store

package
v0.7.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 15, 2021 License: MPL-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_controller_storage_credential_vault_store_v1_vault_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type ClientCertificate 

type ClientCertificate struct {

	// store_id is the ID of the owning vault credential store. A vault
	// credential store can have 0 or 1 client certificate.
	// @inject_tag: `gorm:"primary_key"`
	StoreId string `protobuf:"bytes,1,opt,name=store_id,json=storeId,proto3" json:"store_id,omitempty" gorm:"primary_key"`
	// certificate is the PEM encoded certificate.
	// It must be set.
	// @inject_tag: `gorm:"not_null"`
	Certificate []byte `protobuf:"bytes,2,opt,name=certificate,proto3" json:"certificate,omitempty" gorm:"not_null"`
	// certificate_key is the plain-text of the certificate key data. We are
	// not storing this plain-text key in the database.
	// @inject_tag: `gorm:"-" wrapping:"pt,certificate_key_data"`
	CertificateKey []byte `` /* 147-byte string literal not displayed */
	// ct_certificate_key is the ciphertext of the certificate key data. It
	// is stored in the database.
	// @inject_tag: `gorm:"column:certificate_key;not_null" wrapping:"ct,certificate_key_data"`
	CtCertificateKey []byte `` /* 185-byte string literal not displayed */
	// certificate_key_hmac is a sha256-hmac of the unencrypted certificate_key that
	// is returned from the API for read.  It is recalculated everytime the raw
	// certificate_key is updated.
	// @inject_tag: `gorm:"not_null"`
	CertificateKeyHmac []byte `` /* 135-byte string literal not displayed */
	// The key_id of the kms database key used for encrypting this entry.
	// It must be set.
	// @inject_tag: `gorm:"not_null"`
	KeyId string `protobuf:"bytes,10,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty" gorm:"not_null"`
	// contains filtered or unexported fields
}

func (*ClientCertificate) Descriptor deprecated 

func (*ClientCertificate) Descriptor() ([]byte, []int)

Deprecated: Use ClientCertificate.ProtoReflect.Descriptor instead.

func (*ClientCertificate) GetCertificate 

func (x *ClientCertificate) GetCertificate() []byte

func (*ClientCertificate) GetCertificateKey 

func (x *ClientCertificate) GetCertificateKey() []byte

func (*ClientCertificate) GetCertificateKeyHmac 

func (x *ClientCertificate) GetCertificateKeyHmac() []byte

func (*ClientCertificate) GetCtCertificateKey 

func (x *ClientCertificate) GetCtCertificateKey() []byte

func (*ClientCertificate) GetKeyId 

func (x *ClientCertificate) GetKeyId() string

func (*ClientCertificate) GetStoreId 

func (x *ClientCertificate) GetStoreId() string

func (*ClientCertificate) ProtoMessage 

func (*ClientCertificate) ProtoMessage()

func (*ClientCertificate) ProtoReflect 

func (x *ClientCertificate) ProtoReflect() protoreflect.Message

func (*ClientCertificate) Reset 

func (x *ClientCertificate) Reset()

func (*ClientCertificate) String 

func (x *ClientCertificate) String() string

type Credential 

type Credential struct {

	// public_id is a surrogate key suitable for use in a public API.
	// @inject_tag: `gorm:"primary_key"`
	PublicId string `protobuf:"bytes,1,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"`
	// library_id of the owning vault credential library.
	// It must be set.
	LibraryId string `protobuf:"bytes,2,opt,name=library_id,json=libraryId,proto3" json:"library_id,omitempty"`
	// session_id of the session the credential was created for.
	// It must be set.
	SessionId string `protobuf:"bytes,3,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
	// token_hmac is the foreign key of the token used to acquire the secret.
	// @inject_tag: `gorm:"not_null"`
	TokenHmac []byte `protobuf:"bytes,4,opt,name=token_hmac,json=tokenHmac,proto3" json:"token_hmac,omitempty" gorm:"not_null"`
	// create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// update_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	UpdateTime *timestamp.Timestamp `protobuf:"bytes,6,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"`
	// version allows optimistic locking of the resource.
	// @inject_tag: `gorm:"default:null"`
	Version uint32 `protobuf:"varint,7,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"`
	// external_id is the lease ID returned from Vault.
	// @inject_tag: `gorm:"not_null"`
	ExternalId string `protobuf:"bytes,8,opt,name=external_id,json=externalId,proto3" json:"external_id,omitempty" gorm:"not_null"`
	// last_renewal_time is the time the lease was last renewed with Vault.
	// @inject_tag: `gorm:"default:null"`
	LastRenewalTime *timestamp.Timestamp `` /* 128-byte string literal not displayed */
	// expiration_time is the time the lease is expected to expire.
	// expiration_time is calculated when the credential is initially
	// retrieved and whenever the credential's lease is renewed.
	//
	// The calculation is:
	//   expiration_time := time.Now().Add(LeaseDuration * time.Second)
	// LeaseDuration is a value returned by Vault when the credential is
	// retrieved or the lease for the credential is renewed.
	//
	// https://www.vaultproject.io/docs/concepts/lease
	//
	// @inject_tag: `gorm:"default:null"`
	ExpirationTime *timestamp.Timestamp `protobuf:"bytes,10,opt,name=expiration_time,json=expirationTime,proto3" json:"expiration_time,omitempty" gorm:"default:null"`
	// is_renewable indicates if the lease can be renewed.
	// @inject_tag: `gorm:"default:false"`
	IsRenewable bool `protobuf:"varint,11,opt,name=is_renewable,json=isRenewable,proto3" json:"is_renewable,omitempty" gorm:"default:false"`
	// The status of the credential.
	// It must be set.
	// @inject_tag: `gorm:"not_null"`
	Status string `protobuf:"bytes,12,opt,name=status,proto3" json:"status,omitempty" gorm:"not_null"`
	// contains filtered or unexported fields
}

func (*Credential) Descriptor deprecated 

func (*Credential) Descriptor() ([]byte, []int)

Deprecated: Use Credential.ProtoReflect.Descriptor instead.

func (*Credential) GetCreateTime 

func (x *Credential) GetCreateTime() *timestamp.Timestamp

func (*Credential) GetExpirationTime 

func (x *Credential) GetExpirationTime() *timestamp.Timestamp

func (*Credential) GetExternalId 

func (x *Credential) GetExternalId() string

func (*Credential) GetIsRenewable 

func (x *Credential) GetIsRenewable() bool

func (*Credential) GetLastRenewalTime 

func (x *Credential) GetLastRenewalTime() *timestamp.Timestamp

func (*Credential) GetLibraryId 

func (x *Credential) GetLibraryId() string

func (*Credential) GetPublicId 

func (x *Credential) GetPublicId() string

func (*Credential) GetSessionId 

func (x *Credential) GetSessionId() string

func (*Credential) GetStatus 

func (x *Credential) GetStatus() string

func (*Credential) GetTokenHmac 

func (x *Credential) GetTokenHmac() []byte

func (*Credential) GetUpdateTime 

func (x *Credential) GetUpdateTime() *timestamp.Timestamp

func (*Credential) GetVersion 

func (x *Credential) GetVersion() uint32

func (*Credential) ProtoMessage 

func (*Credential) ProtoMessage()

func (*Credential) ProtoReflect 

func (x *Credential) ProtoReflect() protoreflect.Message

func (*Credential) Reset 

func (x *Credential) Reset()

func (*Credential) String 

func (x *Credential) String() string

type CredentialLibrary 

type CredentialLibrary struct {

	// public_id is a surrogate key suitable for use in a public API.
	// @inject_tag: `gorm:"primary_key"`
	PublicId string `protobuf:"bytes,1,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"`
	// create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// update_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	UpdateTime *timestamp.Timestamp `protobuf:"bytes,3,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"`
	// name is optional. If set, it must be unique within scope_id.
	// @inject_tag: `gorm:"default:null"`
	Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty" gorm:"default:null"`
	// description is optional.
	// @inject_tag: `gorm:"default:null"`
	Description string `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty" gorm:"default:null"`
	// store_id of the owning vault credential store.
	// It must be set.
	// @inject_tag: `gorm:"not_null"`
	StoreId string `protobuf:"bytes,6,opt,name=store_id,json=storeId,proto3" json:"store_id,omitempty" gorm:"not_null"`
	// version allows optimistic locking of the resource.
	// @inject_tag: `gorm:"default:null"`
	Version uint32 `protobuf:"varint,7,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"`
	// vault_path is the path in Vault to request credentials from.
	// It must be set.
	// @inject_tag: `gorm:"not_null"`
	VaultPath string `protobuf:"bytes,8,opt,name=vault_path,json=vaultPath,proto3" json:"vault_path,omitempty" gorm:"not_null"`
	// The HTTP method the library uses to communicate with Vault.
	// It must be set. Can only be GET or POST.
	// @inject_tag: `gorm:"not_null"`
	HttpMethod string `protobuf:"bytes,9,opt,name=http_method,json=httpMethod,proto3" json:"http_method,omitempty" gorm:"not_null"`
	// The body of the HTTP request the library sends to Vault.
	// Can only be set if http_method is POST.
	// @inject_tag: `gorm:"default:null"`
	HttpRequestBody []byte `` /* 129-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*CredentialLibrary) Descriptor deprecated 

func (*CredentialLibrary) Descriptor() ([]byte, []int)

Deprecated: Use CredentialLibrary.ProtoReflect.Descriptor instead.

func (*CredentialLibrary) GetCreateTime 

func (x *CredentialLibrary) GetCreateTime() *timestamp.Timestamp

func (*CredentialLibrary) GetDescription 

func (x *CredentialLibrary) GetDescription() string

func (*CredentialLibrary) GetHttpMethod 

func (x *CredentialLibrary) GetHttpMethod() string

func (*CredentialLibrary) GetHttpRequestBody 

func (x *CredentialLibrary) GetHttpRequestBody() []byte

func (*CredentialLibrary) GetName 

func (x *CredentialLibrary) GetName() string

func (*CredentialLibrary) GetPublicId 

func (x *CredentialLibrary) GetPublicId() string

func (*CredentialLibrary) GetStoreId 

func (x *CredentialLibrary) GetStoreId() string

func (*CredentialLibrary) GetUpdateTime 

func (x *CredentialLibrary) GetUpdateTime() *timestamp.Timestamp

func (*CredentialLibrary) GetVaultPath 

func (x *CredentialLibrary) GetVaultPath() string

func (*CredentialLibrary) GetVersion 

func (x *CredentialLibrary) GetVersion() uint32

func (*CredentialLibrary) ProtoMessage 

func (*CredentialLibrary) ProtoMessage()

func (*CredentialLibrary) ProtoReflect 

func (x *CredentialLibrary) ProtoReflect() protoreflect.Message

func (*CredentialLibrary) Reset 

func (x *CredentialLibrary) Reset()

func (*CredentialLibrary) String 

func (x *CredentialLibrary) String() string

type CredentialStore 

type CredentialStore struct {

	// public_id is a surrogate key suitable for use in a public API.
	// @inject_tag: `gorm:"primary_key"`
	PublicId string `protobuf:"bytes,1,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"`
	// The create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// The update_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	UpdateTime *timestamp.Timestamp `protobuf:"bytes,3,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"`
	// The delete_time is set by the application.
	// @inject_tag: `gorm:"default:null"`
	DeleteTime *timestamp.Timestamp `protobuf:"bytes,4,opt,name=delete_time,json=deleteTime,proto3" json:"delete_time,omitempty" gorm:"default:null"`
	// name is optional. If set, it must be unique within scope_id.
	// @inject_tag: `gorm:"default:null"`
	Name string `protobuf:"bytes,5,opt,name=name,proto3" json:"name,omitempty" gorm:"default:null"`
	// description is optional.
	// @inject_tag: `gorm:"default:null"`
	Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty" gorm:"default:null"`
	// The scope_id of the owning scope.
	// It must be set.
	// @inject_tag: `gorm:"not_null"`
	ScopeId string `protobuf:"bytes,7,opt,name=scope_id,json=scopeId,proto3" json:"scope_id,omitempty" gorm:"not_null"`
	// version allows optimistic locking of the resource.
	// @inject_tag: `gorm:"default:null"`
	Version uint32 `protobuf:"varint,8,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"`
	// vault_address is the address of the vault server. This should be a
	// complete URL.
	// It must be set.
	// @inject_tag: `gorm:"not_null"`
	VaultAddress string `protobuf:"bytes,9,opt,name=vault_address,json=vaultAddress,proto3" json:"vault_address,omitempty" gorm:"not_null"`
	// namespace is the vault namespace the credential store should use.
	// It is optional.
	// @inject_tag: `gorm:"default:null"`
	Namespace string `protobuf:"bytes,10,opt,name=namespace,proto3" json:"namespace,omitempty" gorm:"default:null"`
	// ca_cert is a single PEM-encoded CA certificate to verify the Vault
	// server's SSL certificate.
	// It is optional.
	// @inject_tag: `gorm:"default:null"`
	CaCert []byte `protobuf:"bytes,11,opt,name=ca_cert,json=caCert,proto3" json:"ca_cert,omitempty" gorm:"default:null"`
	// tls_server_name is the name to use as the SNI host when connecting to
	// Vault via TLS.
	// It is optional.
	// @inject_tag: `gorm:"default:null"`
	TlsServerName string `protobuf:"bytes,12,opt,name=tls_server_name,json=tlsServerName,proto3" json:"tls_server_name,omitempty" gorm:"default:null"`
	// tls_skip_verify disables verification of TLS certificates. Using this
	// option is highly discouraged as it decreases the security of data
	// transmissions to and from the Vault server.
	// @inject_tag: `gorm:"default:false"`
	TlsSkipVerify bool `protobuf:"varint,13,opt,name=tls_skip_verify,json=tlsSkipVerify,proto3" json:"tls_skip_verify,omitempty" gorm:"default:false"`
	// contains filtered or unexported fields
}

func (*CredentialStore) Descriptor deprecated 

func (*CredentialStore) Descriptor() ([]byte, []int)

Deprecated: Use CredentialStore.ProtoReflect.Descriptor instead.

func (*CredentialStore) GetCaCert 

func (x *CredentialStore) GetCaCert() []byte

func (*CredentialStore) GetCreateTime 

func (x *CredentialStore) GetCreateTime() *timestamp.Timestamp

func (*CredentialStore) GetDeleteTime 

func (x *CredentialStore) GetDeleteTime() *timestamp.Timestamp

func (*CredentialStore) GetDescription 

func (x *CredentialStore) GetDescription() string

func (*CredentialStore) GetName 

func (x *CredentialStore) GetName() string

func (*CredentialStore) GetNamespace 

func (x *CredentialStore) GetNamespace() string

func (*CredentialStore) GetPublicId 

func (x *CredentialStore) GetPublicId() string

func (*CredentialStore) GetScopeId 

func (x *CredentialStore) GetScopeId() string

func (*CredentialStore) GetTlsServerName 

func (x *CredentialStore) GetTlsServerName() string

func (*CredentialStore) GetTlsSkipVerify 

func (x *CredentialStore) GetTlsSkipVerify() bool

func (*CredentialStore) GetUpdateTime 

func (x *CredentialStore) GetUpdateTime() *timestamp.Timestamp

func (*CredentialStore) GetVaultAddress 

func (x *CredentialStore) GetVaultAddress() string

func (*CredentialStore) GetVersion 

func (x *CredentialStore) GetVersion() uint32

func (*CredentialStore) ProtoMessage 

func (*CredentialStore) ProtoMessage()

func (*CredentialStore) ProtoReflect 

func (x *CredentialStore) ProtoReflect() protoreflect.Message

func (*CredentialStore) Reset 

func (x *CredentialStore) Reset()

func (*CredentialStore) String 

func (x *CredentialStore) String() string

type Token 

type Token struct {

	// token_hmac is the hmac-sha256 value of the token. The hmac key is the
	// blake2b-256 value of the token accessor.
	// @inject_tag: `gorm:"primary_key"`
	TokenHmac []byte `protobuf:"bytes,1,opt,name=token_hmac,json=tokenHmac,proto3" json:"token_hmac,omitempty" gorm:"primary_key"`
	// token is the plain-text of the token data. We are not storing this
	// plain-text token in the database.
	// @inject_tag: `gorm:"-" wrapping:"pt,token_data"`
	Token []byte `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty" gorm:"-" wrapping:"pt,token_data"`
	// ct_token is the ciphertext of the token data. It is stored in the database.
	// @inject_tag: `gorm:"column:token;not_null" wrapping:"ct,token_data"`
	CtToken []byte `` /* 136-byte string literal not displayed */
	// store_id is the ID of the owning vault credential store. A vault
	// credential store can have 0 or 1 token.
	// It must be set.
	// @inject_tag: `gorm:"not_null"`
	StoreId string `protobuf:"bytes,4,opt,name=store_id,json=storeId,proto3" json:"store_id,omitempty" gorm:"not_null"`
	// create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// update_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	UpdateTime *timestamp.Timestamp `protobuf:"bytes,6,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"`
	// last_renewal_time is the time the token was last renewed with Vault.
	// @inject_tag: `gorm:"default:null"`
	LastRenewalTime *timestamp.Timestamp `` /* 128-byte string literal not displayed */
	// expiration_time is the time the token is expected to expire.
	// expiration_time is calculated when the token is renewed.
	//
	// The calculation is:
	//   expiration_time := time.Now().Add(LeaseDuration * time.Second)
	// LeaseDuration is a value returned by Vault when the token is renewed.
	//
	// https://www.vaultproject.io/api-docs/auth/token#renew-a-token-self
	//
	// @inject_tag: `gorm:"default:null"`
	ExpirationTime *timestamp.Timestamp `protobuf:"bytes,9,opt,name=expiration_time,json=expirationTime,proto3" json:"expiration_time,omitempty" gorm:"default:null"`
	// The key_id of the kms database key used for encrypting this entry.
	// It must be set.
	// @inject_tag: `gorm:"not_null"`
	KeyId string `protobuf:"bytes,10,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty" gorm:"not_null"`
	// The status of the token.
	// It must be set.
	// @inject_tag: `gorm:"not_null"`
	Status string `protobuf:"bytes,11,opt,name=status,proto3" json:"status,omitempty" gorm:"not_null"`
	// contains filtered or unexported fields
}

func (*Token) Descriptor deprecated 

func (*Token) Descriptor() ([]byte, []int)

Deprecated: Use Token.ProtoReflect.Descriptor instead.

func (*Token) GetCreateTime 

func (x *Token) GetCreateTime() *timestamp.Timestamp

func (*Token) GetCtToken 

func (x *Token) GetCtToken() []byte

func (*Token) GetExpirationTime 

func (x *Token) GetExpirationTime() *timestamp.Timestamp

func (*Token) GetKeyId 

func (x *Token) GetKeyId() string

func (*Token) GetLastRenewalTime 

func (x *Token) GetLastRenewalTime() *timestamp.Timestamp

func (*Token) GetStatus 

func (x *Token) GetStatus() string

func (*Token) GetStoreId 

func (x *Token) GetStoreId() string

func (*Token) GetToken 

func (x *Token) GetToken() []byte

func (*Token) GetTokenHmac 

func (x *Token) GetTokenHmac() []byte

func (*Token) GetUpdateTime 

func (x *Token) GetUpdateTime() *timestamp.Timestamp

func (*Token) ProtoMessage 

func (*Token) ProtoMessage()

func (*Token) ProtoReflect 

func (x *Token) ProtoReflect() protoreflect.Message

func (*Token) Reset 

func (x *Token) Reset()

func (*Token) String 

func (x *Token) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.