Documentation ¶
Index ¶
- Constants
- Variables
- type Authorizer
- type AuthorizerConfig
- type BlackList
- type ClientAPI
- type DefaultAuthorizer
- type DefaultRotator
- func (r *DefaultRotator) Create(ctx context.Context, secretARN string, token string) error
- func (r *DefaultRotator) Finish(ctx context.Context, secretARN string, token string) error
- func (r *DefaultRotator) RotationEnabled(ctx context.Context, secretARN string) error
- func (r *DefaultRotator) Set(ctx context.Context, secretARN string, token string, ...) error
- func (r *DefaultRotator) Test(ctx context.Context, secretARN, token string, ...) error
- type Janitor
- type MockAuthorizer
- type MockClient
- func (m *MockClient) DescribeSecret(ctx context.Context, input *secretsmanager.DescribeSecretInput, ...) (*secretsmanager.DescribeSecretOutput, error)
- func (m *MockClient) GetRandomPassword(ctx context.Context, input *secretsmanager.GetRandomPasswordInput, ...) (*secretsmanager.GetRandomPasswordOutput, error)
- func (m *MockClient) GetSecretValue(ctx context.Context, input *secretsmanager.GetSecretValueInput, ...) (*secretsmanager.GetSecretValueOutput, error)
- func (m *MockClient) PutSecretValue(ctx context.Context, input *secretsmanager.PutSecretValueInput, ...) (*secretsmanager.PutSecretValueOutput, error)
- func (m *MockClient) UpdateSecretVersionStage(ctx context.Context, input *secretsmanager.UpdateSecretVersionStageInput, ...) (*secretsmanager.UpdateSecretVersionStageOutput, error)
- type MockRotator
- func (m *MockRotator) Create(ctx context.Context, secretARN, token string) error
- func (m *MockRotator) Finish(ctx context.Context, secretARN, token string) error
- func (m *MockRotator) RotationEnabled(ctx context.Context, secretARN string) error
- func (m *MockRotator) Set(ctx context.Context, secretARN, token string, ...) error
- func (m *MockRotator) Test(ctx context.Context, secretARN, token string, ...) error
- type Rotator
Constants ¶
View Source
const ( StepCreate = "createSecret" StepSet = "setSecret" StepTest = "testSecret" StepFinish = "finishSecret" )
View Source
const ( VersionCurrent = "AWSCURRENT" VersionPrevious = "AWSPREVIOUS" VersionPending = "AWSPENDING" )
Variables ¶
View Source
var ( ErrInvalidSecretValue = errors.New("invalid secret value") ErrAuthorizationFailed = errors.New("authorization failed") )
View Source
var ( ErrRotationInvalidStep = errors.New("invalid rotation step") ErrRotationDisabled = errors.New("rotation disabled") )
Functions ¶
This section is empty.
Types ¶
type Authorizer ¶
type AuthorizerConfig ¶
type AuthorizerConfig struct { // gracePreriod is used to tolerate accepting "Previous" and "Pending" secret version // as valid values for a short period of time. GracePeriod time.Duration // coolDownPeriod is period during which we assume the secret can't be rotated. // It's used to rate limit the API calls CoolDownPeriod time.Duration }
type ClientAPI ¶
type ClientAPI interface { GetRandomPassword( context.Context, *secretsmanager.GetRandomPasswordInput, ...func(*secretsmanager.Options), ) (*secretsmanager.GetRandomPasswordOutput, error) GetSecretValue( context.Context, *secretsmanager.GetSecretValueInput, ...func(*secretsmanager.Options), ) (*secretsmanager.GetSecretValueOutput, error) PutSecretValue( context.Context, *secretsmanager.PutSecretValueInput, ...func(*secretsmanager.Options), ) (*secretsmanager.PutSecretValueOutput, error) DescribeSecret( context.Context, *secretsmanager.DescribeSecretInput, ...func(*secretsmanager.Options), ) ( *secretsmanager.DescribeSecretOutput, error, ) UpdateSecretVersionStage( context.Context, *secretsmanager.UpdateSecretVersionStageInput, ...func(*secretsmanager.Options), ) (*secretsmanager.UpdateSecretVersionStageOutput, error) }
type DefaultAuthorizer ¶
type DefaultAuthorizer struct {
// contains filtered or unexported fields
}
func NewAuthorizer ¶
func NewAuthorizer(cli ClientAPI, j *Janitor, opts ...func(*AuthorizerConfig)) *DefaultAuthorizer
type DefaultRotator ¶
type DefaultRotator struct {
// contains filtered or unexported fields
}
DefaultRotator implements Rotator
func NewDefaultRotator ¶
func NewDefaultRotator(cli ClientAPI) *DefaultRotator
func (*DefaultRotator) RotationEnabled ¶
func (r *DefaultRotator) RotationEnabled(ctx context.Context, secretARN string) error
type MockAuthorizer ¶
type MockAuthorizer struct {
AuthorizeFn func(ctx context.Context, secretID, value string) (error, bool)
}
MockAuthorizer is a mock implementation of the Updater interface.
type MockClient ¶
type MockClient struct { GetRandomPasswordFunc func(context.Context, *secretsmanager.GetRandomPasswordInput, ...func(*secretsmanager.Options)) (*secretsmanager.GetRandomPasswordOutput, error) GetSecretValueFunc func(context.Context, *secretsmanager.GetSecretValueInput, ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error) PutSecretValueFunc func(context.Context, *secretsmanager.PutSecretValueInput, ...func(*secretsmanager.Options)) (*secretsmanager.PutSecretValueOutput, error) DescribeSecretFunc func(context.Context, *secretsmanager.DescribeSecretInput, ...func(*secretsmanager.Options)) (*secretsmanager.DescribeSecretOutput, error) UpdateSecretVersionStageFunc func(context.Context, *secretsmanager.UpdateSecretVersionStageInput, ...func(*secretsmanager.Options)) (*secretsmanager.UpdateSecretVersionStageOutput, error) }
func (*MockClient) DescribeSecret ¶
func (m *MockClient) DescribeSecret(ctx context.Context, input *secretsmanager.DescribeSecretInput, opts ...func(*secretsmanager.Options)) (*secretsmanager.DescribeSecretOutput, error)
DescribeSecret implements ClientAPI.
func (*MockClient) GetRandomPassword ¶
func (m *MockClient) GetRandomPassword(ctx context.Context, input *secretsmanager.GetRandomPasswordInput, opts ...func(*secretsmanager.Options)) (*secretsmanager.GetRandomPasswordOutput, error)
func (*MockClient) GetSecretValue ¶
func (m *MockClient) GetSecretValue(ctx context.Context, input *secretsmanager.GetSecretValueInput, opts ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error)
GetSecretValue implements ClientAPI.
func (*MockClient) PutSecretValue ¶
func (m *MockClient) PutSecretValue(ctx context.Context, input *secretsmanager.PutSecretValueInput, opts ...func(*secretsmanager.Options)) (*secretsmanager.PutSecretValueOutput, error)
PutSecretValue implements ClientAPI.
func (*MockClient) UpdateSecretVersionStage ¶
func (m *MockClient) UpdateSecretVersionStage(ctx context.Context, input *secretsmanager.UpdateSecretVersionStageInput, opts ...func(*secretsmanager.Options)) (*secretsmanager.UpdateSecretVersionStageOutput, error)
UpdateSecretVersionStage implements ClientAPI.
type MockRotator ¶
type MockRotator struct { RotationEnabledFn func(ctx context.Context, secretARN string) error CreateFn func(ctx context.Context, secretARN, token string) error SetFn func(ctx context.Context, secretARN, token string, fn func(ctx context.Context, current, pending string) error) error TestFn func(ctx context.Context, secretARN, token string, fn func(ctx context.Context, pending string) error) error FinishFn func(ctx context.Context, secretARN, token string) error }
MockRotator is a mock implementation of the Rotator interface.
func (*MockRotator) Create ¶
func (m *MockRotator) Create(ctx context.Context, secretARN, token string) error
Create mocks the Create method.
func (*MockRotator) Finish ¶
func (m *MockRotator) Finish(ctx context.Context, secretARN, token string) error
Finish mocks the Finish method.
func (*MockRotator) RotationEnabled ¶
func (m *MockRotator) RotationEnabled(ctx context.Context, secretARN string) error
RotationEnabled mocks the RotationEnabled method.
type Rotator ¶
type Rotator interface { RotationEnabled(ctx context.Context, secretARN string) error Create(ctx context.Context, secretARN, token string) error Set(ctx context.Context, secretARN, token string, fn func(ctx context.Context, current, pending string) error) error Test(ctx context.Context, secretARN, token string, fn func(ctx context.Context, pending string) error) error Finish(ctx context.Context, secretARN, token string) error }
Rotator interface presents a service that is able to:
- Create new version of a secretsmanager secret;
- Update downstream services/resources to use the new version;
- Test the newly updated version of the secret within the scope of the related services/resources
Click to show internal directories.
Click to hide internal directories.