Documentation

Index

Constants

This section is empty.

Variables

View Source
var CITest = UnicredsConfig{UnicredsPath: &ciTestPath, UnicredsAlias: ciTestKey}

    CITest is the ci-test unicreds config

    View Source
    var Development = UnicredsConfig{UnicredsPath: &devPath, UnicredsAlias: devKey}

      Development is the dev unicreds config

      View Source
      var Production = UnicredsConfig{UnicredsPath: &prodPath, UnicredsAlias: prodKey}

        Production is the production unicreds config

        View Source
        var Region string

          Region is default region for unicreds config

          Functions

          func Stores

          func Stores() map[string]SecretStore

            Stores returns all implemented SecretStores

            Types

            type AuthenticationError

            type AuthenticationError struct{}

              AuthenticationError occurs when the given credentials fail to access the secret store

              func (*AuthenticationError) Error

              func (e *AuthenticationError) Error() string

              type AuthorizationError

              type AuthorizationError struct {
              	Identifier SecretIdentifier
              }

                AuthorizationError occurs when a user lacks sufficient access to interact with a Secret (read-only? read/write?)

                func (*AuthorizationError) Error

                func (e *AuthorizationError) Error() string

                type ByIDString

                type ByIDString []SecretIdentifier

                  ByIDString allows sorting SecretIdentifiers by Key

                  func (ByIDString) Len

                  func (s ByIDString) Len() int

                  func (ByIDString) Less

                  func (s ByIDString) Less(i, j int) bool

                  func (ByIDString) Swap

                  func (s ByIDString) Swap(i, j int)

                  type Credentials

                  type Credentials map[string]string

                    Credentials needed to authenticate with secrets backend, such as a token

                    type CurrentDeployError

                    type CurrentDeployError struct {
                    	Identifier string
                    }

                      CurrentDeployError occurs when a parameter name has suffix current-deploy. Such parameters are private to catapult service and should not be surfaced via interface

                      func (*CurrentDeployError) Error

                      func (e *CurrentDeployError) Error() string

                      type Environment

                      type Environment int

                        Environment is an Enum to access different Stealth stores

                        const (
                        	// ProductionEnvironment is an index for prod
                        	ProductionEnvironment Environment = iota
                        	// DevelopmentEnvironment is an index for dev
                        	DevelopmentEnvironment
                        	// CITestEnvironment is an index for ci-test
                        	CITestEnvironment
                        )

                        type IdentifierAlreadyExistsError

                        type IdentifierAlreadyExistsError struct {
                        	Identifier SecretIdentifier
                        }

                          IdentifierAlreadyExistsError occurs when Create is called and an identifier already exists

                          func (*IdentifierAlreadyExistsError) Error

                          type IdentifierNotFoundError

                          type IdentifierNotFoundError struct {
                          	Identifier SecretIdentifier
                          	Region     string
                          }

                            IdentifierNotFoundError occurs when a secret identifier cannot be found (during Read, History, Update)

                            func (*IdentifierNotFoundError) Error

                            func (e *IdentifierNotFoundError) Error() string

                            type InvalidEnvironmentError

                            type InvalidEnvironmentError struct {
                            	Identifier string
                            }

                              InvalidEnvironmentError occurs when a parameter name is using non-compatible environment name

                              func (*InvalidEnvironmentError) Error

                              func (e *InvalidEnvironmentError) Error() string

                              type InvalidIdentifierError

                              type InvalidIdentifierError struct {
                              	Identifier SecretIdentifier
                              }

                                InvalidIdentifierError occurs when a malformed identifier argument is given to a SecretStore method

                                func (*InvalidIdentifierError) Error

                                func (e *InvalidIdentifierError) Error() string

                                type MalformedVersionError

                                type MalformedVersionError struct {
                                	Identifier       SecretIdentifier
                                	MalformedVersion string
                                }

                                  MalformedVersionError occurs when a secret version is malformed

                                  func (*MalformedVersionError) Error

                                  func (e *MalformedVersionError) Error() string

                                  type MemoryStore

                                  type MemoryStore struct {
                                  	// contains filtered or unexported fields
                                  }

                                    MemoryStore is an in-memory secret store, for testing

                                    func (*MemoryStore) Create

                                    func (s *MemoryStore) Create(id SecretIdentifier, value string) error

                                      Create creates a secret in the store

                                      func (*MemoryStore) Delete

                                      func (s *MemoryStore) Delete(id SecretIdentifier) error

                                        Delete deletes all versions of a secret

                                        func (*MemoryStore) History

                                        func (s *MemoryStore) History(id SecretIdentifier) ([]SecretMeta, error)

                                          History gets all historical versions of a secret

                                          func (*MemoryStore) List

                                          func (s *MemoryStore) List(env Environment, service string) ([]SecretIdentifier, error)

                                            List gets all secret identifiers within a namespace

                                            func (*MemoryStore) ListAll

                                            func (s *MemoryStore) ListAll(env Environment) ([]SecretIdentifier, error)

                                              ListAll gets all secret identifiers within an environment

                                              func (*MemoryStore) Read

                                              func (s *MemoryStore) Read(id SecretIdentifier) (Secret, error)

                                                Read a secret from the store

                                                func (*MemoryStore) ReadVersion

                                                func (s *MemoryStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)

                                                  ReadVersion reads a version of a secret

                                                  func (*MemoryStore) Update

                                                  func (s *MemoryStore) Update(id SecretIdentifier, value string) (Secret, error)

                                                    Update updates a secret in the secret store

                                                    type MockStore

                                                    type MockStore struct{}

                                                      MockStore is a mocked secret store, for testing

                                                      func (*MockStore) Create

                                                      func (s *MockStore) Create(id SecretIdentifier, value string) error

                                                        Create (no-op) mocks creating a secret

                                                        func (*MockStore) Delete

                                                        func (s *MockStore) Delete(id SecretIdentifier) error

                                                          Delete (no-op) mocks deleting all versions of a secret

                                                          func (*MockStore) History

                                                          func (s *MockStore) History(id SecretIdentifier) ([]SecretMeta, error)

                                                            History (no-op) mocks retrieving historical versions of a secret

                                                            func (*MockStore) List

                                                            func (s *MockStore) List(env Environment, service string) ([]SecretIdentifier, error)

                                                              List (no-op) mocks listing all secrets in a namespace

                                                              func (*MockStore) ListAll

                                                              func (s *MockStore) ListAll(env Environment) ([]SecretIdentifier, error)

                                                                ListAll (no-op) mocks listing all secrets in an environment

                                                                func (*MockStore) Read

                                                                func (s *MockStore) Read(id SecretIdentifier) (Secret, error)

                                                                  Read (no-op) mocks reading a secret

                                                                  func (*MockStore) ReadVersion

                                                                  func (s *MockStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)

                                                                    ReadVersion (no-op) mocks reading a version of a secret

                                                                    func (*MockStore) Update

                                                                    func (s *MockStore) Update(id SecretIdentifier, value string) (Secret, error)

                                                                      Update (no-op) mocks updating a secret

                                                                      type ParameterStore

                                                                      type ParameterStore struct {
                                                                      	// contains filtered or unexported fields
                                                                      }

                                                                        ParameterStore is a secret store that uses AWS SSM Parameter store

                                                                        func NewParameterStore

                                                                        func NewParameterStore(maxResultsToQuery int64) *ParameterStore

                                                                          NewParameterStore creates a secret store that points at ParameterStore

                                                                          func (*ParameterStore) Create

                                                                          func (s *ParameterStore) Create(id SecretIdentifier, value string) error

                                                                            Create creates a Secret in the secret store. Version is guaranteed to be zero if no error is returned.

                                                                            func (*ParameterStore) Delete

                                                                            func (s *ParameterStore) Delete(id SecretIdentifier) error

                                                                              Delete deletes all versions of a secret

                                                                              func (*ParameterStore) History

                                                                              func (s *ParameterStore) History(id SecretIdentifier) ([]SecretMeta, error)

                                                                                History gets history for a secret, returning all versions from the store.

                                                                                func (*ParameterStore) List

                                                                                func (s *ParameterStore) List(env Environment, service string) ([]SecretIdentifier, error)

                                                                                  List gets secrets within a namespace (env/service)>

                                                                                  func (*ParameterStore) ListAll

                                                                                  func (s *ParameterStore) ListAll(env Environment) ([]SecretIdentifier, error)

                                                                                    ListAll gets all secrets within a environment (env)>

                                                                                    func (*ParameterStore) Read

                                                                                      Read a Secret from the store. Returns the latest version of the secret.

                                                                                      func (*ParameterStore) ReadVersion

                                                                                      func (s *ParameterStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)

                                                                                        ReadVersion reads a specific version of a secret from the store. Version is 0-indexed

                                                                                        func (*ParameterStore) Update

                                                                                        func (s *ParameterStore) Update(id SecretIdentifier, value string) (Secret, error)

                                                                                          Update updates a Secret from the store and increments version number.

                                                                                          type Secret

                                                                                          type Secret struct {
                                                                                          	// Data is the actual secret value
                                                                                          	Data string `json:"data"`
                                                                                          	// Meta is the information about the secret
                                                                                          	Meta SecretMeta `json:"meta"`
                                                                                          }

                                                                                            Secret is the unit the secret store

                                                                                            type SecretIdentifier

                                                                                            type SecretIdentifier struct {
                                                                                            	Environment  Environment
                                                                                            	Service, Key string
                                                                                            }

                                                                                              SecretIdentifier is a lookup key for a secret, including the production flag, the service name, and the specific key

                                                                                              func GetRandomTestSecretIdentifier

                                                                                              func GetRandomTestSecretIdentifier() SecretIdentifier

                                                                                                GetRandomTestSecretIdentifier returns a random key in the ci-test environment

                                                                                                func (SecretIdentifier) EnvironmentString

                                                                                                func (id SecretIdentifier) EnvironmentString() string

                                                                                                  EnvironmentString returns the environment used for the secret identifier, as a string

                                                                                                  func (SecretIdentifier) String

                                                                                                  func (id SecretIdentifier) String() string

                                                                                                    String() returns the key used for the secret identifier

                                                                                                    type SecretMeta

                                                                                                    type SecretMeta struct {
                                                                                                    	Created    time.Time `json:"created"`
                                                                                                    	Expiration time.Time `json:"expiration"`
                                                                                                    	Version    int       `json:"version"`
                                                                                                    }

                                                                                                      SecretMeta is metadata to manage a secret

                                                                                                      type SecretStore

                                                                                                      type SecretStore interface {
                                                                                                      	// Creates a Secret in the secret store. Version is guaranteed to be zero if no error is returned.
                                                                                                      	Create(id SecretIdentifier, value string) error
                                                                                                      
                                                                                                      	// Read a Secret from the store. Returns the latest version of the secret.
                                                                                                      	Read(id SecretIdentifier) (Secret, error)
                                                                                                      
                                                                                                      	// ReadVersion reads a specific version of a secret from the store.
                                                                                                      	// Version is 0-indexed
                                                                                                      	ReadVersion(id SecretIdentifier, version int) (Secret, error)
                                                                                                      
                                                                                                      	// Updates a Secret from the store and increments version number.
                                                                                                      	Update(id SecretIdentifier, value string) (Secret, error)
                                                                                                      
                                                                                                      	// List gets secrets within a namespace (env/service)>
                                                                                                      	List(env Environment, service string) ([]SecretIdentifier, error)
                                                                                                      
                                                                                                      	// ListAll gets all secrets within a environment (env)>
                                                                                                      	ListAll(env Environment) ([]SecretIdentifier, error)
                                                                                                      
                                                                                                      	// History gets history for a secret, returning all versions from the store.
                                                                                                      	History(id SecretIdentifier) ([]SecretMeta, error)
                                                                                                      
                                                                                                      	// Delete deletes all versions of a secret
                                                                                                      	Delete(id SecretIdentifier) error
                                                                                                      }

                                                                                                        SecretStore is the CRUD-like interface for Secrets

                                                                                                        func NewMemoryStore

                                                                                                        func NewMemoryStore() SecretStore

                                                                                                          NewMemoryStore creates an in-memory secret store

                                                                                                          func NewMockStore

                                                                                                          func NewMockStore() SecretStore

                                                                                                            NewMockStore creates a mock secret store, with all no-op methods.

                                                                                                            type UnicredsConfig

                                                                                                            type UnicredsConfig struct {
                                                                                                            	UnicredsPath  *string
                                                                                                            	UnicredsAlias string
                                                                                                            }

                                                                                                              UnicredsConfig stores the configuration for a unicreds KMS and DynamoDB

                                                                                                              type UnicredsStore

                                                                                                              type UnicredsStore struct {
                                                                                                              	Environments map[Environment]UnicredsConfig
                                                                                                              	Region       string
                                                                                                              }

                                                                                                                UnicredsStore is a secret store pointing at a prod and dev unicreds (https://github.com/Clever/unicreds) backend

                                                                                                                func NewUnicredsStore

                                                                                                                func NewUnicredsStore() *UnicredsStore

                                                                                                                  NewUnicredsStore creates a secret store that points at DynamoDB and KMS AWS resources

                                                                                                                  func (*UnicredsStore) Create

                                                                                                                  func (s *UnicredsStore) Create(id SecretIdentifier, value string) error

                                                                                                                    Create creates a key in the unicreds store

                                                                                                                    func (*UnicredsStore) Delete

                                                                                                                    func (s *UnicredsStore) Delete(id SecretIdentifier) error

                                                                                                                      Delete deletes all versions of a secret from the secret store. Note that this is a Unicreds-only function - not part of the SecretStore interface.

                                                                                                                      func (*UnicredsStore) History

                                                                                                                      func (s *UnicredsStore) History(id SecretIdentifier) ([]SecretMeta, error)

                                                                                                                        History returns all versions of a secret

                                                                                                                        func (*UnicredsStore) List

                                                                                                                        func (s *UnicredsStore) List(env Environment, service string) ([]SecretIdentifier, error)

                                                                                                                          List gets all secrets in a namespace

                                                                                                                          func (*UnicredsStore) ListAll

                                                                                                                          func (s *UnicredsStore) ListAll(env Environment) ([]SecretIdentifier, error)

                                                                                                                            ListAll gets all secrets in an environment. Note that this is a Unicreds-only function - not part of the SecretStore interface.

                                                                                                                            func (*UnicredsStore) Read

                                                                                                                            func (s *UnicredsStore) Read(id SecretIdentifier) (Secret, error)

                                                                                                                              Read reads the latest version of the secret

                                                                                                                              func (*UnicredsStore) ReadVersion

                                                                                                                              func (s *UnicredsStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)

                                                                                                                                ReadVersion reads a version of a secret

                                                                                                                                func (*UnicredsStore) Update

                                                                                                                                func (s *UnicredsStore) Update(id SecretIdentifier, value string) (Secret, error)

                                                                                                                                  Update writes a new version of the key

                                                                                                                                  type VersionNotFoundError

                                                                                                                                  type VersionNotFoundError struct {
                                                                                                                                  	Identifier SecretIdentifier
                                                                                                                                  	Version    int
                                                                                                                                  }

                                                                                                                                    VersionNotFoundError occurs when a secret version cannot be found (during ReadVersion)

                                                                                                                                    func (*VersionNotFoundError) Error

                                                                                                                                    func (e *VersionNotFoundError) Error() string

                                                                                                                                    Directories

                                                                                                                                    Path Synopsis