plugin

package
v0.0.0-...-48d3841 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 28, 2025 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

Package plugin implements CloudKMS plugin for GKE as described in go/gke-secrets-encryption-design.

Index

Constants

This section is empty.

Variables

View Source 
var (
	CloudKMSOperationalLatencies = prometheus.NewHistogramVec(
		prometheus.HistogramOpts{
			Name: "roundtrip_latencies",
			Help: "Latencies in milliseconds of cloud kms operations.",

			Buckets: prometheus.ExponentialBuckets(5, 2, 14),
		},
		[]string{"operation_type"},
	)

	CloudKMSOperationalFailuresTotal = prometheus.NewCounterVec(
		prometheus.CounterOpts{
			Name: "failures_count",
			Help: "Total number of failed kms operations.",
		},
		[]string{"operation_type"},
	)
)

Functions

func NewHTTPClient 

func NewHTTPClient(ctx context.Context, pathToGCEConf string) (*http.Client, error)

func RecordCloudKMSOperation 

func RecordCloudKMSOperation(operationType string, start time.Time)

Types

type HealthChecker 

type HealthChecker interface {
	PingRPC(context.Context, *grpc.ClientConn) error
	PingKMS(context.Context, *grpc.ClientConn) error
}

type HealthCheckerManager 

type HealthCheckerManager struct {
	KeyService *kmspb.ProjectsLocationsKeyRingsCryptoKeysService
	// contains filtered or unexported fields
}

HealthCheckerManager types that encapsulates healthz functionality of kms-plugin. The following health checks are performed: 1. Getting version of the plugin - validates gRPC connectivity. 2. Asserting that the caller has encrypt and decrypt permissions on the crypto key.

func NewHealthChecker 

func NewHealthChecker(plugin HealthChecker, keyName string, keyService *kmspb.ProjectsLocationsKeyRingsCryptoKeysService,
	unixSocketPath string, callTimeout time.Duration, servingURL *url.URL) *HealthCheckerManager

func (*HealthCheckerManager) HandlerFunc 

func (m *HealthCheckerManager) HandlerFunc(w http.ResponseWriter, r *http.Request)

func (*HealthCheckerManager) Serve 

func (m *HealthCheckerManager) Serve() chan error

Serve creates http server for hosting healthz.

func (*HealthCheckerManager) TestIAMPermissions 

func (h *HealthCheckerManager) TestIAMPermissions() error

type Metrics 

type Metrics struct {
	ServingURL *url.URL
}

Metrics encapsulates functionality related to serving Prometheus metrics for kms-plugin.

func (*Metrics) Serve 

func (m *Metrics) Serve() chan error

Serve creates http server for hosting Prometheus metrics.

type Plugin 

type Plugin interface {
	Register(s *grpc.Server)
}

Plugin is a CloudKMS plugin for K8S.

type PluginManager 

type PluginManager struct {

	// Embedding these only to shorten access to fields.
	net.Listener
	// contains filtered or unexported fields
}

func NewManager 

func NewManager(plugin Plugin, unixSocketFilePath string) *PluginManager

NewManager creates a new plugin manager.

func (*PluginManager) Start 

func (m *PluginManager) Start() (*grpc.Server, <-chan error)

ServeKMSRequests starts gRPC server or dies.

Source Files

View all Source files

Directories

Path Synopsis
Implementation of the KMS Plugin API v1.
 Implementation of the KMS Plugin API v1.
Implementation of the KMS Plugin API v2.
 Implementation of the KMS Plugin API v2.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.