Documentation
¶
Overview ¶
package client implements a higher-level client for consensus/etcd that is to be used within the Metropolis node code for unprivileged access (ie. access by local services that simply wish to access etcd KV without management access).
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrUnimplementedInNamespaced will be raised by panic() any time a method // from the Cluster, Auth and Maintenance APIs gets called on a // clientv3.Client returned by ThinClient or Namespaced.ThinClient. ErrUnimplementedInNamespaced = errors.New("interface not implemented in Namespaced etcd client") )
Functions ¶
func ThinClient ¶
func ThinClient(ctx context.Context, kv clientv3.KV, lease clientv3.Lease, watcher clientv3.Watcher) *clientv3.Client
ThinClient takes a set of KV, Lease and Watcher etcd clients and turns them into a full Client struct. The rest of the interfaces (Cluster, Auth, Maintenance) will all panic when called.
Types ¶
type Namespaced ¶
type Namespaced interface {
clientv3.KV
clientv3.Lease
clientv3.Watcher
// Sub returns a child client from this client, at a sub-namespace 'space'.
// The given 'space' path in a series of created clients (eg.
// Namespace.Sub("a").Sub("b").Sub("c") are used to create an etcd k/v
// prefix `a:b:c/` into which K/V access is remapped.
Sub(space string) (Namespaced, error)
// ThinClient returns a clientv3.Client which has the same namespacing as the
// namespaced interface. It only implements the KV, Lease and Watcher interfaces
// - all other interfaces are unimplemented and will panic when called. The
// given context is returned by client.Ctx() and is used by some library code
// (eg. etcd client-go's built-in concurrency library).
ThinClient(ctx context.Context) *clientv3.Client
}
Namespaced etcd/consensus client. Each Namespaced client allows access to a subtree of the etcd key/value space, and each can emit more clients that reside in their respective subtree - effectively permitting delegated, hierarchical access to the etcd store. Note: the namespaces should not be treated as a security boundary, as it's very likely possible that compromised services could navigate upwards in the k/v space if needed. Instead, this mechanism should only be seen as containerization for the purpose of simplifying code that needs to access etcd, and especially code that needs to pass this access around to its subordinate code. This client embeds the KV, Lease and Watcher etcd client interfaces to perform the actual etcd operations, and the Sub method to create subtree clients of this client.
func NewLocal ¶
func NewLocal(cl *clientv3.Client) Namespaced
NewLocal returns a local Namespaced client starting at the root of the given etcd client.
Source Files