value

package
v0.32.0-beta.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 6, 2024 License: Apache-2.0 Imports: 14 Imported by: 318

Documentation

Overview

Package value contains methods for assisting with transformation of values in storage.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RecordCacheMiss

func RecordCacheMiss()

RecordCacheMiss records a miss on Key Encryption Key(KEK) - call to KMS was required to decrypt KEK.

func RecordDataKeyGeneration

func RecordDataKeyGeneration(start time.Time, err error)

RecordDataKeyGeneration records latencies and count of Data Encryption Key generation operations.

func RecordTransformation

func RecordTransformation(resource, transformationType, transformerPrefix string, elapsed time.Duration, err error)

RecordTransformation records latencies and count of TransformFromStorage and TransformToStorage operations. Note that transformation_failures_total metric is deprecated, use transformation_operations_total instead.

func RegisterMetrics

func RegisterMetrics()

Types

type Context

type Context interface {
	// AuthenticatedData should return an array of bytes that describes the current value. If the value changes,
	// the transformer may report the value as unreadable or tampered. This may be nil if no such description exists
	// or is needed. For additional verification, set this to data that strongly identifies the value, such as
	// the key and creation version of the stored data.
	AuthenticatedData() []byte
}

Context is additional information that a storage transformation may need to verify the data at rest.

type DefaultContext

type DefaultContext []byte

DefaultContext is a simple implementation of Context for a slice of bytes.

func (DefaultContext) AuthenticatedData

func (c DefaultContext) AuthenticatedData() []byte

AuthenticatedData returns itself.

type PrefixTransformer

type PrefixTransformer struct {
	Prefix      []byte
	Transformer Transformer
}

PrefixTransformer holds a transformer interface and the prefix that the transformation is located under.

type Read added in v0.28.0

type Read interface {
	// TransformFromStorage may transform the provided data from its underlying storage representation or return an error.
	// Stale is true if the object on disk is stale and a write to etcd should be issued, even if the contents of the object
	// have not changed.
	TransformFromStorage(ctx context.Context, data []byte, dataCtx Context) (out []byte, stale bool, err error)
}

type ResourceTransformers added in v0.28.0

type ResourceTransformers interface {
	TransformerForResource(resource schema.GroupResource) Transformer
}

ResourceTransformers returns a transformer for the provided resource.

type Transformer

type Transformer interface {
	Read
	Write
}

Transformer allows a value to be transformed before being read from or written to the underlying store. The methods must be able to undo the transformation caused by the other.

func NewPrefixTransformers

func NewPrefixTransformers(err error, transformers ...PrefixTransformer) Transformer

NewPrefixTransformers supports the Transformer interface by checking the incoming data against the provided prefixes in order. The first matching prefix will be used to transform the value (the prefix is stripped before the Transformer interface is invoked). The first provided transformer will be used when writing to the store.

type Write added in v0.28.0

type Write interface {
	// TransformToStorage may transform the provided data into the appropriate form in storage or return an error.
	TransformToStorage(ctx context.Context, data []byte, dataCtx Context) (out []byte, err error)
}

Directories

Path Synopsis
encrypt
aes
Package aes transforms values for storage at rest using AES-GCM.
Package aes transforms values for storage at rest using AES-GCM.
envelope
Package envelope transforms values for storage at rest using a Envelope provider
Package envelope transforms values for storage at rest using a Envelope provider
envelope/kmsv2
Package kmsv2 transforms values for storage at rest using a Envelope v2 provider
Package kmsv2 transforms values for storage at rest using a Envelope v2 provider
envelope/kmsv2/v2
Package v2 contains definition of kms-plugin's serialized types.
Package v2 contains definition of kms-plugin's serialized types.
secretbox
Package secretbox transforms values for storage at rest using XSalsa20 and Poly1305.
Package secretbox transforms values for storage at rest using XSalsa20 and Poly1305.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL