configutil

package module
v2.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 8, 2024 License: MPL-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ParseTelemetry    = func(*ast.ObjectList) (interface{}, error) { return nil, nil }
	SanitizeTelemetry = func(interface{}) map[string]interface{} { return nil }
)

These two functions are overridden if metricsutil is invoked, but keep this module from needing to depend on metricsutil and its various deps otherwise. Import the metricsutil module, e.g.

_ "github.com/hashicorp/go-secure-stdlib/metricsutil"

in order to have telemetry be parsed.

View Source 
var (
	ConfigureWrapper             = configureWrapper
	CreateSecureRandomReaderFunc = createSecureRandomReader
)

Functions

func EncryptDecrypt 

func EncryptDecrypt(rawStr string, decrypt, strip bool, wrapper wrapping.Wrapper) (string, error)

func ParseEntropy 

func ParseEntropy(result *SharedConfig, list *ast.ObjectList, blockName string) error

Types

type EntSharedConfig 

type EntSharedConfig struct {
}

func (*EntSharedConfig) ParseConfig 

func (ec *EntSharedConfig) ParseConfig(list *ast.ObjectList) error

type Entropy 

type Entropy struct {
	Mode EntropyMode
}

type EntropyMode 

type EntropyMode int

Entropy contains Entropy configuration for the server 

const (
	EntropyUnknown EntropyMode = iota
	EntropyAugmentation
)

type KMS 

type KMS struct {
	Type string
	// Purpose can be used to allow a string-based specification of what this
	// KMS is designated for, in situations where we want to allow more than
	// one KMS to be specified
	Purpose []string `hcl:"-"`

	// Disabled can be used by an application to understand intent. This was
	// mostly for Vault to enable seal migration and should be considered
	// deprecated in favor of using purposes.
	Disabled bool

	// PluginPath can be used, if using a file on disk as a wrapper plugin, to
	// specify a path to the file. This can also be specified via pluginutil
	// options from the application.
	PluginPath string `hcl:"plugin_path"`
	// PluginChecksum is a hex-encoded checksum using the specified
	// PluginHashMethod. Required when specifying a file path. It's hex-encoded
	// since most command-line tools output e.g. SHA sums as hex so it's
	// generally easier for the user to specify.
	PluginChecksum string `hcl:"plugin_checksum"`

	// PluginHashMethod specifies the hash algorithm to use. See pluginutil
	// for currently-supported hash mechanisms and their string representations.
	// Empty will default to "sha2-256".
	PluginHashMethod string `hcl:"plugin_hash_method"`

	// Config is passed to the underlying wrappers
	Config map[string]string
	// contains filtered or unexported fields
}

KMS contains KMS configuration for the server

func LoadConfigKMSes 

func LoadConfigKMSes(path string, opt ...Option) ([]*KMS, error)

LoadConfigKMSes loads KMS configuration from the provided path. Supported options:

  • WithMaxKmsBlocks

func ParseKMSes 

func ParseKMSes(d string, opt ...Option) ([]*KMS, error)

ParseKMSes loads KMS configuration from the provided string. Supported options:

  • WithMaxKmsBlocks

func (*KMS) GoString 

func (k *KMS) GoString() string

type Option 

type Option func(*options) error

Option - how Options are passed as arguments

func WithListenerOptions 

func WithListenerOptions(opts ...listenerutil.Option) Option

WithListenerOptions allows providing listener-related (as opposed to configutil-related) options.

func WithLogger 

func WithLogger(logger hclog.Logger) Option

WithLogger provides a way to override default logger for some purposes (e.g. kms plugins)

func WithMaxKmsBlocks 

func WithMaxKmsBlocks(blocks int) Option

WithMaxKmsBlocks provides a maximum number of allowed kms(/seal/hsm) blocks. Set negative for unlimited. 0 uses the lib default, which is currently unlimited.

func WithPluginOptions 

func WithPluginOptions(opts ...pluginutil.Option) Option

WithPluginOptions allows providing plugin-related (as opposed to configutil-related) options

type SharedConfig 

type SharedConfig struct {
	EntSharedConfig

	Listeners []*listenerutil.ListenerConfig `hcl:"-"`

	Seals   []*KMS   `hcl:"-"`
	Entropy *Entropy `hcl:"-"`

	DisableMlock    bool        `hcl:"-"`
	DisableMlockRaw interface{} `hcl:"disable_mlock"`

	Telemetry interface{} `hcl:"telemetry"`

	DefaultMaxRequestDuration    time.Duration `hcl:"-"`
	DefaultMaxRequestDurationRaw interface{}   `hcl:"default_max_request_duration"`

	// LogFormat specifies the log format. Valid values are "standard" and
	// "json". The values are case-insenstive. If no log format is specified,
	// then standard format will be used.
	LogFormat string `hcl:"log_format"`
	LogLevel  string `hcl:"log_level"`

	PidFile string `hcl:"pid_file"`

	ClusterName string `hcl:"cluster_name"`
}

SharedConfig contains some shared values

func LoadConfigFile 

func LoadConfigFile(path string, opt ...Option) (*SharedConfig, error)

LoadConfigFile loads the configuration from the given file. Supported options:

  • WithMaxKmsBlocks
  • WithListenerOptions

func ParseConfig 

func ParseConfig(d string, opt ...Option) (*SharedConfig, error)

ParseConfig parses the string d as a SharedConfig struct. Supported options:

  • WithMaxKmsBlocks
  • WithListenerOptions

func (*SharedConfig) Merge 

func (c *SharedConfig) Merge(c2 *SharedConfig) *SharedConfig

func (*SharedConfig) Sanitized 

func (c *SharedConfig) Sanitized() map[string]interface{}

Sanitized returns a copy of the config with all values that are considered sensitive stripped. It also strips all `*Raw` values that are mainly used for parsing.

Specifically, the fields that this method strips are: - KMS.Config - Telemetry.CirconusAPIToken

Source Files

View all Source files

Directories

Path Synopsis
testplugins
aead

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.