api.Task) ([]byte, bool, error)
Get gets a secret from the secret provider. The function returns: the secret value; a bool indicating whether the value should be reused across different tasks (defaults to false); and an error if either the spec or task are nil, if calling the driver returns an error, or if the driver returns an error in the payload.
type SecretsProviderRequest ¶
type SecretsProviderRequest struct { SecretName string `json:",omitempty"` // SecretName is the name of the secret to request from the plugin SecretLabels map[string]string `json:",omitempty"` // SecretLabels capture environment names and other metadata pertaining to the secret ServiceHostname string `json:",omitempty"` // ServiceHostname is the hostname of the service, can be used for x509 certificate ServiceID string `json:",omitempty"` // ServiceID is the name of the service that requested the secret ServiceName string `json:",omitempty"` // ServiceName is the name of the service that requested the secret ServiceLabels map[string]string `json:",omitempty"` // ServiceLabels capture environment names and other metadata pertaining to the service TaskID string `json:",omitempty"` // TaskID is the ID of the task that the secret will be assigned to TaskName string `json:",omitempty"` // TaskName is the name of the task that the secret will be assigned to TaskImage string `json:",omitempty"` // TaskName is the image of the task that the secret will be assigned to NodeID string `json:",omitempty"` // NodeID is the ID of the node that the task will be executed on ServiceEndpointSpec *EndpointSpec `json:",omitempty"` // ServiceEndpointSpec holds the specification for endpoints }
SecretsProviderRequest is the secrets provider request.
type SecretsProviderResponse ¶
type SecretsProviderResponse struct { Value []byte `json:",omitempty"` // Value is the value of the secret Err string `json:",omitempty"` // Err is the error response of the plugin // DoNotReuse indicates that the secret returned from this request should // only be used for one task, and any further tasks should call the secret // driver again. DoNotReuse bool `json:",omitempty"` }
SecretsProviderResponse is the secrets provider response.