CheckOwnerLabels checks that all owner labels are present and valid.

CheckSecretExists checks if the Secret configured on obj exists.

CreateHMACKeySecret with a generated HMAC key stored in Secret.Data with HMACKeyName.

DeleteSecret deletes a k8s secret, returning nil if the secret doesn't exist.

FindSecretsOwnedByObj returns all corev1.Secrets that are owned by obj.

FromHVSShadowSecret converts a k8s secret data entry to an HVS OpenSecret.

GetHMACKeySecret returns the Secret for objKey.

GetSyncableSecret returns K8s Secret for obj.

HandleRolloutRestarts for all v1beta1.RolloutRestartTarget(s) configured for obj.

HandleSecretHMAC compares the HMAC of data to its previously computed value stored in o.Status.SecretHMAC, returning true if they are equal.

HashString returns the first eight + last four characters of the sha256 sum of the input string.

HasOwnerLabels returns true if all owner labels are present and valid, if not it returns false.

HMACDestinationSecret compares the HMAC value stored in o.Status.SecretHMAC to the HMAC of the destination K8s Secret data.

MACMessage computes the MAC of data with key.

MakeHVSShadowSecretData converts a list of HVS OpenSecrets to k8s secret data.

MatchingLabels returns true if the `labels` map contains all the required labels.

NewSecretInput sets up a SecretInput instance from the provided secret data secret metadata, and annotations and labels which are typically of the type map[string]string.

OwnerLabelsForObj returns the canonical set of labels that should be set on all secrets created/owned by VSO.

RequestSAToken for the provided ServiceAccount, expirationSeconds, and audiences.

RolloutRestart patches the target in namespace for rollout-restart.

StoreImmutableSecret creates a k8s secret if it doesn't exist, or deletes and then creates an existing secret.

SyncSecret writes data to a Kubernetes Secret for obj.

ValidateMAC computes the MAC of message and compares the result to messageMAC.

AnnotationRestartedAt is updated to trigger a rollout-restart.

used for monkey-patching unit tests.

OwnerLabels will be applied to any k8s secret we create.

KeyedTemplate maps a secret data key to its secretsv1beta1.Template.

SecretDataBuilder constructs K8s Secret data from various sources.

SecretInput provides a standard data structure for secret template rendering.

SecretTransformationOption provides the configuration necessary when performing source secret data transformations.

SyncOptions to provide to SyncSecret().