broker

package
v1.221.0-rc.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 2, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package broker provides a registry of credential brokers: extension points that lazily provision credentials from the ambient environment (not claimed by any stack) and contribute environment variables for remote git and subprocess operations.

A broker is registered once at startup (typically from an implementer package's init()) and is consulted the first time Atmos performs a remote read (go-getter fetch) or spawns a credential-bearing subprocess (terraform/helmfile/packer). Atmos Pro's github/sts integration is the first broker; future brokers (e.g., a Vault git-token broker) plug in here without touching the downloader or the command layer.

This package intentionally depends only on the standard library, the schema package, and the logger so that low-level packages (e.g., pkg/downloader) can import it without creating an import cycle back through pkg/auth.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EnsureCredentials 

func EnsureCredentials(ctx context.Context, atmosConfig *schema.AtmosConfiguration)

EnsureCredentials runs every enabled broker exactly once per process and exports each broker's contributed environment variables into the current process via os.Setenv, so that Atmos's own go-getter git subprocesses and any downstream terraform/helmfile/packer subprocesses (whose environments start from os.Environ()) transparently pick them up.

It is best-effort: a broker that is not enabled is skipped, and a broker that errors is logged at debug and skipped — the in-progress remote read then proceeds and fails naturally if the credentials were truly required.

func Register 

func Register(p Provider)

Register adds a credential broker to the registry. It is safe to call from init().

Types

type Provider 

type Provider interface {
	// Name returns a stable identifier for the broker (used only for logging).
	Name() string

	// Enabled reports whether this broker should run given the current configuration
	// and environment. Implementations gate on cheap signals (e.g., CI detection and
	// the presence of the relevant auth config) and must not perform network calls.
	Enabled(atmosConfig *schema.AtmosConfiguration) bool

	// Provision provisions credentials and returns environment variables to export
	// into the current process. Returning an empty map is a valid no-op outcome.
	// Token values must never be logged by the implementation.
	Provision(ctx context.Context, atmosConfig *schema.AtmosConfiguration) (map[string]string, error)
}

Provider is a credential broker. Implementers register themselves via Register (usually from an init() function) and are consulted by EnsureCredentials.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.