Documentation ¶
Index ¶
- Constants
- func AadEndpointForType(t esv1beta1.AzureEnvironmentType) string
- func FetchSAToken(ctx context.Context, ns, name string, audiences []string, ...) (string, error)
- func NewTokenProvider(ctx context.Context, token, clientID, tenantID, aadEndpoint, kvResource string) (adal.OAuthTokenProvider, error)
- type Azure
- func (a *Azure) Capabilities() esv1beta1.SecretStoreCapabilities
- func (a *Azure) Close(_ context.Context) error
- func (a *Azure) DeleteSecret(ctx context.Context, remoteRef esv1beta1.PushSecretRemoteRef) error
- func (a *Azure) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error)
- func (a *Azure) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error)
- func (a *Azure) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error)
- func (a *Azure) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Client, ...) (esv1beta1.SecretsClient, error)
- func (a *Azure) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error
- func (a *Azure) Validate() (esv1beta1.ValidationResult, error)
- func (a *Azure) ValidateStore(store esv1beta1.GenericStore) error
- type SecretClient
Constants ¶
const ( AzureDefaultAudience = "api://AzureADTokenExchange" AnnotationClientID = "azure.workload.identity/client-id" AnnotationTenantID = "azure.workload.identity/tenant-id" )
Variables ¶
This section is empty.
Functions ¶
func AadEndpointForType ¶ added in v0.6.0
func AadEndpointForType(t esv1beta1.AzureEnvironmentType) string
func FetchSAToken ¶ added in v0.6.0
func NewTokenProvider ¶ added in v0.6.0
Types ¶
type Azure ¶
type Azure struct {
// contains filtered or unexported fields
}
func (*Azure) Capabilities ¶ added in v0.7.0
func (a *Azure) Capabilities() esv1beta1.SecretStoreCapabilities
Capabilities return the provider supported capabilities (ReadOnly, WriteOnly, ReadWrite).
func (*Azure) DeleteSecret ¶ added in v0.7.0
func (*Azure) GetAllSecrets ¶ added in v0.5.0
func (a *Azure) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error)
Implements store.Client.GetAllSecrets Interface. Retrieves a map[string][]byte with the secret names as key and the secret itself as the calue.
func (*Azure) GetSecret ¶
func (a *Azure) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error)
Implements store.Client.GetSecret Interface. Retrieves a secret/Key/Certificate/Tag with the secret name defined in ref.Name The Object Type is defined as a prefix in the ref.Name , if no prefix is defined , we assume a secret is required.
func (*Azure) GetSecretMap ¶
func (a *Azure) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error)
Implements store.Client.GetSecretMap Interface. New version of GetSecretMap.
func (*Azure) NewClient ¶ added in v0.4.0
func (a *Azure) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Client, namespace string) (esv1beta1.SecretsClient, error)
NewClient constructs a new secrets client based on the provided store.
func (*Azure) PushSecret ¶ added in v0.7.0
func (a *Azure) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error
PushSecret stores secrets into a Key vault instance.
func (*Azure) Validate ¶ added in v0.4.2
func (a *Azure) Validate() (esv1beta1.ValidationResult, error)
func (*Azure) ValidateStore ¶ added in v0.5.0
func (a *Azure) ValidateStore(store esv1beta1.GenericStore) error
type SecretClient ¶
type SecretClient interface { GetKey(ctx context.Context, vaultBaseURL string, keyName string, keyVersion string) (result keyvault.KeyBundle, err error) GetSecret(ctx context.Context, vaultBaseURL string, secretName string, secretVersion string) (result keyvault.SecretBundle, err error) GetSecretsComplete(ctx context.Context, vaultBaseURL string, maxresults *int32) (result keyvault.SecretListResultIterator, err error) GetCertificate(ctx context.Context, vaultBaseURL string, certificateName string, certificateVersion string) (result keyvault.CertificateBundle, err error) SetSecret(ctx context.Context, vaultBaseURL string, secretName string, parameters keyvault.SecretSetParameters) (result keyvault.SecretBundle, err error) ImportKey(ctx context.Context, vaultBaseURL string, keyName string, parameters keyvault.KeyImportParameters) (result keyvault.KeyBundle, err error) ImportCertificate(ctx context.Context, vaultBaseURL string, certificateName string, parameters keyvault.CertificateImportParameters) (result keyvault.CertificateBundle, err error) DeleteCertificate(ctx context.Context, vaultBaseURL string, certificateName string) (result keyvault.DeletedCertificateBundle, err error) DeleteKey(ctx context.Context, vaultBaseURL string, keyName string) (result keyvault.DeletedKeyBundle, err error) DeleteSecret(ctx context.Context, vaultBaseURL string, secretName string) (result keyvault.DeletedSecretBundle, err error) }
interface to keyvault.BaseClient.