generator

package
v0.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 3, 2022 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

Package secretgenerator provides a supervisorSecretsController that can ensure existence of a generated secret.

Index

Constants

View Source
const (
	// SupervisorCSRFSigningKeySecretType for the Secret storing the CSRF signing key.
	SupervisorCSRFSigningKeySecretType corev1.SecretType = "secrets.pinniped.dev/supervisor-csrf-signing-key"

	// FederationDomainTokenSigningKeyType for the Secret storing the FederationDomain token signing key.
	FederationDomainTokenSigningKeyType corev1.SecretType = "secrets.pinniped.dev/federation-domain-token-signing-key"

	// FederationDomainStateSigningKeyType for the Secret storing the FederationDomain state signing key.
	FederationDomainStateSigningKeyType corev1.SecretType = "secrets.pinniped.dev/federation-domain-state-signing-key"

	// FederationDomainStateEncryptionKeyType for the Secret storing the FederationDomain state encryption key.
	FederationDomainStateEncryptionKeyType corev1.SecretType = "secrets.pinniped.dev/federation-domain-state-encryption-key"
)

Variables

This section is empty.

Functions

func IsFederationDomainSecretOfType added in v0.4.0

func IsFederationDomainSecretOfType(obj metav1.Object, secretType corev1.SecretType) bool

func NewFederationDomainSecretsController

func NewFederationDomainSecretsController(
	secretHelper SecretHelper,
	secretRefFunc func(domain *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference,
	kubeClient kubernetes.Interface,
	pinnipedClient pinnipedclientset.Interface,
	secretInformer corev1informers.SecretInformer,
	federationDomainInformer configinformers.FederationDomainInformer,
	withInformer pinnipedcontroller.WithInformerOptionFunc,
) controllerlib.Controller

NewFederationDomainSecretsController returns a controllerlib.Controller that ensures a child Secret always exists for a parent FederationDomain. It does this using the provided secretHelper, which provides the parent/child mapping logic.

func NewSupervisorSecretsController

func NewSupervisorSecretsController(
	owner *appsv1.Deployment,
	labels map[string]string,
	kubeClient kubernetes.Interface,
	secretInformer corev1informers.SecretInformer,
	setCacheFunc func(secret []byte),
	withInformer pinnipedcontroller.WithInformerOptionFunc,
	initialEventFunc pinnipedcontroller.WithInitialEventOptionFunc,
) controllerlib.Controller

NewSupervisorSecretsController instantiates a new controllerlib.Controller which will ensure existence of a generated secret.

Types

type SecretHelper

type SecretHelper interface {
	NamePrefix() string
	Generate(*configv1alpha1.FederationDomain) (*corev1.Secret, error)
	IsValid(*configv1alpha1.FederationDomain, *corev1.Secret) bool
	ObserveActiveSecretAndUpdateParentFederationDomain(*configv1alpha1.FederationDomain, *corev1.Secret) *configv1alpha1.FederationDomain
	Handles(metav1.Object) bool
}

SecretHelper describes an object that can Generate() a Secret and determine whether a Secret IsValid(). It can also be Notify()'d about a Secret being persisted.

A SecretHelper has a NamePrefix() that can be used to identify it from other SecretHelper instances.

func NewSymmetricSecretHelper

func NewSymmetricSecretHelper(
	namePrefix string,
	labels map[string]string,
	rand io.Reader,
	secretUsage SecretUsage,
	updateCacheFunc func(cacheKey string, cacheValue []byte),
) SecretHelper

New returns a SecretHelper that has been parameterized with common symmetric secret generation knobs.

type SecretUsage

type SecretUsage int

SecretUsage describes how a cryptographic secret is going to be used. It is currently used to indicate to a SecretHelper which status field to set on the parent FederationDomain for a Secret.

const (
	SecretUsageTokenSigningKey SecretUsage = iota
	SecretUsageStateSigningKey
	SecretUsageStateEncryptionKey
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL