versionedsecretstore

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 2, 2021 License: Apache-2.0 Imports: 18 Imported by: 8

Documentation

Overview

Package versionedsecretstore impements versioned secrets, by appending a version suffix to their name

Index

Constants

View Source 
const (
	// VersionSecretKind is the kind of versioned secret
	VersionSecretKind = "versionedSecret"
)

Variables

View Source 
var (
	// LabelSecretKind is the label key for secret kind
	LabelSecretKind = fmt.Sprintf("%s/secret-kind", names.GroupName)
	// LabelVersion is the label key for secret version
	LabelVersion = fmt.Sprintf("%s/secret-version", names.GroupName)
	// LabelAPIVersion is the lable for kube APIVersion
	LabelAPIVersion = fmt.Sprintf("%s/v1alpha1", names.GroupName)
	// AnnotationSourceDescription is the annotation key for source description
	AnnotationSourceDescription = fmt.Sprintf("%s/source-description", names.GroupName)
)

Functions

func ContainsOutdatedSecretVersion 

func ContainsOutdatedSecretVersion(names []string, name string) bool

ContainsOutdatedSecretVersion checks if the current secret version is greater than the versions in the secrets list

func ContainsSecretName 

func ContainsSecretName(names []string, name string) bool

ContainsSecretName checks a list of secret names for our secret's name while ignoring the versions

func GetConfigNamesFromSpec 

func GetConfigNamesFromSpec(spec corev1.PodSpec) (map[string]struct{}, map[string]struct{})

GetConfigNamesFromSpec parses the owner object and returns two sets, the first containing the names of all referenced ConfigMaps, the second containing the names of all referenced Secrets

func IsInitialVersion 

func IsInitialVersion(secret corev1.Secret) bool

IsInitialVersion returns true if it's a v1 secret

func IsSecretIdenticalError 

func IsSecretIdenticalError(e error) bool

IsSecretIdenticalError returns whether the error object is a IsSecretIdenticalError

func IsVersionedSecret 

func IsVersionedSecret(secret corev1.Secret) bool

IsVersionedSecret returns true if the secret has a label identifying it as versioned secret

func IsVersionedSecretName 

func IsVersionedSecretName(name string) bool

IsVersionedSecretName returns true if name matches the name of a versioned secret

func NamePrefix 

func NamePrefix(name string) string

NamePrefix returns the name prefix of a versioned secret name, by removing the version suffix /-v\d+/

func Version 

func Version(secret corev1.Secret) (int, error)

Version returns the versioned secrets version from the labels

func VersionFromName 

func VersionFromName(name string) (int, error)

VersionFromName gets version from versioned secret name return -1 if not find valid version

func VersionedName 

func VersionedName(namePrefix string, version int) string

VersionedName returns a secret name with the version appended

Types

type SecretIdenticalError 

type SecretIdenticalError struct {
	// contains filtered or unexported fields
}

SecretIdenticalError indicates cases where the latest secret version is identical to the one to be created

func (SecretIdenticalError) Error 

func (e SecretIdenticalError) Error() string

type VersionedSecretImpl 

type VersionedSecretImpl struct {
	// contains filtered or unexported fields
}

VersionedSecretImpl contains the required fields to persist a secret

func NewClientsetVersionedSecretStore 

func NewClientsetVersionedSecretStore(clientset kubernetes.Interface) VersionedSecretImpl

NewClientsetVersionedSecretStore returns a VersionedSecretStore using a kubernetes.Clientset backend

func NewVersionedSecretStore 

func NewVersionedSecretStore(client client.Client) VersionedSecretImpl

NewVersionedSecretStore returns a VersionedSecretStore implementation to be used when working with desired secret secrets

func (VersionedSecretImpl) Create 

func (p VersionedSecretImpl) Create(ctx context.Context,
	namespace string,
	ownerName string,
	ownerID types.UID,
	ownerKind string,
	secretName string,
	secretData map[string]string,
	annotations map[string]string,
	labels map[string]string,
	sourceDescription string) error

Create creates a new version of the secret from secret data

func (VersionedSecretImpl) Decorate 

func (p VersionedSecretImpl) Decorate(ctx context.Context, namespace string, secretName string, key string, value string) error

Decorate adds a label to the latest version of the secret

func (VersionedSecretImpl) Delete 

func (p VersionedSecretImpl) Delete(ctx context.Context, namespace string, secretName string) error

Delete removes all versions of the secret and therefore the secret itself.

func (VersionedSecretImpl) Get 

func (p VersionedSecretImpl) Get(ctx context.Context, namespace string, deploymentName string, version int) (*corev1.Secret, error)

Get returns a specific version of the secret

func (VersionedSecretImpl) Latest 

func (p VersionedSecretImpl) Latest(ctx context.Context, namespace string, secretName string) (*corev1.Secret, error)

Latest returns the latest version of the secret

func (VersionedSecretImpl) List 

func (p VersionedSecretImpl) List(ctx context.Context, namespace string, secretName string) ([]corev1.Secret, error)

List returns all versions of the secret

func (VersionedSecretImpl) SetSecretReferences 

func (p VersionedSecretImpl) SetSecretReferences(ctx context.Context, namespace string, podSpec *corev1.PodSpec) error

SetSecretReferences update versioned secret references in pod spec

func (VersionedSecretImpl) VersionCount 

func (p VersionedSecretImpl) VersionCount(ctx context.Context, namespace string, secretName string) (int, error)

VersionCount returns the number of versions for this secret

type VersionedSecretStore 

type VersionedSecretStore interface {
	SetSecretReferences(ctx context.Context, namespace string, podSpec *corev1.PodSpec) error
	Create(ctx context.Context, namespace string, ownerName string, ownerID types.UID, ownerKind string, secretName string, secretData map[string]string, annotations map[string]string, labels map[string]string, sourceDescription string) error
	Get(ctx context.Context, namespace string, secretName string, version int) (*corev1.Secret, error)
	Latest(ctx context.Context, namespace string, secretName string) (*corev1.Secret, error)
	List(ctx context.Context, namespace string, secretName string) ([]corev1.Secret, error)
	VersionCount(ctx context.Context, namespace string, secretName string) (int, error)
	Delete(ctx context.Context, namespace string, secretName string) error
	Decorate(ctx context.Context, namespace string, secretName string, key string, value string) error
}

VersionedSecretStore is the interface to version secrets in Kubernetes

Each update to the secret results in a new persisted version. An existing persisted version of a secret cannot be altered or deleted. The deletion of a secret will result in the removal of all persisted version of that secret.

The version number is an integer that is incremented with each version of the secret, which the greatest number being the current/latest version.

When saving a new secret, a source description is required, which should explain the sources of the rendered secret, e.g. the location of the Custom Resource Definition that generated it.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.