secrets

package
v0.0.0-...-50f8504 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 17, 2026 License: MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrCircuitOpen = fmt.Errorf("circuit breaker is open")

ErrCircuitOpen is returned when the circuit breaker is open

Functions

This section is empty.

Types

type AWSBackend 

type AWSBackend struct {
	// contains filtered or unexported fields
}

AWSBackend implements SecretBackend using AWS Secrets Manager

func NewAWSBackend 

func NewAWSBackend(logger *slog.Logger, opts ...AWSOption) (*AWSBackend, error)

NewAWSBackend creates a new AWS Secrets Manager backend Supports optional role ARN for cross-account or role assumption

func (*AWSBackend) GetSecret 

func (a *AWSBackend) GetSecret(ctx context.Context, identity *SessionIdentity, secretName string, version string) (*Secret, error)

GetSecret retrieves a secret from AWS Secrets Manager Secret ARN format: arn:aws:secretsmanager:region:account:secret:oar/{agentName}/{secretName} The version parameter supports "latest" or specific version identifiers

type AWSOption 

type AWSOption func(*AWSBackend)

AWSOption is a functional option for configuring AWSBackend

func WithAWSClient 

func WithAWSClient(client SecretsManagerClient) AWSOption

WithAWSClient sets a custom Secrets Manager client

func WithAWSMaxRetries 

func WithAWSMaxRetries(maxRetries int) AWSOption

WithAWSMaxRetries sets the maximum number of retries

func WithAWSRegion 

func WithAWSRegion(region string) AWSOption

WithAWSRegion sets the AWS region

func WithAWSRetryDelay 

func WithAWSRetryDelay(delay time.Duration) AWSOption

WithAWSRetryDelay sets the retry delay

func WithAWSRoleARN 

func WithAWSRoleARN(roleARN string) AWSOption

WithAWSRoleARN sets the role ARN for role assumption

type CircuitBreakerBackend 

type CircuitBreakerBackend struct {
	// contains filtered or unexported fields
}

CircuitBreakerBackend wraps a SecretBackend with circuit breaker protection

func NewCircuitBreakerBackend 

func NewCircuitBreakerBackend(backend SecretBackend, logger *slog.Logger, opts ...CircuitBreakerOption) *CircuitBreakerBackend

NewCircuitBreakerBackend creates a new circuit breaker wrapping a secret backend

func (*CircuitBreakerBackend) GetSecret 

func (cb *CircuitBreakerBackend) GetSecret(ctx context.Context, identity *SessionIdentity, secretName string, version string) (*Secret, error)

GetSecret retrieves a secret from the wrapped backend with circuit breaker protection

func (*CircuitBreakerBackend) GetState 

func (cb *CircuitBreakerBackend) GetState() CircuitState

GetState returns the current circuit breaker state (for testing/observability)

func (*CircuitBreakerBackend) GetStats 

func (cb *CircuitBreakerBackend) GetStats() map[string]interface{}

GetStats returns current circuit breaker statistics (for observability)

func (*CircuitBreakerBackend) Reset 

func (cb *CircuitBreakerBackend) Reset()

Reset resets the circuit breaker to closed state (for testing)

type CircuitBreakerConfig 

type CircuitBreakerConfig struct {
	// FailureThreshold: number of consecutive failures before opening circuit
	FailureThreshold int
	// HalfOpenDelay: how long to wait before transitioning to half-open
	HalfOpenDelay time.Duration
	// SuccessThreshold: number of successful requests in half-open state to close circuit
	SuccessThreshold int
}

CircuitBreakerConfig holds configuration for the circuit breaker

func DefaultCircuitBreakerConfig 

func DefaultCircuitBreakerConfig() CircuitBreakerConfig

DefaultCircuitBreakerConfig returns default configuration

type CircuitBreakerOption 

type CircuitBreakerOption func(*CircuitBreakerBackend)

CircuitBreakerOption is a functional option for configuring CircuitBreakerBackend

func WithFailureThreshold 

func WithFailureThreshold(threshold int) CircuitBreakerOption

WithFailureThreshold sets the failure threshold

func WithHalfOpenDelay 

func WithHalfOpenDelay(delay time.Duration) CircuitBreakerOption

WithHalfOpenDelay sets the delay before transitioning to half-open

func WithSuccessThreshold 

func WithSuccessThreshold(threshold int) CircuitBreakerOption

WithSuccessThreshold sets the success threshold for half-open state

type CircuitState 

type CircuitState int

CircuitState represents the current state of the circuit breaker 

const (
	// StateClosed: normal operation, requests pass through
	StateClosed CircuitState = iota
	// StateOpen: failing, requests immediately return error
	StateOpen
	// StateHalfOpen: testing recovery, limited requests allowed
	StateHalfOpen
)

func (CircuitState) String 

func (s CircuitState) String() string

String returns the string representation of CircuitState

type GCPBackend 

type GCPBackend struct {
	// contains filtered or unexported fields
}

GCPBackend implements SecretBackend using GCP Secret Manager

func NewGCPBackend 

func NewGCPBackend(logger *slog.Logger, projectID string, opts ...GCPOption) (*GCPBackend, error)

NewGCPBackend creates a new GCP Secret Manager backend

func (*GCPBackend) GetSecret 

func (g *GCPBackend) GetSecret(ctx context.Context, identity *SessionIdentity, secretName string, version string) (*Secret, error)

GetSecret retrieves a secret from GCP Secret Manager Secret path: projects/${PROJECT_ID}/secrets/{secret_name}/versions/{version} The version parameter supports "latest" or specific version numbers

type GCPOption 

type GCPOption func(*GCPBackend)

GCPOption is a functional option for configuring GCPBackend

func WithGCPClient 

func WithGCPClient(client SecretManagerClient) GCPOption

WithGCPClient sets a custom Secret Manager client

func WithGCPMaxRetries 

func WithGCPMaxRetries(maxRetries int) GCPOption

WithGCPMaxRetries sets the maximum number of retries

func WithGCPRetryDelay 

func WithGCPRetryDelay(delay time.Duration) GCPOption

WithGCPRetryDelay sets the retry delay

type KubernetesBackend 

type KubernetesBackend struct {
	// contains filtered or unexported fields
}

KubernetesBackend implements SecretBackend using Kubernetes native secrets

func NewKubernetesBackend 

func NewKubernetesBackend(logger *slog.Logger, opts ...KubernetesOption) (*KubernetesBackend, error)

NewKubernetesBackend creates a new Kubernetes secrets backend Uses in-cluster configuration for pod authentication

func (*KubernetesBackend) GetSecret 

func (k *KubernetesBackend) GetSecret(ctx context.Context, identity *SessionIdentity, secretName string, version string) (*Secret, error)

GetSecret retrieves a secret from Kubernetes Secret naming convention: {secretName} in secret "oar-agent-{agentName}" Returns the secret value and version (stored as annotation)

type KubernetesOption 

type KubernetesOption func(*KubernetesBackend)

KubernetesOption is a functional option for configuring KubernetesBackend

func WithKubernetesClient 

func WithKubernetesClient(client kubernetes.Interface) KubernetesOption

WithKubernetesClient sets a custom Kubernetes client

func WithNamespace 

func WithNamespace(namespace string) KubernetesOption

WithNamespace sets the namespace for secret lookups

type MultiBackend 

type MultiBackend struct {
	// contains filtered or unexported fields
}

MultiBackend implements SecretBackend by trying multiple backends in order

func NewMultiBackend 

func NewMultiBackend(logger *slog.Logger, backends ...SecretBackend) *MultiBackend

NewMultiBackend creates a new MultiBackend that tries backends in order

func (*MultiBackend) GetSecret 

func (m *MultiBackend) GetSecret(ctx context.Context, identity *SessionIdentity, secretName string, version string) (*Secret, error)

GetSecret tries to retrieve a secret from each backend in order Returns the first successful result or an error containing all failures

type Secret 

type Secret struct {
	Name    string
	Value   string
	Version string
}

Secret represents a secret value with version information

type SecretBackend 

type SecretBackend interface {
	// GetSecret retrieves a secret value for the given session identity and secret name
	// version can be "latest" or a specific version identifier
	GetSecret(ctx context.Context, identity *SessionIdentity, secretName string, version string) (*Secret, error)
}

SecretBackend defines the interface for secret backends

type SecretManagerClient 

type SecretManagerClient interface {
	AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error)
	Close() error
}

SecretManagerClient is an interface for the GCP Secret Manager client This allows for mocking in tests

type SecretsManagerClient 

type SecretsManagerClient interface {
	GetSecretValue(ctx context.Context, params *secretsmanager.GetSecretValueInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error)
}

SecretsManagerClient is an interface for the AWS Secrets Manager client This allows for mocking in tests

type SessionIdentity 

type SessionIdentity struct {
	SessionID  string
	AgentName  string
	AgentImage string
}

SessionIdentity contains the identity information of the current session

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.