Documentation
¶
Index ¶
- Constants
- func NewSaramaSecurityOptionFromSecret(secret *corev1.Secret) (kafka.ConfigOption, error)
- func Secret(ctx context.Context, config SecretLocator, ...) (*corev1.Secret, error)
- func TrackNetSpecSecrets(secretsTracker tracker.Interface, netSpec *bindings.KafkaNetSpec, ...) error
- type AnnotationsSecretLocator
- type MTConfigMapSecretLocator
- type NetSpecAuthContext
- type SecretLocator
- type SecretProviderFunc
Constants ¶
const ( AuthSecretNameKey = "auth.secret.ref.name" /* #nosec G101 */ /* Potential hardcoded credentials (gosec) */ AuthSecretNamespaceKey = "auth.secret.ref.namespace" /* #nosec G101 */ /* Potential hardcoded credentials (gosec) */ )
const ( ProtocolKey = "protocol" CaCertificateKey = "ca.crt" UserCertificate = "user.crt" UserKey = "user.key" UserSkip = "user.skip" // default: false SaslMechanismKey = "sasl.mechanism" SaslUserKey = "user" SaslPasswordKey = "password" SaslType = "sasltype" SaslTypeLegacy = "saslType" // legacy secrets SaslUsernameKey = "username" // legacy secrets ProtocolPlaintext = "PLAINTEXT" ProtocolSASLPlaintext = "SASL_PLAINTEXT" ProtocolSSL = "SSL" ProtocolSASLSSL = "SASL_SSL" SaslPlain = "PLAIN" SaslScramSha256 = "SCRAM-SHA-256" SaslScramSha512 = "SCRAM-SHA-512" // Legacy Channel config to enable TLS, see https://github.com/knative-extensions/eventing-kafka-broker/issues/2231 SSLLegacyEnabled = "tls.enabled" )
Variables ¶
This section is empty.
Functions ¶
func NewSaramaSecurityOptionFromSecret ¶ added in v0.26.0
func NewSaramaSecurityOptionFromSecret(secret *corev1.Secret) (kafka.ConfigOption, error)
func Secret ¶ added in v0.26.0
func Secret(ctx context.Context, config SecretLocator, secretProviderFunc SecretProviderFunc) (*corev1.Secret, error)
func TrackNetSpecSecrets ¶ added in v0.27.0
func TrackNetSpecSecrets(secretsTracker tracker.Interface, netSpec *bindings.KafkaNetSpec, parent metav1.Object) error
TrackNetSpecSecrets tracks all secrets referenced by a provided bindings.KafkaNetSpec. parent is the object that is tracking changes to those secrets.
Types ¶
type AnnotationsSecretLocator ¶ added in v0.35.0
func (*AnnotationsSecretLocator) SecretName ¶ added in v0.35.0
func (a *AnnotationsSecretLocator) SecretName() (string, bool)
func (*AnnotationsSecretLocator) SecretNamespace ¶ added in v0.35.0
func (a *AnnotationsSecretLocator) SecretNamespace() (string, bool)
type MTConfigMapSecretLocator ¶
type MTConfigMapSecretLocator struct {
*corev1.ConfigMap
// if false, secret namespace is NOT read from the configmap
UseNamespaceInConfigmap bool
}
MTConfigMapSecretLocator is a SecretLocator that locates a secret using a reference in a ConfigMap.
The name is taken from the data field using the key: AuthSecretNameKey. When UseNamespaceInConfigmap=true, the namespace is taken from the data field using the key: AuthSecretNamespaceKey. When false, namespace of the ConfigMap is returned.
func (*MTConfigMapSecretLocator) SecretName ¶
func (cmp *MTConfigMapSecretLocator) SecretName() (string, bool)
func (*MTConfigMapSecretLocator) SecretNamespace ¶
func (cmp *MTConfigMapSecretLocator) SecretNamespace() (string, bool)
type NetSpecAuthContext ¶ added in v0.27.0
type NetSpecAuthContext struct {
VirtualSecret *corev1.Secret
MultiSecretReference *contract.MultiSecretReference
}
func ResolveAuthContextFromLegacySecret ¶ added in v0.31.2
func ResolveAuthContextFromLegacySecret(s *corev1.Secret) (*NetSpecAuthContext, error)
func ResolveAuthContextFromNetSpec ¶ added in v0.27.0
func ResolveAuthContextFromNetSpec(lister corelisters.SecretLister, namespace string, netSpec bindings.KafkaNetSpec) (*NetSpecAuthContext, error)
ResolveAuthContextFromNetSpec creates a NetSpecAuthContext from a provided bindings.KafkaNetSpec.
type SecretLocator ¶
type SecretLocator interface {
// SecretName returns the secret name.
// It returns true if the name should be used and false if should be ignored.
SecretName() (string, bool)
// SecretNamespace returns the secret name.
// It returns true if the namespace should be used and false if should be ignored.
SecretNamespace() (string, bool)
}
SecretLocator locates a secret in a cluster.
type SecretProviderFunc ¶
SecretProviderFunc provides a secret given a namespace/name pair.
func DefaultSecretProviderFunc ¶
func DefaultSecretProviderFunc(lister corelisters.SecretLister, kc kubernetes.Interface) SecretProviderFunc
DefaultSecretProviderFunc is a secret provider that uses the local cache for getting the secret and when the secret is not found it uses the kube client to check if the secret doesn't actually exist.
func NetSpecSecretProviderFunc ¶ added in v0.27.0
func NetSpecSecretProviderFunc(authContext *NetSpecAuthContext) SecretProviderFunc
NetSpecSecretProviderFunc creates a SecretProviderFunc that creates an in-memory (virtual) secret with the format expected by the NewSaramaSecurityOptionFromSecret function.
Source Files