Documentation ¶
Overview ¶
Package backend provides storage backend abstraction layer
backend package allows for pluggable back-ends for secrets storage. To implement a new storage back-end you have to supply an object which:
- implements backend.Backend interface
- implements backend.NewFunc function
Index ¶
- Constants
- func AcquireLock(ctx context.Context, backend Backend, lockName string, ttl time.Duration) (err error)
- func EarliestExpiry(times ...time.Time) time.Time
- func Expiry(clock clockwork.Clock, ttl time.Duration) time.Time
- func Key(parts ...string) []byte
- func RangeEnd(key []byte) []byte
- func ReleaseLock(ctx context.Context, backend Backend, lockName string) error
- func TTL(clock clockwork.Clock, expires time.Time) time.Duration
- type Backend
- type Batch
- type BufferWatcher
- type CircularBuffer
- type Config
- type Event
- type GetResult
- type Item
- type Items
- type Lease
- type OpType
- type Params
- type Sanitizer
- func (s *Sanitizer) Backend() Backend
- func (s *Sanitizer) Clock() clockwork.Clock
- func (s *Sanitizer) Close() error
- func (s *Sanitizer) CompareAndSwap(ctx context.Context, expected Item, replaceWith Item) (*Lease, error)
- func (s *Sanitizer) Create(ctx context.Context, i Item) (*Lease, error)
- func (s *Sanitizer) Delete(ctx context.Context, key []byte) error
- func (s *Sanitizer) DeleteRange(ctx context.Context, startKey []byte, endKey []byte) error
- func (s *Sanitizer) Get(ctx context.Context, key []byte) (*Item, error)
- func (s *Sanitizer) GetRange(ctx context.Context, startKey []byte, endKey []byte, limit int) (*GetResult, error)
- func (s *Sanitizer) KeepAlive(ctx context.Context, lease Lease, expires time.Time) error
- func (s *Sanitizer) NewWatcher(ctx context.Context, watch Watch) (Watcher, error)
- func (s *Sanitizer) Put(ctx context.Context, i Item) (*Lease, error)
- func (s *Sanitizer) Update(ctx context.Context, i Item) (*Lease, error)
- type Watch
- type Watcher
Constants ¶
const ( // DefaultBufferSize is a default circular buffer size // used by backends to fan out events DefaultBufferSize = 1096 // DefaultPollStreamPeriod is a default event poll stream period DefaultPollStreamPeriod = time.Second // DefaultEventsTTL is a default events TTL period DefaultEventsTTL = 10 * time.Minute // DefaultLargeLimit is used to specify some very large limit when limit is not specified // explicitly to prevent OOM DefaultLargeLimit = 30000 )
const (
Forever time.Duration = 0
)
Forever means that object TTL will not expire unless deleted
const NoLimit = 0
NoLimit specifies no limits
const Separator = '/'
Separator is used as a separator between key parts
Variables ¶
This section is empty.
Functions ¶
func AcquireLock ¶
func AcquireLock(ctx context.Context, backend Backend, lockName string, ttl time.Duration) (err error)
AcquireLock grabs a lock that will be released automatically in TTL
func EarliestExpiry ¶
EarliestExpiry returns first of the otherwise returns empty
func Key ¶
Key joins parts into path separated by Separator, makes sure path always starts with Separator ("/")
func ReleaseLock ¶
ReleaseLock forces lock release
Types ¶
type Backend ¶
type Backend interface { // Create creates item if it does not exist Create(ctx context.Context, i Item) (*Lease, error) // Put puts value into backend (creates if it does not // exists, updates it otherwise) Put(ctx context.Context, i Item) (*Lease, error) // CompareAndSwap compares item with existing item // and replaces is with replaceWith item CompareAndSwap(ctx context.Context, expected Item, replaceWith Item) (*Lease, error) // Update updates value in the backend Update(ctx context.Context, i Item) (*Lease, error) // Get returns a single item or not found error Get(ctx context.Context, key []byte) (*Item, error) // GetRange returns query range GetRange(ctx context.Context, startKey []byte, endKey []byte, limit int) (*GetResult, error) // Delete deletes item by key, returns NotFound error // if item does not exist Delete(ctx context.Context, key []byte) error // DeleteRange deletes range of items with keys between startKey and endKey DeleteRange(ctx context.Context, startKey, endKey []byte) error // KeepAlive keeps object from expiring, updates lease on the existing object, // expires contains the new expiry to set on the lease, // some backends may ignore expires based on the implementation // in case if the lease managed server side KeepAlive(ctx context.Context, lease Lease, expires time.Time) error // NewWatcher returns a new event watcher NewWatcher(ctx context.Context, watch Watch) (Watcher, error) // Close closes backend and all associated resources Close() error // Clock returns clock used by this backend Clock() clockwork.Clock }
Backend implements abstraction over local or remote storage backend
type Batch ¶
type Batch interface { // PutRange puts range of items in one transaction PutRange(ctx context.Context, items []Item) error }
Batch implements some batch methods that are not mandatory for all interfaces, only the ones used in bulk operations.
type BufferWatcher ¶
type BufferWatcher struct {
// contains filtered or unexported fields
}
func (*BufferWatcher) Close ¶
func (w *BufferWatcher) Close() error
func (*BufferWatcher) Done ¶
func (w *BufferWatcher) Done() <-chan struct{}
func (*BufferWatcher) Events ¶
func (w *BufferWatcher) Events() <-chan Event
type CircularBuffer ¶
CircularBuffer implements in-memory circular buffer of predefined size, that is capable of fan-out of the backend events.
func NewCircularBuffer ¶
func NewCircularBuffer(ctx context.Context, size int) (*CircularBuffer, error)
NewCircularBuffer returns a new instance of circular buffer
func (*CircularBuffer) Close ¶
func (c *CircularBuffer) Close() error
Close closes circular buffer and all watchers
func (*CircularBuffer) Events ¶
func (c *CircularBuffer) Events() []Event
Events returns a copy of records as arranged from start to end
func (*CircularBuffer) NewWatcher ¶
func (*CircularBuffer) Push ¶
func (c *CircularBuffer) Push(r Event)
Push pushes elements to the queue
func (*CircularBuffer) PushBatch ¶
func (c *CircularBuffer) PushBatch(events []Event)
PushBatch pushes elements to the queue as a batch
type Config ¶
type Config struct { // Type can be "bolt" or "etcd" or "dynamodb" Type string `yaml:"type,omitempty"` // Params is a generic key/value property bag which allows arbitrary // falues to be passed to backend Params Params `yaml:",inline"` }
Config is used for 'storage' config section. It's a combination of values for various backends: 'boltdb', 'etcd', 'filesystem' and 'dynamodb'
type GetResult ¶
type GetResult struct { // Items returns a list of items Items []Item }
GetResult provides the result of GetRange request
type Item ¶
type Item struct { // Key is a key of the key value item Key []byte // Value is a value of the key value item Value []byte // Expires is an optional record expiry time Expires time.Time // ID is a record ID, newer records have newer ids ID int64 // LeaseID is a lease ID, could be set on objects // with TTL LeaseID int64 }
Item is a key value item
type Lease ¶
type Lease struct { // Key is an object representing lease Key []byte // ID is a lease ID, could be empty ID int64 }
Lease represents a lease on the item that can be used to extend item's TTL without updating its contents.
Here is an example of renewing object TTL:
lease, err := backend.Create() lease.Expires = time.Now().Add(time.Second) // Item TTL is extended err = backend.KeepAlive(lease)
type Params ¶
type Params map[string]interface{}
Params type defines a flexible unified back-end configuration API. It is just a map of key/value pairs which gets populated by `storage` section in Teleport YAML config.
type Sanitizer ¶
type Sanitizer struct {
// contains filtered or unexported fields
}
Sanitizer wraps a Backend implementation to make sure all values requested of the backend are whitelisted.
func NewSanitizer ¶
NewSanitizer returns a new Sanitizer.
func (*Sanitizer) Backend ¶
Backend returns the underlying backend. Useful when knowing the type of backend is important (for example, can the backend support forking).
func (*Sanitizer) CompareAndSwap ¶
func (s *Sanitizer) CompareAndSwap(ctx context.Context, expected Item, replaceWith Item) (*Lease, error)
CompareAndSwap compares item with existing item and replaces is with replaceWith item
func (*Sanitizer) DeleteRange ¶
DeleteRange deletes range of items
func (*Sanitizer) GetRange ¶
func (s *Sanitizer) GetRange(ctx context.Context, startKey []byte, endKey []byte, limit int) (*GetResult, error)
GetRange returns query range
func (*Sanitizer) KeepAlive ¶
KeepAlive keeps object from expiring, updates lease on the existing object, expires contains the new expiry to set on the lease, some backends may ignore expires based on the implementation in case if the lease managed server side
func (*Sanitizer) NewWatcher ¶
NewWatcher returns a new event watcher
Directories ¶
Path | Synopsis |
---|---|
Package dynamodbDynamoDBBackend implements DynamoDB storage backend for Teleport auth service, similar to etcd backend.
|
Package dynamodbDynamoDBBackend implements DynamoDB storage backend for Teleport auth service, similar to etcd backend. |
Package etcdbk implements Etcd powered backend
|
Package etcdbk implements Etcd powered backend |
Package legacy stores previous, unsupported versions of the backend and is used for migrations
|
Package legacy stores previous, unsupported versions of the backend and is used for migrations |
boltbk
Package boltbk implements BoltDB backed backend for standalone instances This is a legacy backend which only exists for backward compatibility purposes
|
Package boltbk implements BoltDB backed backend for standalone instances This is a legacy backend which only exists for backward compatibility purposes |
dir
dir package implements backend.Backend interface using the filesystem.
|
dir package implements backend.Backend interface using the filesystem. |
test
Package test contains a backend acceptance test suite that is backend implementation independent each backend will use the suite to test itself
|
Package test contains a backend acceptance test suite that is backend implementation independent each backend will use the suite to test itself |
Package lite implements SQLite backend used for local persistent caches in proxies and nodes and for standalone auth service deployments.
|
Package lite implements SQLite backend used for local persistent caches in proxies and nodes and for standalone auth service deployments. |
Package test contains a backend acceptance test suite that is backend implementation independent each backend will use the suite to test itself
|
Package test contains a backend acceptance test suite that is backend implementation independent each backend will use the suite to test itself |