Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrObjectNotExist = errors.New("object does not exist")
ErrObjectNotExist is an error representing that an object did not exist.
Functions ¶
This section is empty.
Types ¶
type Key ¶
type Key interface {
// PutBatchSigningKey writes the provided key as the batch signing key for
// the given (locality, ingestor) tuple, or returns an error on failure.
PutBatchSigningKey(ctx context.Context, locality, ingestor string, key key.Key) error
// PutPacketEncryptionKey writes the provided key as the packet encryption
// key for the given locality, or returns an error on failure.
PutPacketEncryptionKey(ctx context.Context, locality string, key key.Key) error
// GetBatchSigningKey gets the batch signing key for the given (locality,
// ingestor) pair, or returns an error on failure.
GetBatchSigningKey(ctx context.Context, locality, ingestor string) (key.Key, error)
// GetPacketEncryptionKey gets the packet encryption key for the given
// locality, or returns an error on failure.
GetPacketEncryptionKey(ctx context.Context, locality string) (key.Key, error)
}
Key represents a store of Prio keys, with functionality to read & write keys from the store.
func NewAWSKey ¶
func NewAWSKey(sm *secretsmanager.SecretsManager, prioEnv string) Key
NewAWSKey returns a Key implementation using the AWS secret manager for backing storage. This key store writes keys in a way that is suitable for backup; keys written by this store cannot be read by other components of the Prio system (e.g. the facilitator).
func NewBackupKey ¶
NewBackupKey returns a Key implementation that mirrors writes to a "backup" storage.Key. All reads are performed via the "main" storage.Key (the "backup" storage.Key will never be used to fulfill a read). To avoid the possiblity of writing a key to main storage without backing it up, writes are performed by writing to the "backup" storage first, followed by writing to the "main" storage.
func NewGCPKey ¶
func NewGCPKey(sm *secretmanager.Client, prioEnv, gcpProjectID string) Key
NewGCPKey returns a Key implementation using the GCP secret manager for backing storage. This key store writes keys in a way that is suitable for backup; keys written by this store cannot be read by other components of the Prio system (e.g. the facilitator).
func NewKubernetesKey ¶
func NewKubernetesKey(k8s k8s.SecretInterface, prioEnv string) Key
NewKubernetesKey returns a Key implementation using the given Kubernetes secret interface for backing storage. This key store writes keys in a way that can be read by other components of the system (e.g. the facilitator).
type Manifest ¶
type Manifest interface {
// the provided share processor name in the writer's backing storage, or
// returns an error on failure.
PutDataShareProcessorSpecificManifest(ctx context.Context, dataShareProcessorName string, manifest manifest.DataShareProcessorSpecificManifest) error
// PutIngestorGlobalManifest writes the provided manifest to the writer's
// backing storage, or returns an error on failure.
PutIngestorGlobalManifest(ctx context.Context, manifest manifest.IngestorGlobalManifest) error
// specified data share processor and returns it, if it exists and is
// well-formed. If the manifest does not exist, an error wrapping
// ErrObjectNotExist will be returned.
GetDataShareProcessorSpecificManifest(ctx context.Context, dataShareProcessorName string) (manifest.DataShareProcessorSpecificManifest, error)
// GetIngestorGlobalManifest gets the ingestor global manifest, if it
// exists and is well-formed. If the manifest does not exist, an error
// wrapping ErrObjectNotExist will be returned.
GetIngestorGlobalManifest(ctx context.Context) (manifest.IngestorGlobalManifest, error)
}
Manifest represents a store of manifests, with functionality to read & write manifests from the store.
func NewManifest ¶
NewManifest creates a new Manifest based on the given bucket parameters. It will use the given bucket for storage, which should be in the format "gs://bucket_name" (to use GCS) or "s3://bucket_name" (to use S3).
type ManifestOption ¶
type ManifestOption func(*manifestOpts)
ManifestOption represents an option that can be passed to NewManifest.
func WithAWSRegion ¶
func WithAWSRegion(awsRegion string) ManifestOption
WithAWSRegion returns a manifest option that sets the AWS region to use. Applies only to Manifests backed by S3.
func WithDefaultDataShareProcessorManifests ¶
func WithDefaultDataShareProcessorManifests(defaultManifestByDSP map[string]manifest.DataShareProcessorSpecificManifest) ManifestOption
WithDefaultDataShareProcessorManifests returns a manifest option that defines the "default" data share processor-specific manifests that will be returned if the underlying storage bucket does not contain a manifest for certain data share processors. If this option is specified, GetDataShareProcessorSpecificManifest will never return an error wrapping ErrObjectDoesNotExist for the data share processors specified as keys in the given map.
func WithKeyPrefix ¶
func WithKeyPrefix(keyPrefix string) ManifestOption
WithKeyPrefix returns a manifest option that sets a key prefix, which will be applied to all keys read or written from the underlying data store.
Source Files
Directories