secretsmanager

package

v0.0.0-...-439fd0a Latest Latest Go to latest Published: May 3, 2024 License: AGPL-3.0 Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/juju/juju

Documentation ¶

Overview ¶

Package secretsmanager provides the backend implementation for the secretsmanager facade.

Index ¶

func Register(registry facade.FacadeRegistry)
type CrossModelSecretsClient
type CrossModelState
type SecretTriggers
type SecretsConsumer
type SecretsManagerAPI
- func NewSecretManagerAPI(context facade.Context) (*SecretsManagerAPI, error)
type SecretsManagerAPIV1
- func NewSecretManagerAPIV1(context facade.Context) (*SecretsManagerAPIV1, error)
type SecretsState

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Register ¶

func Register(registry facade.FacadeRegistry)

Register is called to expose a package of facades onto a given registry.

Types ¶

type CrossModelSecretsClient ¶

type CrossModelSecretsClient interface {
	GetRemoteSecretContentInfo(uri *coresecrets.URI, revision int, refresh, peek bool, sourceControllerUUID, appToken string, unitId int, macs macaroon.Slice) (*secrets.ContentParams, *secretsprovider.ModelBackendConfig, int, bool, error)
	GetSecretAccessScope(uri *coresecrets.URI, appToken string, unitId int) (string, error)
	Close() error
}

CrossModelSecretsClient gets secret content from a cross model controller.

type CrossModelState ¶

type CrossModelState interface {
	GetToken(entity names.Tag) (string, error)
	GetRemoteEntity(token string) (names.Tag, error)
	GetMacaroon(entity names.Tag) (*macaroon.Macaroon, error)
}

type SecretTriggers ¶

type SecretTriggers interface {
	WatchSecretsRotationChanges(owners []names.Tag) (state.SecretsTriggerWatcher, error)
	WatchSecretRevisionsExpiryChanges(owners []names.Tag) (state.SecretsTriggerWatcher, error)
	SecretRotated(uri *secrets.URI, next time.Time) error
}

SecretTriggers instances provide secret rotation/expiry apis.

type SecretsConsumer ¶

type SecretsConsumer interface {
	GetSecretConsumer(*secrets.URI, names.Tag) (*secrets.SecretConsumerMetadata, error)
	GetURIByConsumerLabel(string, names.Tag) (*secrets.URI, error)
	SaveSecretConsumer(*secrets.URI, names.Tag, *secrets.SecretConsumerMetadata) error
	WatchConsumedSecretsChanges(consumer names.Tag) (state.StringsWatcher, error)
	GrantSecretAccess(*secrets.URI, state.SecretAccessParams) error
	RevokeSecretAccess(*secrets.URI, state.SecretAccessParams) error
	SecretAccess(uri *secrets.URI, subject names.Tag) (secrets.SecretRole, error)
}

SecretsConsumer instances provide secret consumer apis.

type SecretsManagerAPI ¶

type SecretsManagerAPI struct {
	// contains filtered or unexported fields
}

SecretsManagerAPI is the implementation for the SecretsManager facade.

func NewSecretManagerAPI ¶

func NewSecretManagerAPI(context facade.Context) (*SecretsManagerAPI, error)

NewSecretManagerAPI creates a SecretsManagerAPI.

func (*SecretsManagerAPI) CreateSecretURIs ¶

func (s *SecretsManagerAPI) CreateSecretURIs(arg params.CreateSecretURIsArg) (params.StringResults, error)

CreateSecretURIs creates new secret URIs.

func (*SecretsManagerAPI) CreateSecrets ¶

func (s *SecretsManagerAPI) CreateSecrets(args params.CreateSecretArgs) (params.StringResults, error)

CreateSecrets creates new secrets.

func (*SecretsManagerAPI) GetConsumerSecretsRevisionInfo ¶

func (s *SecretsManagerAPI) GetConsumerSecretsRevisionInfo(args params.GetSecretConsumerInfoArgs) (params.SecretConsumerInfoResults, error)

GetConsumerSecretsRevisionInfo returns the latest secret revisions for the specified secrets. This facade method is used for remote watcher to get the latest secret revisions and labels for a secret changed hook.

func (*SecretsManagerAPI) GetSecretBackendConfigs ¶

func (s *SecretsManagerAPI) GetSecretBackendConfigs(arg params.SecretBackendArgs) (params.SecretBackendConfigResults, error)

GetSecretBackendConfigs gets the config needed to create a client to secret backends.

func (*SecretsManagerAPI) GetSecretContentInfo ¶

func (s *SecretsManagerAPI) GetSecretContentInfo(args params.GetSecretContentArgs) (params.SecretContentResults, error)

GetSecretContentInfo returns the secret values for the specified secrets.

func (*SecretsManagerAPI) GetSecretMetadata ¶

func (s *SecretsManagerAPI) GetSecretMetadata() (params.ListSecretResults, error)

GetSecretMetadata returns metadata for the caller's secrets.

func (*SecretsManagerAPI) GetSecretRevisionContentInfo ¶

func (s *SecretsManagerAPI) GetSecretRevisionContentInfo(arg params.SecretRevisionArg) (params.SecretContentResults, error)

GetSecretRevisionContentInfo returns the secret values for the specified secret revisions.

func (*SecretsManagerAPI) RemoveSecrets ¶

func (s *SecretsManagerAPI) RemoveSecrets(args params.DeleteSecretArgs) (params.ErrorResults, error)

RemoveSecrets removes the specified secrets.

func (*SecretsManagerAPI) SecretsGrant ¶

func (s *SecretsManagerAPI) SecretsGrant(args params.GrantRevokeSecretArgs) (params.ErrorResults, error)

SecretsGrant grants access to a secret for the specified subjects.

func (*SecretsManagerAPI) SecretsRevoke ¶

func (s *SecretsManagerAPI) SecretsRevoke(args params.GrantRevokeSecretArgs) (params.ErrorResults, error)

SecretsRevoke revokes access to a secret for the specified subjects.

func (*SecretsManagerAPI) SecretsRotated ¶

func (s *SecretsManagerAPI) SecretsRotated(args params.SecretRotatedArgs) (params.ErrorResults, error)

SecretsRotated records when secrets were last rotated.

func (*SecretsManagerAPI) UpdateSecrets ¶

func (s *SecretsManagerAPI) UpdateSecrets(args params.UpdateSecretArgs) (params.ErrorResults, error)

UpdateSecrets updates the specified secrets.

func (*SecretsManagerAPI) UpdateTrackedRevisions ¶

func (s *SecretsManagerAPI) UpdateTrackedRevisions(uris []string) (params.ErrorResults, error)

UpdateTrackedRevisions updates the consumer info to track the latest revisions for the specified secrets.

func (*SecretsManagerAPI) WatchConsumedSecretsChanges ¶

func (s *SecretsManagerAPI) WatchConsumedSecretsChanges(args params.Entities) (params.StringsWatchResults, error)

WatchConsumedSecretsChanges sets up a watcher to notify of changes to secret revisions for the specified consumers.

func (*SecretsManagerAPI) WatchObsolete ¶

func (s *SecretsManagerAPI) WatchObsolete(args params.Entities) (params.StringsWatchResult, error)

WatchObsolete returns a watcher for notifying when:

a secret owned by the entity is deleted
a secret revision owed by the entity no longer has any consumers

Obsolete revisions results are "uri/revno" and deleted secret results are "uri".

func (*SecretsManagerAPI) WatchSecretRevisionsExpiryChanges ¶

func (s *SecretsManagerAPI) WatchSecretRevisionsExpiryChanges(args params.Entities) (params.SecretTriggerWatchResult, error)

WatchSecretRevisionsExpiryChanges sets up a watcher to notify of changes to secret revision expiry config.

func (*SecretsManagerAPI) WatchSecretsRotationChanges ¶

func (s *SecretsManagerAPI) WatchSecretsRotationChanges(args params.Entities) (params.SecretTriggerWatchResult, error)

WatchSecretsRotationChanges sets up a watcher to notify of changes to secret rotation config.

type SecretsManagerAPIV1 ¶

type SecretsManagerAPIV1 struct {
	*SecretsManagerAPI
}

SecretsManagerAPIV1 the secrets manager facade v1. TODO - drop when we no longer support juju 3.1.0

func NewSecretManagerAPIV1 ¶

func NewSecretManagerAPIV1(context facade.Context) (*SecretsManagerAPIV1, error)

NewSecretManagerAPIV1 creates a SecretsManagerAPIV1. TODO - drop when we no longer support juju 3.1.x

func (*SecretsManagerAPIV1) GetSecretBackendConfig ¶

func (s *SecretsManagerAPIV1) GetSecretBackendConfig() (params.SecretBackendConfigResultsV1, error)

GetSecretBackendConfig gets the config needed to create a client to secret backends. TODO - drop when we no longer support juju 3.1.x

func (*SecretsManagerAPIV1) GetSecretBackendConfigs ¶

func (*SecretsManagerAPIV1) GetSecretBackendConfigs(_ struct{})

GetSecretBackendConfigs isn't on the V1 API.

func (*SecretsManagerAPIV1) GetSecretStoreConfig ¶

func (s *SecretsManagerAPIV1) GetSecretStoreConfig() (params.SecretBackendConfig, error)

GetSecretStoreConfig is for 3.0.x agents. TODO - drop when we no longer support juju 3.0.x

type SecretsState ¶

type SecretsState interface {
	CreateSecret(*secrets.URI, state.CreateSecretParams) (*secrets.SecretMetadata, error)
	UpdateSecret(*secrets.URI, state.UpdateSecretParams) (*secrets.SecretMetadata, error)
	DeleteSecret(*secrets.URI, ...int) ([]secrets.ValueRef, error)
	GetSecret(*secrets.URI) (*secrets.SecretMetadata, error)
	GetSecretValue(*secrets.URI, int) (secrets.SecretValue, *secrets.ValueRef, error)
	GetSecretRevision(uri *secrets.URI, revision int) (*secrets.SecretRevisionMetadata, error)
	ListSecrets(state.SecretsFilter) ([]*secrets.SecretMetadata, error)
	ListSecretRevisions(uri *secrets.URI) ([]*secrets.SecretRevisionMetadata, error)
	WatchObsolete(owners []names.Tag) (state.StringsWatcher, error)
	ChangeSecretBackend(state.ChangeSecretBackendParams) error
	SecretGrants(uri *secrets.URI, role secrets.SecretRole) ([]secrets.AccessInfo, error)
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks Package mocks is a generated GoMock package.	Package mocks is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL