apikey

package

v0.3.0 Latest Latest Go to latest Published: Feb 5, 2026 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/infradohq/headscale-operator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GetAPIKeyFromSecret(secret *corev1.Secret) (string, error)
func GetExpirationFromSecret(secret *corev1.Secret) (time.Time, error)
func ShouldRotate(expiration time.Time, rotationBuffer time.Duration) bool
type Config
type Manager
- func NewManager(cfg Config, log logr.Logger) (*Manager, error)
type SecretManager
- func NewSecretManager(namespace string) (*SecretManager, error)
- func (sm *SecretManager) CreateOrUpdateSecret(ctx context.Context, secretName, apiKey string, expiration time.Time) error
- func (sm *SecretManager) GetSecret(ctx context.Context, secretName string) (*corev1.Secret, error)

Constants ¶

View Source

const (
	// SecretKeyAPIKey is the key name for the API key in the secret data
	SecretKeyAPIKey = "api-key"
	// AnnotationExpiration is the annotation key for the expiration time
	AnnotationExpiration = "api-key.headscale.infrado.cloud/expiration"
	// AnnotationCreatedAt is the annotation key for the creation time
	AnnotationCreatedAt = "api-key.headscale.infrado.cloud/created-at"
)

Variables ¶

This section is empty.

Functions ¶

func GetAPIKeyFromSecret ¶

func GetAPIKeyFromSecret(secret *corev1.Secret) (string, error)

GetAPIKeyFromSecret extracts the API key from a secret

func GetExpirationFromSecret ¶

func GetExpirationFromSecret(secret *corev1.Secret) (time.Time, error)

GetExpirationFromSecret extracts the expiration time from a secret

func ShouldRotate ¶

func ShouldRotate(expiration time.Time, rotationBuffer time.Duration) bool

ShouldRotate checks if the API key should be rotated based on the rotation buffer

Types ¶

type Config ¶

type Config struct {
	SocketPath     string
	Namespace      string
	SecretName     string
	Expiration     string
	RotationBuffer string
}

Config holds the configuration for the API key manager

type Manager ¶

type Manager struct {
	// contains filtered or unexported fields
}

Manager handles API key lifecycle management

func NewManager ¶

func NewManager(cfg Config, log logr.Logger) (*Manager, error)

NewManager creates a new API key manager

func (*Manager) CalculateNextRotation ¶

func (m *Manager) CalculateNextRotation(ctx context.Context) (time.Duration, error)

CalculateNextRotation calculates when the next rotation should occur

func (*Manager) Close ¶

func (m *Manager) Close() error

Close closes the manager and its resources

func (*Manager) EnsureAPIKey ¶

func (m *Manager) EnsureAPIKey(ctx context.Context) error

EnsureAPIKey ensures an API key exists and is valid, creating or rotating it if necessary

func (*Manager) WaitForHeadscale ¶

func (m *Manager) WaitForHeadscale(ctx context.Context) error

WaitForHeadscale waits for Headscale to be ready

type SecretManager ¶

type SecretManager struct {
	// contains filtered or unexported fields
}

SecretManager manages Kubernetes secrets for API keys

func NewSecretManager ¶

func NewSecretManager(namespace string) (*SecretManager, error)

NewSecretManager creates a new SecretManager

func (*SecretManager) CreateOrUpdateSecret ¶

func (sm *SecretManager) CreateOrUpdateSecret(ctx context.Context, secretName, apiKey string, expiration time.Time) error

CreateOrUpdateSecret creates or updates a secret with the API key

func (*SecretManager) GetSecret ¶

func (sm *SecretManager) GetSecret(ctx context.Context, secretName string) (*corev1.Secret, error)

GetSecret retrieves a secret

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL