vault

package

v1.2.2 Latest Latest Go to latest Published: Sep 15, 2023 License: Apache-2.0 Imports: 28 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kiwicom/k8s-vault-operator

Links

Open Source Insights

Documentation ¶

Overview ¶

nolint

Index ¶

Constants
Variables
func NewClient(cfg AppConfig) (*vaultAPI.Client, error)
func NewSecret(ctx context.Context, vaultSecret *v1.VaultSecret, data Data) (*corev1.Secret, error)
type AppConfig
- func NewAppConfig() (AppConfig, error)
type AuthServiceAccount
- func NewAuthServiceAccount(vaultClient *vaultApi.Client, k8ClientSet *kubernetes.Clientset, ...) *AuthServiceAccount
- func (a *AuthServiceAccount) Token() (string, error)
type AuthToken
- func NewAuthToken(token string) AuthToken
- func (a AuthToken) Token() (string, error)
type Data
- func (d Data) AddNode(name string) (Data, error)
- func (d Data) AddSecrets(secrets Secrets) error
- func (d Data) ENV(separator string) (map[string]any, error)
- func (d Data) ENVString(separator string) ([]byte, error)
- func (d Data) JSON() ([]byte, error)
- func (d Data) Yaml() ([]byte, error)
type PathData
- func (pd *PathData) GetRelativePath(path string) string
type PathReader
- func (r *PathReader) Read(path string) (map[string]any, error)
type Reader
- func NewReader(tokener Tokener, secret *v1.VaultSecret, logger logr.Logger, cfg *AppConfig) (*Reader, error)
- func (r *Reader) GetData() Data
- func (r *Reader) ReadData() error
- func (r *Reader) WriteData(w io.Writer, format string) error
type Secrets
type Tokener

Constants ¶

View Source

const (
	TypeJSON = "json"
	TypeEnv  = "env"
	TypeYaml = "yaml"
)

View Source

const (
	ManagedByLabel = "vault-secret-operator"
)

Variables ¶

View Source

var (
	ErrNotFound = errors.New("path doesn't exist")
	ErrEmpty    = errors.New("path is empty")
)

Functions ¶

func NewClient ¶

func NewClient(cfg AppConfig) (*vaultAPI.Client, error)

func NewSecret ¶

func NewSecret(ctx context.Context, vaultSecret *v1.VaultSecret, data Data) (*corev1.Secret, error)

Types ¶

type AppConfig ¶

type AppConfig struct {
	LogLevel                string        `koanf:"log_level"`
	ClientTimeout           time.Duration `koanf:"client_timeout"`
	ClientMaxRetries        int           `koanf:"client_max_retries"`
	DefaultSAAuthPath       string        `koanf:"default_sa_auth_path"`
	DefaultSAName           string        `koanf:"default_sa_name"`
	DefaultReconcilePeriod  string        `koanf:"default_reconcile_period"`
	OperatorRole            string        `koanf:"operator_role"`
	Role                    string        `koanf:"role"`
	DefaultVaultAddr        string        `koanf:"vault_addr"`
	MaxConcurrentReconciles int           `koanf:"max_concurrent_reconciles"`
	RefreshTokenBefore      time.Duration `koanf:"refresh_token_before"`
}

func NewAppConfig ¶

func NewAppConfig() (AppConfig, error)

type AuthServiceAccount ¶

type AuthServiceAccount struct {
	// contains filtered or unexported fields
}

func NewAuthServiceAccount ¶

func NewAuthServiceAccount(vaultClient *vaultApi.Client, k8ClientSet *kubernetes.Clientset,
	name, namespace, role, path string, automount bool, refreshTokenBefore time.Duration) *AuthServiceAccount

func (*AuthServiceAccount) Token ¶

func (a *AuthServiceAccount) Token() (string, error)

type AuthToken ¶

type AuthToken struct {
	// contains filtered or unexported fields
}

func NewAuthToken ¶

func NewAuthToken(token string) AuthToken

func (AuthToken) Token ¶

func (a AuthToken) Token() (string, error)

type Data ¶

type Data map[string]any

Data is a map of any, because the value can be either Data, Secrets or a string

func (Data) AddNode ¶

func (d Data) AddNode(name string) (Data, error)

func (Data) AddSecrets ¶

func (d Data) AddSecrets(secrets Secrets) error

AddSecrets is used to add multiple key=value pairs to Data

func (Data) ENV ¶

func (d Data) ENV(separator string) (map[string]any, error)

func (Data) ENVString ¶

func (d Data) ENVString(separator string) ([]byte, error)

func (Data) JSON ¶

func (d Data) JSON() ([]byte, error)

func (Data) Yaml ¶

func (d Data) Yaml() ([]byte, error)

type PathData ¶

type PathData struct {
	BasePath string             `json:"base_path"`
	Prefix   string             `json:"prefix"`
	Paths    map[string]Secrets `json:"paths"`
}

func (*PathData) GetRelativePath ¶

func (pd *PathData) GetRelativePath(path string) string

type PathReader ¶

type PathReader struct {
	Client *api.Client
	// contains filtered or unexported fields
}

func (*PathReader) Read ¶

func (r *PathReader) Read(path string) (map[string]any, error)

type Reader ¶

type Reader struct {
	// contains filtered or unexported fields
}

func NewReader ¶

func NewReader(tokener Tokener, secret *v1.VaultSecret, logger logr.Logger, cfg *AppConfig) (*Reader, error)

func (*Reader) GetData ¶

func (r *Reader) GetData() Data

func (*Reader) ReadData ¶

func (r *Reader) ReadData() error

func (*Reader) WriteData ¶

func (r *Reader) WriteData(w io.Writer, format string) error

WriteData takes an io.Reader and writes bytes in the specified output format

type Secrets ¶

type Secrets map[string]any

type Tokener ¶

type Tokener interface {
	Token() (string, error)
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL