terrahelp

package
v0.7.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 4, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TfstateFilename    = "terraform.tfstate"
	TfstateBkpFilename = "terraform.tfstate.backup"
	TfvarsFilename     = "terraform.tfvars"
	ThBkpExtension     = ".terrahelpbkp"

	// ThNamedEncryptionKey is default Vault named encryption key
	ThNamedEncryptionKey = "terrahelp"
)

Default file related values

View Source 
const (
	ThEncryptProviderSimple   = "simple"
	ThEncryptProviderVault    = "vault"
	ThEncryptProviderVaultCli = "vault-cli"
)

Valid encryption providers

View Source 
const (
	ThEncryptModeInline = "inline"
	ThEncryptModeFull   = "full"
)

Valid encryption modes

View Source 
const (
	MaskChar         = "*"
	NumberOfMaskChar = 6

	PrevVal2CurrentValSelectPattern = "(=\\s*|:\\s*)(\".+\")\\s*(=|-)>\\s*\"(\\%s*)\""
	PrevVal2MaskedValReplacePattern = "\"%s\""
)

Default mask related values

Variables

This section is empty.

Functions

func CopyDir 

func CopyDir(src, dst string) error

CopyDir copies the src directory contents into dst. Both directories should already exist.

func CopyFile 

func CopyFile(src, dest string) error

CopyFile will copy a file from src to dest

Types

type CryptoHandler added in v0.3.0 

type CryptoHandler struct {
	Encrypter Encrypter
}

CryptoHandler defines and exposes cryptographic actions which can be performed against terraform related files and output

func (*CryptoHandler) Decrypt added in v0.3.0 

func (t *CryptoHandler) Decrypt(ctx *CryptoHandlerOpts) error

Decrypt will ensure appropriate aspects of the input content are decrypted as per the configured options supplied

func (*CryptoHandler) Encrypt added in v0.3.0 

func (t *CryptoHandler) Encrypt(ctx *CryptoHandlerOpts) error

Encrypt will ensure the appropriate areas of the input content are encrypted as per the configured options supplied

func (*CryptoHandler) Init added in v0.3.0 

func (t *CryptoHandler) Init(ctx *CryptoHandlerOpts) error

Init provides the opportunity for the Encrypter provider to perform any additional config or initialisation which may be required before use

type CryptoHandlerOpts added in v0.3.0 

type CryptoHandlerOpts struct {
	*TransformOpts
	EncProvider           string
	EncMode               string
	NamedEncKey           string
	SimpleKey             string
	AllowDoubleEncrypt    bool
	ExcludeWhitespaceOnly bool
}

CryptoHandlerOpts holds the specific options detailing how, and on what to perform the cryptographic actions.

func NewDefaultCryptoHandlerOpts added in v0.3.0 

func NewDefaultCryptoHandlerOpts() *CryptoHandlerOpts

NewDefaultCryptoHandlerOpts creates CryptoHandlerOpts with all the default values set

func (*CryptoHandlerOpts) InlineMode added in v0.3.0 

func (o *CryptoHandlerOpts) InlineMode() bool

InlineMode returns true if the Encryption mode is 'inline'

func (*CryptoHandlerOpts) ValidateForEncryptDecrypt added in v0.3.0 

func (o *CryptoHandlerOpts) ValidateForEncryptDecrypt() error

ValidateForEncryptDecrypt ensures valid options have been set for the encryption / decruption process

type CryptoWrapError added in v0.2.1 

type CryptoWrapError struct {
	// contains filtered or unexported fields
}

A CryptoWrapError describes an error where a missing or invalid use of the terrahelp wrapper value (i.e. @terrahelp-encrypted() ) prevents the encryption or decryption being performed

func (*CryptoWrapError) Error added in v0.2.1 

func (e *CryptoWrapError) Error() string

type DefaultReplaceables added in v0.3.1 

type DefaultReplaceables struct {
	Vals []string
}

DefaultReplaceables provides the default implemenation of Replaceables. Stores values to replace as strings

func (*DefaultReplaceables) Values added in v0.3.1 

func (d *DefaultReplaceables) Values() ([]string, error)

Values returns the list of values to replace

type DefaultVaultClient 

type DefaultVaultClient struct {
	*api.Client
}

DefaultVaultClient provides a wrapper around the core Vault client and uses it to provide the required functionality

func NewDefaultVaultClient 

func NewDefaultVaultClient() (*DefaultVaultClient, error)

NewDefaultVaultClient creates a new DefaultVaultClient

func (*DefaultVaultClient) Decrypt 

func (v *DefaultVaultClient) Decrypt(key, ciphertext string) (string, error)

Decrypt uses the named encryption key to decrypt the supplied content

func (*DefaultVaultClient) Encrypt 

func (v *DefaultVaultClient) Encrypt(key, b64text string) (string, error)

Encrypt uses the named encryption key to encrypt the supplied content

func (*DefaultVaultClient) MountTransitBackend 

func (v *DefaultVaultClient) MountTransitBackend() error

MountTransitBackend ensures the transit backend is mounted

func (*DefaultVaultClient) RegisterNamedEncryptionKey 

func (v *DefaultVaultClient) RegisterNamedEncryptionKey(key string) error

RegisterNamedEncryptionKey registers the named encryption key within Vault's transit backend

type Encrypter 

type Encrypter interface {
	Init(key string) error
	Decrypt(key string, b []byte) ([]byte, error)
	Encrypt(key string, b []byte) ([]byte, error)
}

Encrypter defines the functionality required to be supported by crypto backends which are to be used for encrypting and decrypting tfstate files

type FileTransformable added in v0.3.1 

type FileTransformable struct {
	// contains filtered or unexported fields
}

FileTransformable defines actions to validate, read and write content from a file on the filesystem required as input to, and output from, a transformation action.

func NewFileTransformable added in v0.3.1 

func NewFileTransformable(f string, bkp bool, bkpExt string) *FileTransformable

NewFileTransformable creates a new FileTransformable

type MaskOpts added in v0.3.1 

type MaskOpts struct {
	*TransformOpts
	MaskChar              string
	MaskNumChar           int
	ReplacePrevVals       bool
	ExcludeWhitespaceOnly bool
}

MaskOpts holds the specific options detailing how, and on what to perform the masking action.

func NewDefaultMaskOpts added in v0.3.1 

func NewDefaultMaskOpts() *MaskOpts

NewDefaultMaskOpts creates MaskOpts with all the default values set

type Masker added in v0.3.1 

type Masker struct {
	// contains filtered or unexported fields
}

Masker exposes the ability to obfuscate sensitive data found within certain content by replacing it with a masked value

func NewMasker added in v0.3.1 

func NewMasker(ctx *MaskOpts, svh Replaceables) *Masker

NewMasker creates a new NewMasker with the specified options and Replaceables

func (*Masker) Mask added in v0.3.1 

func (m *Masker) Mask() error

Mask will ensure the appropriate areas of the input content are replaced with the mask pattern as per the configured options

type MockVaultClient 

type MockVaultClient struct {
	// contains filtered or unexported fields
}

MockVaultClient provides a mock implementation of the VaultClient interface for testing purposes

func NewMockVaultClient 

func NewMockVaultClient() *MockVaultClient

NewMockVaultClient creates a new MockVaultClient

func (*MockVaultClient) Decrypt 

func (m *MockVaultClient) Decrypt(key, s string) (string, error)

Decrypt uses the named encryption key to mock decrypt the supplied content

func (*MockVaultClient) Encrypt 

func (m *MockVaultClient) Encrypt(key, s string) (string, error)

Encrypt uses the named encryption key to mock encrypt the supplied content

func (*MockVaultClient) MountTransitBackend 

func (m *MockVaultClient) MountTransitBackend() error

MountTransitBackend mocks the mounting of the transit backend

func (*MockVaultClient) RegisterNamedEncryptionKey 

func (m *MockVaultClient) RegisterNamedEncryptionKey(key string) error

RegisterNamedEncryptionKey registers the named encryption key within the mock Vault service

type Replaceables added in v0.3.1 

type Replaceables interface {

	// Values returns the list of values to replace or an error
	Values() ([]string, error)
}

Replaceables defines the values which should be replaced as part of various transformations actions

type SimpleEncrypter 

type SimpleEncrypter struct{}

SimpleEncrypter provides basic AES based encryption

func NewSimpleEncrypter 

func NewSimpleEncrypter() *SimpleEncrypter

NewSimpleEncrypter creates a new SimpleEncrypter with default configuration

func (*SimpleEncrypter) Decrypt 

func (s *SimpleEncrypter) Decrypt(key string, b []byte) ([]byte, error)

Decrypt will use the supplied AES key to decrypt the byte content provided.

func (*SimpleEncrypter) Encrypt 

func (s *SimpleEncrypter) Encrypt(key string, b []byte) ([]byte, error)

Encrypt will perform AES based encryption on the byte content provided. The key should be an AES key, of either either 16 or 32 characters which then informs whether AES-128 or AES-256 encryption is applied.

func (*SimpleEncrypter) Init 

func (s *SimpleEncrypter) Init(key string) error

Init is used to initialise Vault for the purposes of using its encryption as a service functionality

type StreamTransformable added in v0.3.1 

type StreamTransformable struct {
	// contains filtered or unexported fields
}

StreamTransformable defines the set of actions which can be performed on an underlying stream of data (typically stdin and stdout) as part of applying a transformation process to it. Note: There generally be NO arbitrary writing to stdout for logging purposes with a StreamTransformable as often the stream is stdin / stdout itself.

func NewStdStreamTransformable added in v0.3.1 

func NewStdStreamTransformable() *StreamTransformable

NewStdStreamTransformable creates a new StreamTransformable using stdin for obtaining the input into, and stdout for writing the result of a transformation action

func NewStreamTransformable added in v0.3.1 

func NewStreamTransformable(in io.Reader, out io.Writer) *StreamTransformable

NewStreamTransformable creates a new StreamTransformable

type Tfvars 

type Tfvars struct {
	// contains filtered or unexported fields
}

Tfvars provides utility functions pertaining to the terraform.tfvars file

func NewTfVars added in v0.3.1 

func NewTfVars(f string, excl bool) *Tfvars

NewTfVars creates a new Tfvars holder based on the provided filename

func (*Tfvars) Values added in v0.3.1 

func (t *Tfvars) Values() ([]string, error)

Values returns a list of the sensitive values which were detected in the provided tfvars file

type TransformOpts added in v0.3.1 

type TransformOpts struct {
	TransformItems []Transformable
	TfvarsFilename string
}

TransformOpts holds the specific options detailing how, and on what the transformation action should be performed.

type Transformable added in v0.3.1 

type Transformable interface {
	// contains filtered or unexported methods
}

Transformable defines the set of actions which can be performed on some underlying content as part of applying a transformation process to it.

type VaultCliClient added in v0.4.1 

type VaultCliClient struct {
}

VaultCliClient provides a wrapper around calling Vault via the CLI and uses it to provide the required functionality

func NewVaultCliClient added in v0.4.1 

func NewVaultCliClient() (*VaultCliClient, error)

NewVaultCliClient creates a new VaultCliClient

func (*VaultCliClient) Decrypt added in v0.4.1 

func (v *VaultCliClient) Decrypt(key, ciphertext string) (string, error)

Decrypt uses the named encryption key to decrypt the supplied content

func (*VaultCliClient) Encrypt added in v0.4.1 

func (v *VaultCliClient) Encrypt(key, b64text string) (string, error)

Encrypt uses the named encryption key to encrypt the supplied content

func (*VaultCliClient) MountTransitBackend added in v0.4.1 

func (v *VaultCliClient) MountTransitBackend() error

MountTransitBackend ensures the transit backend is mounted

func (*VaultCliClient) RegisterNamedEncryptionKey added in v0.4.1 

func (v *VaultCliClient) RegisterNamedEncryptionKey(key string) error

RegisterNamedEncryptionKey registers the named encryption key within Vault's transit backend

type VaultClient 

type VaultClient interface {

	// RegisterNamedEncryptionKey registers the named encryption key
	// within Vault's transit backend
	RegisterNamedEncryptionKey(key string) error
	// MountTransitBackend ensures the transit backend is mounted
	MountTransitBackend() error
	// Encrypt uses the named encryption key to encrypt the supplied content
	Encrypt(key, text string) (string, error)
	// Decrypt uses the named encryption key to decrypt the supplied content
	Decrypt(key, ciphertext string) (string, error)
}

VaultClient defines the basic functionality required by terrahelp when interacting with Vault

type VaultEncrypter 

type VaultEncrypter struct {
	// contains filtered or unexported fields
}

VaultEncrypter wraps the real core Vault client exposing convenient methods required to interact with Vault in order to perform encrypting and decrypting of tfstate files

func NewVaultCliEncrypter added in v0.4.1 

func NewVaultCliEncrypter() (*VaultEncrypter, error)

NewVaultCliEncrypter creates a new CLI based VaultEncrypter

func NewVaultEncrypter 

func NewVaultEncrypter() (*VaultEncrypter, error)

NewVaultEncrypter creates a new VaultEncrypter

func (*VaultEncrypter) Decrypt 

func (cu *VaultEncrypter) Decrypt(key string, ciphertext []byte) ([]byte, error)

Decrypt uses the named encryption key to decrypt the provided ciphertext

func (*VaultEncrypter) Encrypt 

func (cu *VaultEncrypter) Encrypt(key string, plaintext []byte) ([]byte, error)

Encrypt uses the named encryption key to encrypt the provided plaintext

func (*VaultEncrypter) Init 

func (cu *VaultEncrypter) Init(key string) error

Init is used to initialise the VaultEncrypter for the purposes of using its encryption as a service functionality

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.