options

package
v0.0.0-...-d338334 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 11, 2022 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package options defines options for KMS clients

Package options contains functional options for the various SignerVerifiers

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type NoOpOptionImpl 

type NoOpOptionImpl struct{}

NoOpOptionImpl implements the RPCOption, SignOption, VerifyOption interfaces as no-ops.

func (NoOpOptionImpl) ApplyContext 

func (NoOpOptionImpl) ApplyContext(ctx *context.Context)

ApplyContext is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyCryptoSignerOpts 

func (NoOpOptionImpl) ApplyCryptoSignerOpts(opts *crypto.SignerOpts)

ApplyCryptoSignerOpts is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyDigest 

func (NoOpOptionImpl) ApplyDigest(digest *[]byte)

ApplyDigest is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyKeyVersion 

func (NoOpOptionImpl) ApplyKeyVersion(keyVersion *string)

ApplyKeyVersion is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyKeyVersionUsed 

func (NoOpOptionImpl) ApplyKeyVersionUsed(keyVersion **string)

ApplyKeyVersionUsed is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyRPCAuthOpts 

func (NoOpOptionImpl) ApplyRPCAuthOpts(opts *RPCAuth)

ApplyRPCAuthOpts is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyRand 

func (NoOpOptionImpl) ApplyRand(rand *io.Reader)

ApplyRand is a no-op required to fully implement the requisite interfaces

func (NoOpOptionImpl) ApplyRemoteVerification 

func (NoOpOptionImpl) ApplyRemoteVerification(remoteVerification *bool)

ApplyRemoteVerification is a no-op required to fully implement the requisite interfaces

type RPCAuth 

type RPCAuth struct {
	Address string // address is the remote server address, e.g. https://vault:8200
	Path    string // path for the RPC, in vault this is the transit path which default to "transit"
	Token   string // token used for RPC, in vault this is the VAULT_TOKEN value
	OIDC    RPCAuthOIDC
}

RPCAuth provides credentials for RPC calls, empty fields are ignored

type RPCAuthOIDC 

type RPCAuthOIDC struct {
	Path  string // path defaults to "jwt" for vault
	Role  string // role is required for jwt logins
	Token string // token is a jwt with vault
}

RPCAuthOIDC is used to perform the RPC login using OIDC instead of a fixed token

type RPCAuthOpts 

type RPCAuthOpts struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RPCAuthOpts includes authentication settings for RPC calls

func WithRPCAuthOpts 

func WithRPCAuthOpts(opts RPCAuth) RPCAuthOpts

WithRPCAuthOpts specifies RPCAuth settings to be used with RPC logins

func (RPCAuthOpts) ApplyRPCAuthOpts 

func (r RPCAuthOpts) ApplyRPCAuthOpts(opts *RPCAuth)

ApplyRPCAuthOpts sets the RPCAuth as a function option

type RequestContext 

type RequestContext struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestContext implements the functional option pattern for including a context during RPC

func WithContext 

func WithContext(ctx context.Context) RequestContext

WithContext specifies that the given context should be used in RPC to external services

func (RequestContext) ApplyContext 

func (r RequestContext) ApplyContext(ctx *context.Context)

ApplyContext sets the specified context as the functional option

type RequestCryptoSignerOpts 

type RequestCryptoSignerOpts struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestCryptoSignerOpts implements the functional option pattern for supplying crypto.SignerOpts when signing or verifying

func WithCryptoSignerOpts 

func WithCryptoSignerOpts(opts crypto.SignerOpts) RequestCryptoSignerOpts

WithCryptoSignerOpts specifies that provided crypto.SignerOpts be used during signing and verification operations

func (RequestCryptoSignerOpts) ApplyCryptoSignerOpts 

func (r RequestCryptoSignerOpts) ApplyCryptoSignerOpts(opts *crypto.SignerOpts)

ApplyCryptoSignerOpts sets crypto.SignerOpts as a functional option

type RequestDigest 

type RequestDigest struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestDigest implements the functional option pattern for specifying a digest value

func WithDigest 

func WithDigest(digest []byte) RequestDigest

WithDigest specifies that the given digest can be used by underlying signature implementations WARNING: When verifying a digest with ECDSA, it is trivial to craft a valid signature over a random message given a public key. Do not use this unles you understand the implications and do not need to protect against malleability.

func (RequestDigest) ApplyDigest 

func (r RequestDigest) ApplyDigest(digest *[]byte)

ApplyDigest sets the specified digest value as the functional option

type RequestKeyVersion 

type RequestKeyVersion struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestKeyVersion implements the functional option pattern for specifying the KMS key version during signing or verification

func WithKeyVersion 

func WithKeyVersion(keyVersion string) RequestKeyVersion

WithKeyVersion specifies that a specific KMS key version be used during signing and verification operations; a value of 0 will use the latest version of the key (default)

func (RequestKeyVersion) ApplyKeyVersion 

func (r RequestKeyVersion) ApplyKeyVersion(keyVersion *string)

ApplyKeyVersion sets the KMS's key version as a functional option

type RequestKeyVersionUsed 

type RequestKeyVersionUsed struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestKeyVersionUsed implements the functional option pattern for obtaining the KMS key version used during signing

func ReturnKeyVersionUsed 

func ReturnKeyVersionUsed(keyVersionUsed *string) RequestKeyVersionUsed

ReturnKeyVersionUsed specifies that the specific KMS key version that was used during signing should be stored in the pointer provided

func (RequestKeyVersionUsed) ApplyKeyVersionUsed 

func (r RequestKeyVersionUsed) ApplyKeyVersionUsed(keyVersionUsed **string)

ApplyKeyVersionUsed requests to store the KMS's key version that was used as a functional option

type RequestRand 

type RequestRand struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestRand implements the functional option pattern for using a specific source of entropy

func WithRand 

func WithRand(rand io.Reader) RequestRand

WithRand specifies that the given source of entropy should be used in signing operations

func (RequestRand) ApplyRand 

func (r RequestRand) ApplyRand(rand *io.Reader)

ApplyRand sets the specified source of entropy as the functional option

type RequestRemoteVerification 

type RequestRemoteVerification struct {
	NoOpOptionImpl
	// contains filtered or unexported fields
}

RequestRemoteVerification implements the functional option pattern for remotely verifiying signatures when possible

func WithRemoteVerification 

func WithRemoteVerification(remoteVerification bool) RequestRemoteVerification

WithRemoteVerification specifies that the verification operation should be performed remotely (vs in the process of the caller)

func (RequestRemoteVerification) ApplyRemoteVerification 

func (r RequestRemoteVerification) ApplyRemoteVerification(remoteVerification *bool)

ApplyRemoteVerification sets remote verification as a functional option

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.