Documentation
¶
Index ¶
- Constants
- Variables
- type Authorizer
- type AuthorizerConfig
- type BlackList
- type ClientAPI
- type DefaultAuthorizer
- type DefaultRotator
- func (r *DefaultRotator) Create(ctx context.Context, secretARN string, token string) error
- func (r *DefaultRotator) Finish(ctx context.Context, secretARN string, token string) error
- func (r *DefaultRotator) RotationEnabled(ctx context.Context, secretARN string) error
- func (r *DefaultRotator) Set(ctx context.Context, secretARN string, token string, ...) error
- func (r *DefaultRotator) Test(ctx context.Context, secretARN, token string, ...) error
- type Janitor
- type MockAuthorizer
- type MockClient
- func (m *MockClient) DescribeSecret(ctx context.Context, input *secretsmanager.DescribeSecretInput, ...) (*secretsmanager.DescribeSecretOutput, error)
- func (m *MockClient) GetRandomPassword(ctx context.Context, input *secretsmanager.GetRandomPasswordInput, ...) (*secretsmanager.GetRandomPasswordOutput, error)
- func (m *MockClient) GetSecretValue(ctx context.Context, input *secretsmanager.GetSecretValueInput, ...) (*secretsmanager.GetSecretValueOutput, error)
- func (m *MockClient) PutSecretValue(ctx context.Context, input *secretsmanager.PutSecretValueInput, ...) (*secretsmanager.PutSecretValueOutput, error)
- func (m *MockClient) UpdateSecretVersionStage(ctx context.Context, input *secretsmanager.UpdateSecretVersionStageInput, ...) (*secretsmanager.UpdateSecretVersionStageOutput, error)
- type MockRotator
- func (m *MockRotator) Create(ctx context.Context, secretARN, token string) error
- func (m *MockRotator) Finish(ctx context.Context, secretARN, token string) error
- func (m *MockRotator) RotationEnabled(ctx context.Context, secretARN string) error
- func (m *MockRotator) Set(ctx context.Context, secretARN, token string, ...) error
- func (m *MockRotator) Test(ctx context.Context, secretARN, token string, ...) error
- type Rotator
Constants ¶
View Source
const ( StepCreate = "createSecret" StepSet = "setSecret" StepTest = "testSecret" StepFinish = "finishSecret" )
View Source
const ( VersionCurrent = "AWSCURRENT" VersionPrevious = "AWSPREVIOUS" VersionPending = "AWSPENDING" )
Variables ¶
View Source
var ( ErrInvalidSecretValue = errors.New("invalid secret value") ErrAuthorizationFailed = errors.New("authorization failed") )
View Source
var ( ErrRotationInvalidStep = errors.New("invalid rotation step") ErrRotationDisabled = errors.New("rotation disabled") )
Functions ¶
This section is empty.
Types ¶
type Authorizer ¶
type AuthorizerConfig ¶
type AuthorizerConfig struct {
// gracePreriod is used to tolerate accepting "Previous" and "Pending" secret version
// as valid values for a short period of time.
GracePeriod time.Duration
// coolDownPeriod is period during which we assume the secret can't be rotated.
// It's used to rate limit the API calls
CoolDownPeriod time.Duration
}
type ClientAPI ¶
type ClientAPI interface {
GetRandomPassword(
context.Context, *secretsmanager.GetRandomPasswordInput, ...func(*secretsmanager.Options),
) (*secretsmanager.GetRandomPasswordOutput, error)
GetSecretValue(
context.Context, *secretsmanager.GetSecretValueInput, ...func(*secretsmanager.Options),
) (*secretsmanager.GetSecretValueOutput, error)
PutSecretValue(
context.Context, *secretsmanager.PutSecretValueInput, ...func(*secretsmanager.Options),
) (*secretsmanager.PutSecretValueOutput, error)
DescribeSecret(
context.Context, *secretsmanager.DescribeSecretInput, ...func(*secretsmanager.Options),
) (
*secretsmanager.DescribeSecretOutput, error,
)
UpdateSecretVersionStage(
context.Context, *secretsmanager.UpdateSecretVersionStageInput,
...func(*secretsmanager.Options),
) (*secretsmanager.UpdateSecretVersionStageOutput, error)
}
type DefaultAuthorizer ¶
type DefaultAuthorizer struct {
// contains filtered or unexported fields
}
func NewAuthorizer ¶
func NewAuthorizer(cli ClientAPI, j *Janitor, opts ...func(*AuthorizerConfig)) *DefaultAuthorizer
type DefaultRotator ¶
type DefaultRotator struct {
// contains filtered or unexported fields
}
DefaultRotator implements Rotator
func NewDefaultRotator ¶
func NewDefaultRotator(cli ClientAPI) *DefaultRotator
func (*DefaultRotator) RotationEnabled ¶
func (r *DefaultRotator) RotationEnabled(ctx context.Context, secretARN string) error
type MockAuthorizer ¶
type MockAuthorizer struct {
AuthorizeFn func(ctx context.Context, secretID, value string) (error, bool)
}
MockAuthorizer is a mock implementation of the Updater interface.
type MockClient ¶
type MockClient struct {
GetRandomPasswordFunc func(context.Context, *secretsmanager.GetRandomPasswordInput, ...func(*secretsmanager.Options)) (*secretsmanager.GetRandomPasswordOutput, error)
GetSecretValueFunc func(context.Context, *secretsmanager.GetSecretValueInput, ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error)
PutSecretValueFunc func(context.Context, *secretsmanager.PutSecretValueInput, ...func(*secretsmanager.Options)) (*secretsmanager.PutSecretValueOutput, error)
DescribeSecretFunc func(context.Context, *secretsmanager.DescribeSecretInput, ...func(*secretsmanager.Options)) (*secretsmanager.DescribeSecretOutput, error)
UpdateSecretVersionStageFunc func(context.Context, *secretsmanager.UpdateSecretVersionStageInput, ...func(*secretsmanager.Options)) (*secretsmanager.UpdateSecretVersionStageOutput, error)
}
func (*MockClient) DescribeSecret ¶
func (m *MockClient) DescribeSecret(ctx context.Context, input *secretsmanager.DescribeSecretInput, opts ...func(*secretsmanager.Options)) (*secretsmanager.DescribeSecretOutput, error)
DescribeSecret implements ClientAPI.
func (*MockClient) GetRandomPassword ¶
func (m *MockClient) GetRandomPassword(ctx context.Context, input *secretsmanager.GetRandomPasswordInput, opts ...func(*secretsmanager.Options)) (*secretsmanager.GetRandomPasswordOutput, error)
func (*MockClient) GetSecretValue ¶
func (m *MockClient) GetSecretValue(ctx context.Context, input *secretsmanager.GetSecretValueInput, opts ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error)
GetSecretValue implements ClientAPI.
func (*MockClient) PutSecretValue ¶
func (m *MockClient) PutSecretValue(ctx context.Context, input *secretsmanager.PutSecretValueInput, opts ...func(*secretsmanager.Options)) (*secretsmanager.PutSecretValueOutput, error)
PutSecretValue implements ClientAPI.
func (*MockClient) UpdateSecretVersionStage ¶
func (m *MockClient) UpdateSecretVersionStage(ctx context.Context, input *secretsmanager.UpdateSecretVersionStageInput, opts ...func(*secretsmanager.Options)) (*secretsmanager.UpdateSecretVersionStageOutput, error)
UpdateSecretVersionStage implements ClientAPI.
type MockRotator ¶
type MockRotator struct {
RotationEnabledFn func(ctx context.Context, secretARN string) error
CreateFn func(ctx context.Context, secretARN, token string) error
SetFn func(ctx context.Context, secretARN, token string, fn func(ctx context.Context, current, pending string) error) error
TestFn func(ctx context.Context, secretARN, token string, fn func(ctx context.Context, pending string) error) error
FinishFn func(ctx context.Context, secretARN, token string) error
}
MockRotator is a mock implementation of the Rotator interface.
func (*MockRotator) Create ¶
func (m *MockRotator) Create(ctx context.Context, secretARN, token string) error
Create mocks the Create method.
func (*MockRotator) Finish ¶
func (m *MockRotator) Finish(ctx context.Context, secretARN, token string) error
Finish mocks the Finish method.
func (*MockRotator) RotationEnabled ¶
func (m *MockRotator) RotationEnabled(ctx context.Context, secretARN string) error
RotationEnabled mocks the RotationEnabled method.
type Rotator ¶
type Rotator interface {
RotationEnabled(ctx context.Context, secretARN string) error
Create(ctx context.Context, secretARN, token string) error
Set(ctx context.Context, secretARN, token string, fn func(ctx context.Context, current, pending string) error) error
Test(ctx context.Context, secretARN, token string, fn func(ctx context.Context, pending string) error) error
Finish(ctx context.Context, secretARN, token string) error
}
Rotator interface presents a service that is able to:
- Create new version of a secretsmanager secret;
- Update downstream services/resources to use the new version;
- Test the newly updated version of the secret within the scope of the related services/resources
Source Files
Click to show internal directories.
Click to hide internal directories.