sys

package

v0.19.1 Latest Latest Go to latest Published: Mar 24, 2022 License: AGPL-3.0 Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/minio/kes

Links

Open Source Insights

Documentation ¶

Index ¶

type Enclave
- func NewEnclave(keys key.Store, policies auth.PolicySet, identities auth.IdentitySet) *Enclave
type Vault
- func NewStatelessVault(operator kes.Identity, keys key.Store, policies auth.PolicySet, ...) Vault

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Enclave ¶

type Enclave struct {
	// contains filtered or unexported fields
}

An Enclave is shielded environment with a Vault that stores keys, policies and identities.

func NewEnclave ¶

func NewEnclave(keys key.Store, policies auth.PolicySet, identities auth.IdentitySet) *Enclave

NewEnclave returns a new Enclave with the given key store, policy set and identity set.

func (*Enclave) AssignPolicy ¶

func (e *Enclave) AssignPolicy(ctx context.Context, policy string, identity kes.Identity) error

AssignPolicy assigns the policy to the identity.

func (*Enclave) CreateKey ¶

func (e *Enclave) CreateKey(ctx context.Context, name string, key key.Key) error

CreateKey stores the given key if and only if no entry with the given name exists.

It returns kes.ErrKeyExists if such an entry exists.

func (*Enclave) DeleteIdentity ¶

func (e *Enclave) DeleteIdentity(ctx context.Context, identities kes.Identity) error

DeleteIdentity deletes the given identity.

func (*Enclave) DeleteKey ¶

func (e *Enclave) DeleteKey(ctx context.Context, name string) error

DeleteKey deletes the key associated with the given name.

func (*Enclave) DeletePolicy ¶

func (e *Enclave) DeletePolicy(ctx context.Context, name string) error

DeletePolicy deletes the policy associated with the given name.

func (*Enclave) GetIdentity ¶

func (e *Enclave) GetIdentity(ctx context.Context, identity kes.Identity) (auth.IdentityInfo, error)

GetIdentity returns metadata about the given identity.

func (*Enclave) GetKey ¶

func (e *Enclave) GetKey(ctx context.Context, name string) (key.Key, error)

GetKey returns the key associated with the given name.

It returns kes.ErrKeyNotFound if no such entry exists.

func (*Enclave) GetPolicy ¶

func (e *Enclave) GetPolicy(ctx context.Context, name string) (*auth.Policy, error)

GetPolicy returns the policy associated with the given name.

It returns kes.ErrPolicyNotFound when no such entry exists.

func (*Enclave) ListIdentities ¶

func (e *Enclave) ListIdentities(ctx context.Context) (auth.IdentityIterator, error)

ListIdentities returns an iterator over all identites within the Enclave.

The iterator makes no guarantees about whether concurrent changes to the enclave - i.e. assignment or deletion of identities - are reflected. It does not provide any ordering guarantees.

func (*Enclave) ListKeys ¶

func (e *Enclave) ListKeys(ctx context.Context) (key.Iterator, error)

ListKeys returns a new iterator over all keys within the Enclave.

The iterator makes no guarantees about whether concurrent changes to the enclave - i.e. creation or deletion of keys - are reflected. It does not provide any ordering guarantees.

func (*Enclave) ListPolicies ¶

func (e *Enclave) ListPolicies(ctx context.Context) (auth.PolicyIterator, error)

ListPolicies returns a new iterator over all policies within the Enclave.

The iterator makes no guarantees about whether concurrent changes to the enclave - i.e. creation or deletion of policies - are reflected. It does not provide any ordering guarantees.

func (*Enclave) SetPolicy ¶

func (e *Enclave) SetPolicy(ctx context.Context, name string, policy *auth.Policy) error

SetPolicy creates or overwrites the policy with the given name.

func (*Enclave) Status ¶

func (e *Enclave) Status(ctx context.Context) (key.StoreState, error)

Status returns the current state of the key store.

If Status fails to reach the Store - e.g. due to a network error - it returns a StoreState with StoreUnreachable and no error.

func (*Enclave) VerifyRequest ¶

func (e *Enclave) VerifyRequest(r *http.Request) error

VerifyRequest verifies the given request is allowed based on the policies and identities within the Enclave.

type Vault ¶

type Vault interface {
	// Seal seals the Vault. Once sealed, any subsequent operation
	// returns ErrSealed.
	//
	// It returns ErrSealed if the Vault is already sealed.
	Seal(ctx context.Context) error

	// Unseal unseals the Vault.
	//
	// It returns no error If the Vault is already unsealed.
	Unseal(ctx context.Context) error

	// Operator returns the identity of the Vault operator.
	Operator(context.Context) (kes.Identity, error)

	// CreateEnclave creates and returns a new Enclave if and only if
	// no Enclave with the given name exists.
	//
	// It returns ErrEnclaveExists if an Enclave with the given name
	// already exists.
	CreateEnclave(ctx context.Context, name string) (*Enclave, error)

	// GetEnclave returns the Enclave associated with the given name.
	//
	// It returns ErrEnclaveNotFound if no Enclave with the given
	// name exists.
	GetEnclave(ctx context.Context, name string) (*Enclave, error)

	// DeleteEnclave deletes the Enclave with the given name.
	DeleteEnclave(ctx context.Context, name string) error
}

A Vault manages a set of Enclaves.

It is either in a sealed or unsealed state. When the Vault is sealed it does not process any requests except unseal requests. Once unsealed, Vault provides access to existing enclaves.

func NewStatelessVault ¶

func NewStatelessVault(operator kes.Identity, keys key.Store, policies auth.PolicySet, identites auth.IdentitySet) Vault

NewStatelessVault returns a new Vault with a single Enclave that uses the given key store, policy set and identity set.

The Vault is not able to create or delete enclaves.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL