Affected by 
Documentation
¶
Index ¶
- Constants
- Variables
- func ObjectMeta(namespace string, managerIdentity string, config secretutils.ConfigInterface, ...) (metav1.ObjectMeta, error)
- func Secret(objectMeta metav1.ObjectMeta, data map[string][]byte) *corev1.Secret
- type GenerateOption
- type GenerateOptions
- type GetOption
- type GetOptions
- type Interface
Constants ¶
View Source
const ( // InPlace is a constant for a rotation strategy regenerating a secret and NOT keeping the old one in the system. InPlace rotationStrategy = "inplace" // KeepOld is a constant for a rotation strategy regenerating a secret and keeping the old one in the system. KeepOld rotationStrategy = "keepold" )
View Source
const ( // LabelKeyName is a constant for a key of a label on a Secret describing the name. LabelKeyName = "name" // LabelKeyManagedBy is a constant for a key of a label on a Secret describing who is managing it. LabelKeyManagedBy = "managed-by" // LabelKeyManagerIdentity is a constant for a key of a label on a Secret describing which secret manager instance // is managing it. LabelKeyManagerIdentity = "manager-identity" // LabelKeyChecksumConfig is a constant for a key of a label on a Secret describing the checksum of the // configuration used to create the data. LabelKeyChecksumConfig = "checksum-of-config" // LabelKeyChecksumSigningCA is a constant for a key of a label on a Secret describing the checksum of the // certificate authority which has signed the client or server certificate in the data. LabelKeyChecksumSigningCA = "checksum-of-signing-ca" // LabelKeyBundleFor is a constant for a key of a label on a Secret describing that it is a bundle secret for // another secret. LabelKeyBundleFor = "bundle-for" // LabelKeyPersist is a constant for a key of a label on a Secret describing that it should get persisted. LabelKeyPersist = "persist" // LabelKeyLastRotationInitiationTime is a constant for a key of a label on a Secret describing the unix timestamps // of when the last secret rotation was initiated. LabelKeyLastRotationInitiationTime = "last-rotation-initiation-time" // LabelKeyIssuedAtTime is a constant for a key of a label on a Secret describing the time of when the secret data // was created. In case the data contains a certificate it is the time part of the certificate's 'not before' field. LabelKeyIssuedAtTime = "issued-at-time" // LabelKeyValidUntilTime is a constant for a key of a label on a Secret describing the time of how long the secret // data is valid. In case the data contains a certificate it is the time part of the certificate's 'not after' // field. LabelKeyValidUntilTime = "valid-until-time" // LabelValueTrue is a constant for a value of a label on a Secret describing the value 'true'. LabelValueTrue = "true" // LabelValueSecretsManager is a constant for a value of a label on a Secret describing the value 'secret-manager'. LabelValueSecretsManager = "secrets-manager" )
Variables ¶
View Source
var ( // Current sets the Class field to 'current' in the GetOptions. Current = classOption{/* contains filtered or unexported fields */} // Old sets the Class field to 'old' in the GetOptions. Old = classOption{/* contains filtered or unexported fields */} // Bundle sets the Class field to 'bundle' in the GetOptions. Bundle = classOption{/* contains filtered or unexported fields */} )
Functions ¶
func ObjectMeta ¶
func ObjectMeta( namespace string, managerIdentity string, config secretutils.ConfigInterface, lastRotationInitiationTime string, validUntilTime *string, signingCAChecksum *string, persist *bool, bundleFor *string, ) ( metav1.ObjectMeta, error, )
ObjectMeta returns the object meta based on the given settings.
Types ¶
type GenerateOption ¶
type GenerateOption func(Interface, secretutils.ConfigInterface, *GenerateOptions) error
GenerateOption is some configuration that modifies options for a Generate request.
func IgnoreOldSecrets ¶
func IgnoreOldSecrets() GenerateOption
IgnoreOldSecrets returns a function which sets the 'IgnoreOldSecrets' field to true.
func Persist ¶
func Persist() GenerateOption
Persist returns a function which sets the 'Persist' field to true.
func Rotate ¶
func Rotate(strategy rotationStrategy) GenerateOption
Rotate returns a function which sets the 'RotationStrategy' field to the specified value.
func SignedByCA ¶
func SignedByCA(name string) GenerateOption
SignedByCA returns a function which sets the 'SigningCA' field in case the ConfigInterface provided to the Generate request is a CertificateSecretConfig. Additionally, in such case it stores a checksum of the signing CA in the options.
func Validity ¶ added in v1.44.0
func Validity(v time.Duration) GenerateOption
Validity returns a function which sets the 'Validity' field to the provided value. Note that the value is ignored in case Generate is called with a certificate secret configuration.
type GenerateOptions ¶
type GenerateOptions struct {
// Persist specifies whether the 'persist=true' label should be added to the secret resources.
Persist bool
// RotationStrategy specifies how the secret should be rotated in case it needs to get rotated.
RotationStrategy rotationStrategy
// IgnoreOldSecrets specifies whether old secrets should be loaded to the internal store.
IgnoreOldSecrets bool
// Validity specifies for how long the secret should be valid.
Validity time.Duration
// contains filtered or unexported fields
}
GenerateOptions are options for Generate calls.
func (*GenerateOptions) ApplyOptions ¶
func (o *GenerateOptions) ApplyOptions(manager Interface, configInterface secretutils.ConfigInterface, opts []GenerateOption) error
ApplyOptions applies the given update options on these options, and then returns itself (for convenient chaining).
type GetOption ¶
type GetOption interface {
// ApplyToOptions applies this configuration to the given options.
ApplyToOptions(*GetOptions)
}
GetOption is some configuration that modifies options for a Get request.
type GetOptions ¶
type GetOptions struct {
// Class specifies whether which secret should be returned. By default, the bundle secret is returned. If there is
// no bundle secret then it falls back to the current secret.
Class *secretClass
}
GetOptions are options for Get calls.
func (*GetOptions) ApplyOptions ¶
func (o *GetOptions) ApplyOptions(opts []GetOption) *GetOptions
ApplyOptions applies the given update options on these options, and then returns itself (for convenient chaining).
type Interface ¶
type Interface interface {
// Generate generates a secret based on the provided configuration. If the secret for the provided configuration
// already exists then it is returned with re-generation. The function also automatically rotates/re-generates the
// secret only if necessary (e.g., when the config or the signing CA changes).
Generate(context.Context, secretutils.ConfigInterface, ...GenerateOption) (*corev1.Secret, error)
// Get returns the secret object for the secret with the given name. By default, the bundle secret will be returned.
// If there is no bundle secret then it falls back to the current secret. Note that only those secrets are known
// which were detected or generated by prior Generate calls.
Get(string, ...GetOption) (*corev1.Secret, bool)
// Cleanup deletes no longer required secrets. No longer required secrets are those still existing in the system
// which weren't detected by prior Generate calls. Consequently, only call Cleanup after you have executed Generate
// calls for all desired secrets.
Cleanup(context.Context) error
}
Interface describes the methods for managing secrets.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.