Documentation ¶
Overview ¶
Package api provides value types and convenience functions around them for the secret-volume service.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KeyPair ¶
A KeyPair contains PEM encoded data for a Certificate and a PrivateKey.
func NewKeyPair ¶
NewKeyPair returns a new KeyPair by reading PEM data from the supplied cert and key files
func (KeyPair) ToCertificate ¶
func (k KeyPair) ToCertificate() (tls.Certificate, error)
ToCertificate builds a tls.Certificate from KeyPair PEM data.
type PEM ¶
type PEM string
PEM represents PEM encoded data. It is a string (rather than []byte) to prevent the JSON encoder further encoding it as a base64 string.
type SecretSource ¶
type SecretSource int
A SecretSource determines and denotes which secrets.Provider implementation a volume should use.
const ( // UnknownSecretSource volumes will not be handled. UnknownSecretSource SecretSource = iota // TalosSecretSource volumes will be handled by https://github.com/spotify/talos. TalosSecretSource )
func (SecretSource) MarshalJSON ¶
func (s SecretSource) MarshalJSON() ([]byte, error)
MarshalJSON returns a string representation of a SecretSource.
func (SecretSource) String ¶
func (s SecretSource) String() string
func (*SecretSource) UnmarshalJSON ¶
func (s *SecretSource) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals a SecretSource from its string representation.
type SecretType ¶
type SecretType int
A SecretType denotes the expected format of a secrets file, i.e. JSON or YAML.
const ( // UnknownSecretType files cannot be merged as we do not understand their // contents. UnknownSecretType SecretType = iota // JSONSecretType files are expected to contain a one dimensional JSON map. JSONSecretType // YAMLSecretType files are expected to contain a one dimensional YAML map. YAMLSecretType )
func (SecretType) String ¶
func (s SecretType) String() string
type Secrets ¶
type Secrets interface { // Volume returns the Volume these Secrets were produced for. Volume() *Volume // Type returns the type of the // Next advances to the next secrets file or directory. Next() (*SecretsHeader, error) // Read reads from the current secrets file, returning 0, io.EOF when that // file has been consumed. Call Next to advance to the next secrets file. Read([]byte) (int, error) // Close closes any resources consumed by these Secrets. Close() error }
Secrets represents a set of secret files produced by a secrets.Producer. It provides a similar API to the stdlib tar package, with Next() returning a SecretsHeader for the next file or io.EOF when no files remain.
type SecretsHeader ¶
type SecretsHeader struct { Path string Type SecretType FileInfo os.FileInfo }
A SecretsHeader contains information about an individual secret file.
type Volume ¶
type Volume struct { // ID is a unique identifier for the volume. ID string // Source determines which secrets.Provider will provide secrets for this // volume. Source SecretSource // Tags may be passed to the secrets.Provider to request or filter specific // secrets. Tags url.Values // The KeyPair is used for secrets.Providers that require authentication. KeyPair KeyPair `json:"-"` }
A Volume represents a 'secret volume' in which secrets for a particular resource (i.e. a Docker container) will be stored.
func ReadVolumeJSON ¶
ReadVolumeJSON creates a Volume by reading its JSON representation from the supplied io.Reader.
func ReadVolumeJSONWithKeyPair ¶
ReadVolumeJSONWithKeyPair is a variant of ReadVolumeFromJSON that includes the KeyPair. KeyPairs are only relevant at volume creation time, after which they are not persisted.
type Volumes ¶
type Volumes []*Volume
Volumes represents a slice of Volumes.
func ReadVolumesJSON ¶
ReadVolumesJSON creates Volumes by reading their JSON representation from the supplied io.Reader.