vault

package

v1.3.0 Latest Latest Go to latest Published: May 21, 2024 License: Apache-2.0 Imports: 29 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kiwicom/k8s-vault-operator

Links

Open Source Insights

Documentation ¶

Overview ¶

nolint

Index ¶

Constants
Variables
func NewClient(cfg AppConfig) (*vaultAPI.Client, error)
func NewSecret(ctx context.Context, vaultSecret *v1.VaultSecret, data Data) (*corev1.Secret, error)
type AppConfig
- func NewAppConfig() (AppConfig, error)
type AuthServiceAccount
- func NewAuthServiceAccount(vaultClient *vaultApi.Client, k8ClientSet *kubernetes.Clientset, ...) *AuthServiceAccount
- func (a *AuthServiceAccount) Token() (string, error)
type AuthToken
- func NewAuthToken(token string) AuthToken
- func (a AuthToken) Token() (string, error)
type Data
- func (d Data) AddNode(name string) (Data, error)
- func (d Data) AddSecrets(secrets Secrets) error
- func (d Data) ENV(separator string) (map[string]any, error)
- func (d Data) ENVString(separator string) ([]byte, error)
- func (d Data) JSON() ([]byte, error)
- func (d Data) Yaml() ([]byte, error)
type PathData
- func (pd *PathData) GetRelativePath(path string) string
type PathReader
- func (r *PathReader) Read(ctx context.Context, path string) (map[string]any, error)
type Reader
- func NewReader(tokener Tokener, secret *v1.VaultSecret, logger logr.Logger, cfg *AppConfig) (*Reader, error)
- func (r *Reader) GetData() Data
- func (r *Reader) ReadData(ctx context.Context) error
- func (r *Reader) WriteData(w io.Writer, format string) error
type Secrets
type Tokener

Constants ¶

View Source

const (
	TypeJSON = "json"
	TypeEnv  = "env"
	TypeYaml = "yaml"
)

View Source

const (
	ManagedByLabel = "vault-secret-operator"
)

Variables ¶

View Source

var (
	ErrNotFound = errors.New("path doesn't exist")
	ErrEmpty    = errors.New("path is empty")
)

Functions ¶

func NewClient ¶

func NewClient(cfg AppConfig) (*vaultAPI.Client, error)

func NewSecret ¶

func NewSecret(ctx context.Context, vaultSecret *v1.VaultSecret, data Data) (*corev1.Secret, error)

Types ¶

type AppConfig ¶

type AppConfig struct {
	LogLevel                string        `koanf:"log_level"`
	ClientTimeout           time.Duration `koanf:"client_timeout"`
	ClientMaxRetries        int           `koanf:"client_max_retries"`
	DefaultSAAuthPath       string        `koanf:"default_sa_auth_path"`
	DefaultSAName           string        `koanf:"default_sa_name"`
	DefaultReconcilePeriod  string        `koanf:"default_reconcile_period"`
	OperatorRole            string        `koanf:"operator_role"`
	Role                    string        `koanf:"role"`
	DefaultVaultAddr        string        `koanf:"vault_addr"`
	MaxConcurrentReconciles int           `koanf:"max_concurrent_reconciles"`
	RefreshTokenBefore      time.Duration `koanf:"refresh_token_before"`
}

func NewAppConfig ¶

func NewAppConfig() (AppConfig, error)

type AuthServiceAccount ¶

type AuthServiceAccount struct {
	// contains filtered or unexported fields
}

func NewAuthServiceAccount ¶

func NewAuthServiceAccount(vaultClient *vaultApi.Client, k8ClientSet *kubernetes.Clientset,
	name, namespace, role, path string, automount bool, refreshTokenBefore time.Duration) *AuthServiceAccount

func (*AuthServiceAccount) Token ¶

func (a *AuthServiceAccount) Token() (string, error)

type AuthToken ¶

type AuthToken struct {
	// contains filtered or unexported fields
}

func NewAuthToken ¶

func NewAuthToken(token string) AuthToken

func (AuthToken) Token ¶

func (a AuthToken) Token() (string, error)

type Data ¶

type Data map[string]any

Data is a map of any, because the value can be either Data, Secrets or a string

func (Data) AddNode ¶

func (d Data) AddNode(name string) (Data, error)

func (Data) AddSecrets ¶

func (d Data) AddSecrets(secrets Secrets) error

AddSecrets is used to add multiple key=value pairs to Data

func (Data) ENV ¶

func (d Data) ENV(separator string) (map[string]any, error)

func (Data) ENVString ¶

func (d Data) ENVString(separator string) ([]byte, error)

func (Data) JSON ¶

func (d Data) JSON() ([]byte, error)

func (Data) Yaml ¶

func (d Data) Yaml() ([]byte, error)

type PathData ¶

type PathData struct {
	BasePath string             `json:"base_path"`
	Prefix   string             `json:"prefix"`
	Paths    map[string]Secrets `json:"paths"`
}

func (*PathData) GetRelativePath ¶

func (pd *PathData) GetRelativePath(path string) string

type PathReader ¶

type PathReader struct {
	Client *api.Client
	// contains filtered or unexported fields
}

func (*PathReader) Read ¶

func (r *PathReader) Read(ctx context.Context, path string) (map[string]any, error)

type Reader ¶

type Reader struct {
	// contains filtered or unexported fields
}

func NewReader ¶

func NewReader(tokener Tokener, secret *v1.VaultSecret, logger logr.Logger, cfg *AppConfig) (*Reader, error)

func (*Reader) GetData ¶

func (r *Reader) GetData() Data

func (*Reader) ReadData ¶

func (r *Reader) ReadData(ctx context.Context) error

func (*Reader) WriteData ¶

func (r *Reader) WriteData(w io.Writer, format string) error

WriteData takes an io.Reader and writes bytes in the specified output format

type Secrets ¶

type Secrets map[string]any

type Tokener ¶

type Tokener interface {
	Token() (string, error)
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL