secret

package

v3.1.0 Latest Latest Go to latest Published: Nov 6, 2023 License: Apache-2.0 Imports: 30 Imported by: 4

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/edgexfoundry/go-mod-bootstrap

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func BuildSecretStoreConfig(serviceKey string, envVars *environment.Variables, lc logger.LoggingClient) (*config.SecretStoreInfo, error)
func IsSecurityEnabled() bool
func NewJWTSecretProvider(secretProvider interfaces.SecretProviderExt) clientInterfaces.AuthenticationInjector
func NewSecretProvider(configuration interfaces.Configuration, envVars *environment.Variables, ...) (interfaces.SecretProviderExt, error)
type InsecureProvider
- func NewInsecureProvider(config interfaces.Configuration, lc logger.LoggingClient, dic *di.Container) *InsecureProvider
type SecureProvider
- func NewSecureProvider(ctx context.Context, secretStoreInfo *config.SecretStoreInfo, ...) *SecureProvider
type ServiceSecret
type ServiceSecrets
- func UnmarshalServiceSecretsJson(data []byte) (*ServiceSecrets, error)
- func (s *ServiceSecrets) MarshalJson() ([]byte, error)

Constants ¶

View Source

const (
	EnvSecretStore = "EDGEX_SECURITY_SECRET_STORE"
	UsernameKey    = "username"
	PasswordKey    = "password"
	// WildcardName is a special secret name that can be used to register a secret callback for any secret.
	WildcardName = "*"
)

View Source

const (
	TokenTypeConsul      = "consul"
	AccessTokenAuthError = "HTTP response with status code 403"
	//nolint: gosec
	SecretsAuthError = "Received a '403' response"
)

Variables ¶

This section is empty.

Functions ¶

func BuildSecretStoreConfig ¶

func BuildSecretStoreConfig(serviceKey string, envVars *environment.Variables, lc logger.LoggingClient) (*config.SecretStoreInfo, error)

BuildSecretStoreConfig is public helper function that builds the SecretStore configuration from default values and environment override.

func IsSecurityEnabled ¶

func IsSecurityEnabled() bool

IsSecurityEnabled determines if security has been enabled.

func NewJWTSecretProvider ¶

func NewJWTSecretProvider(secretProvider interfaces.SecretProviderExt) clientInterfaces.AuthenticationInjector

func NewSecretProvider ¶

func NewSecretProvider(
	configuration interfaces.Configuration,
	envVars *environment.Variables,
	ctx context.Context,
	startupTimer startup.Timer,
	dic *di.Container,
	serviceKey string) (interfaces.SecretProviderExt, error)

NewSecretProvider creates a new fully initialized the Secret Provider.

Types ¶

type InsecureProvider ¶

type InsecureProvider struct {
	// contains filtered or unexported fields
}

InsecureProvider implements the SecretProvider interface for insecure secrets

func NewInsecureProvider ¶

func NewInsecureProvider(config interfaces.Configuration, lc logger.LoggingClient, dic *di.Container) *InsecureProvider

NewInsecureProvider creates, initializes Provider for insecure secrets.

func (*InsecureProvider) DeregisterSecretUpdatedCallback ¶

func (p *InsecureProvider) DeregisterSecretUpdatedCallback(secretName string)

DeregisterSecretUpdatedCallback removes a secret's registered callback secretName.

func (*InsecureProvider) GetAccessToken ¶

func (p *InsecureProvider) GetAccessToken(_ string, _ string) (string, error)

GetAccessToken returns the AccessToken for the specified type, which in insecure mode is not need so just returning an empty token.

func (*InsecureProvider) GetMetricsToRegister ¶

func (p *InsecureProvider) GetMetricsToRegister() map[string]interface{}

GetMetricsToRegister returns all metric objects that needs to be registered.

func (*InsecureProvider) GetSecret ¶

func (p *InsecureProvider) GetSecret(secretName string, keys ...string) (map[string]string, error)

GetSecret retrieves secrets from a Insecure Secrets secret store. secretName specifies the type or location of the secrets to retrieve. keys specifies the secrets which to retrieve. If no keys are provided then all the keys associated with the specified secretName will be returned.

func (*InsecureProvider) GetSelfJWT ¶

func (p *InsecureProvider) GetSelfJWT() (string, error)

GetSelfJWT returns an encoded JWT for the current identity-based secret store token

func (*InsecureProvider) HasSecret ¶

func (p *InsecureProvider) HasSecret(secretName string) (bool, error)

HasSecret returns true if the service's SecretStore contains a secret at the specified secretName.

func (*InsecureProvider) IsJWTValid ¶

func (p *InsecureProvider) IsJWTValid(jwt string) (bool, error)

IsJWTValid evaluates a given JWT and returns a true/false if the JWT is valid (i.e. belongs to us and current) or not

func (*InsecureProvider) ListSecretNames ¶

func (p *InsecureProvider) ListSecretNames() ([]string, error)

ListSecretNames returns a list of SecretName for the current service from an insecure/secure secret store.

func (*InsecureProvider) RegisterSecretUpdatedCallback ¶

func (p *InsecureProvider) RegisterSecretUpdatedCallback(secretName string, callback func(secretName string)) error

RegisterSecretUpdatedCallback registers a callback for a secret. If you specify secret.WildcardName as the secretName, then the callback will be called for any updated secret. Callbacks set for a specific secretName are given a higher precedence over wildcard ones, and will be called instead of the wildcard one if both are present.

func (*InsecureProvider) SecretUpdatedAtSecretName ¶

func (p *InsecureProvider) SecretUpdatedAtSecretName(secretName string)

SecretUpdatedAtSecretName performs updates and callbacks for an updated secret or secretName.

func (*InsecureProvider) SecretsLastUpdated ¶

func (p *InsecureProvider) SecretsLastUpdated() time.Time

SecretsLastUpdated returns the last time insecure secrets were updated

func (*InsecureProvider) SecretsUpdated ¶

func (p *InsecureProvider) SecretsUpdated()

SecretsUpdated resets LastUpdate time for the Insecure Secrets.

func (*InsecureProvider) StoreSecret ¶

func (p *InsecureProvider) StoreSecret(secretName string, secrets map[string]string) error

StoreSecret attempts to store the secrets in the ConfigurationProvider's InsecureSecrets. If no ConfigurationProvider is in use, it will return an error.

Note: This does not call SecretUpdatedAtSecretName, SecretsUpdated, or increase the secrets stored metric because those will all occur once the ConfigurationProvider tells the service that the configuration has updated.

type SecureProvider ¶

type SecureProvider struct {
	// contains filtered or unexported fields
}

SecureProvider implements the SecretProvider interface

func NewSecureProvider ¶

func NewSecureProvider(ctx context.Context, secretStoreInfo *config.SecretStoreInfo, lc logger.LoggingClient,
	loader authtokenloader.AuthTokenLoader, runtimeTokenLoader runtimetokenprovider.RuntimeTokenProvider,
	serviceKey string) *SecureProvider

NewSecureProvider creates & initializes Provider instance for secure secrets.

func (*SecureProvider) DefaultTokenExpiredCallback ¶

func (p *SecureProvider) DefaultTokenExpiredCallback(expiredToken string) (replacementToken string, retry bool)

DefaultTokenExpiredCallback is the default implementation of tokenExpiredCallback function It utilizes the tokenFile to re-read the token and enable retry if any update from the expired token

func (*SecureProvider) DeregisterSecretUpdatedCallback ¶

func (p *SecureProvider) DeregisterSecretUpdatedCallback(secretName string)

DeregisterSecretUpdatedCallback removes a secret's registered callback secretName.

func (*SecureProvider) GetAccessToken ¶

func (p *SecureProvider) GetAccessToken(tokenType string, serviceKey string) (string, error)

GetAccessToken returns the access token for the requested token type.

func (*SecureProvider) GetMetricsToRegister ¶

func (p *SecureProvider) GetMetricsToRegister() map[string]interface{}

GetMetricsToRegister returns all metric objects that needs to be registered.

func (*SecureProvider) GetSecret ¶

func (p *SecureProvider) GetSecret(secretName string, keys ...string) (map[string]string, error)

GetSecret retrieves secrets from a secret store. secretName specifies the type or location of the secrets to retrieve. keys specifies the secrets which to retrieve. If no keys are provided then all the keys associated with the specified secretName will be returned.

func (*SecureProvider) GetSelfJWT ¶

func (p *SecureProvider) GetSelfJWT() (string, error)

GetSelfJWT returns an encoded JWT for the current identity-based secret store token

func (*SecureProvider) HasSecret ¶

func (p *SecureProvider) HasSecret(secretName string) (bool, error)

HasSecret returns true if the service's SecretStore contains a secret at the specified secretName.

func (*SecureProvider) IsJWTValid ¶

func (p *SecureProvider) IsJWTValid(jwt string) (bool, error)

IsJWTValid evaluates a given JWT and returns a true/false if the JWT is valid (i.e. belongs to us and current) or not

func (*SecureProvider) ListSecretNames ¶

func (p *SecureProvider) ListSecretNames() ([]string, error)

ListSecretNames returns a list of secretNames for the current service from an insecure/secure secret store.

func (*SecureProvider) LoadServiceSecrets ¶

func (p *SecureProvider) LoadServiceSecrets(secretStoreConfig *config.SecretStoreInfo) error

LoadServiceSecrets loads the service secrets from the specified file and stores them in the service's SecretStore

func (*SecureProvider) RegisterSecretUpdatedCallback ¶

func (p *SecureProvider) RegisterSecretUpdatedCallback(secretName string, callback func(secretName string)) error

RegisterSecretUpdatedCallback registers a callback for a secret. If you specify secret.WildcardName as the secretName, then the callback will be called for any updated secret. Callbacks set for a specific secretName are given a higher precedence over wildcard ones, and will be called instead of the wildcard one if both are present.

func (*SecureProvider) RuntimeTokenExpiredCallback ¶

func (p *SecureProvider) RuntimeTokenExpiredCallback(expiredToken string) (replacementToken string, retry bool)

func (*SecureProvider) SecretUpdatedAtSecretName ¶

func (p *SecureProvider) SecretUpdatedAtSecretName(secretName string)

SecretUpdatedAtSecretName performs updates and callbacks for an updated secret or secretName.

func (*SecureProvider) SecretsLastUpdated ¶

func (p *SecureProvider) SecretsLastUpdated() time.Time

SecretsLastUpdated returns the last time secure secrets were updated

func (*SecureProvider) SecretsUpdated ¶

func (p *SecureProvider) SecretsUpdated()

SecretsUpdated is not need for secure secrets as this is handled when secrets are stored.

func (*SecureProvider) SetClient ¶

func (p *SecureProvider) SetClient(client secrets.SecretClient)

SetClient sets the secret client that is used to access the secure secrets

func (*SecureProvider) StoreSecret ¶

func (p *SecureProvider) StoreSecret(secretName string, secrets map[string]string) error

StoreSecret stores the secrets to a secret store. it sets the values requested at provided keys secretName specifies the type or location of the secrets to store secrets map specifies the "key": "value" pairs of secrets to store

type ServiceSecret ¶

type ServiceSecret struct {
	SecretName string                      `json:"secretName" validate:"edgex-dto-none-empty-string"`
	Imported   bool                        `json:"imported"`
	SecretData []common.SecretDataKeyValue `json:"secretData" validate:"required,dive"`
}

ServiceSecret contains the information about a service's secret to import into a service's SecretStore

type ServiceSecrets ¶

type ServiceSecrets struct {
	Secrets []ServiceSecret `json:"secrets" validate:"required,gt=0,dive"`
}

ServiceSecrets contains the list of secrets to import into a service's SecretStore

func UnmarshalServiceSecretsJson ¶

func UnmarshalServiceSecretsJson(data []byte) (*ServiceSecrets, error)

UnmarshalServiceSecretsJson un-marshals the JSON containing the services list of secrets

func (*ServiceSecrets) MarshalJson ¶

func (s *ServiceSecrets) MarshalJson() ([]byte, error)

MarshalJson marshal the service's secrets to JSON.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL