kms

package
v0.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 21, 2021 License: MPL-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const (
	RootKeyPrefix            = "krk"
	RootKeyVersionPrefix     = "krkv"
	DatabaseKeyPrefix        = "kdk"
	DatabaseKeyVersionPrefix = "kdkv"
	OplogKeyPrefix           = "kopk"
	OplogKeyVersionPrefix    = "kopkv"
	TokenKeyPrefix           = "ktk"
	TokenKeyVersionPrefix    = "ktv"
	SessionKeyPrefix         = "ksk"
	SessionKeyVersionPrefix  = "kskv"
	OidcKeyPrefix            = "koidck"
	OidcKeyVersionPrefix     = "koidckv"
)
View Source
const (
	DefaultDatabaseKeyTableName = "kms_database_key"
)
View Source
const (
	DefaultDatabaseKeyVersionTableName = "kms_database_key_version"
)
View Source
const (
	DefaultOidcKeyTableName = "kms_oidc_key"
)
View Source
const (
	DefaultOidcKeyVersionTableName = "kms_oidc_key_version"
)
View Source
const (
	DefaultOplogKeyTableName = "kms_oplog_key"
)
View Source
const (
	DefaultOplogKeyVersionTableName = "kms_oplog_key_version"
)
View Source
const (
	DefaultRootKeyTableName = "kms_root_key"
)
View Source
const (
	DefaultRootKeyVersionTableName = "kms_root_key_version"
)
View Source
const (
	DefaultSessionKeyTableName = "kms_session_key"
)
View Source
const (
	DefaultSessionKeyVersionTableName = "kms_session_key_version"
)
View Source
const (
	DefaultTokenKeyTableName = "kms_token_key"
)
View Source
const (
	DefaultTokenKeyVersionTableName = "kms_token_key_version"
)

Variables

This section is empty.

Functions

func NewDerivedReader added in v0.2.0

func NewDerivedReader(wrapper wrapping.Wrapper, lenLimit int64, salt, info []byte) (*io.LimitedReader, error)

DerivedReader returns a reader from which keys can be read, using the given wrapper, reader length limit, salt and context info. Salt and info can be nil.

Example:

reader, _ := NewDerivedReader(wrapper, userId, jobId)
key := ed25519.GenerateKey(reader)

Types

type DatabaseKey

type DatabaseKey struct {
	*store.DatabaseKey
	// contains filtered or unexported fields
}

func AllocDatabaseKey

func AllocDatabaseKey() DatabaseKey

AllocDatabaseKey will allocate a DatabaseKey

func NewDatabaseKey

func NewDatabaseKey(rootKeyId string, _ ...Option) (*DatabaseKey, error)

NewDatabaseKey creates a new in memory database key. No options are currently supported.

func TestDatabaseKey

func TestDatabaseKey(t *testing.T, conn *gorm.DB, rootKeyId string) *DatabaseKey

func (*DatabaseKey) Clone

func (k *DatabaseKey) Clone() interface{}

Clone creates a clone of the DatabaseKey

func (*DatabaseKey) SetTableName

func (k *DatabaseKey) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*DatabaseKey) TableName

func (k *DatabaseKey) TableName() string

TableName returns the tablename to override the default gorm table name

func (*DatabaseKey) VetForWrite

func (k *DatabaseKey) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the key before it's written.

type DatabaseKeyVersion

type DatabaseKeyVersion struct {
	*store.DatabaseKeyVersion
	// contains filtered or unexported fields
}

func AllocDatabaseKeyVersion

func AllocDatabaseKeyVersion() DatabaseKeyVersion

AllocDatabaseKeyVersion allocates a DatabaseKeyVersion

func NewDatabaseKeyVersion

func NewDatabaseKeyVersion(databaseKeyId string, key []byte, rootKeyVersionId string, _ ...Option) (*DatabaseKeyVersion, error)

NewDatabaseKeyVersion creates a new in memory database key version. No options are currently supported.

func TestDatabaseKeyVersion

func TestDatabaseKeyVersion(t *testing.T, conn *gorm.DB, rootKeyVersionWrapper wrapping.Wrapper, databaseKeyId string, key []byte) *DatabaseKeyVersion

func (*DatabaseKeyVersion) Clone

func (k *DatabaseKeyVersion) Clone() interface{}

Clone creates a clone of the DatabaseKeyVersion

func (*DatabaseKeyVersion) Decrypt

func (k *DatabaseKeyVersion) Decrypt(ctx context.Context, cipher wrapping.Wrapper) error

Decrypt will decrypt the database key version's key

func (*DatabaseKeyVersion) Encrypt

func (k *DatabaseKeyVersion) Encrypt(ctx context.Context, cipher wrapping.Wrapper) error

Encrypt will encrypt the database key version's key

func (*DatabaseKeyVersion) SetTableName

func (k *DatabaseKeyVersion) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*DatabaseKeyVersion) TableName

func (k *DatabaseKeyVersion) TableName() string

TableName returns the tablename to override the default gorm table name

func (*DatabaseKeyVersion) VetForWrite

func (k *DatabaseKeyVersion) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the database key version before it's written.

type Dek

type Dek interface {
	GetRootKeyId() string
	GetPrivateId() string
}

Dek is an interface wrapping dek types to allow a lot less switching in loadDek

type DekVersion

type DekVersion interface {
	GetPrivateId() string
	GetKey() []byte
}

DekVersion is an interface wrapping versioned dek types to allow a lot less switching in loadDek

type ExternalWrappers

type ExternalWrappers struct {
	// contains filtered or unexported fields
}

ExternalWrappers holds wrappers defined outside of Boundary, e.g. in its configuration file.

func (*ExternalWrappers) Recovery

func (e *ExternalWrappers) Recovery() wrapping.Wrapper

Recovery returns the wrapper for recovery operations

func (*ExternalWrappers) Root

func (e *ExternalWrappers) Root() wrapping.Wrapper

Root returns the wrapper for root keys

func (*ExternalWrappers) WorkerAuth

func (e *ExternalWrappers) WorkerAuth() wrapping.Wrapper

WorkerAuth returns the wrapper for worker authentication

type KeyIder

type KeyIder interface {
	GetPrivateId() string
}

KeyIder defines a common interface for all keys returned from CreateKeysTx in a Keys map

type KeyPurpose

type KeyPurpose uint

KeyPurpose allows an application to specify the reason they need a key; this is used to select which DEK to return

const (
	// KeyPurposeUnknown is the default, and indicates that a correct purpose
	// wasn't specified
	KeyPurposeUnknown KeyPurpose = iota

	// KeyPurposeDatabase is used for general encryption needs for most values
	// in the database, excluding the oplog
	KeyPurposeDatabase

	// KeyPurposeOplog is used for oplogs
	KeyPurposeOplog

	// KeyPurposeRecovery is used for recovery access
	KeyPurposeRecovery

	// KeyPurposeTokens is used for token encryption
	KeyPurposeTokens

	// KeyPurposeSessions is used as a base key to derive session-specific encryption keys
	KeyPurposeSessions

	// KeyPurposeOidc is used for encrypting oidc states included in
	// authentication URLs
	KeyPurposeOidc
)

func (KeyPurpose) String

func (k KeyPurpose) String() string

String returns the key purpose cast as a string, just so it can be called as a function instead of direct casting elsewhere, yw

type KeyType

type KeyType uint

KeyType allows the kms repo to return a map[KeyType]Key which can be easily used without type casting.

const (
	KeyTypeUnknown KeyType = iota
	KeyTypeRootKey
	KeyTypeRootKeyVersion
	KeyTypeDatabaseKey
	KeyTypeDatabaseKeyVersion
	KeyTypeOplogKey
	KeyTypeOplogKeyVersion
	KeyTypeTokenKey
	KeyTypeTokenKeyVersion
	KeyTypeSessionKey
	KeyTypeSessionKeyVersion
	KeyTypeOidcKey
	KeyTypeOidcKeyVersion
)

func (KeyType) String

func (k KeyType) String() string

String returns the key type cast as a string, just so it can be called as a function instead of direct casting elsewhere, yw

type Keys

type Keys map[KeyType]KeyIder

Keys defines a return type for CreateKeysTx so the returned keys can be easily accessed via their KeyType

func CreateKeysTx

func CreateKeysTx(ctx context.Context, dbReader db.Reader, dbWriter db.Writer, rootWrapper wrapping.Wrapper, randomReader io.Reader, scopeId string) (Keys, error)

CreateKeysTx creates the root key and DEKs returns a map of the new keys. This function encapsulates all the work required within a db.TxHandler and allows this capability to be shared with the iam repo.

type Kms

type Kms struct {
	// contains filtered or unexported fields
}

Kms is a way to access wrappers for a given scope and purpose. Since keys can never change, only be added or (eventually) removed, it opportunistically caches, going to the database as needed.

func NewKms

func NewKms(repo *Repository, opt ...Option) (*Kms, error)

NewKms takes in a repo and returns a Kms. Supported options: WithLogger.

func TestKms

func TestKms(t *testing.T, conn *gorm.DB, rootWrapper wrapping.Wrapper) *Kms

func (*Kms) AddExternalWrappers

func (k *Kms) AddExternalWrappers(opt ...Option) error

AddExternalWrappers allows setting the external keys.

TODO: If we support more than one, e.g. for encrypting against many in case of a key loss, there will need to be some refactoring here to have the values being stored in the struct be a multiwrapper, but that's for a later project.

func (*Kms) GetDerivedPurposeCache added in v0.2.0

func (k *Kms) GetDerivedPurposeCache() *sync.Map

func (*Kms) GetExternalWrappers

func (k *Kms) GetExternalWrappers() *ExternalWrappers

func (*Kms) GetScopePurposeCache

func (k *Kms) GetScopePurposeCache() *sync.Map

GetScopePurposeCache is used in test functions for validation. Since the tests need to be in a different package to avoid circular dependencies, this is exported.

func (*Kms) GetWrapper

func (k *Kms) GetWrapper(ctx context.Context, scopeId string, purpose KeyPurpose, opt ...Option) (wrapping.Wrapper, error)

GetWrapper returns a wrapper for the given scope and purpose. When a keyId is passed, it will ensure that the returning wrapper has that key ID in the multiwrapper. This is not necesary for encryption but should be supplied for decryption.

type OidcKey added in v0.1.5

type OidcKey struct {
	*store.OidcKey
	// contains filtered or unexported fields
}

func AllocOidcKey added in v0.1.5

func AllocOidcKey() OidcKey

AllocOidcKey will allocate a OidcKey

func NewOidcKey added in v0.1.5

func NewOidcKey(rootKeyId string, _ ...Option) (*OidcKey, error)

NewOidcKey creates a new in memory oidc key. This key is used to encrypt oidc state before it's included in the oidc auth url. No options are currently supported.

func TestOidcKey added in v0.1.5

func TestOidcKey(t *testing.T, conn *gorm.DB, rootKeyId string) *OidcKey

func (*OidcKey) Clone added in v0.1.5

func (k *OidcKey) Clone() interface{}

Clone creates a clone of the OidcKey

func (*OidcKey) SetTableName added in v0.1.5

func (k *OidcKey) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*OidcKey) TableName added in v0.1.5

func (k *OidcKey) TableName() string

TableName returns the tablename to override the default gorm table name

func (*OidcKey) VetForWrite added in v0.1.5

func (k *OidcKey) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the key before it's written.

type OidcKeyVersion added in v0.1.5

type OidcKeyVersion struct {
	*store.OidcKeyVersion
	// contains filtered or unexported fields
}

func AllocOidcKeyVersion added in v0.1.5

func AllocOidcKeyVersion() OidcKeyVersion

AllocOidcKeyVersion allocates a OidcKeyVersion

func NewOidcKeyVersion added in v0.1.5

func NewOidcKeyVersion(oidcKeyId string, key []byte, rootKeyVersionId string, _ ...Option) (*OidcKeyVersion, error)

NewOidcKeyVersion creates a new in memory oidc key version. This key is used to encrypt oidc state before it's included in the oidc auth url. No options are currently supported.

func TestOidcKeyVersion added in v0.1.5

func TestOidcKeyVersion(t *testing.T, conn *gorm.DB, rootKeyVersionWrapper wrapping.Wrapper, oidcKeyId string, key []byte) *OidcKeyVersion

func (*OidcKeyVersion) Clone added in v0.1.5

func (k *OidcKeyVersion) Clone() interface{}

Clone creates a clone of the OidcKeyVersion

func (*OidcKeyVersion) Decrypt added in v0.1.5

func (k *OidcKeyVersion) Decrypt(ctx context.Context, cipher wrapping.Wrapper) error

Decrypt will decrypt the oidc key version's key

func (*OidcKeyVersion) Encrypt added in v0.1.5

func (k *OidcKeyVersion) Encrypt(ctx context.Context, cipher wrapping.Wrapper) error

Encrypt will encrypt the oidc key version's key

func (*OidcKeyVersion) SetTableName added in v0.1.5

func (k *OidcKeyVersion) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*OidcKeyVersion) TableName added in v0.1.5

func (k *OidcKeyVersion) TableName() string

TableName returns the tablename to override the default gorm table name

func (*OidcKeyVersion) VetForWrite added in v0.1.5

func (k *OidcKeyVersion) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the oidc key version before it's written.

type OplogKey

type OplogKey struct {
	*store.OplogKey
	// contains filtered or unexported fields
}

func AllocOplogKey

func AllocOplogKey() OplogKey

AllocOplogKey will allocate a key

func NewOplogKey

func NewOplogKey(rootKeyId string, _ ...Option) (*OplogKey, error)

NewOplogKey creates a new in memory key. No options are currently supported.

func TestOplogKey

func TestOplogKey(t *testing.T, conn *gorm.DB, rootKeyId string) *OplogKey

func (*OplogKey) Clone

func (k *OplogKey) Clone() interface{}

Clone creates a clone of the key

func (*OplogKey) SetTableName

func (k *OplogKey) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*OplogKey) TableName

func (k *OplogKey) TableName() string

TableName returns the tablename to override the default gorm table name

func (*OplogKey) VetForWrite

func (k *OplogKey) VetForWrite(_ context.Context, _ db.Reader, opType db.OpType, _ ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the key before it's written.

type OplogKeyVersion

type OplogKeyVersion struct {
	*store.OplogKeyVersion
	// contains filtered or unexported fields
}

func AllocOplogKeyVersion

func AllocOplogKeyVersion() OplogKeyVersion

AllocOplogKeyVersion allocates a key version

func NewOplogKeyVersion

func NewOplogKeyVersion(oplogKeyId string, key []byte, rootKeyVersionId string, _ ...Option) (*OplogKeyVersion, error)

OplogKeyVersion creates a new in memory key version. No options are currently supported.

func TestOplogKeyVersion

func TestOplogKeyVersion(t *testing.T, conn *gorm.DB, rootKeyVersionWrapper wrapping.Wrapper, oplogKeyId string, key []byte) *OplogKeyVersion

func (*OplogKeyVersion) Clone

func (k *OplogKeyVersion) Clone() interface{}

Clone creates a clone of the key version

func (*OplogKeyVersion) Decrypt

func (k *OplogKeyVersion) Decrypt(ctx context.Context, cipher wrapping.Wrapper) error

Decrypt will decrypt the key version's key

func (*OplogKeyVersion) Encrypt

func (k *OplogKeyVersion) Encrypt(ctx context.Context, cipher wrapping.Wrapper) error

Encrypt will encrypt the key version's key

func (*OplogKeyVersion) SetTableName

func (k *OplogKeyVersion) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*OplogKeyVersion) TableName

func (k *OplogKeyVersion) TableName() string

TableName returns the tablename to override the default gorm table name

func (*OplogKeyVersion) VetForWrite

func (k *OplogKeyVersion) VetForWrite(_ context.Context, _ db.Reader, opType db.OpType, _ ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the key version before it's written.

type Option

type Option func(*options)

Option - how Options are passed as arguments

func WithKeyId

func WithKeyId(keyId string) Option

WithKeyId allows specifying a key ID that should be found in a scope's multiwrapper; if it is not found, keys will be refreshed

func WithLimit

func WithLimit(limit int) Option

WithLimit provides an option to provide a limit. Intentionally allowing negative integers. If WithLimit < 0, then unlimited results are returned. If WithLimit == 0, then default limits are used for results.

func WithLogger

func WithLogger(l hclog.Logger) Option

WithLogger provides a logger to be used when needed

func WithOrderByVersion added in v0.2.0

func WithOrderByVersion(orderBy db.OrderBy) Option

WithOrderByVersion provides an option to specify ordering by the CreateTime field.

func WithRecoveryWrapper

func WithRecoveryWrapper(w wrapping.Wrapper) Option

WithRecoveryWrapper sets the recovery wrapper for a given scope

func WithRepository

func WithRepository(repo *Repository) Option

WithRepository sets a repository for a given wrapper lookup, useful if in the middle of a transaction where the reader/writer need to be specified

func WithRootWrapper

func WithRootWrapper(w wrapping.Wrapper) Option

WithRootWrapper sets the external root wrapper for a given scope

func WithWorkerAuthWrapper

func WithWorkerAuthWrapper(w wrapping.Wrapper) Option

WithWorkerAuthWrapper sets the external worker authentication wrapper for a given scope

type Repository

type Repository struct {
	// contains filtered or unexported fields
}

Repository is the iam database repository

func NewRepository

func NewRepository(r db.Reader, w db.Writer, opt ...Option) (*Repository, error)

NewRepository creates a new kms Repository. Supports the options: WithLimit which sets a default limit on results returned by repo operations.

func (*Repository) CreateDatabaseKey

func (r *Repository) CreateDatabaseKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*DatabaseKey, *DatabaseKeyVersion, error)

CreateDatabaseKey inserts into the repository and returns the new database key and database key version. There are no valid options at this time.

func (*Repository) CreateDatabaseKeyVersion

func (r *Repository) CreateDatabaseKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, databaseKeyId string, key []byte, _ ...Option) (*DatabaseKeyVersion, error)

CreateDatabaseKeyVersion inserts into the repository and returns the new key version with its PrivateId. There are no valid options at this time.

func (*Repository) CreateOidcKey added in v0.1.5

func (r *Repository) CreateOidcKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*OidcKey, *OidcKeyVersion, error)

CreateOidcKey inserts into the repository and returns the new oidc key and oidc key version. There are no valid options at this time.

func (*Repository) CreateOidcKeyVersion added in v0.1.5

func (r *Repository) CreateOidcKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, oidcKeyId string, key []byte, _ ...Option) (*OidcKeyVersion, error)

CreateOidcKeyVersion inserts into the repository and returns the new key version with its PrivateId. There are no valid options at this time.

func (*Repository) CreateOplogKey

func (r *Repository) CreateOplogKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*OplogKey, *OplogKeyVersion, error)

CreateOplogKey inserts into the repository and returns the new key and the key version. There are no valid options at this time.

func (*Repository) CreateOplogKeyVersion

func (r *Repository) CreateOplogKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, oplogKeyId string, key []byte, _ ...Option) (*OplogKeyVersion, error)

CreateOplogKeyVersion inserts into the repository and returns the new key version with its PrivateId. There are no valid options at this time.

func (*Repository) CreateRootKey

func (r *Repository) CreateRootKey(ctx context.Context, keyWrapper wrapping.Wrapper, scopeId string, key []byte, _ ...Option) (*RootKey, *RootKeyVersion, error)

CreateRootKey inserts into the repository and returns the new root key and root key version. There are no valid options at this time.

func (*Repository) CreateRootKeyVersion

func (r *Repository) CreateRootKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, rootKeyId string, key []byte, _ ...Option) (*RootKeyVersion, error)

CreateRootKeyVersion inserts into the repository and returns the new root key version with its PrivateId. There are no valid options at this time.

func (*Repository) CreateSessionKey

func (r *Repository) CreateSessionKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*SessionKey, *SessionKeyVersion, error)

CreateSessionKey inserts into the repository and returns the new key and the key version. There are no valid options at this time.

func (*Repository) CreateSessionKeyVersion

func (r *Repository) CreateSessionKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, sessionKeyId string, key []byte, _ ...Option) (*SessionKeyVersion, error)

CreateSessionKeyVersion inserts into the repository and returns the new key version with its PrivateId. There are no valid options at this time.

func (*Repository) CreateTokenKey

func (r *Repository) CreateTokenKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*TokenKey, *TokenKeyVersion, error)

CreateTokenKey inserts into the repository and returns the new key and the key version. There are no valid options at this time.

func (*Repository) CreateTokenKeyVersion

func (r *Repository) CreateTokenKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, tokenKeyId string, key []byte, _ ...Option) (*TokenKeyVersion, error)

CreateTokenKeyVersion inserts into the repository and returns the new key version with its PrivateId. There are no valid options at this time.

func (*Repository) DefaultLimit

func (r *Repository) DefaultLimit() int

DefaultLimit returns the default limit for listing as set on the repo

func (*Repository) DeleteDatabaseKey

func (r *Repository) DeleteDatabaseKey(ctx context.Context, privateId string, _ ...Option) (int, error)

DeleteDatabaseKey deletes the key for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) DeleteDatabaseKeyVersion

func (r *Repository) DeleteDatabaseKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)

DeleteDatabaseKeyVersion deletes the key version for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) DeleteOidcKey added in v0.1.5

func (r *Repository) DeleteOidcKey(ctx context.Context, privateId string, _ ...Option) (int, error)

DeleteOidcKey deletes the key for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) DeleteOidcKeyVersion added in v0.1.5

func (r *Repository) DeleteOidcKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)

DeleteOidcKeyVersion deletes the key version for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) DeleteOplogKey

func (r *Repository) DeleteOplogKey(ctx context.Context, privateId string, _ ...Option) (int, error)

DeleteOplogKey deletes the key for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) DeleteOplogKeyVersion

func (r *Repository) DeleteOplogKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)

DeleteOplogKeyVersion deletes the key version for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) DeleteRootKey

func (r *Repository) DeleteRootKey(ctx context.Context, privateId string, _ ...Option) (int, error)

DeleteRootKey deletes the root key for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) DeleteRootKeyVersion

func (r *Repository) DeleteRootKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)

DeleteRootKeyVersion deletes the root key version for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) DeleteSessionKey

func (r *Repository) DeleteSessionKey(ctx context.Context, privateId string, _ ...Option) (int, error)

DeleteSessionKey deletes the key for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) DeleteSessionKeyVersion

func (r *Repository) DeleteSessionKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)

DeleteSessionKeyVersion deletes the key version for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) DeleteTokenKey

func (r *Repository) DeleteTokenKey(ctx context.Context, privateId string, _ ...Option) (int, error)

DeleteTokenKey deletes the key for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) DeleteTokenKeyVersion

func (r *Repository) DeleteTokenKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)

DeleteTokenKeyVersion deletes the key version for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) LatestDatabaseKeyVersion

func (r *Repository) LatestDatabaseKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, databaseKeyId string, _ ...Option) (*DatabaseKeyVersion, error)

LatestDatabaseKeyVersion searches for the key version with the highest version number. When no results are found, it returns nil with an errors.RecordNotFound error.

func (*Repository) LatestOidcKeyVersion added in v0.1.5

func (r *Repository) LatestOidcKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, OidcKeyId string, _ ...Option) (*OidcKeyVersion, error)

LatestOidcKeyVersion searches for the key version with the highest version number. When no results are found, it returns nil with an errors.RecordNotFound error.

func (*Repository) LatestOplogKeyVersion

func (r *Repository) LatestOplogKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, oplogKeyId string, _ ...Option) (*OplogKeyVersion, error)

LatestOplogKeyVersion searches for the key version with the highest version number. When no results are found, it returns nil with an errors.RecordNotFound error.

func (*Repository) LatestRootKeyVersion

func (r *Repository) LatestRootKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, rootKeyId string, _ ...Option) (*RootKeyVersion, error)

LatestRootKeyVersion searches for the root key version with the highest version number. When no results are found, it returns nil with an errors.RecordNotFound error.

func (*Repository) LatestSessionKeyVersion

func (r *Repository) LatestSessionKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, sessionKeyId string, _ ...Option) (*SessionKeyVersion, error)

LatestSessionKeyVersion searches for the key version with the highest version number. When no results are found, it returns nil with an errors.RecordNotFound error.

func (*Repository) LatestTokenKeyVersion

func (r *Repository) LatestTokenKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, tokenKeyId string, _ ...Option) (*TokenKeyVersion, error)

LatestTokenKeyVersion searches for the key version with the highest version number. When no results are found, it returns nil with an errors.RecordNotFound error.

func (*Repository) ListDatabaseKeyVersions

func (r *Repository) ListDatabaseKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, databaseKeyId string, opt ...Option) ([]DekVersion, error)

ListDatabaseKeyVersions will lists versions of a key. Supports the WithLimit option.

func (*Repository) ListDatabaseKeys

func (r *Repository) ListDatabaseKeys(ctx context.Context, opt ...Option) ([]Dek, error)

ListDatabaseKeys will list the keys. Supports the WithLimit option.

func (*Repository) ListOidcKeyVersions added in v0.1.5

func (r *Repository) ListOidcKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, OidcKeyId string, opt ...Option) ([]DekVersion, error)

ListOidcKeyVersions will lists versions of a key. Supports the WithLimit option.

func (*Repository) ListOidcKeys added in v0.1.5

func (r *Repository) ListOidcKeys(ctx context.Context, opt ...Option) ([]Dek, error)

ListOidcKeys will list the keys. Supports the WithLimit option.

func (*Repository) ListOplogKeyVersions

func (r *Repository) ListOplogKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, oplogKeyId string, opt ...Option) ([]DekVersion, error)

ListOplogKeyVersions will lists versions of a key. Supports the WithLimit option.

func (*Repository) ListOplogKeys

func (r *Repository) ListOplogKeys(ctx context.Context, opt ...Option) ([]Dek, error)

ListOplogKeys will list the keys. Supports the WithLimit option.

func (*Repository) ListRootKeyVersions

func (r *Repository) ListRootKeyVersions(ctx context.Context, keyWrapper wrapping.Wrapper, rootKeyId string, opt ...Option) ([]*RootKeyVersion, error)

ListRootKeyVersions in versions of a root key. Supports the WithLimit option.

func (*Repository) ListRootKeys

func (r *Repository) ListRootKeys(ctx context.Context, opt ...Option) ([]*RootKey, error)

ListRootKeys will list the root keys. Supports the WithLimit option.

func (*Repository) ListSessionKeyVersions

func (r *Repository) ListSessionKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, sessionKeyId string, opt ...Option) ([]DekVersion, error)

ListSessionKeyVersions will lists versions of a key. Supports the WithLimit option.

func (*Repository) ListSessionKeys

func (r *Repository) ListSessionKeys(ctx context.Context, opt ...Option) ([]Dek, error)

ListSessionKeys will list the keys. Supports the WithLimit option.

func (*Repository) ListTokenKeyVersions

func (r *Repository) ListTokenKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, tokenKeyId string, opt ...Option) ([]DekVersion, error)

ListTokenKeyVersions will lists versions of a key. Supports the WithLimit option.

func (*Repository) ListTokenKeys

func (r *Repository) ListTokenKeys(ctx context.Context, opt ...Option) ([]Dek, error)

ListTokenKeys will list the keys. Supports the WithLimit option.

func (*Repository) LookupDatabaseKey

func (r *Repository) LookupDatabaseKey(ctx context.Context, privateId string, _ ...Option) (*DatabaseKey, error)

LookupDatabaseKey will look up a key in the repository. If the key is not found, it will return nil, nil.

func (*Repository) LookupDatabaseKeyVersion

func (r *Repository) LookupDatabaseKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, _ ...Option) (*DatabaseKeyVersion, error)

LookupDatabaseKeyVersion will look up a key version in the repository. If the key version is not found, it will return nil, nil.

func (*Repository) LookupOidcKey added in v0.1.5

func (r *Repository) LookupOidcKey(ctx context.Context, privateId string, _ ...Option) (*OidcKey, error)

LookupOidcKey will look up a key in the repository. If the key is not found, it will return nil, nil.

func (*Repository) LookupOidcKeyVersion added in v0.1.5

func (r *Repository) LookupOidcKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, _ ...Option) (*OidcKeyVersion, error)

LookupOidcKeyVersion will look up a key version in the repository. If the key version is not found, it will return nil, nil.

func (*Repository) LookupOplogKey

func (r *Repository) LookupOplogKey(ctx context.Context, privateId string, _ ...Option) (*OplogKey, error)

LookupOplogKey will look up a key in the repository. If the key is not found, it will return nil, nil.

func (*Repository) LookupOplogKeyVersion

func (r *Repository) LookupOplogKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, _ ...Option) (*OplogKeyVersion, error)

LookupOplogKeyVersion will look up a key version in the repository. If the key version is not found, it will return nil, nil.

func (*Repository) LookupRootKey

func (r *Repository) LookupRootKey(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, _ ...Option) (*RootKey, error)

LookupRootKey will look up a root key in the repository. If the key is not found, it will return nil, nil.

func (*Repository) LookupRootKeyVersion

func (r *Repository) LookupRootKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, _ ...Option) (*RootKeyVersion, error)

LookupRootKeyVersion will look up a root key version in the repository. If the key version is not found, it will return nil, nil.

func (*Repository) LookupSessionKey

func (r *Repository) LookupSessionKey(ctx context.Context, privateId string, _ ...Option) (*SessionKey, error)

LookupSessionKey will look up a key in the repository. If the key is not found, it will return nil, nil.

func (*Repository) LookupSessionKeyVersion

func (r *Repository) LookupSessionKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, _ ...Option) (*SessionKeyVersion, error)

LookupSessionKeyVersion will look up a key version in the repository. If the key version is not found, it will return nil, nil.

func (*Repository) LookupTokenKey

func (r *Repository) LookupTokenKey(ctx context.Context, privateId string, _ ...Option) (*TokenKey, error)

LookupTokenKey will look up a key in the repository. If the key is not found, it will return nil, nil.

func (*Repository) LookupTokenKeyVersion

func (r *Repository) LookupTokenKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, _ ...Option) (*TokenKeyVersion, error)

LookupTokenKeyVersion will look up a key version in the repository. If the key version is not found, it will return nil, nil.

type RootKey

type RootKey struct {
	*store.RootKey
	// contains filtered or unexported fields
}

func AllocRootKey

func AllocRootKey() RootKey

AllocRootKey will allocate a root key

func NewRootKey

func NewRootKey(scopeId string, _ ...Option) (*RootKey, error)

NewRootKey creates a new in memory root key. ScopeId must be for a global or org scope, but the scope type validation will be deferred until the in memory root key is written to the database. No options are currently supported.

func TestRootKey

func TestRootKey(t *testing.T, conn *gorm.DB, scopeId string) *RootKey

func (*RootKey) Clone

func (k *RootKey) Clone() interface{}

Clone creates a clone of the RootKey

func (*RootKey) SetTableName

func (c *RootKey) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*RootKey) TableName

func (k *RootKey) TableName() string

TableName returns the tablename to override the default gorm table name

func (*RootKey) VetForWrite

func (k *RootKey) VetForWrite(_ context.Context, _ db.Reader, opType db.OpType, _ ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the key before it's written.

type RootKeyVersion

type RootKeyVersion struct {
	*store.RootKeyVersion
	// contains filtered or unexported fields
}

func AllocRootKeyVersion

func AllocRootKeyVersion() RootKeyVersion

AllocRootKeyVersion allocates a RootKeyVersion

func NewRootKeyVersion

func NewRootKeyVersion(rootKeyId string, key []byte, _ ...Option) (*RootKeyVersion, error)

NewRootKeyVersion creates a new in memory root key version. No options are currently supported.

func TestRootKeyVersion

func TestRootKeyVersion(t *testing.T, conn *gorm.DB, wrapper wrapping.Wrapper, rootId string) (kv *RootKeyVersion, kvWrapper wrapping.Wrapper)

func (*RootKeyVersion) Clone

func (k *RootKeyVersion) Clone() interface{}

Clone creates a clone of the RootKeyVersion

func (*RootKeyVersion) Decrypt

func (k *RootKeyVersion) Decrypt(ctx context.Context, cipher wrapping.Wrapper) error

Decrypt will decrypt the root key version's key

func (*RootKeyVersion) Encrypt

func (k *RootKeyVersion) Encrypt(ctx context.Context, cipher wrapping.Wrapper) error

Encrypt will encrypt the root key version's key

func (*RootKeyVersion) SetTableName

func (k *RootKeyVersion) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*RootKeyVersion) TableName

func (k *RootKeyVersion) TableName() string

TableName returns the tablename to override the default gorm table name

func (*RootKeyVersion) VetForWrite

func (k *RootKeyVersion) VetForWrite(_ context.Context, _ db.Reader, opType db.OpType, _ ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the root key version before it's written.

type SessionKey

type SessionKey struct {
	*store.SessionKey
	// contains filtered or unexported fields
}

func AllocSessionKey

func AllocSessionKey() SessionKey

AllocSessionKey will allocate a key

func NewSessionKey

func NewSessionKey(rootKeyId string, _ ...Option) (*SessionKey, error)

NewSessionKey creates a new in memory key. No options are currently supported.

func TestSessionKey

func TestSessionKey(t *testing.T, conn *gorm.DB, rootKeyId string) *SessionKey

func (*SessionKey) Clone

func (k *SessionKey) Clone() interface{}

Clone creates a clone of the key

func (*SessionKey) SetTableName

func (k *SessionKey) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*SessionKey) TableName

func (k *SessionKey) TableName() string

TableName returns the tablename to override the default gorm table name

func (*SessionKey) VetForWrite

func (k *SessionKey) VetForWrite(_ context.Context, _ db.Reader, opType db.OpType, _ ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the key before it's written.

type SessionKeyVersion

type SessionKeyVersion struct {
	*store.SessionKeyVersion
	// contains filtered or unexported fields
}

func AllocSessionKeyVersion

func AllocSessionKeyVersion() SessionKeyVersion

AllocSessionKeyVersion allocates a key version

func NewSessionKeyVersion

func NewSessionKeyVersion(sessionKeyId string, key []byte, rootKeyVersionId string, _ ...Option) (*SessionKeyVersion, error)

SessionKeyVersion creates a new in memory key version. No options are currently supported.

func TestSessionKeyVersion

func TestSessionKeyVersion(t *testing.T, conn *gorm.DB, rootKeyVersionWrapper wrapping.Wrapper, sessionKeyId string, key []byte) *SessionKeyVersion

func (*SessionKeyVersion) Clone

func (k *SessionKeyVersion) Clone() interface{}

Clone creates a clone of the key version

func (*SessionKeyVersion) Decrypt

func (k *SessionKeyVersion) Decrypt(ctx context.Context, cipher wrapping.Wrapper) error

Decrypt will decrypt the key version's key

func (*SessionKeyVersion) Encrypt

func (k *SessionKeyVersion) Encrypt(ctx context.Context, cipher wrapping.Wrapper) error

Encrypt will encrypt the key version's key

func (*SessionKeyVersion) SetTableName

func (k *SessionKeyVersion) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*SessionKeyVersion) TableName

func (k *SessionKeyVersion) TableName() string

TableName returns the tablename to override the default gorm table name

func (*SessionKeyVersion) VetForWrite

func (k *SessionKeyVersion) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the key version before it's written.

type TokenKey

type TokenKey struct {
	*store.TokenKey
	// contains filtered or unexported fields
}

func AllocTokenKey

func AllocTokenKey() TokenKey

AllocTokenKey will allocate a key

func NewTokenKey

func NewTokenKey(rootKeyId string, _ ...Option) (*TokenKey, error)

NewTokenKey creates a new in memory key. No options are currently supported.

func TestTokenKey

func TestTokenKey(t *testing.T, conn *gorm.DB, rootKeyId string) *TokenKey

func (*TokenKey) Clone

func (k *TokenKey) Clone() interface{}

Clone creates a clone of the key

func (*TokenKey) SetTableName

func (k *TokenKey) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*TokenKey) TableName

func (k *TokenKey) TableName() string

TableName returns the tablename to override the default gorm table name

func (*TokenKey) VetForWrite

func (k *TokenKey) VetForWrite(_ context.Context, _ db.Reader, opType db.OpType, _ ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the key before it's written.

type TokenKeyVersion

type TokenKeyVersion struct {
	*store.TokenKeyVersion
	// contains filtered or unexported fields
}

func AllocTokenKeyVersion

func AllocTokenKeyVersion() TokenKeyVersion

AllocTokenKeyVersion allocates a key version

func NewTokenKeyVersion

func NewTokenKeyVersion(tokenKeyId string, key []byte, rootKeyVersionId string, _ ...Option) (*TokenKeyVersion, error)

TokenKeyVersion creates a new in memory key version. No options are currently supported.

func TestTokenKeyVersion

func TestTokenKeyVersion(t *testing.T, conn *gorm.DB, rootKeyVersionWrapper wrapping.Wrapper, tokenKeyId string, key []byte) *TokenKeyVersion

func (*TokenKeyVersion) Clone

func (k *TokenKeyVersion) Clone() interface{}

Clone creates a clone of the key version

func (*TokenKeyVersion) Decrypt

func (k *TokenKeyVersion) Decrypt(ctx context.Context, cipher wrapping.Wrapper) error

Decrypt will decrypt the key version's key

func (*TokenKeyVersion) Encrypt

func (k *TokenKeyVersion) Encrypt(ctx context.Context, cipher wrapping.Wrapper) error

Encrypt will encrypt the key version's key

func (*TokenKeyVersion) SetTableName

func (k *TokenKeyVersion) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*TokenKeyVersion) TableName

func (k *TokenKeyVersion) TableName() string

TableName returns the tablename to override the default gorm table name

func (*TokenKeyVersion) VetForWrite

func (k *TokenKeyVersion) VetForWrite(_ context.Context, _r db.Reader, opType db.OpType, _ ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the key version before it's written.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL