tlssync

package

v0.0.0-...-b97b20d Latest Latest Go to latest Published: Apr 19, 2023 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/orion-labs/tlssync

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ChecksumSecret(secret *v1.Secret) (checksum string, err error)
type TlsFile
- func LoadConfig(filePath string) (files []*TlsFile, err error)
type TlsFiles
type TlsSync
- func NewTlsSync(tlsFiles []*TlsFile) (ts *TlsSync, err error)

Constants ¶

View Source

const COMBINED_FILE_EXTENSION = "pem"

View Source

const CRT_FILE_EXTENSION = "crt"

View Source

const DEFAULT_MONITOR_INTERVAL = 300

DEFAULT_MONITOR_INTERVAL Number of seconds to wait between config or secret checks by default

View Source

const IN_POD_NAMESPACE_FILE = "/var/run/secrets/kubernetes.io/serviceaccount/namespace"

IN_POD_NAMESPACE_FILE Default location in a pod where k8s stores the name of the pod's namespace. If this file is present, odds are we're running in a k8s pod

View Source

const KEY_FILE_EXTENSION = "key"

View Source

const MONITOR_SECRETS_INTERVAL = "MONITOR_SECRETS_INTERVAL"

MONITOR_SECRETS_INTERVAL Interval in seconds after which we check to see if our secrets have changed

Variables ¶

This section is empty.

Functions ¶

func ChecksumSecret ¶

func ChecksumSecret(secret *v1.Secret) (checksum string, err error)

ChecksumSecret Given a secret, calculate a checksum over it's data field, then return the checksum

Types ¶

type TlsFile ¶

type TlsFile struct {
	SecretName    string `json:"secret_name"`
	SeparateFiles bool   `json:"separate_files"`
	FileBase      string `json:"file_base""`
	FilePath      string `json:"file_path"`
	Checksum      string
	Data          map[string][]byte
	ShellCommand  string `json:"shell_command"`
}

func LoadConfig ¶

func LoadConfig(filePath string) (files []*TlsFile, err error)

type TlsFiles ¶

type TlsFiles []*TlsFile

type TlsSync ¶

type TlsSync struct {
	K8sNamespace           string
	K8sConfig              *rest.Config
	K8sClientset           *kubernetes.Clientset
	K8sDynamicClient       dynamic.Interface
	SecretChecksums        map[string]string
	MonitorSecretsInterval int
	TlsFiles               []*TlsFile
	FirstRun               bool
}

func NewTlsSync ¶

func NewTlsSync(tlsFiles []*TlsFile) (ts *TlsSync, err error)

func (*TlsSync) GetSecretByName ¶

func (ts *TlsSync) GetSecretByName(name string) (secret *v1.Secret, err error)

GetSecretByName Attempts to retrieve a secret based on it's name. This will fail unless the bot is configured with proper RBAC permission to read secrets in its namespace.

func (*TlsSync) InitK8sClients ¶

func (ts *TlsSync) InitK8sClients() (err error)

InitK8sClients Initializes the connection to Kubernetes. This function has to figure out whether you're running IN a k8s cluster, or running with access to one, and initialize the proper goodies to make you able to connect. It's intended to be called once at bot creation time.

func (*TlsSync) LoadSecrets ¶

func (ts *TlsSync) LoadSecrets() (err error)

func (*TlsSync) MonitorSecrets ¶

func (ts *TlsSync) MonitorSecrets() (err error)

MonitorSecrets Waits the configured seconds and then reloads the secrets it monitors, and updates the local files if they have changed.

func (*TlsSync) RunCommand ¶

func (ts *TlsSync) RunCommand(tlsFile *TlsFile) (err error)

func (*TlsSync) WritePEMFiles ¶

func (ts *TlsSync) WritePEMFiles(tlsFile *TlsFile) (err error)

Source Files ¶

View all Source files

tlssync.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL