Documentation
¶
Index ¶
- type DynamoDBEnvelope
- type DynamoDBMetastore
- func (d *DynamoDBMetastore) GetRegionSuffix() string
- func (d *DynamoDBMetastore) GetTableName() string
- func (d *DynamoDBMetastore) Load(ctx context.Context, keyID string, created int64) (*appencryption.EnvelopeKeyRecord, error)
- func (d *DynamoDBMetastore) LoadLatest(ctx context.Context, keyID string) (*appencryption.EnvelopeKeyRecord, error)
- func (d *DynamoDBMetastore) Store(ctx context.Context, keyID string, created int64, ...) (bool, error)
- type DynamoDBMetastoreOption
- type LoaderFunc
- type MemoryMetastore
- func (s *MemoryMetastore) Load(_ context.Context, keyID string, created int64) (*appencryption.EnvelopeKeyRecord, error)
- func (s *MemoryMetastore) LoadLatest(_ context.Context, keyID string) (*appencryption.EnvelopeKeyRecord, error)
- func (s *MemoryMetastore) Store(_ context.Context, keyID string, created int64, ...) (bool, error)
- type SQLMetastore
- func (s *SQLMetastore) Load(ctx context.Context, keyID string, created int64) (*appencryption.EnvelopeKeyRecord, error)
- func (s *SQLMetastore) LoadLatest(ctx context.Context, keyID string) (*appencryption.EnvelopeKeyRecord, error)
- func (s *SQLMetastore) Store(ctx context.Context, keyID string, created int64, ...) (bool, error)
- type StorerFunc
Constants ¶
Variables ¶
Functions ¶
Types ¶
type DynamoDBEnvelope ¶
type DynamoDBEnvelope struct {
Revoked bool `json:"Revoked,omitempty"`
Created int64 `json:"Created"`
EncryptedKey string `json:"Key"`
ParentKeyMeta *appencryption.KeyMeta `json:"ParentKeyMeta,omitempty"`
}
DynamoDBEnvelope is used to convert the EncryptedKey to a Base64 encoded string to save in DynamoDB.
type DynamoDBMetastore ¶
type DynamoDBMetastore struct {
// contains filtered or unexported fields
}
DynamoDBMetastore implements the Metastore interface.
func NewDynamoDBMetastore ¶
func NewDynamoDBMetastore(sess client.ConfigProvider, opts ...DynamoDBMetastoreOption) *DynamoDBMetastore
func (*DynamoDBMetastore) GetRegionSuffix ¶
func (d *DynamoDBMetastore) GetRegionSuffix() string
GetRegionSuffix returns the DynamoDB region suffix or blank if not configured.
func (*DynamoDBMetastore) GetTableName ¶
func (d *DynamoDBMetastore) GetTableName() string
GetTableName returns the DynamoDB table name.
func (*DynamoDBMetastore) Load ¶
func (d *DynamoDBMetastore) Load(ctx context.Context, keyID string, created int64) (*appencryption.EnvelopeKeyRecord, error)
Load returns the key matching the keyID and created times provided. The envelope will be nil if it does not exist in the metastore.
func (*DynamoDBMetastore) LoadLatest ¶
func (d *DynamoDBMetastore) LoadLatest(ctx context.Context, keyID string) (*appencryption.EnvelopeKeyRecord, error)
LoadLatest returns the newest record matching the keyID. The return value will be nil if not already present.
func (*DynamoDBMetastore) Store ¶
func (d *DynamoDBMetastore) Store(ctx context.Context, keyID string, created int64, envelope *appencryption.EnvelopeKeyRecord) (bool, error)
Store attempts to insert the key into the metastore if one is not already present. If a key exists, the method will return false. If one is not present, the value will be inserted and we return true.
type DynamoDBMetastoreOption ¶
type DynamoDBMetastoreOption func(d *DynamoDBMetastore, p client.ConfigProvider)
DynamoDBMetastoreOption is used to configure additional options in a DynamoDBMetastore.
func WithDynamoDBRegionSuffix ¶
func WithDynamoDBRegionSuffix(enabled bool) DynamoDBMetastoreOption
WithDynamoDBRegionSuffix configures the DynamoDBMetastore to use a regional suffix for all writes. This feature should be enabled when using DynamoDB global tables to avoid write conflicts arising from the "last writer wins" method of conflict resolution.
func WithTableName ¶
func WithTableName(table string) DynamoDBMetastoreOption
WithTableName configures the DynamoDBMetastore to use the specified table name.
type LoaderFunc ¶
type LoaderFunc func(ctx context.Context, key interface{}) (*appencryption.DataRowRecord, error)
LoaderFunc is an adapter to allow the use of ordinary functions as Loaders. If f is a function with the appropriate signature, LoaderFunc(f) is an appencryption.Loader that calls f.
func (LoaderFunc) Load ¶
func (f LoaderFunc) Load(ctx context.Context, key interface{}) (*appencryption.DataRowRecord, error)
Load calls f(ctx, key).
type MemoryMetastore ¶
type MemoryMetastore struct {
sync.RWMutex
Envelopes map[string]map[int64]*appencryption.EnvelopeKeyRecord
}
MemoryMetastore is an in-memory implementation of a Metastore. NOTE: It should not be used in production and is for testing only!
func NewMemoryMetastore ¶
func NewMemoryMetastore() *MemoryMetastore
NewMemoryMetastore returns a new in-memory metastore.
func (*MemoryMetastore) Load ¶
func (s *MemoryMetastore) Load(_ context.Context, keyID string, created int64) (*appencryption.EnvelopeKeyRecord, error)
Load retrieves a specific key by id and created timestamp. The return value will be nil if not already present.
func (*MemoryMetastore) LoadLatest ¶
func (s *MemoryMetastore) LoadLatest(_ context.Context, keyID string) (*appencryption.EnvelopeKeyRecord, error)
LoadLatest returns the latest key matching the provided ID. The return value will be nil if not already present.
func (*MemoryMetastore) Store ¶
func (s *MemoryMetastore) Store(_ context.Context, keyID string, created int64, envelope *appencryption.EnvelopeKeyRecord) (bool, error)
Store attempts to insert the key into the metastore if one is not already present. If a key exists, the method will return false. If one is not present, the value will be inserted and we return true.
type SQLMetastore ¶
type SQLMetastore struct {
// contains filtered or unexported fields
}
SQLMetastore implements the Metastore interface for a RDBMS metastore. See scripts/encryption_key.sql for table structure and required stored procedures.
func NewSQLMetastore ¶
func NewSQLMetastore(dbHandle *sql.DB) *SQLMetastore
NewSQLMetastore returns a new SQLMetastore with the provided policy and sql connection.
func (*SQLMetastore) Load ¶
func (s *SQLMetastore) Load(ctx context.Context, keyID string, created int64) (*appencryption.EnvelopeKeyRecord, error)
Load returns the key matching the id and created timestamp provided. The envelope will be nil if it does not exist in the metastore.
func (*SQLMetastore) LoadLatest ¶
func (s *SQLMetastore) LoadLatest(ctx context.Context, keyID string) (*appencryption.EnvelopeKeyRecord, error)
LoadLatest returns the newest record matching the ID.
func (*SQLMetastore) Store ¶
func (s *SQLMetastore) Store(ctx context.Context, keyID string, created int64, envelope *appencryption.EnvelopeKeyRecord) (bool, error)
Store attempts to insert the key into the metastore if one is not already present. If a key exists, the method will return false. If one is not present, the value will be inserted and we return true. Note that as of this writing, the Go sql package doesn't expose a way to detect duplicate keys, so they are treated similarly to all errors that may happen in the insert.
type StorerFunc ¶
type StorerFunc func(ctx context.Context, d appencryption.DataRowRecord) (interface{}, error)
StorerFunc is an adapter to allow the use of ordinary functions as Storers. If f is a function with the appropriate signature, StorerFunc(f) is an appencryption.Storer that calls f.
func (StorerFunc) Store ¶
func (f StorerFunc) Store(ctx context.Context, d appencryption.DataRowRecord) (interface{}, error)
Store calls f(ctx, key, d).
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
Valid 
Stable version