static

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2023 License: MPL-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package static implements a credential store for static credentials.

Index

Constants

View Source 
const (
	CredentialStorePrefix         = "csst"
	PreviousCredentialStorePrefix = "cs"

	Subtype = subtypes.Subtype("static")
)

PublicId prefixes for the resources in the static package.

View Source 
const (
	TestSshPrivateKeyPem = `` /* 400-byte string literal not displayed */

	TestLargeSshPrivateKeyPem = `` /* 2623-byte string literal not displayed */

)
View Source 
const (
	PrivateKeyPassphraseField = "PrivateKeyPassphrase"
)

These constants are the field names used in the static related field masks.

Variables

This section is empty.

Functions

func TestJsonObject added in v0.11.0 

func TestJsonObject() (credential.JsonObject, []byte, error)

TestJsonObject returns a json object and it's marshalled format to be used for testing

Types

type CredentialStore 

type CredentialStore struct {
	*store.CredentialStore
	// contains filtered or unexported fields
}

A CredentialStore contains credentials. It is owned by a project.

func NewCredentialStore 

func NewCredentialStore(projectId string, opt ...Option) (*CredentialStore, error)

NewCredentialStore creates a new in memory static CredentialStore assigned to projectId. Name and description are the only valid options. All other options are ignored.

func TestCredentialStore 

func TestCredentialStore(t testing.TB, conn *db.DB, wrapper wrapping.Wrapper, projectId string, opts ...Option) *CredentialStore

TestCredentialStore creates a static credential store in the provided DB with the provided project id and any values passed in through the Options vars. If any errors are encountered during the creation of the store, the test will fail.

func TestCredentialStores 

func TestCredentialStores(t testing.TB, conn *db.DB, wrapper wrapping.Wrapper, projectId string, count int) []*CredentialStore

TestCredentialStores creates count number of static credential stores in the provided DB with the provided project id. If any errors are encountered during the creation of the credential stores, the test will fail.

func (*CredentialStore) SetTableName 

func (cs *CredentialStore) SetTableName(n string)

SetTableName sets the table name.

func (*CredentialStore) TableName 

func (cs *CredentialStore) TableName() string

TableName returns the table name.

type JsonCredential added in v0.11.0 

type JsonCredential struct {
	*store.JsonCredential
	// contains filtered or unexported fields
}

A JsonCredential contains the credential with a json secret. It is owned by a credential store.

func NewJsonCredential added in v0.11.0 

func NewJsonCredential(
	ctx context.Context,
	storeId string,
	object credential.JsonObject,
	opt ...Option,
) (*JsonCredential, error)

NewJsonCredential creates a new in memory static Credential containing a json secret that is assigned to storeId. Name and description are the only valid options. All other options are ignored.

func TestJsonCredential added in v0.11.0 

func TestJsonCredential(
	t testing.TB,
	conn *db.DB,
	wrapper wrapping.Wrapper,
	storeId, scopeId string,
	object credential.JsonObject,
	opt ...Option,
) *JsonCredential

TestJsonCredential creates a json credential in the provided DB with the provided scope and any values passed in. If any errors are encountered during the creation of the store, the test will fail.

func TestJsonCredentials added in v0.11.0 

func TestJsonCredentials(
	t testing.TB,
	conn *db.DB,
	wrapper wrapping.Wrapper,
	storeId, scopeId string,
	object credential.JsonObject,
	count int,
) []*JsonCredential

TestJsonCredentials creates count number of json credentials in the provided DB with the provided scope id. If any errors are encountered during the creation of the credentials, the test will fail.

func (*JsonCredential) SetTableName added in v0.11.0 

func (c *JsonCredential) SetTableName(n string)

SetTableName sets the table name.

func (*JsonCredential) TableName added in v0.11.0 

func (c *JsonCredential) TableName() string

TableName returns the table name.

type Option 

type Option func(*options)

Option - how Options are passed as arguments.

func WithDescription 

func WithDescription(desc string) Option

WithDescription provides an optional description.

func WithLimit 

func WithLimit(l int) Option

WithLimit provides an option to provide a limit. Intentionally allowing negative integers. If WithLimit < 0, then unlimited results are returned. If WithLimit == 0, then default limits are used for results.

func WithName 

func WithName(name string) Option

WithName provides an optional name.

func WithPrivateKeyPassphrase added in v0.10.0 

func WithPrivateKeyPassphrase(with []byte) Option

WithPrivateKeyPassphrase provides an optional SSH private key passphrase to use.

func WithPublicId added in v0.10.0 

func WithPublicId(name string) Option

WithPublicId provides an optional public ID to use.

type Repository 

type Repository struct {
	// contains filtered or unexported fields
}

A Repository stores and retrieves the persistent types in the static package. It is not safe to use a repository concurrently.

func NewRepository 

func NewRepository(ctx context.Context, r db.Reader, w db.Writer, kms *kms.Kms, opt ...Option) (*Repository, error)

NewRepository creates a new Repository. The returned repository should only be used for one transaction and it is not safe for concurrent go routines to access it. WithLimit option is used as a repo wide default limit applied to all ListX methods.

func (*Repository) CreateCredentialStore 

func (r *Repository) CreateCredentialStore(ctx context.Context, cs *CredentialStore, _ ...Option) (*CredentialStore, error)

CreateCredentialStore inserts cs into the repository and returns a new CredentialStore containing the credential store's PublicId. cs is not changed. cs must not contain a PublicId. The PublicId is generated and assigned by this method. cs must contain a valid ProjectId.

Both cs.Name and cs.Description are optional. If cs.Name is set, it must be unique within cs.ProjectId. Both cs.CreateTime and cs.UpdateTime are ignored.

func (*Repository) CreateJsonCredential added in v0.11.0 

func (r *Repository) CreateJsonCredential(
	ctx context.Context,
	projectId string,
	c *JsonCredential,
	_ ...Option,
) (*JsonCredential, error)

CreateJsonCredential inserts c into the repository and returns a new JsonCredential containing the credential's PublicId. c is not changed. c must not contain a PublicId. The PublicId is generated and assigned by this method. c must contain a valid StoreId.

The object is encrypted and a HmacSha256 of the object is calculated. Only the ObjectHmac is returned, the plain-text and encrypted object is not returned.

Both c.Name and c.Description are optional. If c.Name is set, it must be unique within c.ProjectId. Both c.CreateTime and c.UpdateTime are ignored.

func (*Repository) CreateSshPrivateKeyCredential added in v0.10.0 

func (r *Repository) CreateSshPrivateKeyCredential(
	ctx context.Context,
	projectId string,
	c *SshPrivateKeyCredential,
	_ ...Option,
) (*SshPrivateKeyCredential, error)

CreateSshPrivateKeyCredential inserts c into the repository and returns a new SshPrivateKeyCredential containing the credential's PublicId. c is not changed. c must not contain a PublicId. The PublicId is generated and assigned by this method. c must contain a valid StoreId.

The private key is encrypted and a HmacSha256 of the private key is calculated. If a passphrase is supplied, it is also encrypted and an HmacSha256 of passphrase is calculated. Only the PrivateKeyHmac (and PrivateKeyPassphraseHmac) is returned, the plain-text and encrypted private key and passphrase are not returned.

Both c.Name and c.Description are optional. If c.Name is set, it must be unique within c.ProjectId. Both c.CreateTime and c.UpdateTime are ignored.

func (*Repository) CreateUsernamePasswordCredential 

func (r *Repository) CreateUsernamePasswordCredential(
	ctx context.Context,
	projectId string,
	c *UsernamePasswordCredential,
	_ ...Option,
) (*UsernamePasswordCredential, error)

CreateUsernamePasswordCredential inserts c into the repository and returns a new UsernamePasswordCredential containing the credential's PublicId. c is not changed. c must not contain a PublicId. The PublicId is generated and assigned by this method. c must contain a valid StoreId.

The password is encrypted and a HmacSha256 of the password is calculated. Only the PasswordHmac is returned, the plain-text and encrypted password is not returned.

Both c.Name and c.Description are optional. If c.Name is set, it must be unique within c.ProjectId. Both c.CreateTime and c.UpdateTime are ignored.

func (*Repository) DeleteCredential 

func (r *Repository) DeleteCredential(ctx context.Context, projectId, id string, _ ...Option) (int, error)

DeleteCredential deletes publicId from the repository and returns the number of records deleted. All options are ignored. TODO: This should hit a view...

func (*Repository) DeleteCredentialStore 

func (r *Repository) DeleteCredentialStore(ctx context.Context, publicId string, _ ...Option) (int, error)

DeleteCredentialStore deletes publicId from the repository and returns the number of records deleted. All options are ignored.

func (*Repository) ListCredentialStores 

func (r *Repository) ListCredentialStores(ctx context.Context, projectIds []string, opt ...Option) ([]*CredentialStore, error)

ListCredentialStores returns a slice of CredentialStores for the projectIds. WithLimit is the only option supported.

func (*Repository) ListCredentials 

func (r *Repository) ListCredentials(ctx context.Context, storeId string, opt ...Option) ([]credential.Static, error)

ListCredentials returns a slice of UsernamePasswordCredentials, SshPrivateKeyCredentials, and JsonCredentials for the storeId. WithLimit is the only option supported. TODO: This should hit a view and return the interface type...

func (*Repository) LookupCredential 

func (r *Repository) LookupCredential(ctx context.Context, publicId string, _ ...Option) (credential.Static, error)

LookupCredential returns the Credential for the publicId. Returns nil, nil if no Credential is found for the publicId. TODO: This should hit a view and return the interface type...

func (*Repository) LookupCredentialStore 

func (r *Repository) LookupCredentialStore(ctx context.Context, publicId string, _ ...Option) (*CredentialStore, error)

LookupCredentialStore returns the CredentialStore for publicId. Returns nil, nil if no CredentialStore is found for publicId.

func (*Repository) Retrieve 

func (r *Repository) Retrieve(ctx context.Context, projectId string, ids []string) ([]credential.Static, error)

Retrieve retrieves and returns static credentials from Boundary for all the provided ids. All the returned static credentials will have their secret fields decrypted.

func (*Repository) UpdateCredentialStore 

func (r *Repository) UpdateCredentialStore(ctx context.Context, cs *CredentialStore, version uint32, fieldMaskPaths []string, _ ...Option) (*CredentialStore, int, error)

UpdateCredentialStore updates the repository entry for cs.PublicId with the values in cs for the fields listed in fieldMaskPaths. It returns a new CredentialStore containing the updated values and a count of the number of records updated. cs is not changed.

cs must contain a valid PublicId. Only Name and Description can be changed. If cs.Name is set to a non-empty string, it must be unique within cs.ProjectId.

An attribute of cs will be set to NULL in the database if the attribute in cs is the zero value and it is included in fieldMaskPaths.

func (*Repository) UpdateJsonCredential added in v0.11.0 

func (r *Repository) UpdateJsonCredential(ctx context.Context,
	projectId string,
	c *JsonCredential,
	version uint32,
	fieldMaskPaths []string,
	_ ...Option,
) (*JsonCredential, int, error)

UpdateJsonCredential updates the repository entry for c.PublicId with the values in c for the fields listed in fieldMaskPaths. It returns a new JsonCredential containing the updated values and a count of the number of records updated. c is not changed.

c must contain a valid PublicId. Only Name, Description and Json can be changed. If c.Name is set to a non-empty string, it must be unique within c.ProjectId.

An attribute of c will be set to NULL in the database if the attribute in c is the zero value and it is included in fieldMaskPaths.

func (*Repository) UpdateSshPrivateKeyCredential added in v0.10.0 

func (r *Repository) UpdateSshPrivateKeyCredential(ctx context.Context,
	projectId string,
	c *SshPrivateKeyCredential,
	version uint32,
	fieldMaskPaths []string,
	_ ...Option,
) (*SshPrivateKeyCredential, int, error)

UpdateSshPrivateKeyCredential updates the repository entry for c.PublicId with the values in c for the fields listed in fieldMaskPaths. It returns a new SshPrivateKeyCredential containing the updated values and a count of the number of records updated. c is not changed.

c must contain a valid PublicId. Only Name, Description, Username, PrivateKey and PrivateKeyPassphrase can be changed. If c.Name is set to a non-empty string, it must be unique within c.ProjectId.

An attribute of c will be set to NULL in the database if the attribute in c is the zero value and it is included in fieldMaskPaths.

func (*Repository) UpdateUsernamePasswordCredential 

func (r *Repository) UpdateUsernamePasswordCredential(ctx context.Context,
	projectId string,
	c *UsernamePasswordCredential,
	version uint32,
	fieldMaskPaths []string,
	_ ...Option,
) (*UsernamePasswordCredential, int, error)

UpdateUsernamePasswordCredential updates the repository entry for c.PublicId with the values in c for the fields listed in fieldMaskPaths. It returns a new UsernamePasswordCredential containing the updated values and a count of the number of records updated. c is not changed.

c must contain a valid PublicId. Only Name, Description, Username and Password can be changed. If c.Name is set to a non-empty string, it must be unique within c.ProjectId.

An attribute of c will be set to NULL in the database if the attribute in c is the zero value and it is included in fieldMaskPaths.

type SshPrivateKeyCredential added in v0.10.0 

type SshPrivateKeyCredential struct {
	*store.SshPrivateKeyCredential

	PassphraseUnneeded bool `gorm:"-"`
	// contains filtered or unexported fields
}

A SshPrivateKeyCredential contains the credential with a username and private key. It is owned by a credential store.

func NewSshPrivateKeyCredential added in v0.10.0 

func NewSshPrivateKeyCredential(
	ctx context.Context,
	storeId string,
	username string,
	privateKey credential.PrivateKey,
	opt ...Option,
) (*SshPrivateKeyCredential, error)

NewSshPrivateKeyCredential creates a new in memory static Credential containing a username and private key that is assigned to storeId. Name and description are the only valid options. All other options are ignored.

func TestSshPrivateKeyCredential added in v0.10.0 

func TestSshPrivateKeyCredential(
	t testing.TB,
	conn *db.DB,
	wrapper wrapping.Wrapper,
	username, privateKey, storeId, projectId string,
	opt ...Option,
) *SshPrivateKeyCredential

TestSshPrivateKeyCredential creates an ssh private key credential in the provided DB with the provided project and any values passed in through. If any errors are encountered during the creation of the store, the test will fail.

func TestSshPrivateKeyCredentials added in v0.10.0 

func TestSshPrivateKeyCredentials(
	t testing.TB,
	conn *db.DB,
	wrapper wrapping.Wrapper,
	username, privateKey, storeId, projectId string,
	count int,
) []*SshPrivateKeyCredential

TestSshPrivateKeyCredentials creates count number of ssh private key credentials in the provided DB with the provided project id. If any errors are encountered during the creation of the credentials, the test will fail.

func (*SshPrivateKeyCredential) SetTableName added in v0.10.0 

func (c *SshPrivateKeyCredential) SetTableName(n string)

SetTableName sets the table name.

func (*SshPrivateKeyCredential) TableName added in v0.10.0 

func (c *SshPrivateKeyCredential) TableName() string

TableName returns the table name.

type UsernamePasswordCredential 

type UsernamePasswordCredential struct {
	*store.UsernamePasswordCredential
	// contains filtered or unexported fields
}

A UsernamePasswordCredential contains the credential with a username and password. It is owned by a credential store.

func NewUsernamePasswordCredential 

func NewUsernamePasswordCredential(
	storeId string,
	username string,
	password credential.Password,
	opt ...Option,
) (*UsernamePasswordCredential, error)

NewUsernamePasswordCredential creates a new in memory static Credential containing a username and password that is assigned to storeId. Name and description are the only valid options. All other options are ignored.

func TestUsernamePasswordCredential 

func TestUsernamePasswordCredential(
	t testing.TB,
	conn *db.DB,
	wrapper wrapping.Wrapper,
	username, password, storeId, projectId string,
	opts ...Option,
) *UsernamePasswordCredential

TestUsernamePasswordCredential creates a username password credential in the provided DB with the provided project id and any values passed in through. If any errors are encountered during the creation of the store, the test will fail.

func TestUsernamePasswordCredentials 

func TestUsernamePasswordCredentials(
	t testing.TB,
	conn *db.DB,
	wrapper wrapping.Wrapper,
	username, password, storeId, projectId string,
	count int,
) []*UsernamePasswordCredential

TestUsernamePasswordCredentials creates count number of username password credentials in the provided DB with the provided project id. If any errors are encountered during the creation of the credentials, the test will fail.

func (*UsernamePasswordCredential) SetTableName 

func (c *UsernamePasswordCredential) SetTableName(n string)

SetTableName sets the table name.

func (*UsernamePasswordCredential) TableName 

func (c *UsernamePasswordCredential) TableName() string

TableName returns the table name.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.