plugin

package
v0.0.0-...-0e952b5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 10, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RegisterKeyManagementServiceServer 

func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer)

Types

type DecryptRequest 

type DecryptRequest struct {
	// The data to be decrypted.
	Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// UID is a unique identifier for the request.
	Uid string `protobuf:"bytes,2,opt,name=uid,proto3" json:"uid,omitempty"`
	// The keyID that was provided to the apiserver during encryption.
	// This represents the KMS KEK that was used to encrypt the data.
	KeyId string `protobuf:"bytes,3,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// Additional metadata that was sent by the KMS plugin during encryption.
	Annotations          map[string][]byte `` /* 163-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

func (*DecryptRequest) Descriptor 

func (*DecryptRequest) Descriptor() ([]byte, []int)

func (*DecryptRequest) GetAnnotations 

func (m *DecryptRequest) GetAnnotations() map[string][]byte

func (*DecryptRequest) GetCiphertext 

func (m *DecryptRequest) GetCiphertext() []byte

func (*DecryptRequest) GetKeyId 

func (m *DecryptRequest) GetKeyId() string

func (*DecryptRequest) GetUid 

func (m *DecryptRequest) GetUid() string

func (*DecryptRequest) ProtoMessage 

func (*DecryptRequest) ProtoMessage()

func (*DecryptRequest) Reset 

func (m *DecryptRequest) Reset()

func (*DecryptRequest) String 

func (m *DecryptRequest) String() string

func (*DecryptRequest) XXX_DiscardUnknown 

func (m *DecryptRequest) XXX_DiscardUnknown()

func (*DecryptRequest) XXX_Marshal 

func (m *DecryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DecryptRequest) XXX_Merge 

func (m *DecryptRequest) XXX_Merge(src proto.Message)

func (*DecryptRequest) XXX_Size 

func (m *DecryptRequest) XXX_Size() int

func (*DecryptRequest) XXX_Unmarshal 

func (m *DecryptRequest) XXX_Unmarshal(b []byte) error

type DecryptResponse 

type DecryptResponse struct {
	// The decrypted data.
	Plaintext            []byte   `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*DecryptResponse) Descriptor 

func (*DecryptResponse) Descriptor() ([]byte, []int)

func (*DecryptResponse) GetPlaintext 

func (m *DecryptResponse) GetPlaintext() []byte

func (*DecryptResponse) ProtoMessage 

func (*DecryptResponse) ProtoMessage()

func (*DecryptResponse) Reset 

func (m *DecryptResponse) Reset()

func (*DecryptResponse) String 

func (m *DecryptResponse) String() string

func (*DecryptResponse) XXX_DiscardUnknown 

func (m *DecryptResponse) XXX_DiscardUnknown()

func (*DecryptResponse) XXX_Marshal 

func (m *DecryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DecryptResponse) XXX_Merge 

func (m *DecryptResponse) XXX_Merge(src proto.Message)

func (*DecryptResponse) XXX_Size 

func (m *DecryptResponse) XXX_Size() int

func (*DecryptResponse) XXX_Unmarshal 

func (m *DecryptResponse) XXX_Unmarshal(b []byte) error

type EncryptRequest 

type EncryptRequest struct {
	// The data to be encrypted.
	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// UID is a unique identifier for the request.
	Uid                  string   `protobuf:"bytes,2,opt,name=uid,proto3" json:"uid,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*EncryptRequest) Descriptor 

func (*EncryptRequest) Descriptor() ([]byte, []int)

func (*EncryptRequest) GetPlaintext 

func (m *EncryptRequest) GetPlaintext() []byte

func (*EncryptRequest) GetUid 

func (m *EncryptRequest) GetUid() string

func (*EncryptRequest) ProtoMessage 

func (*EncryptRequest) ProtoMessage()

func (*EncryptRequest) Reset 

func (m *EncryptRequest) Reset()

func (*EncryptRequest) String 

func (m *EncryptRequest) String() string

func (*EncryptRequest) XXX_DiscardUnknown 

func (m *EncryptRequest) XXX_DiscardUnknown()

func (*EncryptRequest) XXX_Marshal 

func (m *EncryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EncryptRequest) XXX_Merge 

func (m *EncryptRequest) XXX_Merge(src proto.Message)

func (*EncryptRequest) XXX_Size 

func (m *EncryptRequest) XXX_Size() int

func (*EncryptRequest) XXX_Unmarshal 

func (m *EncryptRequest) XXX_Unmarshal(b []byte) error

type EncryptResponse 

type EncryptResponse struct {
	// The encrypted data.
	// ciphertext must satisfy the following constraints:
	// 1. The ciphertext is not empty.
	// 2. The ciphertext is less than 1 kB.
	Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// The KMS key ID used to encrypt the data. This must always refer to the KMS KEK and not any local KEKs that may be in use.
	// This can be used to inform staleness of data updated via value.Transformer.TransformFromStorage.
	// keyID must satisfy the following constraints:
	// 1. The keyID is not empty.
	// 2. The size of keyID is less than 1 kB.
	KeyId string `protobuf:"bytes,2,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// Additional metadata to be stored with the encrypted data.
	// This data is stored in plaintext in etcd. KMS plugin implementations are responsible for pre-encrypting any sensitive data.
	// Annotations must satisfy the following constraints:
	//  1. Annotation key must be a fully qualified domain name that conforms to the definition in DNS (RFC 1123).
	//  2. The size of annotations keys + values is less than 32 kB.
	Annotations          map[string][]byte `` /* 163-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

func (*EncryptResponse) Descriptor 

func (*EncryptResponse) Descriptor() ([]byte, []int)

func (*EncryptResponse) GetAnnotations 

func (m *EncryptResponse) GetAnnotations() map[string][]byte

func (*EncryptResponse) GetCiphertext 

func (m *EncryptResponse) GetCiphertext() []byte

func (*EncryptResponse) GetKeyId 

func (m *EncryptResponse) GetKeyId() string

func (*EncryptResponse) ProtoMessage 

func (*EncryptResponse) ProtoMessage()

func (*EncryptResponse) Reset 

func (m *EncryptResponse) Reset()

func (*EncryptResponse) String 

func (m *EncryptResponse) String() string

func (*EncryptResponse) XXX_DiscardUnknown 

func (m *EncryptResponse) XXX_DiscardUnknown()

func (*EncryptResponse) XXX_Marshal 

func (m *EncryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EncryptResponse) XXX_Merge 

func (m *EncryptResponse) XXX_Merge(src proto.Message)

func (*EncryptResponse) XXX_Size 

func (m *EncryptResponse) XXX_Size() int

func (*EncryptResponse) XXX_Unmarshal 

func (m *EncryptResponse) XXX_Unmarshal(b []byte) error

type KeyManagementServiceClient 

type KeyManagementServiceClient interface {
	// this API is meant to be polled
	Status(ctx context.Context, in *StatusRequest, opts ...grpc.CallOption) (*StatusResponse, error)
	// Execute decryption operation in KMS provider.
	Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
	// Execute encryption operation in KMS provider.
	Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
}

KeyManagementServiceClient is the client API for KeyManagementService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewKeyManagementServiceClient 

func NewKeyManagementServiceClient(cc *grpc.ClientConn) KeyManagementServiceClient

type KeyManagementServiceServer 

type KeyManagementServiceServer interface {
	// this API is meant to be polled
	Status(context.Context, *StatusRequest) (*StatusResponse, error)
	// Execute decryption operation in KMS provider.
	Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
	// Execute encryption operation in KMS provider.
	Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
}

KeyManagementServiceServer is the server API for KeyManagementService service.

type Plugin 

type Plugin struct {
	CredentialsFile  string
	MasterKeyURI     string
	PathToUnixSocket string

	// Embedding these only to shorten access to fields.
	net.Listener
	*grpc.Server
	// contains filtered or unexported fields
}

Plugin is a GCP Secret Manager plugin for K8S.

func (*Plugin) Decrypt 

func (g *Plugin) Decrypt(ctx context.Context, request *DecryptRequest) (*DecryptResponse, error)

Decrypt decrypts payload supplied by K8S API Server.

func (*Plugin) Encrypt 

func (g *Plugin) Encrypt(ctx context.Context, request *EncryptRequest) (*EncryptResponse, error)

Encrypt encrypts payload provided by K8S API Server.

func (*Plugin) Init 

func (g *Plugin) Init() error

func (*Plugin) ServeKMSRequests 

func (g *Plugin) ServeKMSRequests() (*grpc.Server, chan error)

ServeKMSRequests starts gRPC server or dies.

func (*Plugin) Status 

func (g *Plugin) Status(ctx context.Context, request *StatusRequest) (*StatusResponse, error)

Status returns the version of KMS Plugin.

type StatusRequest 

type StatusRequest struct {
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*StatusRequest) Descriptor 

func (*StatusRequest) Descriptor() ([]byte, []int)

func (*StatusRequest) ProtoMessage 

func (*StatusRequest) ProtoMessage()

func (*StatusRequest) Reset 

func (m *StatusRequest) Reset()

func (*StatusRequest) String 

func (m *StatusRequest) String() string

func (*StatusRequest) XXX_DiscardUnknown 

func (m *StatusRequest) XXX_DiscardUnknown()

func (*StatusRequest) XXX_Marshal 

func (m *StatusRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*StatusRequest) XXX_Merge 

func (m *StatusRequest) XXX_Merge(src proto.Message)

func (*StatusRequest) XXX_Size 

func (m *StatusRequest) XXX_Size() int

func (*StatusRequest) XXX_Unmarshal 

func (m *StatusRequest) XXX_Unmarshal(b []byte) error

type StatusResponse 

type StatusResponse struct {
	// Version of the KMS gRPC plugin API. Must equal v2 to v2beta1 (v2 is recommended, but both are equivalent).
	Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
	// Any value other than "ok" is failing healthz.  On failure, the associated API server healthz endpoint will contain this value as part of the error message.
	Healthz string `protobuf:"bytes,2,opt,name=healthz,proto3" json:"healthz,omitempty"`
	// the current write key, used to determine staleness of data updated via value.Transformer.TransformFromStorage.
	// keyID must satisfy the following constraints:
	// 1. The keyID is not empty.
	// 2. The size of keyID is less than 1 kB.
	KeyId                string   `protobuf:"bytes,3,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*StatusResponse) Descriptor 

func (*StatusResponse) Descriptor() ([]byte, []int)

func (*StatusResponse) GetHealthz 

func (m *StatusResponse) GetHealthz() string

func (*StatusResponse) GetKeyId 

func (m *StatusResponse) GetKeyId() string

func (*StatusResponse) GetVersion 

func (m *StatusResponse) GetVersion() string

func (*StatusResponse) ProtoMessage 

func (*StatusResponse) ProtoMessage()

func (*StatusResponse) Reset 

func (m *StatusResponse) Reset()

func (*StatusResponse) String 

func (m *StatusResponse) String() string

func (*StatusResponse) XXX_DiscardUnknown 

func (m *StatusResponse) XXX_DiscardUnknown()

func (*StatusResponse) XXX_Marshal 

func (m *StatusResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*StatusResponse) XXX_Merge 

func (m *StatusResponse) XXX_Merge(src proto.Message)

func (*StatusResponse) XXX_Size 

func (m *StatusResponse) XXX_Size() int

func (*StatusResponse) XXX_Unmarshal 

func (m *StatusResponse) XXX_Unmarshal(b []byte) error

type UnimplementedKeyManagementServiceServer 

type UnimplementedKeyManagementServiceServer struct {
}

UnimplementedKeyManagementServiceServer can be embedded to have forward compatible implementations.

func (*UnimplementedKeyManagementServiceServer) Decrypt 

func (*UnimplementedKeyManagementServiceServer) Decrypt(ctx context.Context, req *DecryptRequest) (*DecryptResponse, error)

func (*UnimplementedKeyManagementServiceServer) Encrypt 

func (*UnimplementedKeyManagementServiceServer) Encrypt(ctx context.Context, req *EncryptRequest) (*EncryptResponse, error)

func (*UnimplementedKeyManagementServiceServer) Status 

func (*UnimplementedKeyManagementServiceServer) Status(ctx context.Context, req *StatusRequest) (*StatusResponse, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.