security

package
v0.43.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 11, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source
const (
	AuthSecretNameKey      = "auth.secret.ref.name"      /* #nosec G101 */ /* Potential hardcoded credentials (gosec) */
	AuthSecretNamespaceKey = "auth.secret.ref.namespace" /* #nosec G101 */ /* Potential hardcoded credentials (gosec) */
)
View Source
const (
	ProtocolKey = "protocol"

	CaCertificateKey = "ca.crt"

	UserCertificate = "user.crt"
	UserKey         = "user.key"
	UserSkip        = "user.skip" // default: false

	SaslMechanismKey = "sasl.mechanism"
	SaslUserKey      = "user"
	SaslPasswordKey  = "password"
	SaslType         = "sasltype"
	SaslTypeLegacy   = "saslType" // legacy secrets
	SaslUsernameKey  = "username" // legacy secrets

	ProtocolPlaintext     = "PLAINTEXT"
	ProtocolSASLPlaintext = "SASL_PLAINTEXT"
	ProtocolSSL           = "SSL"
	ProtocolSASLSSL       = "SASL_SSL"

	SaslPlain       = "PLAIN"
	SaslScramSha256 = "SCRAM-SHA-256"
	SaslScramSha512 = "SCRAM-SHA-512"

	// Legacy Channel config to enable TLS, see https://github.com/knative-extensions/eventing-kafka-broker/issues/2231
	SSLLegacyEnabled = "tls.enabled"
)

Variables

This section is empty.

Functions

func NewSaramaSecurityOptionFromSecret added in v0.26.0

func NewSaramaSecurityOptionFromSecret(secret *corev1.Secret) (kafka.ConfigOption, error)

func Secret added in v0.26.0

func Secret(ctx context.Context, config SecretLocator, secretProviderFunc SecretProviderFunc) (*corev1.Secret, error)

func TrackNetSpecSecrets added in v0.27.0

func TrackNetSpecSecrets(secretsTracker tracker.Interface, netSpec *bindings.KafkaNetSpec, parent metav1.Object) error

TrackNetSpecSecrets tracks all secrets referenced by a provided bindings.KafkaNetSpec. parent is the object that is tracking changes to those secrets.

Types

type AnnotationsSecretLocator added in v0.35.0

type AnnotationsSecretLocator struct {
	Annotations map[string]string
	Namespace   string
}

func (*AnnotationsSecretLocator) SecretName added in v0.35.0

func (a *AnnotationsSecretLocator) SecretName() (string, bool)

func (*AnnotationsSecretLocator) SecretNamespace added in v0.35.0

func (a *AnnotationsSecretLocator) SecretNamespace() (string, bool)

type MTConfigMapSecretLocator

type MTConfigMapSecretLocator struct {
	*corev1.ConfigMap
	// if false, secret namespace is NOT read from the configmap
	UseNamespaceInConfigmap bool
}

MTConfigMapSecretLocator is a SecretLocator that locates a secret using a reference in a ConfigMap.

The name is taken from the data field using the key: AuthSecretNameKey. When UseNamespaceInConfigmap=true, the namespace is taken from the data field using the key: AuthSecretNamespaceKey. When false, namespace of the ConfigMap is returned.

func (*MTConfigMapSecretLocator) SecretName

func (cmp *MTConfigMapSecretLocator) SecretName() (string, bool)

func (*MTConfigMapSecretLocator) SecretNamespace

func (cmp *MTConfigMapSecretLocator) SecretNamespace() (string, bool)

type NetSpecAuthContext added in v0.27.0

type NetSpecAuthContext struct {
	VirtualSecret        *corev1.Secret
	MultiSecretReference *contract.MultiSecretReference
}

func ResolveAuthContextFromLegacySecret added in v0.31.2

func ResolveAuthContextFromLegacySecret(s *corev1.Secret) (*NetSpecAuthContext, error)

func ResolveAuthContextFromNetSpec added in v0.27.0

func ResolveAuthContextFromNetSpec(lister corelisters.SecretLister, namespace string, netSpec bindings.KafkaNetSpec) (*NetSpecAuthContext, error)

ResolveAuthContextFromNetSpec creates a NetSpecAuthContext from a provided bindings.KafkaNetSpec.

type SecretLocator

type SecretLocator interface {
	// SecretName returns the secret name.
	// It returns true if the name should be used and false if should be ignored.
	SecretName() (string, bool)

	// SecretNamespace returns the secret name.
	// It returns true if the namespace should be used and false if should be ignored.
	SecretNamespace() (string, bool)
}

SecretLocator locates a secret in a cluster.

type SecretProviderFunc

type SecretProviderFunc func(ctx context.Context, namespace, name string) (*corev1.Secret, error)

SecretProviderFunc provides a secret given a namespace/name pair.

func DefaultSecretProviderFunc

func DefaultSecretProviderFunc(lister corelisters.SecretLister, kc kubernetes.Interface) SecretProviderFunc

DefaultSecretProviderFunc is a secret provider that uses the local cache for getting the secret and when the secret is not found it uses the kube client to check if the secret doesn't actually exist.

func NetSpecSecretProviderFunc added in v0.27.0

func NetSpecSecretProviderFunc(authContext *NetSpecAuthContext) SecretProviderFunc

NetSpecSecretProviderFunc creates a SecretProviderFunc that creates an in-memory (virtual) secret with the format expected by the NewSaramaSecurityOptionFromSecret function.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL