config

package
v3.0.0-...-a5432f4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2025 License: Apache-2.0 Imports: 17 Imported by: 21

Documentation

Index

Constants

View Source 
const SymmetricCrypterKeyBytes = 32

SymmetricCrypterKeyBytes is the required key size in bytes.

Variables

View Source 
var (
	NopDecrypter Decrypter = nopCrypter{}
	NopEncrypter Encrypter = nopCrypter{}
)

Functions

func DefaultBulkDecrypt 

func DefaultBulkDecrypt(ctx context.Context,
	decrypter Decrypter, ciphertexts []string,
) (map[string]string, error)

DefaultBulkDecrypt decrypts a list of ciphertexts. Each ciphertext is decrypted individually. The returned map maps from ciphertext to plaintext. This should only be used by implementers of Decrypter to implement their BulkDecrypt method in cases where they can't do more efficient than just individual decryptions.

Types

type Crypter 

type Crypter interface {
	Encrypter
	Decrypter
}

Crypter can both encrypt and decrypt values. 

var Base64Crypter Crypter = &base64Crypter{}

Base64Crypter is a Crypter that "encrypts" by encoding the string to base64. 

var BlindingCrypter Crypter = blindingCrypter{}

BlindingCrypter returns a Crypter that instead of decrypting or encrypting data, just returns "[secret]", it can be used when you want to display configuration information to a user but don't want to prompt for a password so secrets will not be decrypted or encrypted.

func NewPanicCrypter 

func NewPanicCrypter() Crypter

NewPanicCrypter returns a new config crypter that will panic if used.

func NewSymmetricCrypter 

func NewSymmetricCrypter(key []byte) Crypter

NewSymmetricCrypter creates a crypter that encrypts and decrypts values using AES-256-GCM. The nonce is stored with the value itself as a pair of base64 values separated by a colon and a version tag `v1` is prepended.

func NewSymmetricCrypterFromPassphrase 

func NewSymmetricCrypterFromPassphrase(phrase string, salt []byte) Crypter

NewSymmetricCrypterFromPassphrase uses a passphrase and salt to generate a key, and then returns a crypter using it.

type Decrypter 

type Decrypter interface {
	DecryptValue(ctx context.Context, ciphertext string) (string, error)

	// BulkDecrypt supports bulk decryption of secrets.
	BulkDecrypt(ctx context.Context, ciphertexts []string) (map[string]string, error)
}

Decrypter decrypts encrypted ciphertext to its plaintext representation.

func NewBlindingDecrypter 

func NewBlindingDecrypter() Decrypter

NewBlindingDecrypter returns a blinding decrypter.

type Encrypter 

type Encrypter interface {
	EncryptValue(ctx context.Context, plaintext string) (string, error)
}

Encrypter encrypts plaintext into its encrypted ciphertext.

type Key 

type Key struct {
	// contains filtered or unexported fields
}

func MustMakeKey 

func MustMakeKey(namespace string, name string) Key

MustMakeKey constructs a config.Key for a given namespace and name. The namespace may not contain a `:`

func MustParseKey 

func MustParseKey(s string) Key

MustParseKey creates a config.Key from a string. The string must be of the form `<namespace>:<name>`.

func ParseKey 

func ParseKey(s string) (Key, error)

func (Key) MarshalJSON 

func (k Key) MarshalJSON() ([]byte, error)

func (Key) MarshalYAML 

func (k Key) MarshalYAML() (interface{}, error)

func (*Key) Name 

func (k *Key) Name() string

func (*Key) Namespace 

func (k *Key) Namespace() string

func (Key) String 

func (k Key) String() string

func (*Key) UnmarshalJSON 

func (k *Key) UnmarshalJSON(b []byte) error

func (*Key) UnmarshalYAML 

func (k *Key) UnmarshalYAML(unmarshal func(interface{}) error) error

type KeyArray 

type KeyArray []Key

func (KeyArray) Len 

func (k KeyArray) Len() int

func (KeyArray) Less 

func (k KeyArray) Less(i int, j int) bool

func (KeyArray) Swap 

func (k KeyArray) Swap(i int, j int)

type Map 

type Map map[Key]Value

Map is a bag of config stored in the settings file.

func (Map) AsDecryptedPropertyMap 

func (m Map) AsDecryptedPropertyMap(ctx context.Context, decrypter Decrypter) (resource.PropertyMap, error)

AsDecryptedPropertyMap returns the config as a property map, with secret values decrypted.

func (Map) Copy 

func (m Map) Copy(decrypter Decrypter, encrypter Encrypter) (Map, error)

func (Map) Decrypt 

func (m Map) Decrypt(decrypter Decrypter) (map[Key]string, error)

Decrypt returns the configuration as a map from module member to decrypted value.

func (Map) Get 

func (m Map) Get(k Key, path bool) (_ Value, ok bool, err error)

Get gets the value for a given key. If path is true, the key's name portion is treated as a path.

func (Map) HasSecureValue 

func (m Map) HasSecureValue() bool

HasSecureValue returns true if the config map contains a secure (encrypted) value.

func (Map) MarshalJSON 

func (m Map) MarshalJSON() ([]byte, error)

func (Map) MarshalYAML 

func (m Map) MarshalYAML() (interface{}, error)

func (Map) Remove 

func (m Map) Remove(k Key, path bool) error

Remove removes the value for a given key. If path is true, the key's name portion is treated as a path.

func (Map) SecureKeys 

func (m Map) SecureKeys() []Key

SecureKeys returns a list of keys that have secure values.

func (Map) Set 

func (m Map) Set(k Key, v Value, path bool) error

Set sets the value for a given key. If path is true, the key's name portion is treated as a path.

func (*Map) UnmarshalJSON 

func (m *Map) UnmarshalJSON(b []byte) error

func (*Map) UnmarshalYAML 

func (m *Map) UnmarshalYAML(unmarshal func(interface{}) error) error

type Plaintext 

type Plaintext struct {
	// contains filtered or unexported fields
}

Plaintext is a single plaintext config value.

func NewPlaintext 

func NewPlaintext[T PlaintextType](v T) Plaintext

NewPlaintext creates a new plaintext config value.

func NewSecurePlaintext 

func NewSecurePlaintext(plaintext string) Plaintext

NewSecurePlaintext creates a new secure string with the given plaintext.

func (Plaintext) Encrypt 

func (c Plaintext) Encrypt(ctx context.Context, encrypter Encrypter) (Value, error)

Encrypt converts the receiver as a Value. All secure strings in the result are encrypted using encrypter.

func (Plaintext) GoValue 

func (c Plaintext) GoValue() any

GoValue returns the inner plaintext value as a plain Go value:

  • secure strings are mapped to their plaintext
  • []Plaintext values are mapped to []any values
  • map[string]Plaintext values are mapped to map[string]any values

func (Plaintext) MarshalJSON 

func (c Plaintext) MarshalJSON() ([]byte, error)

func (Plaintext) MarshalYAML 

func (c Plaintext) MarshalYAML() (any, error)

func (Plaintext) PropertyValue 

func (c Plaintext) PropertyValue() resource.PropertyValue

func (Plaintext) Secure 

func (c Plaintext) Secure() bool

Secure returns true if the receiver is a secure string or a composite value that contains a secure string.

func (*Plaintext) UnmarshalJSON 

func (c *Plaintext) UnmarshalJSON(b []byte) error

func (*Plaintext) UnmarshalYAML 

func (c *Plaintext) UnmarshalYAML(unmarshal func(any) error) error

func (Plaintext) Value 

func (c Plaintext) Value() any

Value returns the inner plaintext value.

The returned value satisfies the PlaintextType constraint.

type PlaintextType 

type PlaintextType interface {
	bool | int64 | float64 | string | []Plaintext | map[string]Plaintext
}

PlaintextType describes the allowed types for a Plaintext.

type Value 

type Value struct {
	// contains filtered or unexported fields
}

Value is a single config value.

func NewObjectValue 

func NewObjectValue(v string) Value

func NewSecureObjectValue 

func NewSecureObjectValue(v string) Value

func NewSecureValue 

func NewSecureValue(v string) Value

func NewValue 

func NewValue(v string) Value

func (Value) Copy 

func (c Value) Copy(decrypter Decrypter, encrypter Encrypter) (Value, error)

func (Value) Decrypt 

func (c Value) Decrypt(ctx context.Context, decrypter Decrypter) (Plaintext, error)

func (Value) MarshalJSON 

func (c Value) MarshalJSON() ([]byte, error)

func (Value) MarshalYAML 

func (c Value) MarshalYAML() (interface{}, error)

func (Value) Merge 

func (c Value) Merge(base Value) (Value, error)

func (Value) Object 

func (c Value) Object() bool

func (Value) Secure 

func (c Value) Secure() bool

func (Value) SecureValues 

func (c Value) SecureValues(decrypter Decrypter) ([]string, error)

func (Value) ToObject 

func (c Value) ToObject() (any, error)

ToObject returns the string value (if not an object), or the unmarshalled JSON object (if an object).

func (*Value) UnmarshalJSON 

func (c *Value) UnmarshalJSON(b []byte) (err error)

func (*Value) UnmarshalYAML 

func (c *Value) UnmarshalYAML(unmarshal func(interface{}) error) (err error)

func (Value) Value 

func (c Value) Value(decrypter Decrypter) (string, error)

Value fetches the value of this configuration entry, using decrypter to decrypt if necessary. If the value is a secret and decrypter is nil, or if decryption fails for any reason, a non-nil error is returned.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.