Documentation
¶
Index ¶
- func GetAESPrefixTransformer(config *AESConfig) (value.PrefixTransformer, error)
- func GetPrefixTransformers(config *ResourceConfig) ([]value.PrefixTransformer, error)
- func GetTransformerOverrides(filepath string) (map[schema.GroupResource]value.Transformer, error)
- func ParseEncryptionConfiguration(f io.Reader) (map[schema.GroupResource]value.Transformer, error)
- type AESConfig
- type EncryptionConfig
- type IdentityConfig
- type Key
- type ProviderConfig
- type ResourceConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAESPrefixTransformer ¶
func GetAESPrefixTransformer(config *AESConfig) (value.PrefixTransformer, error)
GetAESPrefixTransformer returns a prefix transformer from the provided configuration
func GetPrefixTransformers ¶
func GetPrefixTransformers(config *ResourceConfig) ([]value.PrefixTransformer, error)
GetPrefixTransformer constructs and returns the appropriate prefix transformers for the passed resource using its configuration
func GetTransformerOverrides ¶
func GetTransformerOverrides(filepath string) (map[schema.GroupResource]value.Transformer, error)
GetTransformerOverrides returns the transformer overrides by reading and parsing the encryption provider configuration file
func ParseEncryptionConfiguration ¶
func ParseEncryptionConfiguration(f io.Reader) (map[schema.GroupResource]value.Transformer, error)
ParseEncryptionConfiguration parses configuration data and returns the transformer overrides
Types ¶
type AESConfig ¶
type AESConfig struct {
// keys is a list of keys to be used for creating the AES transformer.
Keys []Key `json:"keys"`
}
AESConfig contains the API configuration for an AES transformer.
type EncryptionConfig ¶
type EncryptionConfig struct {
// kind is the type of configuration file.
Kind string `json:"kind"`
// apiVersion is the API version this file has to be parsed as.
APIVersion string `json:"apiVersion"`
// resources is a list containing resources, and their corresponding encryption providers.
Resources []ResourceConfig `json:"resources"`
}
EncryptionConfig stores the complete configuration for encryption providers.
type IdentityConfig ¶
type IdentityConfig struct{}
IdentityConfig is an empty struct to allow identity transformer in provider configuration.
type Key ¶
type Key struct {
// name is the name of the key to be used while storing data to disk.
Name string `json:"name"`
// secret is the actual AES key, encoded in base64. It has to be 16, 24 or 32 bytes long.
Secret string `json:"secret"`
}
Key contains name and secret of the provided key for AES transformer.
type ProviderConfig ¶
type ProviderConfig struct {
// aes is the configuration for the AEAD-GCM transformer.
AES *AESConfig `json:"aes,omitempty"`
// identity is the (empty) configuration for the identity transformer.
Identity *IdentityConfig `json:"identity,omitempty"`
}
ProviderConfig stores the provided configuration for an encryption provider.
type ResourceConfig ¶
type ResourceConfig struct {
// resources is a list of kubernetes resources which have to be encrypted.
Resources []string `json:"resources"`
// providers is a list of transformers to be used for reading and writing the resources to disk.
// eg: aes, identity.
Providers []ProviderConfig `json:"providers"`
}
ResourceConfig stores per resource configuration.
Source Files