sql

package
v0.11.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 4, 2021 License: Apache-2.0 Imports: 39 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// MySQL database type
	MySQL = "mysql"
	// PostgreSQL database type
	PostgreSQL = "postgres"
	// SQLite database type
	SQLite = "sqlite3"
)

Variables

This section is empty.

Functions

func BuiltIn

func BuiltIn() catalog.Plugin

Types

type AttestedNode

type AttestedNode struct {
	Model

	SpiffeID        string `gorm:"unique_index"`
	DataType        string
	SerialNumber    string
	ExpiresAt       time.Time
	NewSerialNumber string
	NewExpiresAt    *time.Time

	Selectors []*NodeSelector
}

AttestedNode holds an attested node (agent)

func (AttestedNode) TableName

func (AttestedNode) TableName() string

TableName gets table name of AttestedNode

type Bundle

type Bundle struct {
	Model

	TrustDomain string `gorm:"not null;unique_index"`
	Data        []byte `gorm:"size:16777215"` // make MySQL to use MEDIUMBLOB (max 24MB) - doesn't affect PostgreSQL/SQLite

	FederatedEntries []RegisteredEntry `gorm:"many2many:federated_registration_entries;"`
}

Bundle holds a trust bundle.

type DNSName

type DNSName struct {
	Model

	RegisteredEntryID uint   `gorm:"unique_index:idx_dns_entry"`
	Value             string `gorm:"unique_index:idx_dns_entry"`
}

DNSName holds a DNS for a registration entry

func (DNSName) TableName

func (DNSName) TableName() string

TableName gets table name for DNS entries

type JoinToken

type JoinToken struct {
	Model

	Token  string `gorm:"unique_index"`
	Expiry int64
}

JoinToken holds a join token

type Migration

type Migration struct {
	Model

	// Database version
	Version int

	// SPIRE Code versioning
	CodeVersion string
}

Migration holds database schema version number, and the SPIRE Code version number

type Model

type Model struct {
	ID        uint `gorm:"primary_key"`
	CreatedAt time.Time
	UpdatedAt time.Time
}

Model is used as a base for other models. Similar to gorm.Model without `DeletedAt`. We don't want soft-delete support.

type NodeSelector

type NodeSelector struct {
	Model

	SpiffeID string `gorm:"unique_index:idx_node_resolver_map"`
	Type     string `gorm:"unique_index:idx_node_resolver_map"`
	Value    string `gorm:"unique_index:idx_node_resolver_map"`
}

NodeSelector holds a node selector by spiffe ID

func (NodeSelector) TableName

func (NodeSelector) TableName() string

TableName gets table name of NodeSelector

type Plugin

type Plugin struct {
	// contains filtered or unexported fields
}

Plugin is a DataStore plugin implemented via a SQL database

func New

func New() *Plugin

New creates a new sql plugin struct. Configure must be called in order to start the db.

func (*Plugin) AppendBundle

func (ds *Plugin) AppendBundle(ctx context.Context, req *datastore.AppendBundleRequest) (resp *datastore.AppendBundleResponse, err error)

AppendBundle append bundle contents to the existing bundle (by trust domain). If no existing one is present, create it.

func (*Plugin) Configure

func (ds *Plugin) Configure(ctx context.Context, req *spi.ConfigureRequest) (*spi.ConfigureResponse, error)

Configure parses HCL config payload into config struct, and opens new DB based on the result

func (*Plugin) CreateAttestedNode

func (ds *Plugin) CreateAttestedNode(ctx context.Context,
	req *datastore.CreateAttestedNodeRequest) (resp *datastore.CreateAttestedNodeResponse, err error)

CreateAttestedNode stores the given attested node

func (*Plugin) CreateBundle

func (ds *Plugin) CreateBundle(ctx context.Context, req *datastore.CreateBundleRequest) (resp *datastore.CreateBundleResponse, err error)

CreateBundle stores the given bundle

func (*Plugin) CreateJoinToken

func (ds *Plugin) CreateJoinToken(ctx context.Context, req *datastore.CreateJoinTokenRequest) (resp *datastore.CreateJoinTokenResponse, err error)

CreateJoinToken takes a Token message and stores it

func (*Plugin) CreateRegistrationEntry

CreateRegistrationEntry stores the given registration entry

func (*Plugin) DeleteAttestedNode

func (ds *Plugin) DeleteAttestedNode(ctx context.Context,
	req *datastore.DeleteAttestedNodeRequest) (resp *datastore.DeleteAttestedNodeResponse, err error)

DeleteAttestedNode deletes the given attested node

func (*Plugin) DeleteBundle

func (ds *Plugin) DeleteBundle(ctx context.Context, req *datastore.DeleteBundleRequest) (resp *datastore.DeleteBundleResponse, err error)

DeleteBundle deletes the bundle with the matching TrustDomain. Any CACert data passed is ignored.

func (*Plugin) DeleteJoinToken

func (ds *Plugin) DeleteJoinToken(ctx context.Context, req *datastore.DeleteJoinTokenRequest) (resp *datastore.DeleteJoinTokenResponse, err error)

DeleteJoinToken deletes the given join token

func (*Plugin) DeleteRegistrationEntry

DeleteRegistrationEntry deletes the given registration

func (*Plugin) FetchAttestedNode

func (ds *Plugin) FetchAttestedNode(ctx context.Context,
	req *datastore.FetchAttestedNodeRequest) (resp *datastore.FetchAttestedNodeResponse, err error)

FetchAttestedNode fetches an existing attested node by SPIFFE ID

func (*Plugin) FetchBundle

func (ds *Plugin) FetchBundle(ctx context.Context, req *datastore.FetchBundleRequest) (resp *datastore.FetchBundleResponse, err error)

FetchBundle returns the bundle matching the specified Trust Domain.

func (*Plugin) FetchJoinToken

func (ds *Plugin) FetchJoinToken(ctx context.Context, req *datastore.FetchJoinTokenRequest) (resp *datastore.FetchJoinTokenResponse, err error)

FetchJoinToken takes a Token message and returns one, populating the fields we have knowledge of

func (*Plugin) FetchRegistrationEntry

FetchRegistrationEntry fetches an existing registration by entry ID

func (*Plugin) GetNodeSelectors

func (ds *Plugin) GetNodeSelectors(ctx context.Context,
	req *datastore.GetNodeSelectorsRequest) (resp *datastore.GetNodeSelectorsResponse, err error)

GetNodeSelectors gets node (agent) selectors by SPIFFE ID

func (*Plugin) GetPluginInfo

GetPluginInfo returns the sql plugin

func (*Plugin) ListAttestedNodes

func (ds *Plugin) ListAttestedNodes(ctx context.Context,
	req *datastore.ListAttestedNodesRequest) (resp *datastore.ListAttestedNodesResponse, err error)

ListAttestedNodes lists all attested nodes (pagination available)

func (*Plugin) ListBundles

func (ds *Plugin) ListBundles(ctx context.Context, req *datastore.ListBundlesRequest) (resp *datastore.ListBundlesResponse, err error)

ListBundles can be used to fetch all existing bundles.

func (*Plugin) ListRegistrationEntries

ListRegistrationEntries lists all registrations (pagination available)

func (*Plugin) PruneBundle

func (ds *Plugin) PruneBundle(ctx context.Context, req *datastore.PruneBundleRequest) (resp *datastore.PruneBundleResponse, err error)

PruneBundle removes expired certs and keys from a bundle

func (*Plugin) PruneJoinTokens

func (ds *Plugin) PruneJoinTokens(ctx context.Context, req *datastore.PruneJoinTokensRequest) (resp *datastore.PruneJoinTokensResponse, err error)

PruneJoinTokens takes a Token message, and deletes all tokens which have expired before the date in the message

func (*Plugin) PruneRegistrationEntries

PruneRegistrationEntries takes a registration entry message, and deletes all entries which have expired before the date in the message

func (*Plugin) SetBundle

func (ds *Plugin) SetBundle(ctx context.Context, req *datastore.SetBundleRequest) (resp *datastore.SetBundleResponse, err error)

SetBundle sets bundle contents. If no bundle exists for the trust domain, it is created.

func (*Plugin) SetLogger

func (ds *Plugin) SetLogger(logger hclog.Logger)

func (*Plugin) SetNodeSelectors

func (ds *Plugin) SetNodeSelectors(ctx context.Context, req *datastore.SetNodeSelectorsRequest) (resp *datastore.SetNodeSelectorsResponse, err error)

SetNodeSelectors sets node (agent) selectors by SPIFFE ID, deleting old selectors first

func (*Plugin) UpdateAttestedNode

func (ds *Plugin) UpdateAttestedNode(ctx context.Context,
	req *datastore.UpdateAttestedNodeRequest) (resp *datastore.UpdateAttestedNodeResponse, err error)

UpdateAttestedNode updates the given node's cert serial and expiration.

func (*Plugin) UpdateBundle

func (ds *Plugin) UpdateBundle(ctx context.Context, req *datastore.UpdateBundleRequest) (resp *datastore.UpdateBundleResponse, err error)

UpdateBundle updates an existing bundle with the given CAs. Overwrites any existing certificates.

func (*Plugin) UpdateRegistrationEntry

UpdateRegistrationEntry updates an existing registration entry

type RegisteredEntry

type RegisteredEntry struct {
	Model

	EntryID  string `gorm:"unique_index"`
	SpiffeID string `gorm:"index"`
	ParentID string `gorm:"index"`
	// TTL of identities derived from this entry
	TTL           int32
	Selectors     []Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
	Downstream    bool
	// (optional) expiry of this entry
	Expiry int64 `gorm:"index"`
	// (optional) DNS entries
	DNSList []DNSName

	// RevisionNumber is a counter that is incremented when the entry is
	// updated.
	RevisionNumber int64
}

RegisteredEntry holds a registered entity entry

type Selector

type Selector struct {
	Model

	RegisteredEntryID uint   `gorm:"unique_index:idx_selector_entry"`
	Type              string `gorm:"unique_index:idx_selector_entry;index:idx_selectors_type_value"`
	Value             string `gorm:"unique_index:idx_selector_entry;index:idx_selectors_type_value"`
}

type V10RegisteredEntry added in v0.10.0

type V10RegisteredEntry struct {
	Model

	EntryID  string `gorm:"unique_index"`
	SpiffeID string `gorm:"index"`
	ParentID string `gorm:"index"`
	// TTL of identities derived from this entry
	TTL           int32
	Selectors     []Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
	Downstream    bool
	// (optional) expiry of this entry
	Expiry int64 `gorm:"index"`
	// (optional) DNS entries
	DNSList []DNSName
}

V10RegisteredEntry holds a registered entity entry

func (V10RegisteredEntry) TableName added in v0.10.0

func (V10RegisteredEntry) TableName() string

TableName gets table name for v10 registered entry

type V11Migration

type V11Migration struct {
	Model

	// Database version
	Version int
}

func (V11Migration) TableName

func (V11Migration) TableName() string

TableName gets table name for v11 migrations table

type V3AttestedNode

type V3AttestedNode struct {
	Model

	SpiffeID     string `gorm:"unique_index"`
	DataType     string
	SerialNumber string
	ExpiresAt    time.Time
}

func (V3AttestedNode) TableName

func (V3AttestedNode) TableName() string

type V3Bundle

type V3Bundle struct {
	Model

	TrustDomain string `gorm:"not null;unique_index"`
	CACerts     []V3CACert

	FederatedEntries []RegisteredEntry `gorm:"many2many:federated_registration_entries;"`
}

V3Bundle holds a version 3 trust bundle

func (V3Bundle) TableName

func (V3Bundle) TableName() string

TableName get table name for v3 bundle

type V3CACert

type V3CACert struct {
	Model

	Cert   []byte    `gorm:"not null"`
	Expiry time.Time `gorm:"not null;index"`

	BundleID uint `gorm:"not null;index" sql:"type:integer REFERENCES bundles(id)"`
}

V3CACert holds a version 3 CA certificate

func (V3CACert) TableName

func (V3CACert) TableName() string

TableName gets table name for v3 bundle

type V4RegisteredEntry

type V4RegisteredEntry struct {
	Model

	EntryID       string `gorm:"unique_index"`
	SpiffeID      string
	ParentID      string
	TTL           int32
	Selectors     []V8Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
}

V4RegisteredEntry holds a version 4 registered entry

func (V4RegisteredEntry) TableName

func (V4RegisteredEntry) TableName() string

TableName gets table name for v4 registered entry

type V5RegisteredEntry

type V5RegisteredEntry struct {
	Model

	EntryID       string `gorm:"unique_index"`
	SpiffeID      string
	ParentID      string
	TTL           int32
	Selectors     []V8Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
}

V5RegisteredEntry holds a version 5 registered entry

func (V5RegisteredEntry) TableName

func (V5RegisteredEntry) TableName() string

TableName gets table name for v5 registered entry

type V6RegisteredEntry

type V6RegisteredEntry struct {
	Model

	EntryID       string `gorm:"unique_index"`
	SpiffeID      string
	ParentID      string
	TTL           int32
	Selectors     []V8Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
	Downstream    bool
}

V6RegisteredEntry holds a version 6 registered entry

func (V6RegisteredEntry) TableName

func (V6RegisteredEntry) TableName() string

TableName gets table name for v6 registered entry

type V7RegisteredEntry

type V7RegisteredEntry struct {
	Model

	EntryID  string `gorm:"unique_index"`
	SpiffeID string
	ParentID string
	// TTL of identities derived from this entry
	TTL           int32
	Selectors     []V8Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
	Downstream    bool
	// (optional) expiry of this entry
	Expiry int64
}

V7RegisteredEntry holds a version 7 registered entry

func (V7RegisteredEntry) TableName

func (V7RegisteredEntry) TableName() string

TableName gets table name for v7 registered entry

type V8RegisteredEntry

type V8RegisteredEntry struct {
	Model

	EntryID  string `gorm:"unique_index"`
	SpiffeID string
	ParentID string
	// TTL of identities derived from this entry
	TTL           int32
	Selectors     []V8Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
	Downstream    bool
	// (optional) expiry of this entry
	Expiry int64
	// (optional) DNS entries
	DNSList []DNSName
}

func (V8RegisteredEntry) TableName

func (V8RegisteredEntry) TableName() string

TableName gets table name for v8 registered entry

type V8Selector

type V8Selector struct {
	Model

	RegisteredEntryID uint   `gorm:"unique_index:idx_selector_entry"`
	Type              string `gorm:"unique_index:idx_selector_entry"`
	Value             string `gorm:"unique_index:idx_selector_entry"`
}

type V9RegisteredEntry

type V9RegisteredEntry struct {
	Model

	EntryID  string `gorm:"unique_index"`
	SpiffeID string `gorm:"index"`
	ParentID string `gorm:"index"`
	// TTL of identities derived from this entry
	TTL           int32
	Selectors     []Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
	Downstream    bool
	// (optional) expiry of this entry
	Expiry int64
	// (optional) DNS entries
	DNSList []DNSName
}

func (V9RegisteredEntry) TableName

func (V9RegisteredEntry) TableName() string

TableName gets table name for v9 registered entry

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL