plugin

package

v0.0.0-...-aa36675 Latest Latest Go to latest Published: Aug 13, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/aws-encryption-provider

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func NewClient(conn *grpc.ClientConn) pb.KeyManagementServiceClient
func WaitForReady(client pb.KeyManagementServiceClient, duration time.Duration) error
type SharedHealthCheck
- func NewSharedHealthCheck(checkPeriod time.Duration, errcBuf int) *SharedHealthCheck
- func (p *SharedHealthCheck) Start()
- func (p *SharedHealthCheck) Stop()
type V1Plugin
- func New(key string, svc kmsiface.KMSAPI, encryptionCtx map[string]string, ...) *V1Plugin
type V2Plugin
- func NewV2(key string, svc kmsiface.KMSAPI, encryptionCtx map[string]string, ...) *V2Plugin

Constants ¶

View Source

const (
	DefaultHealthCheckPeriod = 30 * time.Second
	DefaultErrcBufSize       = 100
)

TODO: make configurable

View Source

const (
	GRPC_V1 = "v1"
)

View Source

const (
	GRPC_V2 = "v2"
)

Variables ¶

This section is empty.

Functions ¶

func NewClient ¶

func NewClient(conn *grpc.ClientConn) pb.KeyManagementServiceClient

NewClient returns a KeyManagementServiceClient for a given grpc connection

func WaitForReady ¶

func WaitForReady(client pb.KeyManagementServiceClient, duration time.Duration) error

WaitForReady uses a given client to wait until the given duration for the server to become ready

Types ¶

type SharedHealthCheck ¶

type SharedHealthCheck struct {
	// contains filtered or unexported fields
}

func NewSharedHealthCheck ¶

func NewSharedHealthCheck(
	checkPeriod time.Duration,
	errcBuf int,
) *SharedHealthCheck

func (*SharedHealthCheck) Start ¶

func (p *SharedHealthCheck) Start()

func (*SharedHealthCheck) Stop ¶

func (p *SharedHealthCheck) Stop()

type V1Plugin ¶

type V1Plugin struct {
	// contains filtered or unexported fields
}

Plugin implements the KeyManagementServiceServer

func New ¶

func New(key string, svc kmsiface.KMSAPI, encryptionCtx map[string]string, healthCheck *SharedHealthCheck) *V1Plugin

New returns a new *V1Plugin

func (*V1Plugin) Decrypt ¶

func (p *V1Plugin) Decrypt(ctx context.Context, request *pb.DecryptRequest) (*pb.DecryptResponse, error)

Decrypt executes the decrypt operation using AWS KMS

func (*V1Plugin) Encrypt ¶

func (p *V1Plugin) Encrypt(ctx context.Context, request *pb.EncryptRequest) (*pb.EncryptResponse, error)

Encrypt executes the encryption operation using AWS KMS

func (*V1Plugin) Health ¶

func (p *V1Plugin) Health() error

Health checks KMS API availability.

The goal is to:

not incur extra KMS API call if V1Plugin "Encrypt" method has already
return latest health status (cached KMS status must reflect the current)

The error is sent via channel and consumed by goroutine. The error channel may be full and block, when there are too many failures. The error channel may be empty and block, when there's no failure. To handle those two cases, keep track latest health check timestamps.

Call KMS "Encrypt" API call iff:

there was never a health check done
there was no health check done for the last "healthCheckPeriod" (only use the cached error if the error is from recent API call)

func (*V1Plugin) Live ¶

func (p *V1Plugin) Live() error

Live checks the liveness of KMS API. If the error is user-induced (e.g., revoke CMK), the function returns NO error. If the error is due to KMS availability, the function returns the error.

func (*V1Plugin) Register ¶

func (p *V1Plugin) Register(s *grpc.Server)

Register registers the V1Plugin with the grpc server

func (*V1Plugin) Version ¶

func (p *V1Plugin) Version(ctx context.Context, request *pb.VersionRequest) (*pb.VersionResponse, error)

Version returns the V1Plugin server version

type V2Plugin ¶

type V2Plugin struct {
	// contains filtered or unexported fields
}

Plugin implements the KeyManagementServiceServer

func NewV2 ¶

func NewV2(key string, svc kmsiface.KMSAPI, encryptionCtx map[string]string, healthCheck *SharedHealthCheck) *V2Plugin

New returns a new *V2Plugin

func (*V2Plugin) Decrypt ¶

func (p *V2Plugin) Decrypt(ctx context.Context, request *pb.DecryptRequest) (*pb.DecryptResponse, error)

Decrypt executes the decrypt operation using AWS KMS

func (*V2Plugin) Encrypt ¶

func (p *V2Plugin) Encrypt(ctx context.Context, request *pb.EncryptRequest) (*pb.EncryptResponse, error)

Encrypt executes the encryption operation using AWS KMS

func (*V2Plugin) Health ¶

func (p *V2Plugin) Health() error

Health checks KMS API availability.

The goal is to:

not incur extra KMS API call if V2Plugin "Encrypt" method has already
return latest health status (cached KMS status must reflect the current)

The error is sent via channel and consumed by goroutine. The error channel may be full and block, when there are too many failures. The error channel may be empty and block, when there's no failure. To handle those two cases, keep track latest health check timestamps.

Call KMS "Encrypt" API call iff:

there was never a health check done
there was no health check done for the last "healthCheckPeriod" (only use the cached error if the error is from recent API call)

func (*V2Plugin) Live ¶

func (p *V2Plugin) Live() error

func (*V2Plugin) Register ¶

func (p *V2Plugin) Register(s *grpc.Server)

Register registers the V2Plugin with the grpc server

func (*V2Plugin) Status ¶

func (p *V2Plugin) Status(ctx context.Context, request *pb.StatusRequest) (*pb.StatusResponse, error)

Status returns the V2Plugin server status

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL