credentials

package

v0.1.0 Latest Latest Go to latest Published: Jun 12, 2023 License: MPL-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hashicorp/vault-secrets-operator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type AWSCredentialProvider
type AppRoleCredentialProvider
type CredentialProvider
- func NewCredentialProvider(ctx context.Context, client ctrlclient.Client, ...) (CredentialProvider, error)
type IRSAConfig
type JWTCredentialProvider
type KubernetesCredentialProvider
- func NewKubernetesCredentialProvider(authObj *secretsv1beta1.VaultAuth, providerNamespace string, uid types.UID) *KubernetesCredentialProvider

Constants ¶

View Source

const (
	AWSAnnotationRole            = "eks.amazonaws.com/role-arn"
	AWSAnnotationAudience        = "eks.amazonaws.com/audience"
	AWSAnnotationTokenExpiration = "eks.amazonaws.com/token-expiration"
	AWSDefaultAudience           = "sts.amazonaws.com"
	AWSDefaultTokenExpiration    = int64(86400)
	K8sRootCA                    = "kube-root-ca.crt"
)

View Source

const (
	TokenGenerateName        = "vso-"
	ProviderSecretKeyAppRole = "id"
	ProviderSecretKeyJWT     = "jwt"
)

View Source

const (
	ProviderMethodKubernetes string = "kubernetes"
	ProviderMethodJWT        string = "jwt"
	ProviderMethodAppRole    string = "appRole"
	ProviderMethodAWS        string = "aws"
)

Variables ¶

View Source

var ProviderMethodsSupported = []string{
	ProviderMethodKubernetes,
	ProviderMethodJWT,
	ProviderMethodAppRole,
	ProviderMethodAWS,
}

Functions ¶

This section is empty.

Types ¶

type AWSCredentialProvider ¶

type AWSCredentialProvider struct {
	// contains filtered or unexported fields
}

func (*AWSCredentialProvider) GetCreds ¶

func (l *AWSCredentialProvider) GetCreds(ctx context.Context, client ctrlclient.Client) (map[string]interface{}, error)

func (*AWSCredentialProvider) GetNamespace ¶

func (l *AWSCredentialProvider) GetNamespace() string

func (*AWSCredentialProvider) GetUID ¶

func (l *AWSCredentialProvider) GetUID() types.UID

func (*AWSCredentialProvider) Init ¶

func (l *AWSCredentialProvider) Init(ctx context.Context, client ctrlclient.Client, authObj *secretsv1beta1.VaultAuth, providerNamespace string) error

type AppRoleCredentialProvider ¶

type AppRoleCredentialProvider struct {
	// contains filtered or unexported fields
}

func (*AppRoleCredentialProvider) GetCreds ¶

func (l *AppRoleCredentialProvider) GetCreds(ctx context.Context, client ctrlclient.Client) (map[string]interface{}, error)

func (*AppRoleCredentialProvider) GetNamespace ¶

func (l *AppRoleCredentialProvider) GetNamespace() string

func (*AppRoleCredentialProvider) GetUID ¶

func (l *AppRoleCredentialProvider) GetUID() types.UID

func (*AppRoleCredentialProvider) Init ¶

func (l *AppRoleCredentialProvider) Init(ctx context.Context, client ctrlclient.Client, authObj *secretsv1beta1.VaultAuth, providerNamespace string) error

type CredentialProvider ¶

type CredentialProvider interface {
	Init(ctx context.Context, client ctrlclient.Client, object *secretsv1beta1.VaultAuth, providerNamespace string) error
	GetUID() types.UID
	GetNamespace() string
	GetCreds(context.Context, ctrlclient.Client) (map[string]interface{}, error)
}

func NewCredentialProvider ¶

func NewCredentialProvider(ctx context.Context, client ctrlclient.Client, authObj *secretsv1beta1.VaultAuth, providerNamespace string) (CredentialProvider, error)

type IRSAConfig ¶

type IRSAConfig struct {
	// eks.amazonaws.com/role-arn
	RoleARN string
	// eks.amazonaws.com/audience
	Audience string
	// eks.amazonaws.com/token-expiration
	TokenExpiration int64
}

IRSAConfig - supported annotations on an IRSA-enabled service account

type JWTCredentialProvider ¶

type JWTCredentialProvider struct {
	// contains filtered or unexported fields
}

func (*JWTCredentialProvider) GetCreds ¶

func (l *JWTCredentialProvider) GetCreds(ctx context.Context, client ctrlclient.Client) (map[string]interface{}, error)

func (*JWTCredentialProvider) GetNamespace ¶

func (l *JWTCredentialProvider) GetNamespace() string

func (*JWTCredentialProvider) GetUID ¶

func (l *JWTCredentialProvider) GetUID() types.UID

func (*JWTCredentialProvider) Init ¶

func (l *JWTCredentialProvider) Init(ctx context.Context, client ctrlclient.Client, authObj *secretsv1beta1.VaultAuth, providerNamespace string) error

type KubernetesCredentialProvider ¶

type KubernetesCredentialProvider struct {
	// contains filtered or unexported fields
}

func NewKubernetesCredentialProvider ¶

func NewKubernetesCredentialProvider(authObj *secretsv1beta1.VaultAuth, providerNamespace string,
	uid types.UID,
) *KubernetesCredentialProvider

func (*KubernetesCredentialProvider) GetCreds ¶

func (l *KubernetesCredentialProvider) GetCreds(ctx context.Context, client ctrlclient.Client) (map[string]interface{}, error)

func (*KubernetesCredentialProvider) GetNamespace ¶

func (l *KubernetesCredentialProvider) GetNamespace() string

func (*KubernetesCredentialProvider) GetUID ¶

func (l *KubernetesCredentialProvider) GetUID() types.UID

func (*KubernetesCredentialProvider) Init ¶

func (l *KubernetesCredentialProvider) Init(ctx context.Context, client ctrlclient.Client, authObj *secretsv1beta1.VaultAuth, providerNamespace string) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL