Documentation
¶
Overview ¶
Package api provides value types and convenience functions around them for the secret-volume service.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KeyPair ¶
A KeyPair contains PEM encoded data for a Certificate and a PrivateKey.
func NewKeyPair ¶
NewKeyPair returns a new KeyPair by reading PEM data from the supplied cert and key files
func (KeyPair) ToCertificate ¶
func (k KeyPair) ToCertificate() (tls.Certificate, error)
ToCertificate builds a tls.Certificate from KeyPair PEM data.
type PEM ¶
type PEM string
PEM represents PEM encoded data. It is a string (rather than []byte) to prevent the JSON encoder further encoding it as a base64 string.
type SecretSource ¶
type SecretSource int
A SecretSource determines and denotes which secrets.Provider implementation a volume should use.
const ( // UnknownSecretSource volumes will not be handled. UnknownSecretSource SecretSource = iota // TalosSecretSource volumes will be handled by https://github.com/spotify/talos. TalosSecretSource )
func (SecretSource) MarshalJSON ¶
func (s SecretSource) MarshalJSON() ([]byte, error)
MarshalJSON returns a string representation of a SecretSource.
func (SecretSource) String ¶
func (s SecretSource) String() string
func (*SecretSource) UnmarshalJSON ¶
func (s *SecretSource) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals a SecretSource from its string representation.
type SecretType ¶
type SecretType int
A SecretType denotes the expected format of a secrets file, i.e. JSON or YAML.
const ( // UnknownSecretType files cannot be merged as we do not understand their // contents. UnknownSecretType SecretType = iota // JSONSecretType files are expected to contain a one dimensional JSON map. JSONSecretType // YAMLSecretType files are expected to contain a one dimensional YAML map. YAMLSecretType )
func (SecretType) String ¶
func (s SecretType) String() string
type Secrets ¶
type Secrets interface {
// Volume returns the Volume these Secrets were produced for.
Volume() *Volume
// Type returns the type of the
// Next advances to the next secrets file or directory.
Next() (*SecretsHeader, error)
// Read reads from the current secrets file, returning 0, io.EOF when that
// file has been consumed. Call Next to advance to the next secrets file.
Read([]byte) (int, error)
// Close closes any resources consumed by these Secrets.
Close() error
}
Secrets represents a set of secret files produced by a secrets.Producer. It provides a similar API to the stdlib tar package, with Next() returning a SecretsHeader for the next file or io.EOF when no files remain.
type SecretsHeader ¶
type SecretsHeader struct {
Path string
Type SecretType
FileInfo os.FileInfo
}
A SecretsHeader contains information about an individual secret file.
type Volume ¶
type Volume struct {
// ID is a unique identifier for the volume.
ID string
// Source determines which secrets.Provider will provide secrets for this
// volume.
Source SecretSource
// Tags may be passed to the secrets.Provider to request or filter specific
// secrets.
Tags url.Values
// The KeyPair is used for secrets.Providers that require authentication.
KeyPair KeyPair `json:"-"`
}
A Volume represents a 'secret volume' in which secrets for a particular resource (i.e. a Docker container) will be stored.
func ReadVolumeJSON ¶
ReadVolumeJSON creates a Volume by reading its JSON representation from the supplied io.Reader.
func ReadVolumeJSONWithKeyPair ¶
ReadVolumeJSONWithKeyPair is a variant of ReadVolumeFromJSON that includes the KeyPair. KeyPairs are only relevant at volume creation time, after which they are not persisted.
type Volumes ¶
type Volumes []*Volume
Volumes represents a slice of Volumes.
func ReadVolumesJSON ¶
ReadVolumesJSON creates Volumes by reading their JSON representation from the supplied io.Reader.
Source Files