Documentation
¶
Index ¶
- Constants
- Variables
- func ContainsSecretName(names []string, name string) bool
- func IsInitialVersion(secret corev1.Secret) bool
- func IsVersionedSecret(secret corev1.Secret) bool
- func NamePrefix(name string) string
- func Version(secret corev1.Secret) (int, error)
- func VersionFromName(name string) (int, error)
- type VersionedSecretStore
- type VersionedSecretStoreImpl
- func (p VersionedSecretStoreImpl) Create(ctx context.Context, namespace, ownerName string, ownerID types.UID, ...) error
- func (p VersionedSecretStoreImpl) Decorate(ctx context.Context, namespace string, secretName string, key string, ...) error
- func (p VersionedSecretStoreImpl) Delete(ctx context.Context, namespace string, secretName string) error
- func (p VersionedSecretStoreImpl) Get(ctx context.Context, namespace string, deploymentName string, version int) (*corev1.Secret, error)
- func (p VersionedSecretStoreImpl) Latest(ctx context.Context, namespace string, secretName string) (*corev1.Secret, error)
- func (p VersionedSecretStoreImpl) List(ctx context.Context, namespace string, secretName string) ([]corev1.Secret, error)
- func (p VersionedSecretStoreImpl) SetSecretReferences(ctx context.Context, namespace string, podSpec *corev1.PodSpec) error
- func (p VersionedSecretStoreImpl) VersionCount(ctx context.Context, namespace string, secretName string) (int, error)
Constants ¶
const (
// VersionSecretKind is the kind of versioned secret
VersionSecretKind = "versionedSecret"
)
Variables ¶
var ( // LabelSecretKind is the label key for secret kind LabelSecretKind = fmt.Sprintf("%s/secret-kind", apis.GroupName) // LabelVersion is the label key for secret version LabelVersion = fmt.Sprintf("%s/secret-version", apis.GroupName) // AnnotationSourceDescription is the label key for source description AnnotationSourceDescription = fmt.Sprintf("%s/source-description", apis.GroupName) )
Functions ¶
func ContainsSecretName ¶ added in v0.3.0
ContainsSecretName checks a list of secret names for our secret's name while ignoring the versions
func IsInitialVersion ¶ added in v0.3.0
IsInitialVersion returns true if it's a v1 secret
func IsVersionedSecret ¶ added in v0.3.0
IsVersionedSecret returns true if the secret has a label identifying it as versioned secret
func NamePrefix ¶ added in v0.3.0
NamePrefix returns the name prefix of a versioned secret name, by removing the version suffix /-v\d+/
func Version ¶ added in v0.3.0
Version returns the versioned secrets version from the labels
Types ¶
type VersionedSecretStore ¶
type VersionedSecretStore interface {
SetSecretReferences(ctx context.Context, namespace string, podSpec *corev1.PodSpec) error
Create(ctx context.Context, namespace, ownerName string, ownerID types.UID, secretName string, secretData map[string]string, labels map[string]string, sourceDescription string) error
Get(ctx context.Context, namespace string, secretName string, version int) (*corev1.Secret, error)
Latest(ctx context.Context, namespace string, secretName string) (*corev1.Secret, error)
List(ctx context.Context, namespace string, secretName string) ([]corev1.Secret, error)
VersionCount(ctx context.Context, namespace string, secretName string) (int, error)
Delete(ctx context.Context, namespace string, secretName string) error
Decorate(ctx context.Context, namespace string, secretName string, key string, value string) error
}
VersionedSecretStore is the interface to version secrets in Kubernetes
Each update to the secret results in a new persisted version. An existing persisted version of a secret cannot be altered or deleted. The deletion of a secret will result in the removal of all persisted version of that secret.
The version number is an integer that is incremented with each version of the secret, which the greatest number being the current/latest version.
When saving a new secret, a source description is required, which should explain the sources of the rendered secret, e.g. the location of the Custom Resource Definition that generated it.
type VersionedSecretStoreImpl ¶
type VersionedSecretStoreImpl struct {
// contains filtered or unexported fields
}
VersionedSecretStoreImpl contains the required fields to persist a secret
func NewVersionedSecretStore ¶
func NewVersionedSecretStore(client client.Client) VersionedSecretStoreImpl
NewVersionedSecretStore returns a VersionedSecretStore implementation to be used when working with desired secret secrets
func (VersionedSecretStoreImpl) Create ¶
func (p VersionedSecretStoreImpl) Create(ctx context.Context, namespace, ownerName string, ownerID types.UID, secretName string, secretData map[string]string, labels map[string]string, sourceDescription string) error
Create creates a new version of the secret from secret data
func (VersionedSecretStoreImpl) Decorate ¶
func (p VersionedSecretStoreImpl) Decorate(ctx context.Context, namespace string, secretName string, key string, value string) error
Decorate adds a label to the latest version of the secret
func (VersionedSecretStoreImpl) Delete ¶
func (p VersionedSecretStoreImpl) Delete(ctx context.Context, namespace string, secretName string) error
Delete removes all versions of the secret and therefore the secret itself.
func (VersionedSecretStoreImpl) Get ¶
func (p VersionedSecretStoreImpl) Get(ctx context.Context, namespace string, deploymentName string, version int) (*corev1.Secret, error)
Get returns a specific version of the secret
func (VersionedSecretStoreImpl) Latest ¶
func (p VersionedSecretStoreImpl) Latest(ctx context.Context, namespace string, secretName string) (*corev1.Secret, error)
Latest returns the latest version of the secret
func (VersionedSecretStoreImpl) List ¶
func (p VersionedSecretStoreImpl) List(ctx context.Context, namespace string, secretName string) ([]corev1.Secret, error)
List returns all versions of the secret
Source Files
¶
- versioned_secret.go
- versioned_secret_store.go