Documentation ¶
Index ¶
- Constants
- func BuildSopsKeyServerFromSecret(secret *corev1.Secret, gnuPGHomeDir string, opts ...intkeyservice.ServerOption) (keyservice.KeyServiceClient, error)
- func BuildSopsKeyServerFromServiceAccount(ctx context.Context, client client.Client, sa *corev1.ServiceAccount) (keyservice.KeyServiceClient, error)
- func LoadAADConfigFromBytes(b []byte, s *AADConfig) error
- func LoadCredsProviderFromYaml(b []byte) (*kms.CredentialsProvider, error)
- func TokenFromAADConfig(c AADConfig) (_ azcore.TokenCredential, err error)
- type AADConfig
- type AZConfig
Constants ¶
const ( // DecryptionPGPExt is the extension of the file containing an armored PGP // key. DecryptionPGPExt = ".asc" // DecryptionAgeExt is the extension of the file containing an age key // file. DecryptionAgeExt = ".agekey" // DecryptionVaultTokenFileName is the name of the file containing the // Hashicorp Vault token. DecryptionVaultTokenFileName = "sops.vault-token" // DecryptionAWSKmsFile is the name of the file containing the AWS KMS // credentials. DecryptionAWSKmsFile = "sops.aws-kms" // DecryptionAzureAuthFile is the name of the file containing the Azure // credentials. DecryptionAzureAuthFile = "sops.azure-kv" // DecryptionGCPCredsFile is the name of the file containing the GCP // credentials. DecryptionGCPCredsFile = "sops.gcp-kms" )
Variables ¶
This section is empty.
Functions ¶
func BuildSopsKeyServerFromSecret ¶
func BuildSopsKeyServerFromSecret(secret *corev1.Secret, gnuPGHomeDir string, opts ...intkeyservice.ServerOption) (keyservice.KeyServiceClient, error)
func BuildSopsKeyServerFromServiceAccount ¶
func BuildSopsKeyServerFromServiceAccount(ctx context.Context, client client.Client, sa *corev1.ServiceAccount) (keyservice.KeyServiceClient, error)
func LoadAADConfigFromBytes ¶
LoadAADConfigFromBytes attempts to load the given bytes into the given AADConfig. By first decoding it if UTF-16, and then unmarshalling it into the given struct. It returns an error for any failure.
func LoadCredsProviderFromYaml ¶
func LoadCredsProviderFromYaml(b []byte) (*kms.CredentialsProvider, error)
LoadCredsProviderFromYaml parses the given YAML returns a CredsProvider object which contains the credentials provider used for authenticating towards AWS KMS.
func TokenFromAADConfig ¶
func TokenFromAADConfig(c AADConfig) (_ azcore.TokenCredential, err error)
TokenFromAADConfig attempts to construct a Token using the AADConfig values. It detects credentials in the following order:
- azidentity.ClientSecretCredential when `tenantId`, `clientId` and `clientSecret` fields are found.
- azidentity.ClientCertificateCredential when `tenantId`, `clientCertificate` (and optionally `clientCertificatePassword`) fields are found.
- azidentity.ClientSecretCredential when AZConfig fields are found.
- azidentity.ManagedIdentityCredential for a User ID, when a `clientId` field but no `tenantId` is found.
If no set of credentials is found or the azcore.TokenCredential can not be created, an error is returned.
Types ¶
type AADConfig ¶
type AADConfig struct { AZConfig TenantID string `json:"tenantId,omitempty"` ClientID string `json:"clientId,omitempty"` ClientSecret string `json:"clientSecret,omitempty"` ClientCertificate string `json:"clientCertificate,omitempty"` ClientCertificatePassword string `json:"clientCertificatePassword,omitempty"` ClientCertificateSendChain bool `json:"clientCertificateSendChain,omitempty"` AuthorityHost string `json:"authorityHost,omitempty"` }
AADConfig contains the selection of fields from an Azure authentication file required for Active Directory authentication.
func (AADConfig) GetCloudConfig ¶
func (s AADConfig) GetCloudConfig() cloud.Configuration
GetCloudConfig returns a cloud.Configuration with the AuthorityHost, or the Azure Public Cloud default.
type AZConfig ¶
type AZConfig struct { AppID string `json:"appId,omitempty"` Tenant string `json:"tenant,omitempty"` Password string `json:"password,omitempty"` }
AZConfig contains the Service Principal fields as generated by `az`. Ref: https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal?tabs=azure-cli#manually-create-a-service-principal