forked from libopenstorage/secrets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
secrets_store.go
97 lines (82 loc) · 2.94 KB
/
secrets_store.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package secrets
import (
"context"
"fmt"
"sync"
)
type ReaderInit func(map[string]interface{}) (SecretReader, error)
type StoreInit func(map[string]interface{}) (SecretStore, error)
var (
secretReaders = make(map[string]ReaderInit)
secretStores = make(map[string]StoreInit)
readersLock sync.RWMutex
storesLock sync.RWMutex
)
// NewReader returns a new instance of SecretReader backend SM identified by
// the supplied name. SecretConfig is a map of key value pairs which could
// be used for authenticating with the backend
func NewReader(name string, secretConfig map[string]interface{}) (SecretReader, error) {
readersLock.RLock()
defer readersLock.RUnlock()
if init, exists := secretReaders[name]; exists {
return init(secretConfig)
}
return nil, ErrNotSupported
}
// NewStore returns a new instance of SecretStore backend SM identified by
// the supplied name. SecretConfig is a map of key value pairs which could
// be used for authenticating with the backend
func NewStore(name string, secretConfig map[string]interface{}) (SecretStore, error) {
storesLock.RLock()
defer storesLock.RUnlock()
if init, exists := secretStores[name]; exists {
return init(secretConfig)
}
return nil, ErrNotSupported
}
// RegisterReader adds a new backend KMS that implements SecretReader
func RegisterReader(name string, init ReaderInit) error {
readersLock.Lock()
defer readersLock.Unlock()
if _, exists := secretReaders[name]; exists {
return fmt.Errorf("secrets reader %v is already registered", name)
}
secretReaders[name] = init
return nil
}
// RegisterStore adds a new backend KMS that implements SecretStore and SecretReader
func RegisterStore(name string, init StoreInit) error {
storesLock.Lock()
defer storesLock.Unlock()
if _, exists := secretStores[name]; exists {
return fmt.Errorf("secrets store %v is already registered", name)
}
secretStores[name] = init
return RegisterReader(name, func(m map[string]interface{}) (SecretReader, error) {
return init(m)
})
}
// A SecretKey identifies a secret
type SecretKey struct {
// Prefix is an optional part of the SecretKey.
Prefix string
// Name is a mandatory part of the SecretKey.
Name string
}
// SecretReader interface implemented by Secrets Managers to read secrets
type SecretReader interface {
// String representation of the backend.
String() string
// Get returns the secret associate with the supplied key.
Get(ctx context.Context, key SecretKey) (secret map[string]interface{}, err error)
}
// SecretStore interface implemented by Secrets Managers to set and delete secrets.
type SecretStore interface {
SecretReader
// Set stores the secret data identified by the key.
// The caller should ensure they use unique key so that they won't
// unknowingly overwrite an existing secret.
Set(ctx context.Context, key SecretKey, secret map[string]interface{}) error
// Delete deletes the secret data associated with the supplied key.
Delete(ctx context.Context, key SecretKey) error
}