sqlstore

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 12, 2022 License: Apache-2.0 Imports: 40 Imported by: 2

Documentation

Index

Constants

View Source
const (
	PluginName = "sql"

	// MySQL database type
	MySQL = "mysql"
	// PostgreSQL database type
	PostgreSQL = "postgres"
	// SQLite database type
	SQLite = "sqlite3"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AttestedNode

type AttestedNode struct {
	Model

	SpiffeID        string `gorm:"unique_index"`
	DataType        string
	SerialNumber    string
	ExpiresAt       time.Time `gorm:"index"`
	NewSerialNumber string
	NewExpiresAt    *time.Time
	CanReattest     bool

	Selectors []*NodeSelector
}

AttestedNode holds an attested node (agent)

func (AttestedNode) TableName

func (AttestedNode) TableName() string

TableName gets table name of AttestedNode

type Bundle

type Bundle struct {
	Model

	TrustDomain string `gorm:"not null;unique_index"`
	Data        []byte `gorm:"size:16777215"` // make MySQL to use MEDIUMBLOB (max 16MB) - doesn't affect PostgreSQL/SQLite

	FederatedEntries []RegisteredEntry `gorm:"many2many:federated_registration_entries;"`
}

Bundle holds a trust bundle.

type DNSName

type DNSName struct {
	Model

	RegisteredEntryID uint   `gorm:"unique_index:idx_dns_entry"`
	Value             string `gorm:"unique_index:idx_dns_entry"`
}

DNSName holds a DNS for a registration entry

func (DNSName) TableName

func (DNSName) TableName() string

TableName gets table name for DNS entries

type FederatedTrustDomain

type FederatedTrustDomain struct {
	Model

	// TrustDomain is the trust domain name (e.g., "example.org") to federate with.
	TrustDomain string `gorm:"not null;unique_index"`

	// BundleEndpointURL is the URL of the SPIFFE bundle endpoint that provides the trust
	// bundle to federate with.
	BundleEndpointURL string

	// BundleEndpointProfile is the endpoint profile type.
	BundleEndpointProfile string

	// EndpointSPIFFEID specifies the expected SPIFFE ID of the
	// SPIFFE bundle endpoint server when BundleEndpointProfile
	// is "https_spiffe"
	EndpointSPIFFEID string

	// Implicit indicates wether the trust domain automatically federates with
	// all registration entries by default or not.
	Implicit bool
}

FederatedTrustDomain holds federated trust domains. It has the information needed to get updated bundles of the federated trust domain from a SPIFFE bundle endpoint server.

func (FederatedTrustDomain) TableName

func (FederatedTrustDomain) TableName() string

TableName gets table name of FederatedTrustDomain

type JoinToken

type JoinToken struct {
	Model

	Token  string `gorm:"unique_index"`
	Expiry int64
}

JoinToken holds a join token

type Migration

type Migration struct {
	Model

	// Database version
	Version int

	// SPIRE Code versioning
	CodeVersion string
}

Migration holds database schema version number, and the SPIRE Code version number

type Model

type Model struct {
	ID        uint `gorm:"primary_key"`
	CreatedAt time.Time
	UpdatedAt time.Time
}

Model is used as a base for other models. Similar to gorm.Model without `DeletedAt`. We don't want soft-delete support.

type NodeSelector

type NodeSelector struct {
	Model

	SpiffeID string `gorm:"unique_index:idx_node_resolver_map"`
	Type     string `gorm:"unique_index:idx_node_resolver_map"`
	Value    string `gorm:"unique_index:idx_node_resolver_map"`
}

NodeSelector holds a node selector by spiffe ID

func (NodeSelector) TableName

func (NodeSelector) TableName() string

TableName gets table name of NodeSelector

type Plugin

type Plugin struct {
	// contains filtered or unexported fields
}

Plugin is a DataStore plugin implemented via a SQL database

func New

func New(log logrus.FieldLogger) *Plugin

New creates a new sql plugin struct. Configure must be called in order to start the db.

func (*Plugin) AppendBundle

func (ds *Plugin) AppendBundle(ctx context.Context, b *common.Bundle) (bundle *common.Bundle, err error)

AppendBundle append bundle contents to the existing bundle (by trust domain). If no existing one is present, create it.

func (*Plugin) Configure

func (ds *Plugin) Configure(hclConfiguration string) error

Configure parses HCL config payload into config struct, and opens new DB based on the result

func (*Plugin) CountAttestedNodes

func (ds *Plugin) CountAttestedNodes(ctx context.Context) (count int32, err error)

CountAttestedNodes counts all attested nodes

func (*Plugin) CountBundles

func (ds *Plugin) CountBundles(ctx context.Context) (count int32, err error)

CountBundles can be used to count all existing bundles.

func (*Plugin) CountRegistrationEntries

func (ds *Plugin) CountRegistrationEntries(ctx context.Context) (count int32, err error)

CounCountRegistrationEntries counts all registrations (pagination available)

func (*Plugin) CreateAttestedNode

func (ds *Plugin) CreateAttestedNode(ctx context.Context, node *common.AttestedNode) (attestedNode *common.AttestedNode, err error)

CreateAttestedNode stores the given attested node

func (*Plugin) CreateBundle

func (ds *Plugin) CreateBundle(ctx context.Context, b *common.Bundle) (bundle *common.Bundle, err error)

CreateBundle stores the given bundle

func (*Plugin) CreateFederationRelationship added in v1.1.0

func (ds *Plugin) CreateFederationRelationship(ctx context.Context, fr *datastore.FederationRelationship) (newFr *datastore.FederationRelationship, err error)

CreateFederationRelationship creates a new federation relationship. If the bundle endpoint profile is 'https_spiffe' and the given federation relationship contains a bundle, the current stored bundle is overridden. If no bundle is provided and there is not a previusly stored bundle in the datastore, the federation relationship is not created.

func (*Plugin) CreateJoinToken

func (ds *Plugin) CreateJoinToken(ctx context.Context, token *datastore.JoinToken) (err error)

CreateJoinToken takes a Token message and stores it

func (*Plugin) CreateOrReturnRegistrationEntry added in v1.1.0

func (ds *Plugin) CreateOrReturnRegistrationEntry(ctx context.Context,
	entry *common.RegistrationEntry) (registrationEntry *common.RegistrationEntry, existing bool, err error)

CreateOrReturnRegistrationEntry stores the given registration entry. If an entry already exists with the same (parentID, spiffeID, selector) tuple, that entry is returned instead.

func (*Plugin) CreateRegistrationEntry

func (ds *Plugin) CreateRegistrationEntry(ctx context.Context,
	entry *common.RegistrationEntry) (registrationEntry *common.RegistrationEntry, err error)

CreateRegistrationEntry stores the given registration entry

func (*Plugin) DeleteAttestedNode

func (ds *Plugin) DeleteAttestedNode(ctx context.Context, spiffeID string) (attestedNode *common.AttestedNode, err error)

DeleteAttestedNode deletes the given attested node

func (*Plugin) DeleteBundle

func (ds *Plugin) DeleteBundle(ctx context.Context, trustDomainID string, mode datastore.DeleteMode) (err error)

DeleteBundle deletes the bundle with the matching TrustDomain. Any CACert data passed is ignored.

func (*Plugin) DeleteFederationRelationship added in v1.1.0

func (ds *Plugin) DeleteFederationRelationship(ctx context.Context, trustDomain spiffeid.TrustDomain) error

DeleteFederationRelationship deletes the federation relationship to the given trust domain. The associated trust bundle is not deleted.

func (*Plugin) DeleteJoinToken

func (ds *Plugin) DeleteJoinToken(ctx context.Context, token string) (err error)

DeleteJoinToken deletes the given join token

func (*Plugin) DeleteRegistrationEntry

func (ds *Plugin) DeleteRegistrationEntry(ctx context.Context,
	entryID string) (registrationEntry *common.RegistrationEntry, err error)

DeleteRegistrationEntry deletes the given registration

func (*Plugin) FetchAttestedNode

func (ds *Plugin) FetchAttestedNode(ctx context.Context, spiffeID string) (attestedNode *common.AttestedNode, err error)

FetchAttestedNode fetches an existing attested node by SPIFFE ID

func (*Plugin) FetchBundle

func (ds *Plugin) FetchBundle(ctx context.Context, trustDomainID string) (resp *common.Bundle, err error)

FetchBundle returns the bundle matching the specified Trust Domain.

func (*Plugin) FetchFederationRelationship added in v1.1.0

func (ds *Plugin) FetchFederationRelationship(ctx context.Context, trustDomain spiffeid.TrustDomain) (fr *datastore.FederationRelationship, err error)

FetchFederationRelationship fetches the federation relationship that matches the given trust domain. If the federation relationship is not found, nil is returned.

func (*Plugin) FetchJoinToken

func (ds *Plugin) FetchJoinToken(ctx context.Context, token string) (resp *datastore.JoinToken, err error)

FetchJoinToken takes a Token message and returns one, populating the fields we have knowledge of

func (*Plugin) FetchRegistrationEntry

func (ds *Plugin) FetchRegistrationEntry(ctx context.Context,
	entryID string) (*common.RegistrationEntry, error)

FetchRegistrationEntry fetches an existing registration by entry ID

func (*Plugin) GetNodeSelectors

func (ds *Plugin) GetNodeSelectors(ctx context.Context, spiffeID string,
	dataConsistency datastore.DataConsistency) (selectors []*common.Selector, err error)

GetNodeSelectors gets node (agent) selectors by SPIFFE ID

func (*Plugin) ListAttestedNodes

func (ds *Plugin) ListAttestedNodes(ctx context.Context,
	req *datastore.ListAttestedNodesRequest) (resp *datastore.ListAttestedNodesResponse, err error)

ListAttestedNodes lists all attested nodes (pagination available)

func (*Plugin) ListBundles

func (ds *Plugin) ListBundles(ctx context.Context, req *datastore.ListBundlesRequest) (resp *datastore.ListBundlesResponse, err error)

ListBundles can be used to fetch all existing bundles.

func (*Plugin) ListFederationRelationships added in v1.1.0

ListFederationRelationships can be used to list all existing federation relationships

func (*Plugin) ListNodeSelectors

func (ds *Plugin) ListNodeSelectors(ctx context.Context,
	req *datastore.ListNodeSelectorsRequest) (resp *datastore.ListNodeSelectorsResponse, err error)

ListNodeSelectors gets node (agent) selectors by SPIFFE ID

func (*Plugin) ListRegistrationEntries

ListRegistrationEntries lists all registrations (pagination available)

func (*Plugin) PruneBundle

func (ds *Plugin) PruneBundle(ctx context.Context, trustDomainID string, expiresBefore time.Time) (changed bool, err error)

PruneBundle removes expired certs and keys from a bundle

func (*Plugin) PruneJoinTokens

func (ds *Plugin) PruneJoinTokens(ctx context.Context, expiry time.Time) (err error)

PruneJoinTokens takes a Token message, and deletes all tokens which have expired before the date in the message

func (*Plugin) PruneRegistrationEntries

func (ds *Plugin) PruneRegistrationEntries(ctx context.Context, expiresBefore time.Time) (err error)

PruneRegistrationEntries takes a registration entry message, and deletes all entries which have expired before the date in the message

func (*Plugin) SetBundle

func (ds *Plugin) SetBundle(ctx context.Context, b *common.Bundle) (bundle *common.Bundle, err error)

SetBundle sets bundle contents. If no bundle exists for the trust domain, it is created.

func (*Plugin) SetNodeSelectors

func (ds *Plugin) SetNodeSelectors(ctx context.Context, spiffeID string, selectors []*common.Selector) (err error)

SetNodeSelectors sets node (agent) selectors by SPIFFE ID, deleting old selectors first

func (*Plugin) UpdateAttestedNode

func (ds *Plugin) UpdateAttestedNode(ctx context.Context, n *common.AttestedNode, mask *common.AttestedNodeMask) (node *common.AttestedNode, err error)

UpdateAttestedNode updates the given node's cert serial and expiration.

func (*Plugin) UpdateBundle

func (ds *Plugin) UpdateBundle(ctx context.Context, b *common.Bundle, mask *common.BundleMask) (bundle *common.Bundle, err error)

UpdateBundle updates an existing bundle with the given CAs. Overwrites any existing certificates.

func (*Plugin) UpdateFederationRelationship added in v1.1.0

func (ds *Plugin) UpdateFederationRelationship(ctx context.Context, fr *datastore.FederationRelationship, mask *types.FederationRelationshipMask) (newFr *datastore.FederationRelationship, err error)

UpdateFederationRelationship updates the given federation relationship. Attributes are only updated if the correspondent mask value is set to true.

func (*Plugin) UpdateRegistrationEntry

func (ds *Plugin) UpdateRegistrationEntry(ctx context.Context, e *common.RegistrationEntry, mask *common.RegistrationEntryMask) (entry *common.RegistrationEntry, err error)

UpdateRegistrationEntry updates an existing registration entry

type RegisteredEntry

type RegisteredEntry struct {
	Model

	EntryID  string `gorm:"unique_index"`
	SpiffeID string `gorm:"index"`
	ParentID string `gorm:"index"`
	// TTL of identities derived from this entry
	TTL           int32
	Selectors     []Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
	Downstream    bool
	// (optional) expiry of this entry
	Expiry int64 `gorm:"index"`
	// (optional) DNS entries
	DNSList []DNSName

	// RevisionNumber is a counter that is incremented when the entry is
	// updated.
	RevisionNumber int64

	// StoreSvid determines if the issued SVID is exportable to a store
	StoreSvid bool

	// Hint is a "hint string" passed to the workload to distinguish between
	// multiple SVIDs
	Hint string
}

RegisteredEntry holds a registered entity entry

type Selector

type Selector struct {
	Model

	RegisteredEntryID uint   `gorm:"unique_index:idx_selector_entry"`
	Type              string `gorm:"unique_index:idx_selector_entry;index:idx_selectors_type_value"`
	Value             string `gorm:"unique_index:idx_selector_entry;index:idx_selectors_type_value"`
}

type V3AttestedNode

type V3AttestedNode struct {
	Model

	SpiffeID     string `gorm:"unique_index"`
	DataType     string
	SerialNumber string
	ExpiresAt    time.Time
}

func (V3AttestedNode) TableName

func (V3AttestedNode) TableName() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL