secrets

package

v1.12.5 Latest Latest Go to latest Published: Oct 19, 2022 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nginxinc/kubernetes-ingress

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func IsSupportedSecretType(secretType api_v1.SecretType) bool
func ValidateCASecret(secret *api_v1.Secret) error
func ValidateJWKSecret(secret *api_v1.Secret) error
func ValidateOIDCSecret(secret *api_v1.Secret) error
func ValidateSecret(secret *api_v1.Secret) error
func ValidateTLSSecret(secret *api_v1.Secret) error
type FakeSecretStore
- func NewEmptyFakeSecretsStore() *FakeSecretStore
- func NewFakeSecretsStore(secrets map[string]*SecretReference) *FakeSecretStore
type LocalSecretStore
- func NewLocalSecretStore(manager SecretFileManager) *LocalSecretStore
type SecretFileManager
type SecretReference
type SecretStore

Constants ¶

View Source

const CAKey = "ca.crt"

CAKey is the key of the data field of a Secret where the certificate authority must be stored.

View Source

const ClientSecretKey = "client-secret"

ClientSecretKey is the key of the data field of a Secret where the OIDC client secret must be stored.

View Source

const JWTKeyKey = "jwk"

JWTKeyKey is the key of the data field of a Secret where the JWK must be stored.

View Source

const SecretTypeCA api_v1.SecretType = "nginx.org/ca"

SecretTypeCA contains a certificate authority for TLS certificate verification. #nosec G101

View Source

const SecretTypeJWK api_v1.SecretType = "nginx.org/jwk"

SecretTypeJWK contains a JWK (JSON Web Key) for validating JWTs (JSON Web Tokens). #nosec G101

View Source

const SecretTypeOIDC api_v1.SecretType = "nginx.org/oidc"

SecretTypeOIDC contains an OIDC client secret for use in oauth flows. #nosec G101

Variables ¶

This section is empty.

Functions ¶

func IsSupportedSecretType ¶

func IsSupportedSecretType(secretType api_v1.SecretType) bool

IsSupportedSecretType checks if the secret type is supported.

func ValidateCASecret ¶

func ValidateCASecret(secret *api_v1.Secret) error

ValidateCASecret validates the secret. If it is valid, the function returns nil.

func ValidateJWKSecret ¶

func ValidateJWKSecret(secret *api_v1.Secret) error

ValidateJWKSecret validates the secret. If it is valid, the function returns nil.

func ValidateOIDCSecret ¶

func ValidateOIDCSecret(secret *api_v1.Secret) error

ValidateOIDCSecret validates the secret. If it is valid, the function returns nil.

func ValidateSecret ¶

func ValidateSecret(secret *api_v1.Secret) error

ValidateSecret validates the secret. If it is valid, the function returns nil.

func ValidateTLSSecret ¶

func ValidateTLSSecret(secret *api_v1.Secret) error

ValidateTLSSecret validates the secret. If it is valid, the function returns nil.

Types ¶

type FakeSecretStore ¶

type FakeSecretStore struct {
	// contains filtered or unexported fields
}

FakeSecretStore is a fake implementation of SecretStore.

func NewEmptyFakeSecretsStore ¶ added in v1.12.0

func NewEmptyFakeSecretsStore() *FakeSecretStore

NewEmptyFakeSecretsStore creates a new empty FakeSecretStore.

func NewFakeSecretsStore ¶

func NewFakeSecretsStore(secrets map[string]*SecretReference) *FakeSecretStore

NewFakeSecretsStore creates a new FakeSecretStore.

func (*FakeSecretStore) AddOrUpdateSecret ¶

func (s *FakeSecretStore) AddOrUpdateSecret(secret *api_v1.Secret)

AddOrUpdateSecret is a fake implementation of AddOrUpdateSecret.

func (*FakeSecretStore) DeleteSecret ¶

func (s *FakeSecretStore) DeleteSecret(key string)

DeleteSecret is a fake implementation of DeleteSecret.

func (*FakeSecretStore) GetSecret ¶

func (s *FakeSecretStore) GetSecret(key string) *SecretReference

GetSecret is a fake implementation of GetSecret.

type LocalSecretStore ¶

type LocalSecretStore struct {
	// contains filtered or unexported fields
}

LocalSecretStore implements SecretStore interface. It validates the secrets and manages them on the file system (via SecretFileManager).

func NewLocalSecretStore ¶

func NewLocalSecretStore(manager SecretFileManager) *LocalSecretStore

NewLocalSecretStore creates a new LocalSecretStore.

func (*LocalSecretStore) AddOrUpdateSecret ¶

func (s *LocalSecretStore) AddOrUpdateSecret(secret *api_v1.Secret)

AddOrUpdateSecret adds or updates a secret. The secret will only be updated on the file system if it is valid and if it is already on the file system. If the secret becomes invalid, it will be removed from the filesystem.

func (*LocalSecretStore) DeleteSecret ¶

func (s *LocalSecretStore) DeleteSecret(key string)

DeleteSecret deletes a secret.

func (*LocalSecretStore) GetSecret ¶

func (s *LocalSecretStore) GetSecret(key string) *SecretReference

GetSecret returns a SecretReference. If the secret doesn't exist, is of an unsupported type, or invalid, the Error field will include an error. If the secret is valid but isn't present on the file system, the secret will be written to the file system.

type SecretFileManager ¶

type SecretFileManager interface {
	AddOrUpdateSecret(secret *api_v1.Secret) string
	DeleteSecret(key string)
}

SecretFileManager manages secrets on the file system.

type SecretReference ¶

type SecretReference struct {
	Secret *api_v1.Secret
	Path   string
	Error  error
}

SecretReference holds a reference to a secret stored on the file system.

type SecretStore ¶

type SecretStore interface {
	AddOrUpdateSecret(secret *api_v1.Secret)
	DeleteSecret(key string)
	GetSecret(key string) *SecretReference
}

SecretStore stores secrets that the Ingress Controller uses.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL