Documentation
¶
Index ¶
- type BeforeExpiry
- type Constraints
- type CredentialKind
- type Cutover
- type DataDrivenService
- func (s *DataDrivenService) Capabilities() service.ServiceCapabilities
- func (s *DataDrivenService) Execute(ctx context.Context, plan service.RotationPlan) (service.RotationResult, error)
- func (s *DataDrivenService) GetStatus(ctx context.Context, ref service.ServiceRef) (service.RotationStatus, error)
- func (s *DataDrivenService) Name() string
- func (s *DataDrivenService) Plan(ctx context.Context, req service.RotationRequest) (service.RotationPlan, error)
- func (s *DataDrivenService) Rollback(ctx context.Context, result service.RotationResult) error
- func (s *DataDrivenService) Validate(ctx context.Context) error
- func (s *DataDrivenService) Verify(ctx context.Context, result service.RotationResult) error
- type DataDrivenServiceFactory
- type InstanceCredential
- type Loader
- func (l *Loader) LoadAll(ctx context.Context) (*Repository, error)
- func (l *Loader) LoadPrincipals(ctx context.Context) (map[string]*Principal, error)
- func (l *Loader) LoadRotationPolicies(ctx context.Context) (map[string]*RotationPolicy, error)
- func (l *Loader) LoadServiceInstances(ctx context.Context) (map[string]*ServiceInstance, error)
- func (l *Loader) LoadServiceTypes(ctx context.Context) (map[string]*ServiceType, error)
- type MaintenanceWindow
- type Notifications
- type Principal
- type PrincipalContact
- type PrincipalPermissions
- type Repository
- func (r *Repository) GetPrincipal(name string) (*Principal, bool)
- func (r *Repository) GetRotationPolicy(name string) (*RotationPolicy, bool)
- func (r *Repository) GetServiceInstance(serviceType, id string) (*ServiceInstance, bool)
- func (r *Repository) GetServiceType(name string) (*ServiceType, bool)
- func (r *Repository) ListServiceInstancesByTag(tags []string) []*ServiceInstance
- func (r *Repository) ListServiceInstancesByType(serviceType string) []*ServiceInstance
- func (r *Repository) ListServiceTypes() []string
- func (r *Repository) Validate() error
- type RotationPolicy
- type ServiceInstance
- type ServiceType
- type Verification
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BeforeExpiry ¶
type BeforeExpiry struct {
Targets []string `yaml:"targets" json:"targets"`
Advance string `yaml:"advance" json:"advance"`
}
BeforeExpiry defines notifications before credential expiration
type Constraints ¶
type Constraints struct {
RequireApproval bool `yaml:"requireApproval,omitempty" json:"requireApproval,omitempty"`
MaintenanceWindows []MaintenanceWindow `yaml:"maintenanceWindows,omitempty" json:"maintenanceWindows,omitempty"`
ExcludeEnvironments []string `yaml:"excludeEnvironments,omitempty" json:"excludeEnvironments,omitempty"`
}
Constraints defines additional constraints and requirements
type CredentialKind ¶
type CredentialKind struct {
Name string `yaml:"name" json:"name"`
Description string `yaml:"description,omitempty" json:"description,omitempty"`
Capabilities []string `yaml:"capabilities" json:"capabilities"`
Constraints struct {
MaxActive interface{} `yaml:"maxActive,omitempty" json:"maxActive,omitempty"` // Can be int or "unlimited"
TTL string `yaml:"ttl,omitempty" json:"ttl,omitempty"`
Format string `yaml:"format,omitempty" json:"format,omitempty"`
} `yaml:"constraints,omitempty" json:"constraints,omitempty"`
}
CredentialKind represents a type of credential that can be managed
type Cutover ¶
type Cutover struct {
RequireCheck bool `yaml:"requireCheck,omitempty" json:"requireCheck,omitempty"`
GracePeriod string `yaml:"gracePeriod,omitempty" json:"gracePeriod,omitempty"`
RollbackWindow string `yaml:"rollbackWindow,omitempty" json:"rollbackWindow,omitempty"`
}
Cutover defines how to handle the cutover from old to new credentials
type DataDrivenService ¶
type DataDrivenService struct {
// contains filtered or unexported fields
}
DataDrivenService implements the service.Service interface using dsops-data definitions
func (*DataDrivenService) Capabilities ¶
func (s *DataDrivenService) Capabilities() service.ServiceCapabilities
func (*DataDrivenService) Execute ¶
func (s *DataDrivenService) Execute(ctx context.Context, plan service.RotationPlan) (service.RotationResult, error)
func (*DataDrivenService) GetStatus ¶
func (s *DataDrivenService) GetStatus(ctx context.Context, ref service.ServiceRef) (service.RotationStatus, error)
func (*DataDrivenService) Name ¶
func (s *DataDrivenService) Name() string
func (*DataDrivenService) Plan ¶
func (s *DataDrivenService) Plan(ctx context.Context, req service.RotationRequest) (service.RotationPlan, error)
func (*DataDrivenService) Rollback ¶
func (s *DataDrivenService) Rollback(ctx context.Context, result service.RotationResult) error
func (*DataDrivenService) Validate ¶
func (s *DataDrivenService) Validate(ctx context.Context) error
func (*DataDrivenService) Verify ¶
func (s *DataDrivenService) Verify(ctx context.Context, result service.RotationResult) error
type DataDrivenServiceFactory ¶
type DataDrivenServiceFactory struct {
// contains filtered or unexported fields
}
DataDrivenServiceFactory creates services using dsops-data definitions
func NewDataDrivenServiceFactory ¶
func NewDataDrivenServiceFactory(repository *Repository) *DataDrivenServiceFactory
NewDataDrivenServiceFactory creates a new data-driven service factory
func (*DataDrivenServiceFactory) CreateService ¶
func (f *DataDrivenServiceFactory) CreateService(name string, cfg config.ServiceConfig) (service.Service, error)
CreateService creates a service instance from configuration using dsops-data
func (*DataDrivenServiceFactory) GetSupportedTypes ¶
func (f *DataDrivenServiceFactory) GetSupportedTypes() []string
GetSupportedTypes returns all supported service types from dsops-data
func (*DataDrivenServiceFactory) IsSupported ¶
func (f *DataDrivenServiceFactory) IsSupported(serviceType string) bool
IsSupported checks if a service type is supported
type InstanceCredential ¶
type InstanceCredential struct {
Name string `yaml:"name" json:"name"`
Policy string `yaml:"policy" json:"policy"`
Principals []string `yaml:"principals" json:"principals"`
Config map[string]interface{} `yaml:"config,omitempty" json:"config,omitempty"`
}
InstanceCredential represents a credential configuration for a service instance
type Loader ¶
type Loader struct {
// contains filtered or unexported fields
}
Loader loads dsops-data definitions from a local directory
func NewLoaderWithoutValidation ¶
NewLoaderWithoutValidation creates a loader that skips JSON schema validation
func (*Loader) LoadAll ¶
func (l *Loader) LoadAll(ctx context.Context) (*Repository, error)
LoadAll loads all dsops-data definitions
func (*Loader) LoadPrincipals ¶
LoadPrincipals loads all principal definitions
func (*Loader) LoadRotationPolicies ¶
LoadRotationPolicies loads all rotation policy definitions
func (*Loader) LoadServiceInstances ¶
LoadServiceInstances loads all service instance definitions
func (*Loader) LoadServiceTypes ¶
LoadServiceTypes loads all service type definitions
type MaintenanceWindow ¶
type MaintenanceWindow struct {
Cron string `yaml:"cron" json:"cron"`
Duration string `yaml:"duration" json:"duration"`
Timezone string `yaml:"timezone,omitempty" json:"timezone,omitempty"`
}
MaintenanceWindow defines when rotation is allowed
type Notifications ¶
type Notifications struct {
OnSuccess []string `yaml:"onSuccess,omitempty" json:"onSuccess,omitempty"`
OnFailure []string `yaml:"onFailure,omitempty" json:"onFailure,omitempty"`
BeforeExpiry *BeforeExpiry `yaml:"beforeExpiry,omitempty" json:"beforeExpiry,omitempty"`
}
Notifications defines notification settings for rotation events
type Principal ¶
type Principal struct {
APIVersion string `yaml:"apiVersion" json:"apiVersion"`
Kind string `yaml:"kind" json:"kind"`
Metadata struct {
Name string `yaml:"name" json:"name"`
Description string `yaml:"description,omitempty" json:"description,omitempty"`
Labels map[string]string `yaml:"labels,omitempty" json:"labels,omitempty"`
} `yaml:"metadata" json:"metadata"`
Spec struct {
Type string `yaml:"type" json:"type"`
Email string `yaml:"email,omitempty" json:"email,omitempty"`
Team string `yaml:"team,omitempty" json:"team,omitempty"`
Environment string `yaml:"environment,omitempty" json:"environment,omitempty"`
Permissions *PrincipalPermissions `yaml:"permissions,omitempty" json:"permissions,omitempty"`
Contact *PrincipalContact `yaml:"contact,omitempty" json:"contact,omitempty"`
Metadata map[string]interface{} `yaml:"metadata,omitempty" json:"metadata,omitempty"`
} `yaml:"spec" json:"spec"`
}
Principal represents an identity that can own or use credentials
type PrincipalContact ¶
type PrincipalContact struct {
Email string `yaml:"email,omitempty" json:"email,omitempty"`
Slack string `yaml:"slack,omitempty" json:"slack,omitempty"`
OnCall string `yaml:"oncall,omitempty" json:"oncall,omitempty"`
}
PrincipalContact defines contact information for a principal
type PrincipalPermissions ¶
type PrincipalPermissions struct {
AllowedServices []string `yaml:"allowedServices,omitempty" json:"allowedServices,omitempty"`
AllowedCredentialKinds []string `yaml:"allowedCredentialKinds,omitempty" json:"allowedCredentialKinds,omitempty"`
MaxCredentialTTL string `yaml:"maxCredentialTTL,omitempty" json:"maxCredentialTTL,omitempty"`
}
PrincipalPermissions defines permission settings for a principal
type Repository ¶
type Repository struct {
ServiceTypes map[string]*ServiceType
ServiceInstances map[string]*ServiceInstance
RotationPolicies map[string]*RotationPolicy
Principals map[string]*Principal
}
Repository contains all loaded dsops-data definitions
func (*Repository) GetPrincipal ¶
func (r *Repository) GetPrincipal(name string) (*Principal, bool)
GetPrincipal returns a principal by name
func (*Repository) GetRotationPolicy ¶
func (r *Repository) GetRotationPolicy(name string) (*RotationPolicy, bool)
GetRotationPolicy returns a rotation policy by name
func (*Repository) GetServiceInstance ¶
func (r *Repository) GetServiceInstance(serviceType, id string) (*ServiceInstance, bool)
GetServiceInstance returns a service instance by type and ID
func (*Repository) GetServiceType ¶
func (r *Repository) GetServiceType(name string) (*ServiceType, bool)
GetServiceType returns a service type by name
func (*Repository) ListServiceInstancesByTag ¶
func (r *Repository) ListServiceInstancesByTag(tags []string) []*ServiceInstance
ListServiceInstancesByTag returns service instances that have any of the specified tags
func (*Repository) ListServiceInstancesByType ¶
func (r *Repository) ListServiceInstancesByType(serviceType string) []*ServiceInstance
ListServiceInstancesByType returns all service instances for a given type
func (*Repository) ListServiceTypes ¶
func (r *Repository) ListServiceTypes() []string
ListServiceTypes returns all service type names
func (*Repository) Validate ¶
func (r *Repository) Validate() error
Validate performs basic validation on the loaded repository
type RotationPolicy ¶
type RotationPolicy struct {
APIVersion string `yaml:"apiVersion" json:"apiVersion"`
Kind string `yaml:"kind" json:"kind"`
Metadata struct {
Name string `yaml:"name" json:"name"`
Description string `yaml:"description,omitempty" json:"description,omitempty"`
} `yaml:"metadata" json:"metadata"`
Spec struct {
Strategy string `yaml:"strategy" json:"strategy"`
Schedule string `yaml:"schedule,omitempty" json:"schedule,omitempty"`
Verification *Verification `yaml:"verification,omitempty" json:"verification,omitempty"`
Cutover *Cutover `yaml:"cutover,omitempty" json:"cutover,omitempty"`
Notifications *Notifications `yaml:"notifications,omitempty" json:"notifications,omitempty"`
Constraints *Constraints `yaml:"constraints,omitempty" json:"constraints,omitempty"`
} `yaml:"spec" json:"spec"`
}
RotationPolicy represents a rotation policy definition
type ServiceInstance ¶
type ServiceInstance struct {
APIVersion string `yaml:"apiVersion" json:"apiVersion"`
Kind string `yaml:"kind" json:"kind"`
Metadata struct {
Type string `yaml:"type" json:"type"`
ID string `yaml:"id" json:"id"`
Name string `yaml:"name,omitempty" json:"name,omitempty"`
Description string `yaml:"description,omitempty" json:"description,omitempty"`
Tags []string `yaml:"tags,omitempty" json:"tags,omitempty"`
} `yaml:"metadata" json:"metadata"`
Spec struct {
Endpoint string `yaml:"endpoint" json:"endpoint"`
Auth string `yaml:"auth" json:"auth"`
CredentialKinds []InstanceCredential `yaml:"credentialKinds" json:"credentialKinds"`
Config map[string]interface{} `yaml:"config,omitempty" json:"config,omitempty"`
} `yaml:"spec" json:"spec"`
}
ServiceInstance represents a specific deployment of a service
type ServiceType ¶
type ServiceType struct {
APIVersion string `yaml:"apiVersion" json:"apiVersion"`
Kind string `yaml:"kind" json:"kind"`
Metadata struct {
Name string `yaml:"name" json:"name"`
Description string `yaml:"description,omitempty" json:"description,omitempty"`
Category string `yaml:"category,omitempty" json:"category,omitempty"`
} `yaml:"metadata" json:"metadata"`
Spec struct {
CredentialKinds []CredentialKind `yaml:"credentialKinds" json:"credentialKinds"`
Defaults struct {
RateLimit string `yaml:"rateLimit,omitempty" json:"rateLimit,omitempty"`
RotationStrategy string `yaml:"rotationStrategy,omitempty" json:"rotationStrategy,omitempty"`
} `yaml:"defaults,omitempty" json:"defaults,omitempty"`
} `yaml:"spec" json:"spec"`
}
ServiceType represents a service type definition from dsops-data
type Verification ¶
type Verification struct {
Method string `yaml:"method" json:"method"`
Endpoint string `yaml:"endpoint,omitempty" json:"endpoint,omitempty"`
Timeout string `yaml:"timeout,omitempty" json:"timeout,omitempty"`
Retries int `yaml:"retries,omitempty" json:"retries,omitempty"`
}
Verification defines how to verify credentials work after creation
Source Files
Click to show internal directories.
Click to hide internal directories.