config

package
v0.0.0-...-8843776 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 17, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	UseMySQL      = true
	UsePostgreSQL = false
)

UseMySQL represent constant for switching mode of encryptor config

Variables

View Source 
var ErrInvalidCryptoEnvelopeType = errors.New("invalid CryptoEnvelopeType")

ErrInvalidCryptoEnvelopeType used for invalid values of CryptoEnvelopeType

View Source 
var ErrInvalidEncryptorConfig = errors.New("invalid encryptor config")

ErrInvalidEncryptorConfig has invalid configuration

Functions

func HasTypeAwareSupport 

func HasTypeAwareSupport(setting ColumnEncryptionSetting) bool

HasTypeAwareSupport return true if setting configured for decryption with type awareness

func IsBinaryDataOperation 

func IsBinaryDataOperation(setting ColumnEncryptionSetting) bool

IsBinaryDataOperation return true if setting related to operation over binary data

func ValidateCryptoEnvelopeType 

func ValidateCryptoEnvelopeType(value CryptoEnvelopeType) error

ValidateCryptoEnvelopeType return error if value is unsupported CryptoEnvelopeType

Types

type BasicColumnEncryptionSetting 

type BasicColumnEncryptionSetting struct {
	Name         string `yaml:"column"`
	UsedClientID string `yaml:"client_id"`

	// same as TokenType but related for encryption operations
	DataType string `yaml:"data_type"`
	// same as DataType but expect exact ID type
	DataTypeID uint32 `yaml:"data_type_db_identifier"`
	// string for str/email/int32/int64 ans base64 string for binary data
	DefaultDataValue *string `yaml:"default_data_value"`
	// an action that should be performed on failure
	// possible actions are "ciphertext", "error" or "default"
	ResponseOnFail common.ResponseOnFail `yaml:"response_on_fail"`

	// Tokenized is DEPRECATED, but left to provide backwards compatibility.
	// Was used to enable tokenization. Right now the `TokenType` serves that
	// purpose: if it's not empty, tokenization is enabled.
	Tokenized              *bool  `yaml:"tokenized"`
	ConsistentTokenization *bool  `yaml:"consistent_tokenization"`
	TokenType              string `yaml:"token_type"`

	// Searchable encryption
	Searchable bool `yaml:"searchable"`
	// Data masking
	MaskingPattern           string                      `yaml:"masking"`
	PartialPlaintextLenBytes int                         `yaml:"plaintext_length"`
	PlaintextSide            maskingCommon.PlainTextSide `yaml:"plaintext_side"`
	CryptoEnvelope           *CryptoEnvelopeType         `yaml:"crypto_envelope"`
	ReEncryptToAcraBlock     *bool                       `yaml:"reencrypting_to_acrablocks"`
	// contains filtered or unexported fields
}

BasicColumnEncryptionSetting is a basic set of column encryption settings.

func (*BasicColumnEncryptionSetting) ClientID 

func (s *BasicColumnEncryptionSetting) ClientID() []byte

ClientID returns client ID to use when encrypting this column.

func (*BasicColumnEncryptionSetting) ColumnName 

func (s *BasicColumnEncryptionSetting) ColumnName() string

ColumnName returns name of the column for which these settings are for.

func (*BasicColumnEncryptionSetting) GetConsistentTokenization 

func (s *BasicColumnEncryptionSetting) GetConsistentTokenization() bool

GetConsistentTokenization return ConsistentTokenization bool option

func (*BasicColumnEncryptionSetting) GetCryptoEnvelope 

func (s *BasicColumnEncryptionSetting) GetCryptoEnvelope() CryptoEnvelopeType

GetCryptoEnvelope returns type of crypto envelope

func (*BasicColumnEncryptionSetting) GetDBDataTypeID 

func (s *BasicColumnEncryptionSetting) GetDBDataTypeID() uint32

GetDBDataTypeID returns the DataTypeID of corresponded DB got from `data_type_db_identifier` encryptor config option

func (*BasicColumnEncryptionSetting) GetDefaultDataValue 

func (s *BasicColumnEncryptionSetting) GetDefaultDataValue() *string

GetDefaultDataValue returns default data value for encrypted data

func (*BasicColumnEncryptionSetting) GetEncryptedDataType 

func (s *BasicColumnEncryptionSetting) GetEncryptedDataType() common.EncryptedType

GetEncryptedDataType returns data type for encrypted data

func (*BasicColumnEncryptionSetting) GetMaskingPattern 

func (s *BasicColumnEncryptionSetting) GetMaskingPattern() string

GetMaskingPattern returns string which should be used to mask AcraStruct data.

func (*BasicColumnEncryptionSetting) GetPartialPlaintextLen 

func (s *BasicColumnEncryptionSetting) GetPartialPlaintextLen() int

GetPartialPlaintextLen returns number of bytes to be left untouched in masked value.

func (*BasicColumnEncryptionSetting) GetResponseOnFail 

func (s *BasicColumnEncryptionSetting) GetResponseOnFail() common.ResponseOnFail

GetResponseOnFail returns the action that should be performed on failure Valid values are "", "ciphertext", "error" and "default"

func (*BasicColumnEncryptionSetting) GetSettingMask 

func (s *BasicColumnEncryptionSetting) GetSettingMask() SettingMask

GetSettingMask return SettingMask

func (*BasicColumnEncryptionSetting) GetTokenType 

func (s *BasicColumnEncryptionSetting) GetTokenType() tokenizationCommon.TokenType

GetTokenType return the type of tokenization to apply to the column.

func (*BasicColumnEncryptionSetting) Init 

func (s *BasicColumnEncryptionSetting) Init(useMySQL bool) (err error)

Init validate and initialize SettingMask

func (*BasicColumnEncryptionSetting) IsConsistentTokenization 

func (s *BasicColumnEncryptionSetting) IsConsistentTokenization() bool

IsConsistentTokenization returns true if column tokens should be consistent.

func (*BasicColumnEncryptionSetting) IsEndMasking 

func (s *BasicColumnEncryptionSetting) IsEndMasking() bool

IsEndMasking returns true if the right part of the value should be masked.

func (*BasicColumnEncryptionSetting) IsSearchable 

func (s *BasicColumnEncryptionSetting) IsSearchable() bool

IsSearchable returns true if column should be searchable.

func (*BasicColumnEncryptionSetting) IsTokenized 

func (s *BasicColumnEncryptionSetting) IsTokenized() bool

IsTokenized returns true if the column should be tokenized.

func (*BasicColumnEncryptionSetting) OnlyEncryption 

func (s *BasicColumnEncryptionSetting) OnlyEncryption() bool

OnlyEncryption return true if should be applied only AcraStruct/AcraBlock encryption without tokenization/masking/etc

func (*BasicColumnEncryptionSetting) ShouldReEncryptAcraStructToAcraBlock 

func (s *BasicColumnEncryptionSetting) ShouldReEncryptAcraStructToAcraBlock() bool

ShouldReEncryptAcraStructToAcraBlock return true if should re-encrypt data with AcraBlock

type ColumnEncryptionSetting 

type ColumnEncryptionSetting interface {
	common.TokenSetting

	ColumnName() string
	ClientID() []byte

	GetDBDataTypeID() uint32
	GetEncryptedDataType() common2.EncryptedType
	GetDefaultDataValue() *string
	GetResponseOnFail() common2.ResponseOnFail

	// Searchable encryption
	IsSearchable() bool
	// Data masking
	GetMaskingPattern() string
	GetPartialPlaintextLen() int
	IsEndMasking() bool
	OnlyEncryption() bool

	Defaults
}

ColumnEncryptionSetting describes how to encrypt a table column.

type CryptoEnvelopeType 

type CryptoEnvelopeType string

CryptoEnvelopeType type of crypto envelope for encryptors 

const (
	CryptoEnvelopeTypeAcraStruct CryptoEnvelopeType = "acrastruct"
	CryptoEnvelopeTypeAcraBlock  CryptoEnvelopeType = "acrablock"
)

Supported CryptoEnvelopeTypes

type DatabaseSettings 

type DatabaseSettings interface {
	GetMySQLDatabaseSettings() MySQLDatabaseSettings
	GetPostgreSQLDatabaseSettings() PostgreSQLDatabaseSettings
}

DatabaseSettings stores different database-specific configuration options

type Defaults 

type Defaults interface {
	GetCryptoEnvelope() CryptoEnvelopeType
	ShouldReEncryptAcraStructToAcraBlock() bool
	GetConsistentTokenization() bool
}

Defaults default parameters that may be configured for whole config to allow omit them for specific columns

type MapTableSchemaStore 

type MapTableSchemaStore struct {
	// contains filtered or unexported fields
}

MapTableSchemaStore store schemas per table name

func MapTableSchemaStoreFromConfig 

func MapTableSchemaStoreFromConfig(config []byte, useMySQL bool) (*MapTableSchemaStore, error)

MapTableSchemaStoreFromConfig parse config and return MapTableSchemaStore with data from config

func NewMapTableSchemaStore 

func NewMapTableSchemaStore() (*MapTableSchemaStore, error)

NewMapTableSchemaStore return new MapTableSchemaStore

func (*MapTableSchemaStore) GetDatabaseSettings 

func (store *MapTableSchemaStore) GetDatabaseSettings() DatabaseSettings

GetDatabaseSettings return struct with database-specific configuration

func (*MapTableSchemaStore) GetGlobalSettingsMask 

func (store *MapTableSchemaStore) GetGlobalSettingsMask() SettingMask

GetGlobalSettingsMask return OR of all masks of column settings

func (*MapTableSchemaStore) GetTableSchema 

func (store *MapTableSchemaStore) GetTableSchema(tableName string) TableSchema

GetTableSchema return table schema if exists otherwise nil

type MySQLDatabaseSettings 

type MySQLDatabaseSettings interface {
	GetCaseSensitiveTableIdentifiers() bool
	GetPreparedStatementsSetArgDelimiter() string
}

MySQLDatabaseSettings stores MySQL-specific configuration

type PostgreSQLDatabaseSettings 

type PostgreSQLDatabaseSettings interface{}

PostgreSQLDatabaseSettings stores PostgreSQL-specific configuration

type SettingMask 

type SettingMask int32

SettingMask bitmask used to store info about encryptor configuration 

const (
	SettingReEncryptionFlag SettingMask = 1 << iota
	SettingMaskingFlag
	SettingMaskingPlaintextLengthFlag
	SettingMaskingPlaintextSideFlag
	SettingTokenizationFlag
	SettingConsistentTokenizationFlag
	SettingTokenTypeFlag
	SettingSearchFlag
	SettingClientIDFlag
	SettingAcraBlockEncryptionFlag
	SettingAcraStructEncryptionFlag
	SettingDataTypeFlag
	SettingDefaultDataValueFlag
	SettingOnFailFlag
	SettingDataTypeIDFlag
)

set of flags according to BasicColumnEncryptionSetting public fields except Name which is required

type TableSchema 

type TableSchema interface {
	Name() string
	Columns() []string
	NeedToEncrypt(columnName string) bool
	// GetColumnEncryptionSettings fetches encryption settings for given column,
	// or returns nil if the column should not be encrypted.
	GetColumnEncryptionSettings(columnName string) ColumnEncryptionSetting
}

TableSchema describes a table and its encryption settings per column.

type TableSchemaStore 

type TableSchemaStore interface {
	GetDatabaseSettings() DatabaseSettings
	// GetTableSchema returns schema for given table if configured, or nil otherwise.
	GetTableSchema(tableName string) TableSchema
	GetGlobalSettingsMask() SettingMask
}

TableSchemaStore fetches schema for encryptable tables in the database.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.