Documentation ¶
Index ¶
- Constants
- Variables
- func ExerciseBackend(t testing.TB, b Backend)
- func ExerciseBackend_ListPrefix(t testing.TB, b Backend)
- func ExerciseHABackend(t testing.TB, b HABackend, b2 HABackend)
- func ExerciseTransactionalBackend(t testing.TB, b Backend)
- func GenericTransactionHandler(ctx context.Context, t PseudoTransactional, txns []*TxnEntry) (retErr error)
- func Prefixes(s string) []string
- type ActiveFunction
- type Backend
- type Cache
- func (c *Cache) Delete(ctx context.Context, key string) error
- func (c *Cache) Get(ctx context.Context, key string) (*Entry, error)
- func (c *Cache) List(ctx context.Context, prefix string) ([]string, error)
- func (c *Cache) Purge(ctx context.Context)
- func (c *Cache) Put(ctx context.Context, entry *Entry) error
- func (c *Cache) SetEnabled(enabled bool)
- type EncryptedBlobInfo
- func (*EncryptedBlobInfo) Descriptor() ([]byte, []int)
- func (m *EncryptedBlobInfo) GetCiphertext() []byte
- func (m *EncryptedBlobInfo) GetHMAC() []byte
- func (m *EncryptedBlobInfo) GetIV() []byte
- func (m *EncryptedBlobInfo) GetKey() string
- func (m *EncryptedBlobInfo) GetKeyInfo() *SealKeyInfo
- func (m *EncryptedBlobInfo) GetWrapped() bool
- func (*EncryptedBlobInfo) ProtoMessage()
- func (m *EncryptedBlobInfo) Reset()
- func (m *EncryptedBlobInfo) String() string
- func (m *EncryptedBlobInfo) XXX_DiscardUnknown()
- func (m *EncryptedBlobInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *EncryptedBlobInfo) XXX_Merge(src proto.Message)
- func (m *EncryptedBlobInfo) XXX_Size() int
- func (m *EncryptedBlobInfo) XXX_Unmarshal(b []byte) error
- type Entry
- type ErrorInjector
- func (e *ErrorInjector) Delete(ctx context.Context, key string) error
- func (e *ErrorInjector) Get(ctx context.Context, key string) (*Entry, error)
- func (e *ErrorInjector) List(ctx context.Context, prefix string) ([]string, error)
- func (e *ErrorInjector) Put(ctx context.Context, entry *Entry) error
- func (e *ErrorInjector) SetErrorPercentage(p int)
- type Factory
- type HABackend
- type LatencyInjector
- func (l *LatencyInjector) Delete(ctx context.Context, key string) error
- func (l *LatencyInjector) Get(ctx context.Context, key string) (*Entry, error)
- func (l *LatencyInjector) List(ctx context.Context, prefix string) ([]string, error)
- func (l *LatencyInjector) Put(ctx context.Context, entry *Entry) error
- func (l *LatencyInjector) SetLatency(latency time.Duration)
- type Lock
- type Operation
- type PerformanceStandbyFunction
- type PermitPool
- type PhysicalAccess
- func (p *PhysicalAccess) Delete(ctx context.Context, key string) error
- func (p *PhysicalAccess) Get(ctx context.Context, key string) (*Entry, error)
- func (p *PhysicalAccess) List(ctx context.Context, prefix string) ([]string, error)
- func (p *PhysicalAccess) Purge(ctx context.Context)
- func (p *PhysicalAccess) Put(ctx context.Context, entry *Entry) error
- type PseudoTransactional
- type RedirectDetect
- type SealKeyInfo
- func (*SealKeyInfo) Descriptor() ([]byte, []int)
- func (m *SealKeyInfo) GetFlags() uint64
- func (m *SealKeyInfo) GetHMACKeyID() string
- func (m *SealKeyInfo) GetHMACMechanism() uint64
- func (m *SealKeyInfo) GetKeyID() string
- func (m *SealKeyInfo) GetMechanism() uint64
- func (m *SealKeyInfo) GetWrappedKey() []byte
- func (*SealKeyInfo) ProtoMessage()
- func (m *SealKeyInfo) Reset()
- func (m *SealKeyInfo) String() string
- func (m *SealKeyInfo) XXX_DiscardUnknown()
- func (m *SealKeyInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *SealKeyInfo) XXX_Merge(src proto.Message)
- func (m *SealKeyInfo) XXX_Size() int
- func (m *SealKeyInfo) XXX_Unmarshal(b []byte) error
- type SealedFunction
- type ServiceDiscovery
- type ShutdownChannel
- type StorageEncoding
- type ToggleablePurgemonster
- type Transactional
- type TransactionalBackend
- type TransactionalCache
- type TransactionalErrorInjector
- type TransactionalLatencyInjector
- type TransactionalStorageEncoding
- type TxnEntry
- type View
Constants ¶
const ( DeleteOperation Operation = "delete" GetOperation = "get" ListOperation = "list" PutOperation = "put" )
const (
// DefaultCacheSize is used if no cache size is specified for NewCache
DefaultCacheSize = 128 * 1024
)
const (
// DefaultErrorPercent is used to determin how often we error
DefaultErrorPercent = 20
)
const (
// DefaultJitterPercent is used if no cache size is specified for NewCache
DefaultJitterPercent = 20
)
const DefaultParallelOperations = 128
Variables ¶
var ErrNonPrintable = errors.New("key contains non-printable characters")
var ErrNonUTF8 = errors.New("key contains invalid UTF-8 characters")
var (
ErrRelativePath = errors.New("relative paths not supported")
)
Functions ¶
func ExerciseBackend ¶ added in v0.8.0
func ExerciseBackend_ListPrefix ¶ added in v0.8.0
func ExerciseHABackend ¶ added in v0.8.0
func ExerciseTransactionalBackend ¶ added in v0.8.0
func GenericTransactionHandler ¶ added in v0.8.0
func GenericTransactionHandler(ctx context.Context, t PseudoTransactional, txns []*TxnEntry) (retErr error)
Implements the transaction interface
Types ¶
type ActiveFunction ¶ added in v0.8.0
type ActiveFunction func() bool
Callback signatures for RunServiceDiscovery
type Backend ¶
type Backend interface { // Put is used to insert or update an entry Put(ctx context.Context, entry *Entry) error // Get is used to fetch an entry Get(ctx context.Context, key string) (*Entry, error) // Delete is used to permanently delete an entry Delete(ctx context.Context, key string) error // List is used to list all the keys under a given // prefix, up to the next prefix. List(ctx context.Context, prefix string) ([]string, error) }
Backend is the interface required for a physical backend. A physical backend is used to durably store data outside of Vault. As such, it is completely untrusted, and is only accessed via a security barrier. The backends must represent keys in a hierarchical manner. All methods are expected to be thread safe.
func NewStorageEncoding ¶ added in v1.0.0
NewStorageEncoding returns a wrapped physical backend and verifies the key encoding
type Cache ¶
type Cache struct {
// contains filtered or unexported fields
}
Cache is used to wrap an underlying physical backend and provide an LRU cache layer on top. Most of the reads done by Vault are for policy objects so there is a large read reduction by using a simple write-through cache.
func NewCache ¶
NewCache returns a physical cache of the given size. If no size is provided, the default size is used.
func (*Cache) SetEnabled ¶ added in v0.9.2
SetEnabled is used to toggle whether the cache is on or off. It must be called with true to actually activate the cache after creation.
type EncryptedBlobInfo ¶ added in v1.0.0
type EncryptedBlobInfo struct { Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` IV []byte `protobuf:"bytes,2,opt,name=iv,proto3" json:"iv,omitempty"` HMAC []byte `protobuf:"bytes,3,opt,name=hmac,proto3" json:"hmac,omitempty"` Wrapped bool `protobuf:"varint,4,opt,name=wrapped,proto3" json:"wrapped,omitempty"` KeyInfo *SealKeyInfo `protobuf:"bytes,5,opt,name=key_info,json=keyInfo,proto3" json:"key_info,omitempty"` // Key is the Key value for the entry that corresponds to // physical.Entry.Key's value Key string `protobuf:"bytes,6,opt,name=key,proto3" json:"key,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*EncryptedBlobInfo) Descriptor ¶ added in v1.0.0
func (*EncryptedBlobInfo) Descriptor() ([]byte, []int)
func (*EncryptedBlobInfo) GetCiphertext ¶ added in v1.0.0
func (m *EncryptedBlobInfo) GetCiphertext() []byte
func (*EncryptedBlobInfo) GetHMAC ¶ added in v1.0.0
func (m *EncryptedBlobInfo) GetHMAC() []byte
func (*EncryptedBlobInfo) GetIV ¶ added in v1.0.0
func (m *EncryptedBlobInfo) GetIV() []byte
func (*EncryptedBlobInfo) GetKey ¶ added in v1.0.0
func (m *EncryptedBlobInfo) GetKey() string
func (*EncryptedBlobInfo) GetKeyInfo ¶ added in v1.0.0
func (m *EncryptedBlobInfo) GetKeyInfo() *SealKeyInfo
func (*EncryptedBlobInfo) GetWrapped ¶ added in v1.0.0
func (m *EncryptedBlobInfo) GetWrapped() bool
func (*EncryptedBlobInfo) ProtoMessage ¶ added in v1.0.0
func (*EncryptedBlobInfo) ProtoMessage()
func (*EncryptedBlobInfo) Reset ¶ added in v1.0.0
func (m *EncryptedBlobInfo) Reset()
func (*EncryptedBlobInfo) String ¶ added in v1.0.0
func (m *EncryptedBlobInfo) String() string
func (*EncryptedBlobInfo) XXX_DiscardUnknown ¶ added in v1.0.0
func (m *EncryptedBlobInfo) XXX_DiscardUnknown()
func (*EncryptedBlobInfo) XXX_Marshal ¶ added in v1.0.0
func (m *EncryptedBlobInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*EncryptedBlobInfo) XXX_Merge ¶ added in v1.0.0
func (m *EncryptedBlobInfo) XXX_Merge(src proto.Message)
func (*EncryptedBlobInfo) XXX_Size ¶ added in v1.0.0
func (m *EncryptedBlobInfo) XXX_Size() int
func (*EncryptedBlobInfo) XXX_Unmarshal ¶ added in v1.0.0
func (m *EncryptedBlobInfo) XXX_Unmarshal(b []byte) error
type ErrorInjector ¶ added in v0.11.2
type ErrorInjector struct {
// contains filtered or unexported fields
}
ErrorInjector is used to add errors into underlying physical requests
func NewErrorInjector ¶ added in v0.11.2
func NewErrorInjector(b Backend, errorPercent int, logger log.Logger) *ErrorInjector
NewErrorInjector returns a wrapped physical backend to inject error
func (*ErrorInjector) Delete ¶ added in v0.11.2
func (e *ErrorInjector) Delete(ctx context.Context, key string) error
func (*ErrorInjector) Put ¶ added in v0.11.2
func (e *ErrorInjector) Put(ctx context.Context, entry *Entry) error
func (*ErrorInjector) SetErrorPercentage ¶ added in v0.11.2
func (e *ErrorInjector) SetErrorPercentage(p int)
type HABackend ¶
type HABackend interface { // LockWith is used for mutual exclusion based on the given key. LockWith(key, value string) (Lock, error) // Whether or not HA functionality is enabled HAEnabled() bool }
HABackend is an extensions to the standard physical backend to support high-availability. Vault only expects to use mutual exclusion to allow multiple instances to act as a hot standby for a leader that services all requests.
type LatencyInjector ¶ added in v0.8.3
type LatencyInjector struct {
// contains filtered or unexported fields
}
LatencyInjector is used to add latency into underlying physical requests
func NewLatencyInjector ¶ added in v0.8.3
func NewLatencyInjector(b Backend, latency time.Duration, jitter int, logger log.Logger) *LatencyInjector
NewLatencyInjector returns a wrapped physical backend to simulate latency
func (*LatencyInjector) Delete ¶ added in v0.8.3
func (l *LatencyInjector) Delete(ctx context.Context, key string) error
Delete is a latent delete request
func (*LatencyInjector) Put ¶ added in v0.8.3
func (l *LatencyInjector) Put(ctx context.Context, entry *Entry) error
Put is a latent put request
func (*LatencyInjector) SetLatency ¶ added in v1.1.0
func (l *LatencyInjector) SetLatency(latency time.Duration)
type Lock ¶
type Lock interface { // Lock is used to acquire the given lock // The stopCh is optional and if closed should interrupt the lock // acquisition attempt. The return struct should be closed when // leadership is lost. Lock(stopCh <-chan struct{}) (<-chan struct{}, error) // Unlock is used to release the lock Unlock() error // Returns the value of the lock and if it is held Value() (bool, string, error) }
type PerformanceStandbyFunction ¶ added in v0.11.2
type PerformanceStandbyFunction func() bool
type PermitPool ¶ added in v0.4.0
type PermitPool struct {
// contains filtered or unexported fields
}
PermitPool is used to limit maximum outstanding requests
func NewPermitPool ¶ added in v0.4.0
func NewPermitPool(permits int) *PermitPool
NewPermitPool returns a new permit pool with the provided number of permits
func (*PermitPool) Acquire ¶ added in v0.4.0
func (c *PermitPool) Acquire()
Acquire returns when a permit has been acquired
func (*PermitPool) Release ¶ added in v0.4.0
func (c *PermitPool) Release()
Release returns a permit to the pool
type PhysicalAccess ¶ added in v0.9.0
type PhysicalAccess struct {
// contains filtered or unexported fields
}
PhysicalAccess is a wrapper around physical.Backend that allows Core to expose its physical storage operations through PhysicalAccess() while restricting the ability to modify Core.physical itself.
func NewPhysicalAccess ¶ added in v0.9.0
func NewPhysicalAccess(physical Backend) *PhysicalAccess
func (*PhysicalAccess) Delete ¶ added in v0.9.0
func (p *PhysicalAccess) Delete(ctx context.Context, key string) error
func (*PhysicalAccess) Purge ¶ added in v0.9.0
func (p *PhysicalAccess) Purge(ctx context.Context)
type PseudoTransactional ¶ added in v0.7.0
type PseudoTransactional interface { // An internal function should do no locking or permit pool acquisition. // Depending on the backend and if it natively supports transactions, these // may simply chain to the normal backend functions. GetInternal(context.Context, string) (*Entry, error) PutInternal(context.Context, *Entry) error DeleteInternal(context.Context, string) error }
type RedirectDetect ¶ added in v0.6.1
type RedirectDetect interface { // DetectHostAddr is used to detect the host address DetectHostAddr() (string, error) }
RedirectDetect is an optional interface that an HABackend can implement. If they do, a redirect address can be automatically detected.
type SealKeyInfo ¶ added in v1.0.0
type SealKeyInfo struct { // Mechanism is the method used by the seal to encrypt and sign the // data as defined by the seal. Mechanism uint64 `protobuf:"varint,1,opt,name=Mechanism,proto3" json:"Mechanism,omitempty"` HMACMechanism uint64 `protobuf:"varint,2,opt,name=HMACMechanism,proto3" json:"HMACMechanism,omitempty"` // This is an opaque ID used by the seal to identify the specific // key to use as defined by the seal. This could be a version, key // label, or something else. KeyID string `protobuf:"bytes,3,opt,name=KeyID,proto3" json:"KeyID,omitempty"` HMACKeyID string `protobuf:"bytes,4,opt,name=HMACKeyID,proto3" json:"HMACKeyID,omitempty"` // These value are used when generating our own data encryption keys // and encrypting them using the autoseal WrappedKey []byte `protobuf:"bytes,5,opt,name=WrappedKey,proto3" json:"WrappedKey,omitempty"` // Mechanism specific flags Flags uint64 `protobuf:"varint,6,opt,name=Flags,proto3" json:"Flags,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
SealKeyInfo contains information regarding the seal used to encrypt the entry.
func (*SealKeyInfo) Descriptor ¶ added in v1.0.0
func (*SealKeyInfo) Descriptor() ([]byte, []int)
func (*SealKeyInfo) GetFlags ¶ added in v1.0.0
func (m *SealKeyInfo) GetFlags() uint64
func (*SealKeyInfo) GetHMACKeyID ¶ added in v1.0.0
func (m *SealKeyInfo) GetHMACKeyID() string
func (*SealKeyInfo) GetHMACMechanism ¶ added in v1.0.0
func (m *SealKeyInfo) GetHMACMechanism() uint64
func (*SealKeyInfo) GetKeyID ¶ added in v1.0.0
func (m *SealKeyInfo) GetKeyID() string
func (*SealKeyInfo) GetMechanism ¶ added in v1.0.0
func (m *SealKeyInfo) GetMechanism() uint64
func (*SealKeyInfo) GetWrappedKey ¶ added in v1.0.0
func (m *SealKeyInfo) GetWrappedKey() []byte
func (*SealKeyInfo) ProtoMessage ¶ added in v1.0.0
func (*SealKeyInfo) ProtoMessage()
func (*SealKeyInfo) Reset ¶ added in v1.0.0
func (m *SealKeyInfo) Reset()
func (*SealKeyInfo) String ¶ added in v1.0.0
func (m *SealKeyInfo) String() string
func (*SealKeyInfo) XXX_DiscardUnknown ¶ added in v1.0.0
func (m *SealKeyInfo) XXX_DiscardUnknown()
func (*SealKeyInfo) XXX_Marshal ¶ added in v1.0.0
func (m *SealKeyInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*SealKeyInfo) XXX_Merge ¶ added in v1.0.0
func (m *SealKeyInfo) XXX_Merge(src proto.Message)
func (*SealKeyInfo) XXX_Size ¶ added in v1.0.0
func (m *SealKeyInfo) XXX_Size() int
func (*SealKeyInfo) XXX_Unmarshal ¶ added in v1.0.0
func (m *SealKeyInfo) XXX_Unmarshal(b []byte) error
type SealedFunction ¶ added in v0.8.0
type SealedFunction func() bool
type ServiceDiscovery ¶ added in v0.6.0
type ServiceDiscovery interface { // NotifyActiveStateChange is used by Core to notify a backend // capable of ServiceDiscovery that this Vault instance has changed // its status to active or standby. NotifyActiveStateChange() error // NotifySealedStateChange is used by Core to notify a backend // capable of ServiceDiscovery that Vault has changed its Sealed // status to sealed or unsealed. NotifySealedStateChange() error // NotifyPerformanceStandbyStateChange is used by Core to notify a backend // capable of ServiceDiscovery that this Vault instance has changed it // status to performance standby or standby. NotifyPerformanceStandbyStateChange() error // Run executes any background service discovery tasks until the // shutdown channel is closed. RunServiceDiscovery(waitGroup *sync.WaitGroup, shutdownCh ShutdownChannel, redirectAddr string, activeFunc ActiveFunction, sealedFunc SealedFunction, perfStandbyFunc PerformanceStandbyFunction) error }
ServiceDiscovery is an optional interface that an HABackend can implement. If they do, the state of a backend is advertised to the service discovery network.
type StorageEncoding ¶ added in v1.0.0
type StorageEncoding struct {
Backend
}
StorageEncoding is used to add errors into underlying physical requests
func (*StorageEncoding) Delete ¶ added in v1.0.0
func (e *StorageEncoding) Delete(ctx context.Context, key string) error
func (*StorageEncoding) Purge ¶ added in v1.0.0
func (e *StorageEncoding) Purge(ctx context.Context)
func (*StorageEncoding) Put ¶ added in v1.0.0
func (e *StorageEncoding) Put(ctx context.Context, entry *Entry) error
func (*StorageEncoding) SetEnabled ¶ added in v1.0.0
func (e *StorageEncoding) SetEnabled(enabled bool)
type ToggleablePurgemonster ¶ added in v0.9.2
ToggleablePurgemonster is an interface for backends that can toggle on or off special functionality and/or support purging. This is only used for the cache, don't use it for other things.
type Transactional ¶ added in v0.7.0
type Transactional interface { // The function to run a transaction Transaction(context.Context, []*TxnEntry) error }
Transactional is an optional interface for backends that support doing transactional updates of multiple keys. This is required for some features such as replication.
type TransactionalBackend ¶ added in v0.11.2
type TransactionalBackend interface { Backend Transactional }
type TransactionalCache ¶ added in v0.8.0
type TransactionalCache struct { *Cache Transactional }
TransactionalCache is a Cache that wraps the physical that is transactional
func NewTransactionalCache ¶ added in v0.8.0
func NewTransactionalCache(b Backend, size int, logger log.Logger) *TransactionalCache
func (*TransactionalCache) Transaction ¶ added in v0.8.0
func (c *TransactionalCache) Transaction(ctx context.Context, txns []*TxnEntry) error
type TransactionalErrorInjector ¶ added in v0.11.2
type TransactionalErrorInjector struct { *ErrorInjector Transactional }
TransactionalErrorInjector is the transactional version of the error injector
func NewTransactionalErrorInjector ¶ added in v0.11.2
func NewTransactionalErrorInjector(b Backend, errorPercent int, logger log.Logger) *TransactionalErrorInjector
NewTransactionalErrorInjector creates a new transactional ErrorInjector
func (*TransactionalErrorInjector) Transaction ¶ added in v0.11.2
func (e *TransactionalErrorInjector) Transaction(ctx context.Context, txns []*TxnEntry) error
type TransactionalLatencyInjector ¶ added in v0.8.3
type TransactionalLatencyInjector struct { *LatencyInjector Transactional }
TransactionalLatencyInjector is the transactional version of the latency injector
func NewTransactionalLatencyInjector ¶ added in v0.8.3
func NewTransactionalLatencyInjector(b Backend, latency time.Duration, jitter int, logger log.Logger) *TransactionalLatencyInjector
NewTransactionalLatencyInjector creates a new transactional LatencyInjector
func (*TransactionalLatencyInjector) Transaction ¶ added in v0.8.3
func (l *TransactionalLatencyInjector) Transaction(ctx context.Context, txns []*TxnEntry) error
Transaction is a latent transaction request
type TransactionalStorageEncoding ¶ added in v1.0.0
type TransactionalStorageEncoding struct { *StorageEncoding Transactional }
TransactionalStorageEncoding is the transactional version of the error injector
func (*TransactionalStorageEncoding) Transaction ¶ added in v1.0.0
func (e *TransactionalStorageEncoding) Transaction(ctx context.Context, txns []*TxnEntry) error
type TxnEntry ¶ added in v0.7.0
TxnEntry is an operation that takes atomically as part of a transactional update. Only supported by Transactional backends.
type View ¶ added in v0.8.0
type View struct {
// contains filtered or unexported fields
}
View represents a prefixed view of a physical backend
func NewView ¶ added in v0.8.0
NewView takes an underlying physical backend and returns a view of it that can only operate with the given prefix.