store

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 19, 2024 License: Apache-2.0 Imports: 15 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var CITest = UnicredsConfig{UnicredsPath: &ciTestPath, UnicredsAlias: ciTestKey}

CITest is the ci-test unicreds config

View Source 
var DefaultRegion = "us-west-1"
View Source 
var Development = UnicredsConfig{UnicredsPath: &devPath, UnicredsAlias: devKey}

Development is the dev unicreds config

View Source 
var Production = UnicredsConfig{UnicredsPath: &prodPath, UnicredsAlias: prodKey}

Production is the production unicreds config

View Source 
var Region string

Region is default region for unicreds config

Functions

func Stores 

func Stores() map[string]SecretStore

Stores returns all implemented SecretStores

Types

type AuthenticationError 

type AuthenticationError struct{}

AuthenticationError occurs when the given credentials fail to access the secret store

func (*AuthenticationError) Error 

func (e *AuthenticationError) Error() string

type AuthorizationError 

type AuthorizationError struct {
	Identifier SecretIdentifier
}

AuthorizationError occurs when a user lacks sufficient access to interact with a Secret (read-only? read/write?)

func (*AuthorizationError) Error 

func (e *AuthorizationError) Error() string

type ByIDString 

type ByIDString []SecretIdentifier

ByIDString allows sorting SecretIdentifiers by Key

func (ByIDString) Len 

func (s ByIDString) Len() int

func (ByIDString) Less 

func (s ByIDString) Less(i, j int) bool

func (ByIDString) Swap 

func (s ByIDString) Swap(i, j int)

type Credentials 

type Credentials map[string]string

Credentials needed to authenticate with secrets backend, such as a token

type CurrentDeployError added in v0.1.2 

type CurrentDeployError struct {
	Identifier string
}

CurrentDeployError occurs when a parameter name has suffix current-deploy. Such parameters are private to catapult service and should not be surfaced via interface

func (*CurrentDeployError) Error added in v0.1.2 

func (e *CurrentDeployError) Error() string

type Environment 

type Environment int

Environment is an Enum to access different Stealth stores 

const (
	// ProductionEnvironment is an index for prod
	ProductionEnvironment Environment = iota
	// DevelopmentEnvironment is an index for dev
	DevelopmentEnvironment
	// CITestEnvironment is an index for ci-test
	CITestEnvironment
)

func (Environment) String added in v0.3.0 

func (e Environment) String() string

type IdentifierAlreadyExistsError 

type IdentifierAlreadyExistsError struct {
	Identifier SecretIdentifier
}

IdentifierAlreadyExistsError occurs when Create is called and an identifier already exists

func (*IdentifierAlreadyExistsError) Error 

func (e *IdentifierAlreadyExistsError) Error() string

type IdentifierNotFoundError 

type IdentifierNotFoundError struct {
	Identifier SecretIdentifier
	Region     string
}

IdentifierNotFoundError occurs when a secret identifier cannot be found (during Read, History, Update)

func (*IdentifierNotFoundError) Error 

func (e *IdentifierNotFoundError) Error() string

type InvalidEnvironmentError added in v0.1.2 

type InvalidEnvironmentError struct {
	Identifier string
}

InvalidEnvironmentError occurs when a parameter name is using non-compatible environment name

func (*InvalidEnvironmentError) Error added in v0.1.2 

func (e *InvalidEnvironmentError) Error() string

type InvalidIdentifierError 

type InvalidIdentifierError struct {
	Identifier SecretIdentifier
}

InvalidIdentifierError occurs when a malformed identifier argument is given to a SecretStore method

func (*InvalidIdentifierError) Error 

func (e *InvalidIdentifierError) Error() string

type MalformedVersionError 

type MalformedVersionError struct {
	Identifier       SecretIdentifier
	MalformedVersion string
}

MalformedVersionError occurs when a secret version is malformed

func (*MalformedVersionError) Error 

func (e *MalformedVersionError) Error() string

type MemoryStore 

type MemoryStore struct {
	// contains filtered or unexported fields
}

MemoryStore is an in-memory secret store, for testing

func (*MemoryStore) Create 

func (s *MemoryStore) Create(id SecretIdentifier, value string) error

Create creates a secret in the store

func (*MemoryStore) Delete 

func (s *MemoryStore) Delete(id SecretIdentifier) error

Delete deletes all versions of a secret

func (*MemoryStore) History 

func (s *MemoryStore) History(id SecretIdentifier) ([]SecretMeta, error)

History gets all historical versions of a secret

func (*MemoryStore) List 

func (s *MemoryStore) List(env Environment, service string) ([]SecretIdentifier, error)

List gets all secret identifiers within a namespace

func (*MemoryStore) ListAll 

func (s *MemoryStore) ListAll(env Environment) ([]SecretIdentifier, error)

ListAll gets all secret identifiers within an environment

func (*MemoryStore) Read 

func (s *MemoryStore) Read(id SecretIdentifier) (Secret, error)

Read a secret from the store

func (*MemoryStore) ReadVersion 

func (s *MemoryStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)

ReadVersion reads a version of a secret

func (*MemoryStore) Update 

func (s *MemoryStore) Update(id SecretIdentifier, value string) (Secret, error)

Update updates a secret in the secret store

type MockStore 

type MockStore struct{}

MockStore is a mocked secret store, for testing

func (*MockStore) Create 

func (s *MockStore) Create(id SecretIdentifier, value string) error

Create (no-op) mocks creating a secret

func (*MockStore) Delete 

func (s *MockStore) Delete(id SecretIdentifier) error

Delete (no-op) mocks deleting all versions of a secret

func (*MockStore) History 

func (s *MockStore) History(id SecretIdentifier) ([]SecretMeta, error)

History (no-op) mocks retrieving historical versions of a secret

func (*MockStore) List 

func (s *MockStore) List(env Environment, service string) ([]SecretIdentifier, error)

List (no-op) mocks listing all secrets in a namespace

func (*MockStore) ListAll 

func (s *MockStore) ListAll(env Environment) ([]SecretIdentifier, error)

ListAll (no-op) mocks listing all secrets in an environment

func (*MockStore) Read 

func (s *MockStore) Read(id SecretIdentifier) (Secret, error)

Read (no-op) mocks reading a secret

func (*MockStore) ReadVersion 

func (s *MockStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)

ReadVersion (no-op) mocks reading a version of a secret

func (*MockStore) Update 

func (s *MockStore) Update(id SecretIdentifier, value string) (Secret, error)

Update (no-op) mocks updating a secret

type ParameterStore added in v0.1.0 

type ParameterStore struct {
	ParamRegion string
	// contains filtered or unexported fields
}

ParameterStore is a secret store that uses AWS SSM Parameter store

func NewParameterStore added in v0.1.0 

func NewParameterStore(maxResultsToQuery int64) *ParameterStore

NewParameterStore creates a secret store that points at ParameterStore

func (*ParameterStore) Create added in v0.1.0 

func (s *ParameterStore) Create(id SecretIdentifier, value string) error

Create creates a Secret in the secret store. Version is guaranteed to be zero if no error is returned.

func (*ParameterStore) Delete added in v0.1.0 

func (s *ParameterStore) Delete(id SecretIdentifier) error

Delete deletes all versions of a secret

func (*ParameterStore) GetOrderedRegions added in v0.3.0 

func (s *ParameterStore) GetOrderedRegions() []string

GetOrderedRegions provides guarantees that actions on ParamStore will happen within a specific order every time. This is helpful for any errors with inconsistent state

func (*ParameterStore) History added in v0.1.0 

func (s *ParameterStore) History(id SecretIdentifier) ([]SecretMeta, error)

History gets history for a secret, returning all versions from the store.

func (*ParameterStore) List added in v0.1.0 

func (s *ParameterStore) List(env Environment, service string) ([]SecretIdentifier, error)

List gets secrets within a namespace (env/service)>

func (*ParameterStore) ListAll added in v0.1.0 

func (s *ParameterStore) ListAll(env Environment) ([]SecretIdentifier, error)

ListAll gets all secrets within a environment (env)>

func (*ParameterStore) Read added in v0.1.0 

func (s *ParameterStore) Read(id SecretIdentifier) (Secret, error)

Read a Secret from the store. Returns the latest version of the secret.

func (*ParameterStore) ReadVersion added in v0.1.0 

func (s *ParameterStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)

ReadVersion reads a specific version of a secret from the store. Version is 0-indexed

func (*ParameterStore) Update added in v0.1.0 

func (s *ParameterStore) Update(id SecretIdentifier, value string) (Secret, error)

Update updates a Secret from the store and increments version number.

type Secret 

type Secret struct {
	// Data is the actual secret value
	Data string `json:"data"`
	// Meta is the information about the secret
	Meta SecretMeta `json:"meta"`
}

Secret is the unit the secret store

type SecretIdentifier 

type SecretIdentifier struct {
	Environment  Environment
	Service, Key string
}

SecretIdentifier is a lookup key for a secret, including the production flag, the service name, and the specific key

func GetRandomTestSecretIdentifier 

func GetRandomTestSecretIdentifier() SecretIdentifier

GetRandomTestSecretIdentifier returns a random key in the ci-test environment

func (SecretIdentifier) EnvironmentString 

func (id SecretIdentifier) EnvironmentString() string

EnvironmentString returns the environment used for the secret identifier, as a string

func (SecretIdentifier) String 

func (id SecretIdentifier) String() string

String() returns the key used for the secret identifier

type SecretMeta 

type SecretMeta struct {
	Created    time.Time `json:"created"`
	Expiration time.Time `json:"expiration"`
	Version    int       `json:"version"`
}

SecretMeta is metadata to manage a secret

type SecretStore 

type SecretStore interface {
	// Creates a Secret in the secret store. Version is guaranteed to be zero if no error is returned.
	Create(id SecretIdentifier, value string) error

	// Read a Secret from the store. Returns the latest version of the secret.
	Read(id SecretIdentifier) (Secret, error)

	// ReadVersion reads a specific version of a secret from the store.
	// Version is 0-indexed
	ReadVersion(id SecretIdentifier, version int) (Secret, error)

	// Updates a Secret from the store and increments version number.
	Update(id SecretIdentifier, value string) (Secret, error)

	// List gets secrets within a namespace (env/service)>
	List(env Environment, service string) ([]SecretIdentifier, error)

	// ListAll gets all secrets within a environment (env)>
	ListAll(env Environment) ([]SecretIdentifier, error)

	// History gets history for a secret, returning all versions from the store.
	History(id SecretIdentifier) ([]SecretMeta, error)

	// Delete deletes all versions of a secret
	Delete(id SecretIdentifier) error
}

SecretStore is the CRUD-like interface for Secrets

func NewMemoryStore 

func NewMemoryStore() SecretStore

NewMemoryStore creates an in-memory secret store

func NewMockStore 

func NewMockStore() SecretStore

NewMockStore creates a mock secret store, with all no-op methods.

type UnicredsConfig 

type UnicredsConfig struct {
	UnicredsPath  *string
	UnicredsAlias string
}

UnicredsConfig stores the configuration for a unicreds KMS and DynamoDB

type UnicredsStore 

type UnicredsStore struct {
	Environments map[Environment]UnicredsConfig
	Region       string
}

UnicredsStore is a secret store pointing at a prod and dev unicreds (https://github.com/Clever/unicreds) backend

func NewUnicredsStore 

func NewUnicredsStore() *UnicredsStore

NewUnicredsStore creates a secret store that points at DynamoDB and KMS AWS resources

func (*UnicredsStore) Create 

func (s *UnicredsStore) Create(id SecretIdentifier, value string) error

Create creates a key in the unicreds store

func (*UnicredsStore) Delete 

func (s *UnicredsStore) Delete(id SecretIdentifier) error

Delete deletes all versions of a secret from the secret store. Note that this is a Unicreds-only function - not part of the SecretStore interface.

func (*UnicredsStore) History 

func (s *UnicredsStore) History(id SecretIdentifier) ([]SecretMeta, error)

History returns all versions of a secret

func (*UnicredsStore) List 

func (s *UnicredsStore) List(env Environment, service string) ([]SecretIdentifier, error)

List gets all secrets in a namespace

func (*UnicredsStore) ListAll 

func (s *UnicredsStore) ListAll(env Environment) ([]SecretIdentifier, error)

ListAll gets all secrets in an environment. Note that this is a Unicreds-only function - not part of the SecretStore interface.

func (*UnicredsStore) Read 

func (s *UnicredsStore) Read(id SecretIdentifier) (Secret, error)

Read reads the latest version of the secret

func (*UnicredsStore) ReadVersion 

func (s *UnicredsStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)

ReadVersion reads a version of a secret

func (*UnicredsStore) Update 

func (s *UnicredsStore) Update(id SecretIdentifier, value string) (Secret, error)

Update writes a new version of the key

type VersionNotFoundError 

type VersionNotFoundError struct {
	Identifier SecretIdentifier
	Version    int
}

VersionNotFoundError occurs when a secret version cannot be found (during ReadVersion)

func (*VersionNotFoundError) Error 

func (e *VersionNotFoundError) Error() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.