Documentation ¶
Index ¶
- Constants
- func NewDerivedReader(wrapper wrapping.Wrapper, lenLimit int64, salt, info []byte) (*io.LimitedReader, error)
- type DatabaseKey
- type DatabaseKeyVersion
- func (k *DatabaseKeyVersion) Clone() interface{}
- func (k *DatabaseKeyVersion) Decrypt(ctx context.Context, cipher wrapping.Wrapper) error
- func (k *DatabaseKeyVersion) Encrypt(ctx context.Context, cipher wrapping.Wrapper) error
- func (k *DatabaseKeyVersion) SetTableName(n string)
- func (k *DatabaseKeyVersion) TableName() string
- func (k *DatabaseKeyVersion) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error
- type Dek
- type DekVersion
- type ExternalWrappers
- type KeyIder
- type KeyPurpose
- type KeyType
- type Keys
- type Kms
- func (k *Kms) AddExternalWrappers(opt ...Option) error
- func (k *Kms) GetDerivedPurposeCache() *sync.Map
- func (k *Kms) GetExternalWrappers() *ExternalWrappers
- func (k *Kms) GetScopePurposeCache() *sync.Map
- func (k *Kms) GetWrapper(ctx context.Context, scopeId string, purpose KeyPurpose, opt ...Option) (wrapping.Wrapper, error)
- type OidcKey
- type OidcKeyVersion
- func (k *OidcKeyVersion) Clone() interface{}
- func (k *OidcKeyVersion) Decrypt(ctx context.Context, cipher wrapping.Wrapper) error
- func (k *OidcKeyVersion) Encrypt(ctx context.Context, cipher wrapping.Wrapper) error
- func (k *OidcKeyVersion) SetTableName(n string)
- func (k *OidcKeyVersion) TableName() string
- func (k *OidcKeyVersion) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error
- type OplogKey
- type OplogKeyVersion
- func (k *OplogKeyVersion) Clone() interface{}
- func (k *OplogKeyVersion) Decrypt(ctx context.Context, cipher wrapping.Wrapper) error
- func (k *OplogKeyVersion) Encrypt(ctx context.Context, cipher wrapping.Wrapper) error
- func (k *OplogKeyVersion) SetTableName(n string)
- func (k *OplogKeyVersion) TableName() string
- func (k *OplogKeyVersion) VetForWrite(_ context.Context, _ db.Reader, opType db.OpType, _ ...db.Option) error
- type Option
- func WithKeyId(keyId string) Option
- func WithLimit(limit int) Option
- func WithLogger(l hclog.Logger) Option
- func WithOrderByVersion(orderBy db.OrderBy) Option
- func WithRecoveryWrapper(w wrapping.Wrapper) Option
- func WithRepository(repo *Repository) Option
- func WithRootWrapper(w wrapping.Wrapper) Option
- func WithWorkerAuthWrapper(w wrapping.Wrapper) Option
- type Repository
- func (r *Repository) CreateDatabaseKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*DatabaseKey, *DatabaseKeyVersion, error)
- func (r *Repository) CreateDatabaseKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, databaseKeyId string, ...) (*DatabaseKeyVersion, error)
- func (r *Repository) CreateOidcKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*OidcKey, *OidcKeyVersion, error)
- func (r *Repository) CreateOidcKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, oidcKeyId string, key []byte, ...) (*OidcKeyVersion, error)
- func (r *Repository) CreateOplogKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*OplogKey, *OplogKeyVersion, error)
- func (r *Repository) CreateOplogKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, oplogKeyId string, ...) (*OplogKeyVersion, error)
- func (r *Repository) CreateRootKey(ctx context.Context, keyWrapper wrapping.Wrapper, scopeId string, key []byte, ...) (*RootKey, *RootKeyVersion, error)
- func (r *Repository) CreateRootKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, rootKeyId string, key []byte, ...) (*RootKeyVersion, error)
- func (r *Repository) CreateSessionKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*SessionKey, *SessionKeyVersion, error)
- func (r *Repository) CreateSessionKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, sessionKeyId string, ...) (*SessionKeyVersion, error)
- func (r *Repository) CreateTokenKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*TokenKey, *TokenKeyVersion, error)
- func (r *Repository) CreateTokenKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, tokenKeyId string, ...) (*TokenKeyVersion, error)
- func (r *Repository) DefaultLimit() int
- func (r *Repository) DeleteDatabaseKey(ctx context.Context, privateId string, _ ...Option) (int, error)
- func (r *Repository) DeleteDatabaseKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)
- func (r *Repository) DeleteOidcKey(ctx context.Context, privateId string, _ ...Option) (int, error)
- func (r *Repository) DeleteOidcKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)
- func (r *Repository) DeleteOplogKey(ctx context.Context, privateId string, _ ...Option) (int, error)
- func (r *Repository) DeleteOplogKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)
- func (r *Repository) DeleteRootKey(ctx context.Context, privateId string, _ ...Option) (int, error)
- func (r *Repository) DeleteRootKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)
- func (r *Repository) DeleteSessionKey(ctx context.Context, privateId string, _ ...Option) (int, error)
- func (r *Repository) DeleteSessionKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)
- func (r *Repository) DeleteTokenKey(ctx context.Context, privateId string, _ ...Option) (int, error)
- func (r *Repository) DeleteTokenKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)
- func (r *Repository) LatestDatabaseKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, databaseKeyId string, ...) (*DatabaseKeyVersion, error)
- func (r *Repository) LatestOidcKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, OidcKeyId string, ...) (*OidcKeyVersion, error)
- func (r *Repository) LatestOplogKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, oplogKeyId string, ...) (*OplogKeyVersion, error)
- func (r *Repository) LatestRootKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, rootKeyId string, ...) (*RootKeyVersion, error)
- func (r *Repository) LatestSessionKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, sessionKeyId string, ...) (*SessionKeyVersion, error)
- func (r *Repository) LatestTokenKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, tokenKeyId string, ...) (*TokenKeyVersion, error)
- func (r *Repository) ListDatabaseKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, databaseKeyId string, ...) ([]DekVersion, error)
- func (r *Repository) ListDatabaseKeys(ctx context.Context, opt ...Option) ([]Dek, error)
- func (r *Repository) ListOidcKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, OidcKeyId string, ...) ([]DekVersion, error)
- func (r *Repository) ListOidcKeys(ctx context.Context, opt ...Option) ([]Dek, error)
- func (r *Repository) ListOplogKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, oplogKeyId string, ...) ([]DekVersion, error)
- func (r *Repository) ListOplogKeys(ctx context.Context, opt ...Option) ([]Dek, error)
- func (r *Repository) ListRootKeyVersions(ctx context.Context, keyWrapper wrapping.Wrapper, rootKeyId string, ...) ([]*RootKeyVersion, error)
- func (r *Repository) ListRootKeys(ctx context.Context, opt ...Option) ([]*RootKey, error)
- func (r *Repository) ListSessionKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, sessionKeyId string, ...) ([]DekVersion, error)
- func (r *Repository) ListSessionKeys(ctx context.Context, opt ...Option) ([]Dek, error)
- func (r *Repository) ListTokenKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, tokenKeyId string, ...) ([]DekVersion, error)
- func (r *Repository) ListTokenKeys(ctx context.Context, opt ...Option) ([]Dek, error)
- func (r *Repository) LookupDatabaseKey(ctx context.Context, privateId string, _ ...Option) (*DatabaseKey, error)
- func (r *Repository) LookupDatabaseKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, ...) (*DatabaseKeyVersion, error)
- func (r *Repository) LookupOidcKey(ctx context.Context, privateId string, _ ...Option) (*OidcKey, error)
- func (r *Repository) LookupOidcKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, ...) (*OidcKeyVersion, error)
- func (r *Repository) LookupOplogKey(ctx context.Context, privateId string, _ ...Option) (*OplogKey, error)
- func (r *Repository) LookupOplogKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, ...) (*OplogKeyVersion, error)
- func (r *Repository) LookupRootKey(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, ...) (*RootKey, error)
- func (r *Repository) LookupRootKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, ...) (*RootKeyVersion, error)
- func (r *Repository) LookupSessionKey(ctx context.Context, privateId string, _ ...Option) (*SessionKey, error)
- func (r *Repository) LookupSessionKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, ...) (*SessionKeyVersion, error)
- func (r *Repository) LookupTokenKey(ctx context.Context, privateId string, _ ...Option) (*TokenKey, error)
- func (r *Repository) LookupTokenKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, ...) (*TokenKeyVersion, error)
- type RootKey
- type RootKeyVersion
- func (k *RootKeyVersion) Clone() interface{}
- func (k *RootKeyVersion) Decrypt(ctx context.Context, cipher wrapping.Wrapper) error
- func (k *RootKeyVersion) Encrypt(ctx context.Context, cipher wrapping.Wrapper) error
- func (k *RootKeyVersion) SetTableName(n string)
- func (k *RootKeyVersion) TableName() string
- func (k *RootKeyVersion) VetForWrite(_ context.Context, _ db.Reader, opType db.OpType, _ ...db.Option) error
- type SessionKey
- type SessionKeyVersion
- func (k *SessionKeyVersion) Clone() interface{}
- func (k *SessionKeyVersion) Decrypt(ctx context.Context, cipher wrapping.Wrapper) error
- func (k *SessionKeyVersion) Encrypt(ctx context.Context, cipher wrapping.Wrapper) error
- func (k *SessionKeyVersion) SetTableName(n string)
- func (k *SessionKeyVersion) TableName() string
- func (k *SessionKeyVersion) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error
- type TokenKey
- type TokenKeyVersion
- func (k *TokenKeyVersion) Clone() interface{}
- func (k *TokenKeyVersion) Decrypt(ctx context.Context, cipher wrapping.Wrapper) error
- func (k *TokenKeyVersion) Encrypt(ctx context.Context, cipher wrapping.Wrapper) error
- func (k *TokenKeyVersion) SetTableName(n string)
- func (k *TokenKeyVersion) TableName() string
- func (k *TokenKeyVersion) VetForWrite(_ context.Context, _r db.Reader, opType db.OpType, _ ...db.Option) error
Constants ¶
const ( RootKeyPrefix = "krk" RootKeyVersionPrefix = "krkv" DatabaseKeyPrefix = "kdk" DatabaseKeyVersionPrefix = "kdkv" OplogKeyPrefix = "kopk" OplogKeyVersionPrefix = "kopkv" TokenKeyPrefix = "ktk" TokenKeyVersionPrefix = "ktv" SessionKeyPrefix = "ksk" SessionKeyVersionPrefix = "kskv" OidcKeyPrefix = "koidck" OidcKeyVersionPrefix = "koidckv" )
const (
DefaultDatabaseKeyTableName = "kms_database_key"
)
const (
DefaultDatabaseKeyVersionTableName = "kms_database_key_version"
)
const (
DefaultOidcKeyTableName = "kms_oidc_key"
)
const (
DefaultOidcKeyVersionTableName = "kms_oidc_key_version"
)
const (
DefaultOplogKeyTableName = "kms_oplog_key"
)
const (
DefaultOplogKeyVersionTableName = "kms_oplog_key_version"
)
const (
DefaultRootKeyTableName = "kms_root_key"
)
const (
DefaultRootKeyVersionTableName = "kms_root_key_version"
)
const (
DefaultSessionKeyTableName = "kms_session_key"
)
const (
DefaultSessionKeyVersionTableName = "kms_session_key_version"
)
const (
DefaultTokenKeyTableName = "kms_token_key"
)
const (
DefaultTokenKeyVersionTableName = "kms_token_key_version"
)
Variables ¶
This section is empty.
Functions ¶
func NewDerivedReader ¶ added in v0.2.0
func NewDerivedReader(wrapper wrapping.Wrapper, lenLimit int64, salt, info []byte) (*io.LimitedReader, error)
DerivedReader returns a reader from which keys can be read, using the given wrapper, reader length limit, salt and context info. Salt and info can be nil.
Example:
reader, _ := NewDerivedReader(wrapper, userId, jobId) key := ed25519.GenerateKey(reader)
Types ¶
type DatabaseKey ¶
type DatabaseKey struct { *store.DatabaseKey // contains filtered or unexported fields }
func AllocDatabaseKey ¶
func AllocDatabaseKey() DatabaseKey
AllocDatabaseKey will allocate a DatabaseKey
func NewDatabaseKey ¶
func NewDatabaseKey(rootKeyId string, _ ...Option) (*DatabaseKey, error)
NewDatabaseKey creates a new in memory database key. No options are currently supported.
func TestDatabaseKey ¶
func (*DatabaseKey) Clone ¶
func (k *DatabaseKey) Clone() interface{}
Clone creates a clone of the DatabaseKey
func (*DatabaseKey) SetTableName ¶
func (k *DatabaseKey) SetTableName(n string)
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
func (*DatabaseKey) TableName ¶
func (k *DatabaseKey) TableName() string
TableName returns the tablename to override the default gorm table name
type DatabaseKeyVersion ¶
type DatabaseKeyVersion struct { *store.DatabaseKeyVersion // contains filtered or unexported fields }
func AllocDatabaseKeyVersion ¶
func AllocDatabaseKeyVersion() DatabaseKeyVersion
AllocDatabaseKeyVersion allocates a DatabaseKeyVersion
func NewDatabaseKeyVersion ¶
func NewDatabaseKeyVersion(databaseKeyId string, key []byte, rootKeyVersionId string, _ ...Option) (*DatabaseKeyVersion, error)
NewDatabaseKeyVersion creates a new in memory database key version. No options are currently supported.
func TestDatabaseKeyVersion ¶
func (*DatabaseKeyVersion) Clone ¶
func (k *DatabaseKeyVersion) Clone() interface{}
Clone creates a clone of the DatabaseKeyVersion
func (*DatabaseKeyVersion) SetTableName ¶
func (k *DatabaseKeyVersion) SetTableName(n string)
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
func (*DatabaseKeyVersion) TableName ¶
func (k *DatabaseKeyVersion) TableName() string
TableName returns the tablename to override the default gorm table name
type DekVersion ¶
DekVersion is an interface wrapping versioned dek types to allow a lot less switching in loadDek
type ExternalWrappers ¶
type ExternalWrappers struct {
// contains filtered or unexported fields
}
ExternalWrappers holds wrappers defined outside of Boundary, e.g. in its configuration file.
func (*ExternalWrappers) Recovery ¶
func (e *ExternalWrappers) Recovery() wrapping.Wrapper
Recovery returns the wrapper for recovery operations
func (*ExternalWrappers) Root ¶
func (e *ExternalWrappers) Root() wrapping.Wrapper
Root returns the wrapper for root keys
func (*ExternalWrappers) WorkerAuth ¶
func (e *ExternalWrappers) WorkerAuth() wrapping.Wrapper
WorkerAuth returns the wrapper for worker authentication
type KeyIder ¶
type KeyIder interface {
GetPrivateId() string
}
KeyIder defines a common interface for all keys returned from CreateKeysTx in a Keys map
type KeyPurpose ¶
type KeyPurpose uint
KeyPurpose allows an application to specify the reason they need a key; this is used to select which DEK to return
const ( // KeyPurposeUnknown is the default, and indicates that a correct purpose // wasn't specified KeyPurposeUnknown KeyPurpose = iota // KeyPurposeDatabase is used for general encryption needs for most values // in the database, excluding the oplog KeyPurposeDatabase // KeyPurposeOplog is used for oplogs KeyPurposeOplog // KeyPurposeRecovery is used for recovery access KeyPurposeRecovery // KeyPurposeTokens is used for token encryption KeyPurposeTokens // KeyPurposeSessions is used as a base key to derive session-specific encryption keys KeyPurposeSessions // KeyPurposeOidc is used for encrypting oidc states included in // authentication URLs KeyPurposeOidc )
func (KeyPurpose) String ¶
func (k KeyPurpose) String() string
String returns the key purpose cast as a string, just so it can be called as a function instead of direct casting elsewhere, yw
type KeyType ¶
type KeyType uint
KeyType allows the kms repo to return a map[KeyType]Key which can be easily used without type casting.
type Keys ¶
Keys defines a return type for CreateKeysTx so the returned keys can be easily accessed via their KeyType
func CreateKeysTx ¶
func CreateKeysTx(ctx context.Context, dbReader db.Reader, dbWriter db.Writer, rootWrapper wrapping.Wrapper, randomReader io.Reader, scopeId string) (Keys, error)
CreateKeysTx creates the root key and DEKs returns a map of the new keys. This function encapsulates all the work required within a db.TxHandler and allows this capability to be shared with the iam repo.
type Kms ¶
type Kms struct {
// contains filtered or unexported fields
}
Kms is a way to access wrappers for a given scope and purpose. Since keys can never change, only be added or (eventually) removed, it opportunistically caches, going to the database as needed.
func NewKms ¶
func NewKms(repo *Repository, opt ...Option) (*Kms, error)
NewKms takes in a repo and returns a Kms. Supported options: WithLogger.
func (*Kms) AddExternalWrappers ¶
AddExternalWrappers allows setting the external keys.
TODO: If we support more than one, e.g. for encrypting against many in case of a key loss, there will need to be some refactoring here to have the values being stored in the struct be a multiwrapper, but that's for a later project.
func (*Kms) GetDerivedPurposeCache ¶ added in v0.2.0
func (*Kms) GetExternalWrappers ¶
func (k *Kms) GetExternalWrappers() *ExternalWrappers
func (*Kms) GetScopePurposeCache ¶
GetScopePurposeCache is used in test functions for validation. Since the tests need to be in a different package to avoid circular dependencies, this is exported.
func (*Kms) GetWrapper ¶
func (k *Kms) GetWrapper(ctx context.Context, scopeId string, purpose KeyPurpose, opt ...Option) (wrapping.Wrapper, error)
GetWrapper returns a wrapper for the given scope and purpose. When a keyId is passed, it will ensure that the returning wrapper has that key ID in the multiwrapper. This is not necesary for encryption but should be supplied for decryption.
type OidcKey ¶ added in v0.1.5
func AllocOidcKey ¶ added in v0.1.5
func AllocOidcKey() OidcKey
AllocOidcKey will allocate a OidcKey
func NewOidcKey ¶ added in v0.1.5
NewOidcKey creates a new in memory oidc key. This key is used to encrypt oidc state before it's included in the oidc auth url. No options are currently supported.
func TestOidcKey ¶ added in v0.1.5
func (*OidcKey) Clone ¶ added in v0.1.5
func (k *OidcKey) Clone() interface{}
Clone creates a clone of the OidcKey
func (*OidcKey) SetTableName ¶ added in v0.1.5
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
type OidcKeyVersion ¶ added in v0.1.5
type OidcKeyVersion struct { *store.OidcKeyVersion // contains filtered or unexported fields }
func AllocOidcKeyVersion ¶ added in v0.1.5
func AllocOidcKeyVersion() OidcKeyVersion
AllocOidcKeyVersion allocates a OidcKeyVersion
func NewOidcKeyVersion ¶ added in v0.1.5
func NewOidcKeyVersion(oidcKeyId string, key []byte, rootKeyVersionId string, _ ...Option) (*OidcKeyVersion, error)
NewOidcKeyVersion creates a new in memory oidc key version. This key is used to encrypt oidc state before it's included in the oidc auth url. No options are currently supported.
func TestOidcKeyVersion ¶ added in v0.1.5
func (*OidcKeyVersion) Clone ¶ added in v0.1.5
func (k *OidcKeyVersion) Clone() interface{}
Clone creates a clone of the OidcKeyVersion
func (*OidcKeyVersion) SetTableName ¶ added in v0.1.5
func (k *OidcKeyVersion) SetTableName(n string)
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
func (*OidcKeyVersion) TableName ¶ added in v0.1.5
func (k *OidcKeyVersion) TableName() string
TableName returns the tablename to override the default gorm table name
type OplogKey ¶
func NewOplogKey ¶
NewOplogKey creates a new in memory key. No options are currently supported.
func (*OplogKey) SetTableName ¶
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
type OplogKeyVersion ¶
type OplogKeyVersion struct { *store.OplogKeyVersion // contains filtered or unexported fields }
func AllocOplogKeyVersion ¶
func AllocOplogKeyVersion() OplogKeyVersion
AllocOplogKeyVersion allocates a key version
func NewOplogKeyVersion ¶
func NewOplogKeyVersion(oplogKeyId string, key []byte, rootKeyVersionId string, _ ...Option) (*OplogKeyVersion, error)
OplogKeyVersion creates a new in memory key version. No options are currently supported.
func TestOplogKeyVersion ¶
func (*OplogKeyVersion) Clone ¶
func (k *OplogKeyVersion) Clone() interface{}
Clone creates a clone of the key version
func (*OplogKeyVersion) SetTableName ¶
func (k *OplogKeyVersion) SetTableName(n string)
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
func (*OplogKeyVersion) TableName ¶
func (k *OplogKeyVersion) TableName() string
TableName returns the tablename to override the default gorm table name
type Option ¶
type Option func(*options)
Option - how Options are passed as arguments
func WithKeyId ¶
WithKeyId allows specifying a key ID that should be found in a scope's multiwrapper; if it is not found, keys will be refreshed
func WithLimit ¶
WithLimit provides an option to provide a limit. Intentionally allowing negative integers. If WithLimit < 0, then unlimited results are returned. If WithLimit == 0, then default limits are used for results.
func WithLogger ¶
func WithLogger(l hclog.Logger) Option
WithLogger provides a logger to be used when needed
func WithOrderByVersion ¶ added in v0.2.0
WithOrderByVersion provides an option to specify ordering by the CreateTime field.
func WithRecoveryWrapper ¶
WithRecoveryWrapper sets the recovery wrapper for a given scope
func WithRepository ¶
func WithRepository(repo *Repository) Option
WithRepository sets a repository for a given wrapper lookup, useful if in the middle of a transaction where the reader/writer need to be specified
func WithRootWrapper ¶
WithRootWrapper sets the external root wrapper for a given scope
func WithWorkerAuthWrapper ¶
WithWorkerAuthWrapper sets the external worker authentication wrapper for a given scope
type Repository ¶
type Repository struct {
// contains filtered or unexported fields
}
Repository is the iam database repository
func NewRepository ¶
NewRepository creates a new kms Repository. Supports the options: WithLimit which sets a default limit on results returned by repo operations.
func (*Repository) CreateDatabaseKey ¶
func (r *Repository) CreateDatabaseKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*DatabaseKey, *DatabaseKeyVersion, error)
CreateDatabaseKey inserts into the repository and returns the new database key and database key version. There are no valid options at this time.
func (*Repository) CreateDatabaseKeyVersion ¶
func (r *Repository) CreateDatabaseKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, databaseKeyId string, key []byte, _ ...Option) (*DatabaseKeyVersion, error)
CreateDatabaseKeyVersion inserts into the repository and returns the new key version with its PrivateId. There are no valid options at this time.
func (*Repository) CreateOidcKey ¶ added in v0.1.5
func (r *Repository) CreateOidcKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*OidcKey, *OidcKeyVersion, error)
CreateOidcKey inserts into the repository and returns the new oidc key and oidc key version. There are no valid options at this time.
func (*Repository) CreateOidcKeyVersion ¶ added in v0.1.5
func (r *Repository) CreateOidcKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, oidcKeyId string, key []byte, _ ...Option) (*OidcKeyVersion, error)
CreateOidcKeyVersion inserts into the repository and returns the new key version with its PrivateId. There are no valid options at this time.
func (*Repository) CreateOplogKey ¶
func (r *Repository) CreateOplogKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*OplogKey, *OplogKeyVersion, error)
CreateOplogKey inserts into the repository and returns the new key and the key version. There are no valid options at this time.
func (*Repository) CreateOplogKeyVersion ¶
func (r *Repository) CreateOplogKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, oplogKeyId string, key []byte, _ ...Option) (*OplogKeyVersion, error)
CreateOplogKeyVersion inserts into the repository and returns the new key version with its PrivateId. There are no valid options at this time.
func (*Repository) CreateRootKey ¶
func (r *Repository) CreateRootKey(ctx context.Context, keyWrapper wrapping.Wrapper, scopeId string, key []byte, _ ...Option) (*RootKey, *RootKeyVersion, error)
CreateRootKey inserts into the repository and returns the new root key and root key version. There are no valid options at this time.
func (*Repository) CreateRootKeyVersion ¶
func (r *Repository) CreateRootKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, rootKeyId string, key []byte, _ ...Option) (*RootKeyVersion, error)
CreateRootKeyVersion inserts into the repository and returns the new root key version with its PrivateId. There are no valid options at this time.
func (*Repository) CreateSessionKey ¶
func (r *Repository) CreateSessionKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*SessionKey, *SessionKeyVersion, error)
CreateSessionKey inserts into the repository and returns the new key and the key version. There are no valid options at this time.
func (*Repository) CreateSessionKeyVersion ¶
func (r *Repository) CreateSessionKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, sessionKeyId string, key []byte, _ ...Option) (*SessionKeyVersion, error)
CreateSessionKeyVersion inserts into the repository and returns the new key version with its PrivateId. There are no valid options at this time.
func (*Repository) CreateTokenKey ¶
func (r *Repository) CreateTokenKey(ctx context.Context, rkvWrapper wrapping.Wrapper, key []byte, _ ...Option) (*TokenKey, *TokenKeyVersion, error)
CreateTokenKey inserts into the repository and returns the new key and the key version. There are no valid options at this time.
func (*Repository) CreateTokenKeyVersion ¶
func (r *Repository) CreateTokenKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, tokenKeyId string, key []byte, _ ...Option) (*TokenKeyVersion, error)
CreateTokenKeyVersion inserts into the repository and returns the new key version with its PrivateId. There are no valid options at this time.
func (*Repository) DefaultLimit ¶
func (r *Repository) DefaultLimit() int
DefaultLimit returns the default limit for listing as set on the repo
func (*Repository) DeleteDatabaseKey ¶
func (r *Repository) DeleteDatabaseKey(ctx context.Context, privateId string, _ ...Option) (int, error)
DeleteDatabaseKey deletes the key for the provided id from the repository returning a count of the number of records deleted. All options are ignored.
func (*Repository) DeleteDatabaseKeyVersion ¶
func (r *Repository) DeleteDatabaseKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)
DeleteDatabaseKeyVersion deletes the key version for the provided id from the repository returning a count of the number of records deleted. All options are ignored.
func (*Repository) DeleteOidcKey ¶ added in v0.1.5
DeleteOidcKey deletes the key for the provided id from the repository returning a count of the number of records deleted. All options are ignored.
func (*Repository) DeleteOidcKeyVersion ¶ added in v0.1.5
func (r *Repository) DeleteOidcKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)
DeleteOidcKeyVersion deletes the key version for the provided id from the repository returning a count of the number of records deleted. All options are ignored.
func (*Repository) DeleteOplogKey ¶
func (r *Repository) DeleteOplogKey(ctx context.Context, privateId string, _ ...Option) (int, error)
DeleteOplogKey deletes the key for the provided id from the repository returning a count of the number of records deleted. All options are ignored.
func (*Repository) DeleteOplogKeyVersion ¶
func (r *Repository) DeleteOplogKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)
DeleteOplogKeyVersion deletes the key version for the provided id from the repository returning a count of the number of records deleted. All options are ignored.
func (*Repository) DeleteRootKey ¶
DeleteRootKey deletes the root key for the provided id from the repository returning a count of the number of records deleted. All options are ignored.
func (*Repository) DeleteRootKeyVersion ¶
func (r *Repository) DeleteRootKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)
DeleteRootKeyVersion deletes the root key version for the provided id from the repository returning a count of the number of records deleted. All options are ignored.
func (*Repository) DeleteSessionKey ¶
func (r *Repository) DeleteSessionKey(ctx context.Context, privateId string, _ ...Option) (int, error)
DeleteSessionKey deletes the key for the provided id from the repository returning a count of the number of records deleted. All options are ignored.
func (*Repository) DeleteSessionKeyVersion ¶
func (r *Repository) DeleteSessionKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)
DeleteSessionKeyVersion deletes the key version for the provided id from the repository returning a count of the number of records deleted. All options are ignored.
func (*Repository) DeleteTokenKey ¶
func (r *Repository) DeleteTokenKey(ctx context.Context, privateId string, _ ...Option) (int, error)
DeleteTokenKey deletes the key for the provided id from the repository returning a count of the number of records deleted. All options are ignored.
func (*Repository) DeleteTokenKeyVersion ¶
func (r *Repository) DeleteTokenKeyVersion(ctx context.Context, privateId string, _ ...Option) (int, error)
DeleteTokenKeyVersion deletes the key version for the provided id from the repository returning a count of the number of records deleted. All options are ignored.
func (*Repository) LatestDatabaseKeyVersion ¶
func (r *Repository) LatestDatabaseKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, databaseKeyId string, _ ...Option) (*DatabaseKeyVersion, error)
LatestDatabaseKeyVersion searches for the key version with the highest version number. When no results are found, it returns nil with an errors.RecordNotFound error.
func (*Repository) LatestOidcKeyVersion ¶ added in v0.1.5
func (r *Repository) LatestOidcKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, OidcKeyId string, _ ...Option) (*OidcKeyVersion, error)
LatestOidcKeyVersion searches for the key version with the highest version number. When no results are found, it returns nil with an errors.RecordNotFound error.
func (*Repository) LatestOplogKeyVersion ¶
func (r *Repository) LatestOplogKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, oplogKeyId string, _ ...Option) (*OplogKeyVersion, error)
LatestOplogKeyVersion searches for the key version with the highest version number. When no results are found, it returns nil with an errors.RecordNotFound error.
func (*Repository) LatestRootKeyVersion ¶
func (r *Repository) LatestRootKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, rootKeyId string, _ ...Option) (*RootKeyVersion, error)
LatestRootKeyVersion searches for the root key version with the highest version number. When no results are found, it returns nil with an errors.RecordNotFound error.
func (*Repository) LatestSessionKeyVersion ¶
func (r *Repository) LatestSessionKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, sessionKeyId string, _ ...Option) (*SessionKeyVersion, error)
LatestSessionKeyVersion searches for the key version with the highest version number. When no results are found, it returns nil with an errors.RecordNotFound error.
func (*Repository) LatestTokenKeyVersion ¶
func (r *Repository) LatestTokenKeyVersion(ctx context.Context, rkvWrapper wrapping.Wrapper, tokenKeyId string, _ ...Option) (*TokenKeyVersion, error)
LatestTokenKeyVersion searches for the key version with the highest version number. When no results are found, it returns nil with an errors.RecordNotFound error.
func (*Repository) ListDatabaseKeyVersions ¶
func (r *Repository) ListDatabaseKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, databaseKeyId string, opt ...Option) ([]DekVersion, error)
ListDatabaseKeyVersions will lists versions of a key. Supports the WithLimit option.
func (*Repository) ListDatabaseKeys ¶
ListDatabaseKeys will list the keys. Supports the WithLimit option.
func (*Repository) ListOidcKeyVersions ¶ added in v0.1.5
func (r *Repository) ListOidcKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, OidcKeyId string, opt ...Option) ([]DekVersion, error)
ListOidcKeyVersions will lists versions of a key. Supports the WithLimit option.
func (*Repository) ListOidcKeys ¶ added in v0.1.5
ListOidcKeys will list the keys. Supports the WithLimit option.
func (*Repository) ListOplogKeyVersions ¶
func (r *Repository) ListOplogKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, oplogKeyId string, opt ...Option) ([]DekVersion, error)
ListOplogKeyVersions will lists versions of a key. Supports the WithLimit option.
func (*Repository) ListOplogKeys ¶
ListOplogKeys will list the keys. Supports the WithLimit option.
func (*Repository) ListRootKeyVersions ¶
func (r *Repository) ListRootKeyVersions(ctx context.Context, keyWrapper wrapping.Wrapper, rootKeyId string, opt ...Option) ([]*RootKeyVersion, error)
ListRootKeyVersions in versions of a root key. Supports the WithLimit option.
func (*Repository) ListRootKeys ¶
ListRootKeys will list the root keys. Supports the WithLimit option.
func (*Repository) ListSessionKeyVersions ¶
func (r *Repository) ListSessionKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, sessionKeyId string, opt ...Option) ([]DekVersion, error)
ListSessionKeyVersions will lists versions of a key. Supports the WithLimit option.
func (*Repository) ListSessionKeys ¶
ListSessionKeys will list the keys. Supports the WithLimit option.
func (*Repository) ListTokenKeyVersions ¶
func (r *Repository) ListTokenKeyVersions(ctx context.Context, rkvWrapper wrapping.Wrapper, tokenKeyId string, opt ...Option) ([]DekVersion, error)
ListTokenKeyVersions will lists versions of a key. Supports the WithLimit option.
func (*Repository) ListTokenKeys ¶
ListTokenKeys will list the keys. Supports the WithLimit option.
func (*Repository) LookupDatabaseKey ¶
func (r *Repository) LookupDatabaseKey(ctx context.Context, privateId string, _ ...Option) (*DatabaseKey, error)
LookupDatabaseKey will look up a key in the repository. If the key is not found, it will return nil, nil.
func (*Repository) LookupDatabaseKeyVersion ¶
func (r *Repository) LookupDatabaseKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, _ ...Option) (*DatabaseKeyVersion, error)
LookupDatabaseKeyVersion will look up a key version in the repository. If the key version is not found, it will return nil, nil.
func (*Repository) LookupOidcKey ¶ added in v0.1.5
func (r *Repository) LookupOidcKey(ctx context.Context, privateId string, _ ...Option) (*OidcKey, error)
LookupOidcKey will look up a key in the repository. If the key is not found, it will return nil, nil.
func (*Repository) LookupOidcKeyVersion ¶ added in v0.1.5
func (r *Repository) LookupOidcKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, _ ...Option) (*OidcKeyVersion, error)
LookupOidcKeyVersion will look up a key version in the repository. If the key version is not found, it will return nil, nil.
func (*Repository) LookupOplogKey ¶
func (r *Repository) LookupOplogKey(ctx context.Context, privateId string, _ ...Option) (*OplogKey, error)
LookupOplogKey will look up a key in the repository. If the key is not found, it will return nil, nil.
func (*Repository) LookupOplogKeyVersion ¶
func (r *Repository) LookupOplogKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, _ ...Option) (*OplogKeyVersion, error)
LookupOplogKeyVersion will look up a key version in the repository. If the key version is not found, it will return nil, nil.
func (*Repository) LookupRootKey ¶
func (r *Repository) LookupRootKey(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, _ ...Option) (*RootKey, error)
LookupRootKey will look up a root key in the repository. If the key is not found, it will return nil, nil.
func (*Repository) LookupRootKeyVersion ¶
func (r *Repository) LookupRootKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, _ ...Option) (*RootKeyVersion, error)
LookupRootKeyVersion will look up a root key version in the repository. If the key version is not found, it will return nil, nil.
func (*Repository) LookupSessionKey ¶
func (r *Repository) LookupSessionKey(ctx context.Context, privateId string, _ ...Option) (*SessionKey, error)
LookupSessionKey will look up a key in the repository. If the key is not found, it will return nil, nil.
func (*Repository) LookupSessionKeyVersion ¶
func (r *Repository) LookupSessionKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, _ ...Option) (*SessionKeyVersion, error)
LookupSessionKeyVersion will look up a key version in the repository. If the key version is not found, it will return nil, nil.
func (*Repository) LookupTokenKey ¶
func (r *Repository) LookupTokenKey(ctx context.Context, privateId string, _ ...Option) (*TokenKey, error)
LookupTokenKey will look up a key in the repository. If the key is not found, it will return nil, nil.
func (*Repository) LookupTokenKeyVersion ¶
func (r *Repository) LookupTokenKeyVersion(ctx context.Context, keyWrapper wrapping.Wrapper, privateId string, _ ...Option) (*TokenKeyVersion, error)
LookupTokenKeyVersion will look up a key version in the repository. If the key version is not found, it will return nil, nil.
type RootKey ¶
func NewRootKey ¶
NewRootKey creates a new in memory root key. ScopeId must be for a global or org scope, but the scope type validation will be deferred until the in memory root key is written to the database. No options are currently supported.
func (*RootKey) SetTableName ¶
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
type RootKeyVersion ¶
type RootKeyVersion struct { *store.RootKeyVersion // contains filtered or unexported fields }
func AllocRootKeyVersion ¶
func AllocRootKeyVersion() RootKeyVersion
AllocRootKeyVersion allocates a RootKeyVersion
func NewRootKeyVersion ¶
func NewRootKeyVersion(rootKeyId string, key []byte, _ ...Option) (*RootKeyVersion, error)
NewRootKeyVersion creates a new in memory root key version. No options are currently supported.
func TestRootKeyVersion ¶
func (*RootKeyVersion) Clone ¶
func (k *RootKeyVersion) Clone() interface{}
Clone creates a clone of the RootKeyVersion
func (*RootKeyVersion) SetTableName ¶
func (k *RootKeyVersion) SetTableName(n string)
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
func (*RootKeyVersion) TableName ¶
func (k *RootKeyVersion) TableName() string
TableName returns the tablename to override the default gorm table name
type SessionKey ¶
type SessionKey struct { *store.SessionKey // contains filtered or unexported fields }
func NewSessionKey ¶
func NewSessionKey(rootKeyId string, _ ...Option) (*SessionKey, error)
NewSessionKey creates a new in memory key. No options are currently supported.
func TestSessionKey ¶
func (*SessionKey) Clone ¶
func (k *SessionKey) Clone() interface{}
Clone creates a clone of the key
func (*SessionKey) SetTableName ¶
func (k *SessionKey) SetTableName(n string)
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
func (*SessionKey) TableName ¶
func (k *SessionKey) TableName() string
TableName returns the tablename to override the default gorm table name
type SessionKeyVersion ¶
type SessionKeyVersion struct { *store.SessionKeyVersion // contains filtered or unexported fields }
func AllocSessionKeyVersion ¶
func AllocSessionKeyVersion() SessionKeyVersion
AllocSessionKeyVersion allocates a key version
func NewSessionKeyVersion ¶
func NewSessionKeyVersion(sessionKeyId string, key []byte, rootKeyVersionId string, _ ...Option) (*SessionKeyVersion, error)
SessionKeyVersion creates a new in memory key version. No options are currently supported.
func TestSessionKeyVersion ¶
func (*SessionKeyVersion) Clone ¶
func (k *SessionKeyVersion) Clone() interface{}
Clone creates a clone of the key version
func (*SessionKeyVersion) SetTableName ¶
func (k *SessionKeyVersion) SetTableName(n string)
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
func (*SessionKeyVersion) TableName ¶
func (k *SessionKeyVersion) TableName() string
TableName returns the tablename to override the default gorm table name
type TokenKey ¶
func NewTokenKey ¶
NewTokenKey creates a new in memory key. No options are currently supported.
func (*TokenKey) SetTableName ¶
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
type TokenKeyVersion ¶
type TokenKeyVersion struct { *store.TokenKeyVersion // contains filtered or unexported fields }
func AllocTokenKeyVersion ¶
func AllocTokenKeyVersion() TokenKeyVersion
AllocTokenKeyVersion allocates a key version
func NewTokenKeyVersion ¶
func NewTokenKeyVersion(tokenKeyId string, key []byte, rootKeyVersionId string, _ ...Option) (*TokenKeyVersion, error)
TokenKeyVersion creates a new in memory key version. No options are currently supported.
func TestTokenKeyVersion ¶
func (*TokenKeyVersion) Clone ¶
func (k *TokenKeyVersion) Clone() interface{}
Clone creates a clone of the key version
func (*TokenKeyVersion) SetTableName ¶
func (k *TokenKeyVersion) SetTableName(n string)
SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.
func (*TokenKeyVersion) TableName ¶
func (k *TokenKeyVersion) TableName() string
TableName returns the tablename to override the default gorm table name
Source Files ¶
- const.go
- database_key.go
- database_key_version.go
- ids.go
- kms.go
- oidc_key.go
- oidc_key_version.go
- oplog_key.go
- oplog_key_version.go
- options.go
- repository.go
- repository_database_key.go
- repository_database_key_version.go
- repository_oidc_key.go
- repository_oidc_key_version.go
- repository_oplog_key.go
- repository_oplog_key_version.go
- repository_root_key.go
- repository_root_key_version.go
- repository_session_key.go
- repository_session_key_version.go
- repository_token_key.go
- repository_token_key_version.go
- root_key.go
- root_key_version.go
- session_key.go
- session_key_version.go
- testing.go
- token_key.go
- token_key_version.go