Documentation
¶
Index ¶
- Constants
- func CopyDir(src, dst string) error
- func CopyFile(src, dest string) error
- type CryptoHandler
- type CryptoHandlerOpts
- type CryptoWrapError
- type DefaultReplaceables
- type DefaultVaultClient
- type Encrypter
- type FileTransformable
- type MaskOpts
- type Masker
- type MockVaultClient
- type Replaceables
- type SimpleEncrypter
- type StreamTransformable
- type Tfvars
- type TransformOpts
- type Transformable
- type VaultCliClient
- type VaultClient
- type VaultEncrypter
Constants ¶
const ( TfstateFilename = "terraform.tfstate" TfstateBkpFilename = "terraform.tfstate.backup" TfvarsFilename = "terraform.tfvars" ThBkpExtension = ".terrahelpbkp" // ThNamedEncryptionKey is default Vault named encryption key ThNamedEncryptionKey = "terrahelp" )
Default file related values
const ( ThEncryptProviderSimple = "simple" ThEncryptProviderVault = "vault" ThEncryptProviderVaultCli = "vault-cli" )
Valid encryption providers
const ( ThEncryptModeInline = "inline" ThEncryptModeFull = "full" )
Valid encryption modes
const ( MaskChar = "*" NumberOfMaskChar = 6 PrevVal2CurrentValSelectPattern = "(=\\s*|:\\s*)(\".+\")\\s*(=|-)>\\s*\"(\\%s*)\"" PrevVal2MaskedValReplacePattern = "\"%s\"" )
Default mask related values
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CryptoHandler ¶ added in v0.3.0
type CryptoHandler struct {
Encrypter Encrypter
}
CryptoHandler defines and exposes cryptographic actions which can be performed against terraform related files and output
func (*CryptoHandler) Decrypt ¶ added in v0.3.0
func (t *CryptoHandler) Decrypt(ctx *CryptoHandlerOpts) error
Decrypt will ensure appropriate aspects of the input content are decrypted as per the configured options supplied
func (*CryptoHandler) Encrypt ¶ added in v0.3.0
func (t *CryptoHandler) Encrypt(ctx *CryptoHandlerOpts) error
Encrypt will ensure the appropriate areas of the input content are encrypted as per the configured options supplied
func (*CryptoHandler) Init ¶ added in v0.3.0
func (t *CryptoHandler) Init(ctx *CryptoHandlerOpts) error
Init provides the opportunity for the Encrypter provider to perform any additional config or initialisation which may be required before use
type CryptoHandlerOpts ¶ added in v0.3.0
type CryptoHandlerOpts struct { *TransformOpts EncProvider string EncMode string NamedEncKey string SimpleKey string AllowDoubleEncrypt bool ExcludeWhitespaceOnly bool }
CryptoHandlerOpts holds the specific options detailing how, and on what to perform the cryptographic actions.
func NewDefaultCryptoHandlerOpts ¶ added in v0.3.0
func NewDefaultCryptoHandlerOpts() *CryptoHandlerOpts
NewDefaultCryptoHandlerOpts creates CryptoHandlerOpts with all the default values set
func (*CryptoHandlerOpts) InlineMode ¶ added in v0.3.0
func (o *CryptoHandlerOpts) InlineMode() bool
InlineMode returns true if the Encryption mode is 'inline'
func (*CryptoHandlerOpts) ValidateForEncryptDecrypt ¶ added in v0.3.0
func (o *CryptoHandlerOpts) ValidateForEncryptDecrypt() error
ValidateForEncryptDecrypt ensures valid options have been set for the encryption / decruption process
type CryptoWrapError ¶ added in v0.2.1
type CryptoWrapError struct {
// contains filtered or unexported fields
}
A CryptoWrapError describes an error where a missing or invalid use of the terrahelp wrapper value (i.e. @terrahelp-encrypted() ) prevents the encryption or decryption being performed
func (*CryptoWrapError) Error ¶ added in v0.2.1
func (e *CryptoWrapError) Error() string
type DefaultReplaceables ¶ added in v0.3.1
type DefaultReplaceables struct {
Vals []string
}
DefaultReplaceables provides the default implemenation of Replaceables. Stores values to replace as strings
func (*DefaultReplaceables) Values ¶ added in v0.3.1
func (d *DefaultReplaceables) Values() ([]string, error)
Values returns the list of values to replace
type DefaultVaultClient ¶
DefaultVaultClient provides a wrapper around the core Vault client and uses it to provide the required functionality
func NewDefaultVaultClient ¶
func NewDefaultVaultClient() (*DefaultVaultClient, error)
NewDefaultVaultClient creates a new DefaultVaultClient
func (*DefaultVaultClient) Decrypt ¶
func (v *DefaultVaultClient) Decrypt(key, ciphertext string) (string, error)
Decrypt uses the named encryption key to decrypt the supplied content
func (*DefaultVaultClient) Encrypt ¶
func (v *DefaultVaultClient) Encrypt(key, b64text string) (string, error)
Encrypt uses the named encryption key to encrypt the supplied content
func (*DefaultVaultClient) MountTransitBackend ¶
func (v *DefaultVaultClient) MountTransitBackend() error
MountTransitBackend ensures the transit backend is mounted
func (*DefaultVaultClient) RegisterNamedEncryptionKey ¶
func (v *DefaultVaultClient) RegisterNamedEncryptionKey(key string) error
RegisterNamedEncryptionKey registers the named encryption key within Vault's transit backend
type Encrypter ¶
type Encrypter interface { Init(key string) error Decrypt(key string, b []byte) ([]byte, error) Encrypt(key string, b []byte) ([]byte, error) }
Encrypter defines the functionality required to be supported by crypto backends which are to be used for encrypting and decrypting tfstate files
type FileTransformable ¶ added in v0.3.1
type FileTransformable struct {
// contains filtered or unexported fields
}
FileTransformable defines actions to validate, read and write content from a file on the filesystem required as input to, and output from, a transformation action.
func NewFileTransformable ¶ added in v0.3.1
func NewFileTransformable(f string, bkp bool, bkpExt string) *FileTransformable
NewFileTransformable creates a new FileTransformable
type MaskOpts ¶ added in v0.3.1
type MaskOpts struct { *TransformOpts MaskChar string MaskNumChar int ReplacePrevVals bool ExcludeWhitespaceOnly bool }
MaskOpts holds the specific options detailing how, and on what to perform the masking action.
func NewDefaultMaskOpts ¶ added in v0.3.1
func NewDefaultMaskOpts() *MaskOpts
NewDefaultMaskOpts creates MaskOpts with all the default values set
type Masker ¶ added in v0.3.1
type Masker struct {
// contains filtered or unexported fields
}
Masker exposes the ability to obfuscate sensitive data found within certain content by replacing it with a masked value
func NewMasker ¶ added in v0.3.1
func NewMasker(ctx *MaskOpts, svh Replaceables) *Masker
NewMasker creates a new NewMasker with the specified options and Replaceables
type MockVaultClient ¶
type MockVaultClient struct {
// contains filtered or unexported fields
}
MockVaultClient provides a mock implementation of the VaultClient interface for testing purposes
func NewMockVaultClient ¶
func NewMockVaultClient() *MockVaultClient
NewMockVaultClient creates a new MockVaultClient
func (*MockVaultClient) Decrypt ¶
func (m *MockVaultClient) Decrypt(key, s string) (string, error)
Decrypt uses the named encryption key to mock decrypt the supplied content
func (*MockVaultClient) Encrypt ¶
func (m *MockVaultClient) Encrypt(key, s string) (string, error)
Encrypt uses the named encryption key to mock encrypt the supplied content
func (*MockVaultClient) MountTransitBackend ¶
func (m *MockVaultClient) MountTransitBackend() error
MountTransitBackend mocks the mounting of the transit backend
func (*MockVaultClient) RegisterNamedEncryptionKey ¶
func (m *MockVaultClient) RegisterNamedEncryptionKey(key string) error
RegisterNamedEncryptionKey registers the named encryption key within the mock Vault service
type Replaceables ¶ added in v0.3.1
type Replaceables interface { // Values returns the list of values to replace or an error Values() ([]string, error) }
Replaceables defines the values which should be replaced as part of various transformations actions
type SimpleEncrypter ¶
type SimpleEncrypter struct{}
SimpleEncrypter provides basic AES based encryption
func NewSimpleEncrypter ¶
func NewSimpleEncrypter() *SimpleEncrypter
NewSimpleEncrypter creates a new SimpleEncrypter with default configuration
func (*SimpleEncrypter) Decrypt ¶
func (s *SimpleEncrypter) Decrypt(key string, b []byte) ([]byte, error)
Decrypt will use the supplied AES key to decrypt the byte content provided.
func (*SimpleEncrypter) Encrypt ¶
func (s *SimpleEncrypter) Encrypt(key string, b []byte) ([]byte, error)
Encrypt will perform AES based encryption on the byte content provided. The key should be an AES key, of either either 16 or 32 characters which then informs whether AES-128 or AES-256 encryption is applied.
func (*SimpleEncrypter) Init ¶
func (s *SimpleEncrypter) Init(key string) error
Init is used to initialise Vault for the purposes of using its encryption as a service functionality
type StreamTransformable ¶ added in v0.3.1
type StreamTransformable struct {
// contains filtered or unexported fields
}
StreamTransformable defines the set of actions which can be performed on an underlying stream of data (typically stdin and stdout) as part of applying a transformation process to it. Note: There generally be NO arbitrary writing to stdout for logging purposes with a StreamTransformable as often the stream is stdin / stdout itself.
func NewStdStreamTransformable ¶ added in v0.3.1
func NewStdStreamTransformable() *StreamTransformable
NewStdStreamTransformable creates a new StreamTransformable using stdin for obtaining the input into, and stdout for writing the result of a transformation action
func NewStreamTransformable ¶ added in v0.3.1
func NewStreamTransformable(in io.Reader, out io.Writer) *StreamTransformable
NewStreamTransformable creates a new StreamTransformable
type Tfvars ¶
type Tfvars struct {
// contains filtered or unexported fields
}
Tfvars provides utility functions pertaining to the terraform.tfvars file
type TransformOpts ¶ added in v0.3.1
type TransformOpts struct { TransformItems []Transformable TfvarsFilename string }
TransformOpts holds the specific options detailing how, and on what the transformation action should be performed.
type Transformable ¶ added in v0.3.1
type Transformable interface {
// contains filtered or unexported methods
}
Transformable defines the set of actions which can be performed on some underlying content as part of applying a transformation process to it.
type VaultCliClient ¶ added in v0.4.1
type VaultCliClient struct { }
VaultCliClient provides a wrapper around calling Vault via the CLI and uses it to provide the required functionality
func NewVaultCliClient ¶ added in v0.4.1
func NewVaultCliClient() (*VaultCliClient, error)
NewVaultCliClient creates a new VaultCliClient
func (*VaultCliClient) Decrypt ¶ added in v0.4.1
func (v *VaultCliClient) Decrypt(key, ciphertext string) (string, error)
Decrypt uses the named encryption key to decrypt the supplied content
func (*VaultCliClient) Encrypt ¶ added in v0.4.1
func (v *VaultCliClient) Encrypt(key, b64text string) (string, error)
Encrypt uses the named encryption key to encrypt the supplied content
func (*VaultCliClient) MountTransitBackend ¶ added in v0.4.1
func (v *VaultCliClient) MountTransitBackend() error
MountTransitBackend ensures the transit backend is mounted
func (*VaultCliClient) RegisterNamedEncryptionKey ¶ added in v0.4.1
func (v *VaultCliClient) RegisterNamedEncryptionKey(key string) error
RegisterNamedEncryptionKey registers the named encryption key within Vault's transit backend
type VaultClient ¶
type VaultClient interface { // RegisterNamedEncryptionKey registers the named encryption key // within Vault's transit backend RegisterNamedEncryptionKey(key string) error // MountTransitBackend ensures the transit backend is mounted MountTransitBackend() error // Encrypt uses the named encryption key to encrypt the supplied content Encrypt(key, text string) (string, error) // Decrypt uses the named encryption key to decrypt the supplied content Decrypt(key, ciphertext string) (string, error) }
VaultClient defines the basic functionality required by terrahelp when interacting with Vault
type VaultEncrypter ¶
type VaultEncrypter struct {
// contains filtered or unexported fields
}
VaultEncrypter wraps the real core Vault client exposing convenient methods required to interact with Vault in order to perform encrypting and decrypting of tfstate files
func NewVaultCliEncrypter ¶ added in v0.4.1
func NewVaultCliEncrypter() (*VaultEncrypter, error)
NewVaultCliEncrypter creates a new CLI based VaultEncrypter
func NewVaultEncrypter ¶
func NewVaultEncrypter() (*VaultEncrypter, error)
NewVaultEncrypter creates a new VaultEncrypter
func (*VaultEncrypter) Decrypt ¶
func (cu *VaultEncrypter) Decrypt(key string, ciphertext []byte) ([]byte, error)
Decrypt uses the named encryption key to decrypt the provided ciphertext
func (*VaultEncrypter) Encrypt ¶
func (cu *VaultEncrypter) Encrypt(key string, plaintext []byte) ([]byte, error)
Encrypt uses the named encryption key to encrypt the provided plaintext
func (*VaultEncrypter) Init ¶
func (cu *VaultEncrypter) Init(key string) error
Init is used to initialise the VaultEncrypter for the purposes of using its encryption as a service functionality