Documentation ¶
Index ¶
- Constants
- func BuiltIn() catalog.Plugin
- type AttestedNode
- type Bundle
- type DNSName
- type JoinToken
- type Migration
- type Model
- type NodeSelector
- type Plugin
- func (ds *Plugin) AppendBundle(ctx context.Context, req *datastore.AppendBundleRequest) (resp *datastore.AppendBundleResponse, err error)
- func (ds *Plugin) Configure(ctx context.Context, req *spi.ConfigureRequest) (*spi.ConfigureResponse, error)
- func (ds *Plugin) CreateAttestedNode(ctx context.Context, req *datastore.CreateAttestedNodeRequest) (resp *datastore.CreateAttestedNodeResponse, err error)
- func (ds *Plugin) CreateBundle(ctx context.Context, req *datastore.CreateBundleRequest) (resp *datastore.CreateBundleResponse, err error)
- func (ds *Plugin) CreateJoinToken(ctx context.Context, req *datastore.CreateJoinTokenRequest) (resp *datastore.CreateJoinTokenResponse, err error)
- func (ds *Plugin) CreateRegistrationEntry(ctx context.Context, req *datastore.CreateRegistrationEntryRequest) (resp *datastore.CreateRegistrationEntryResponse, err error)
- func (ds *Plugin) DeleteAttestedNode(ctx context.Context, req *datastore.DeleteAttestedNodeRequest) (resp *datastore.DeleteAttestedNodeResponse, err error)
- func (ds *Plugin) DeleteBundle(ctx context.Context, req *datastore.DeleteBundleRequest) (resp *datastore.DeleteBundleResponse, err error)
- func (ds *Plugin) DeleteJoinToken(ctx context.Context, req *datastore.DeleteJoinTokenRequest) (resp *datastore.DeleteJoinTokenResponse, err error)
- func (ds *Plugin) DeleteRegistrationEntry(ctx context.Context, req *datastore.DeleteRegistrationEntryRequest) (resp *datastore.DeleteRegistrationEntryResponse, err error)
- func (ds *Plugin) FetchAttestedNode(ctx context.Context, req *datastore.FetchAttestedNodeRequest) (resp *datastore.FetchAttestedNodeResponse, err error)
- func (ds *Plugin) FetchBundle(ctx context.Context, req *datastore.FetchBundleRequest) (resp *datastore.FetchBundleResponse, err error)
- func (ds *Plugin) FetchJoinToken(ctx context.Context, req *datastore.FetchJoinTokenRequest) (resp *datastore.FetchJoinTokenResponse, err error)
- func (ds *Plugin) FetchRegistrationEntry(ctx context.Context, req *datastore.FetchRegistrationEntryRequest) (resp *datastore.FetchRegistrationEntryResponse, err error)
- func (ds *Plugin) GetNodeSelectors(ctx context.Context, req *datastore.GetNodeSelectorsRequest) (resp *datastore.GetNodeSelectorsResponse, err error)
- func (*Plugin) GetPluginInfo(context.Context, *spi.GetPluginInfoRequest) (*spi.GetPluginInfoResponse, error)
- func (ds *Plugin) ListAttestedNodes(ctx context.Context, req *datastore.ListAttestedNodesRequest) (resp *datastore.ListAttestedNodesResponse, err error)
- func (ds *Plugin) ListBundles(ctx context.Context, req *datastore.ListBundlesRequest) (resp *datastore.ListBundlesResponse, err error)
- func (ds *Plugin) ListRegistrationEntries(ctx context.Context, req *datastore.ListRegistrationEntriesRequest) (resp *datastore.ListRegistrationEntriesResponse, err error)
- func (ds *Plugin) PruneBundle(ctx context.Context, req *datastore.PruneBundleRequest) (resp *datastore.PruneBundleResponse, err error)
- func (ds *Plugin) PruneJoinTokens(ctx context.Context, req *datastore.PruneJoinTokensRequest) (resp *datastore.PruneJoinTokensResponse, err error)
- func (ds *Plugin) PruneRegistrationEntries(ctx context.Context, req *datastore.PruneRegistrationEntriesRequest) (resp *datastore.PruneRegistrationEntriesResponse, err error)
- func (ds *Plugin) SetBundle(ctx context.Context, req *datastore.SetBundleRequest) (resp *datastore.SetBundleResponse, err error)
- func (ds *Plugin) SetLogger(logger hclog.Logger)
- func (ds *Plugin) SetNodeSelectors(ctx context.Context, req *datastore.SetNodeSelectorsRequest) (resp *datastore.SetNodeSelectorsResponse, err error)
- func (ds *Plugin) UpdateAttestedNode(ctx context.Context, req *datastore.UpdateAttestedNodeRequest) (resp *datastore.UpdateAttestedNodeResponse, err error)
- func (ds *Plugin) UpdateBundle(ctx context.Context, req *datastore.UpdateBundleRequest) (resp *datastore.UpdateBundleResponse, err error)
- func (ds *Plugin) UpdateRegistrationEntry(ctx context.Context, req *datastore.UpdateRegistrationEntryRequest) (resp *datastore.UpdateRegistrationEntryResponse, err error)
- type RegisteredEntry
- type Selector
- type V10RegisteredEntry
- type V11Migration
- type V3AttestedNode
- type V3Bundle
- type V3CACert
- type V4RegisteredEntry
- type V5RegisteredEntry
- type V6RegisteredEntry
- type V7RegisteredEntry
- type V8RegisteredEntry
- type V8Selector
- type V9RegisteredEntry
Constants ¶
const ( // MySQL database type MySQL = "mysql" // PostgreSQL database type PostgreSQL = "postgres" // SQLite database type SQLite = "sqlite3" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AttestedNode ¶
type AttestedNode struct { Model SpiffeID string `gorm:"unique_index"` DataType string SerialNumber string ExpiresAt time.Time NewSerialNumber string NewExpiresAt *time.Time Selectors []*NodeSelector }
AttestedNode holds an attested node (agent)
func (AttestedNode) TableName ¶
func (AttestedNode) TableName() string
TableName gets table name of AttestedNode
type Bundle ¶
type Bundle struct { Model TrustDomain string `gorm:"not null;unique_index"` Data []byte `gorm:"size:16777215"` // make MySQL to use MEDIUMBLOB (max 24MB) - doesn't affect PostgreSQL/SQLite FederatedEntries []RegisteredEntry `gorm:"many2many:federated_registration_entries;"` }
Bundle holds a trust bundle.
type DNSName ¶
type DNSName struct { Model RegisteredEntryID uint `gorm:"unique_index:idx_dns_entry"` Value string `gorm:"unique_index:idx_dns_entry"` }
DNSName holds a DNS for a registration entry
type Migration ¶
type Migration struct { Model // Database version Version int // SPIRE Code versioning CodeVersion string }
Migration holds database schema version number, and the SPIRE Code version number
type Model ¶
Model is used as a base for other models. Similar to gorm.Model without `DeletedAt`. We don't want soft-delete support.
type NodeSelector ¶
type NodeSelector struct { Model SpiffeID string `gorm:"unique_index:idx_node_resolver_map"` Type string `gorm:"unique_index:idx_node_resolver_map"` Value string `gorm:"unique_index:idx_node_resolver_map"` }
NodeSelector holds a node selector by spiffe ID
func (NodeSelector) TableName ¶
func (NodeSelector) TableName() string
TableName gets table name of NodeSelector
type Plugin ¶
type Plugin struct {
// contains filtered or unexported fields
}
Plugin is a DataStore plugin implemented via a SQL database
func New ¶
func New() *Plugin
New creates a new sql plugin struct. Configure must be called in order to start the db.
func (*Plugin) AppendBundle ¶
func (ds *Plugin) AppendBundle(ctx context.Context, req *datastore.AppendBundleRequest) (resp *datastore.AppendBundleResponse, err error)
AppendBundle append bundle contents to the existing bundle (by trust domain). If no existing one is present, create it.
func (*Plugin) Configure ¶
func (ds *Plugin) Configure(ctx context.Context, req *spi.ConfigureRequest) (*spi.ConfigureResponse, error)
Configure parses HCL config payload into config struct, and opens new DB based on the result
func (*Plugin) CreateAttestedNode ¶
func (ds *Plugin) CreateAttestedNode(ctx context.Context, req *datastore.CreateAttestedNodeRequest) (resp *datastore.CreateAttestedNodeResponse, err error)
CreateAttestedNode stores the given attested node
func (*Plugin) CreateBundle ¶
func (ds *Plugin) CreateBundle(ctx context.Context, req *datastore.CreateBundleRequest) (resp *datastore.CreateBundleResponse, err error)
CreateBundle stores the given bundle
func (*Plugin) CreateJoinToken ¶
func (ds *Plugin) CreateJoinToken(ctx context.Context, req *datastore.CreateJoinTokenRequest) (resp *datastore.CreateJoinTokenResponse, err error)
CreateJoinToken takes a Token message and stores it
func (*Plugin) CreateRegistrationEntry ¶
func (ds *Plugin) CreateRegistrationEntry(ctx context.Context, req *datastore.CreateRegistrationEntryRequest) (resp *datastore.CreateRegistrationEntryResponse, err error)
CreateRegistrationEntry stores the given registration entry
func (*Plugin) DeleteAttestedNode ¶
func (ds *Plugin) DeleteAttestedNode(ctx context.Context, req *datastore.DeleteAttestedNodeRequest) (resp *datastore.DeleteAttestedNodeResponse, err error)
DeleteAttestedNode deletes the given attested node
func (*Plugin) DeleteBundle ¶
func (ds *Plugin) DeleteBundle(ctx context.Context, req *datastore.DeleteBundleRequest) (resp *datastore.DeleteBundleResponse, err error)
DeleteBundle deletes the bundle with the matching TrustDomain. Any CACert data passed is ignored.
func (*Plugin) DeleteJoinToken ¶
func (ds *Plugin) DeleteJoinToken(ctx context.Context, req *datastore.DeleteJoinTokenRequest) (resp *datastore.DeleteJoinTokenResponse, err error)
DeleteJoinToken deletes the given join token
func (*Plugin) DeleteRegistrationEntry ¶
func (ds *Plugin) DeleteRegistrationEntry(ctx context.Context, req *datastore.DeleteRegistrationEntryRequest) (resp *datastore.DeleteRegistrationEntryResponse, err error)
DeleteRegistrationEntry deletes the given registration
func (*Plugin) FetchAttestedNode ¶
func (ds *Plugin) FetchAttestedNode(ctx context.Context, req *datastore.FetchAttestedNodeRequest) (resp *datastore.FetchAttestedNodeResponse, err error)
FetchAttestedNode fetches an existing attested node by SPIFFE ID
func (*Plugin) FetchBundle ¶
func (ds *Plugin) FetchBundle(ctx context.Context, req *datastore.FetchBundleRequest) (resp *datastore.FetchBundleResponse, err error)
FetchBundle returns the bundle matching the specified Trust Domain.
func (*Plugin) FetchJoinToken ¶
func (ds *Plugin) FetchJoinToken(ctx context.Context, req *datastore.FetchJoinTokenRequest) (resp *datastore.FetchJoinTokenResponse, err error)
FetchJoinToken takes a Token message and returns one, populating the fields we have knowledge of
func (*Plugin) FetchRegistrationEntry ¶
func (ds *Plugin) FetchRegistrationEntry(ctx context.Context, req *datastore.FetchRegistrationEntryRequest) (resp *datastore.FetchRegistrationEntryResponse, err error)
FetchRegistrationEntry fetches an existing registration by entry ID
func (*Plugin) GetNodeSelectors ¶
func (ds *Plugin) GetNodeSelectors(ctx context.Context, req *datastore.GetNodeSelectorsRequest) (resp *datastore.GetNodeSelectorsResponse, err error)
GetNodeSelectors gets node (agent) selectors by SPIFFE ID
func (*Plugin) GetPluginInfo ¶
func (*Plugin) GetPluginInfo(context.Context, *spi.GetPluginInfoRequest) (*spi.GetPluginInfoResponse, error)
GetPluginInfo returns the sql plugin
func (*Plugin) ListAttestedNodes ¶
func (ds *Plugin) ListAttestedNodes(ctx context.Context, req *datastore.ListAttestedNodesRequest) (resp *datastore.ListAttestedNodesResponse, err error)
ListAttestedNodes lists all attested nodes (pagination available)
func (*Plugin) ListBundles ¶
func (ds *Plugin) ListBundles(ctx context.Context, req *datastore.ListBundlesRequest) (resp *datastore.ListBundlesResponse, err error)
ListBundles can be used to fetch all existing bundles.
func (*Plugin) ListRegistrationEntries ¶
func (ds *Plugin) ListRegistrationEntries(ctx context.Context, req *datastore.ListRegistrationEntriesRequest) (resp *datastore.ListRegistrationEntriesResponse, err error)
ListRegistrationEntries lists all registrations (pagination available)
func (*Plugin) PruneBundle ¶
func (ds *Plugin) PruneBundle(ctx context.Context, req *datastore.PruneBundleRequest) (resp *datastore.PruneBundleResponse, err error)
PruneBundle removes expired certs and keys from a bundle
func (*Plugin) PruneJoinTokens ¶
func (ds *Plugin) PruneJoinTokens(ctx context.Context, req *datastore.PruneJoinTokensRequest) (resp *datastore.PruneJoinTokensResponse, err error)
PruneJoinTokens takes a Token message, and deletes all tokens which have expired before the date in the message
func (*Plugin) PruneRegistrationEntries ¶
func (ds *Plugin) PruneRegistrationEntries(ctx context.Context, req *datastore.PruneRegistrationEntriesRequest) (resp *datastore.PruneRegistrationEntriesResponse, err error)
PruneRegistrationEntries takes a registration entry message, and deletes all entries which have expired before the date in the message
func (*Plugin) SetBundle ¶
func (ds *Plugin) SetBundle(ctx context.Context, req *datastore.SetBundleRequest) (resp *datastore.SetBundleResponse, err error)
SetBundle sets bundle contents. If no bundle exists for the trust domain, it is created.
func (*Plugin) SetNodeSelectors ¶
func (ds *Plugin) SetNodeSelectors(ctx context.Context, req *datastore.SetNodeSelectorsRequest) (resp *datastore.SetNodeSelectorsResponse, err error)
SetNodeSelectors sets node (agent) selectors by SPIFFE ID, deleting old selectors first
func (*Plugin) UpdateAttestedNode ¶
func (ds *Plugin) UpdateAttestedNode(ctx context.Context, req *datastore.UpdateAttestedNodeRequest) (resp *datastore.UpdateAttestedNodeResponse, err error)
UpdateAttestedNode updates the given node's cert serial and expiration.
func (*Plugin) UpdateBundle ¶
func (ds *Plugin) UpdateBundle(ctx context.Context, req *datastore.UpdateBundleRequest) (resp *datastore.UpdateBundleResponse, err error)
UpdateBundle updates an existing bundle with the given CAs. Overwrites any existing certificates.
func (*Plugin) UpdateRegistrationEntry ¶
func (ds *Plugin) UpdateRegistrationEntry(ctx context.Context, req *datastore.UpdateRegistrationEntryRequest) (resp *datastore.UpdateRegistrationEntryResponse, err error)
UpdateRegistrationEntry updates an existing registration entry
type RegisteredEntry ¶
type RegisteredEntry struct { Model EntryID string `gorm:"unique_index"` SpiffeID string `gorm:"index"` ParentID string `gorm:"index"` // TTL of identities derived from this entry TTL int32 Selectors []Selector FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"` Admin bool Downstream bool // (optional) expiry of this entry Expiry int64 `gorm:"index"` // (optional) DNS entries DNSList []DNSName // RevisionNumber is a counter that is incremented when the entry is // updated. RevisionNumber int64 }
RegisteredEntry holds a registered entity entry
type V10RegisteredEntry ¶ added in v0.10.0
type V10RegisteredEntry struct { Model EntryID string `gorm:"unique_index"` SpiffeID string `gorm:"index"` ParentID string `gorm:"index"` // TTL of identities derived from this entry TTL int32 Selectors []Selector FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"` Admin bool Downstream bool // (optional) expiry of this entry Expiry int64 `gorm:"index"` // (optional) DNS entries DNSList []DNSName }
V10RegisteredEntry holds a registered entity entry
func (V10RegisteredEntry) TableName ¶ added in v0.10.0
func (V10RegisteredEntry) TableName() string
TableName gets table name for v10 registered entry
type V11Migration ¶
func (V11Migration) TableName ¶
func (V11Migration) TableName() string
TableName gets table name for v11 migrations table
type V3AttestedNode ¶
type V3AttestedNode struct { Model SpiffeID string `gorm:"unique_index"` DataType string SerialNumber string ExpiresAt time.Time }
func (V3AttestedNode) TableName ¶
func (V3AttestedNode) TableName() string
type V3Bundle ¶
type V3Bundle struct { Model TrustDomain string `gorm:"not null;unique_index"` CACerts []V3CACert FederatedEntries []RegisteredEntry `gorm:"many2many:federated_registration_entries;"` }
V3Bundle holds a version 3 trust bundle
type V3CACert ¶
type V3CACert struct { Model Cert []byte `gorm:"not null"` Expiry time.Time `gorm:"not null;index"` BundleID uint `gorm:"not null;index" sql:"type:integer REFERENCES bundles(id)"` }
V3CACert holds a version 3 CA certificate
type V4RegisteredEntry ¶
type V4RegisteredEntry struct { Model EntryID string `gorm:"unique_index"` SpiffeID string ParentID string TTL int32 Selectors []V8Selector FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"` }
V4RegisteredEntry holds a version 4 registered entry
func (V4RegisteredEntry) TableName ¶
func (V4RegisteredEntry) TableName() string
TableName gets table name for v4 registered entry
type V5RegisteredEntry ¶
type V5RegisteredEntry struct { Model EntryID string `gorm:"unique_index"` SpiffeID string ParentID string TTL int32 Selectors []V8Selector FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"` Admin bool }
V5RegisteredEntry holds a version 5 registered entry
func (V5RegisteredEntry) TableName ¶
func (V5RegisteredEntry) TableName() string
TableName gets table name for v5 registered entry
type V6RegisteredEntry ¶
type V6RegisteredEntry struct { Model EntryID string `gorm:"unique_index"` SpiffeID string ParentID string TTL int32 Selectors []V8Selector FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"` Admin bool Downstream bool }
V6RegisteredEntry holds a version 6 registered entry
func (V6RegisteredEntry) TableName ¶
func (V6RegisteredEntry) TableName() string
TableName gets table name for v6 registered entry
type V7RegisteredEntry ¶
type V7RegisteredEntry struct { Model EntryID string `gorm:"unique_index"` SpiffeID string ParentID string // TTL of identities derived from this entry TTL int32 Selectors []V8Selector FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"` Admin bool Downstream bool // (optional) expiry of this entry Expiry int64 }
V7RegisteredEntry holds a version 7 registered entry
func (V7RegisteredEntry) TableName ¶
func (V7RegisteredEntry) TableName() string
TableName gets table name for v7 registered entry
type V8RegisteredEntry ¶
type V8RegisteredEntry struct { Model EntryID string `gorm:"unique_index"` SpiffeID string ParentID string // TTL of identities derived from this entry TTL int32 Selectors []V8Selector FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"` Admin bool Downstream bool // (optional) expiry of this entry Expiry int64 // (optional) DNS entries DNSList []DNSName }
func (V8RegisteredEntry) TableName ¶
func (V8RegisteredEntry) TableName() string
TableName gets table name for v8 registered entry
type V8Selector ¶
type V9RegisteredEntry ¶
type V9RegisteredEntry struct { Model EntryID string `gorm:"unique_index"` SpiffeID string `gorm:"index"` ParentID string `gorm:"index"` // TTL of identities derived from this entry TTL int32 Selectors []Selector FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"` Admin bool Downstream bool // (optional) expiry of this entry Expiry int64 // (optional) DNS entries DNSList []DNSName }
func (V9RegisteredEntry) TableName ¶
func (V9RegisteredEntry) TableName() string
TableName gets table name for v9 registered entry