vault-latch-hack: github.com/adriamb/vault-latch-hack/physical Index | Files

package physical

import "github.com/adriamb/vault-latch-hack/physical"

Index

Package Files

cache.go consul.go etcd.go file.go inmem.go inmem_ha.go mysql.go physical.go s3.go zookeeper.go

Constants

const (
    // Ideally, this prefix would match the "_" used in the file backend, but
    // that prefix has special meaining in etcd. Specifically, it excludes those
    // entries from directory listings.
    EtcdNodeFilePrefix = "."

    // The lock prefix can (and probably should) cause an entry to be excluded
    // from diretory listings, so "_" works here.
    EtcdNodeLockPrefix = "_"

    // The delimiter is the same as the `-C` flag of etcdctl.
    EtcdMachineDelimiter = ","

    // The lock TTL matches the default that Consul API uses, 15 seconds.
    EtcdLockTTL = 15 * time.Second

    // The amount of time to wait between the semaphore key renewals
    EtcdLockRenewInterval = 5 * time.Second

    // The ammount of time to wait if a watch fails before trying again.
    EtcdWatchRetryInterval = time.Second

    // The number of times to re-try a failed watch before signaling that leadership is lost.
    EtcdWatchRetryMax = 5
)
const (
    // DefaultCacheSize is used if no cache size is specified for NewCache
    DefaultCacheSize = 32 * 1024
)
const DefaultParallelOperations = 128
const (
    // ZKNodeFilePrefix is prefixed to any "files" in ZooKeeper,
    // so that they do not collide with directory entries. Otherwise,
    // we cannot delete a file if the path is a full-prefix of another
    // key.
    ZKNodeFilePrefix = "_"
)

Variables

var (
    EtcdSyncClusterError         = errors.New("client setup failed: unable to sync etcd cluster")
    EtcdAddressError             = errors.New("client setup failed: address must be valid URL (ex. 'scheme://host:port')")
    EtcdSemaphoreKeysEmptyError  = errors.New("lock queue is empty")
    EtcdLockHeldError            = errors.New("lock already held")
    EtcdLockNotHeldError         = errors.New("lock not held")
    EtcdSemaphoreKeyRemovedError = errors.New("semaphore key removed before lock aquisition")
)
var BuiltinBackends = map[string]Factory{
    "inmem": func(map[string]string) (Backend, error) {
        return NewInmem(), nil
    },
    "consul":    newConsulBackend,
    "zookeeper": newZookeeperBackend,
    "file":      newFileBackend,
    "s3":        newS3Backend,
    "etcd":      newEtcdBackend,
    "mysql":     newMySQLBackend,
}

BuiltinBackends is the list of built-in physical backends that can be used with NewBackend.

type AdvertiseDetect Uses

type AdvertiseDetect interface {
    // DetectHostAddr is used to detect the host address
    DetectHostAddr() (string, error)
}

AdvertiseDetect is an optional interface that an HABackend can implement. If they do, an advertise address can be automatically detected.

type Backend Uses

type Backend interface {
    // Put is used to insert or update an entry
    Put(entry *Entry) error

    // Get is used to fetch an entry
    Get(key string) (*Entry, error)

    // Delete is used to permanently delete an entry
    Delete(key string) error

    // List is used ot list all the keys under a given
    // prefix, up to the next prefix.
    List(prefix string) ([]string, error)
}

Backend is the interface required for a physical backend. A physical backend is used to durably store data outside of Vault. As such, it is completely untrusted, and is only accessed via a security barrier. The backends must represent keys in a hierarchical manner. All methods are expected to be thread safe.

func NewBackend Uses

func NewBackend(t string, conf map[string]string) (Backend, error)

NewBackend returns a new backend with the given type and configuration. The backend is looked up in the BuiltinBackends variable.

type Cache Uses

type Cache struct {
    // contains filtered or unexported fields
}

Cache is used to wrap an underlying physical backend and provide an LRU cache layer on top. Most of the reads done by Vault are for policy objects so there is a large read reduction by using a simple write-through cache.

func NewCache Uses

func NewCache(b Backend, size int) *Cache

NewCache returns a physical cache of the given size. If no size is provided, the default size is used.

func (*Cache) Delete Uses

func (c *Cache) Delete(key string) error

func (*Cache) Get Uses

func (c *Cache) Get(key string) (*Entry, error)

func (*Cache) List Uses

func (c *Cache) List(prefix string) ([]string, error)

func (*Cache) Purge Uses

func (c *Cache) Purge()

Purge is used to clear the cache

func (*Cache) Put Uses

func (c *Cache) Put(entry *Entry) error

type ConsulBackend Uses

type ConsulBackend struct {
    // contains filtered or unexported fields
}

ConsulBackend is a physical backend that stores data at specific prefix within Consul. It is used for most production situations as it allows Vault to run on multiple machines in a highly-available manner.

func (*ConsulBackend) Delete Uses

func (c *ConsulBackend) Delete(key string) error

Delete is used to permanently delete an entry

func (*ConsulBackend) DetectHostAddr Uses

func (c *ConsulBackend) DetectHostAddr() (string, error)

DetectHostAddr is used to detect the host address by asking the Consul agent

func (*ConsulBackend) Get Uses

func (c *ConsulBackend) Get(key string) (*Entry, error)

Get is used to fetch an entry

func (*ConsulBackend) List Uses

func (c *ConsulBackend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix, up to the next prefix.

func (*ConsulBackend) LockWith Uses

func (c *ConsulBackend) LockWith(key, value string) (Lock, error)

Lock is used for mutual exclusion based on the given key.

func (*ConsulBackend) Put Uses

func (c *ConsulBackend) Put(entry *Entry) error

Put is used to insert or update an entry

type ConsulLock Uses

type ConsulLock struct {
    // contains filtered or unexported fields
}

ConsulLock is used to provide the Lock interface backed by Consul

func (*ConsulLock) Lock Uses

func (c *ConsulLock) Lock(stopCh <-chan struct{}) (<-chan struct{}, error)

func (*ConsulLock) Unlock Uses

func (c *ConsulLock) Unlock() error

func (*ConsulLock) Value Uses

func (c *ConsulLock) Value() (bool, string, error)

type Entry Uses

type Entry struct {
    Key   string
    Value []byte
}

Entry is used to represent data stored by the physical backend

type EtcdBackend Uses

type EtcdBackend struct {
    // contains filtered or unexported fields
}

EtcdBackend is a physical backend that stores data at specific prefix within Etcd. It is used for most production situations as it allows Vault to run on multiple machines in a highly-available manner.

func (*EtcdBackend) Delete Uses

func (c *EtcdBackend) Delete(key string) error

Delete is used to permanently delete an entry.

func (*EtcdBackend) Get Uses

func (c *EtcdBackend) Get(key string) (*Entry, error)

Get is used to fetch an entry.

func (*EtcdBackend) List Uses

func (c *EtcdBackend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix, up to the next prefix.

func (*EtcdBackend) LockWith Uses

func (c *EtcdBackend) LockWith(key, value string) (Lock, error)

Lock is used for mutual exclusion based on the given key.

func (*EtcdBackend) Put Uses

func (c *EtcdBackend) Put(entry *Entry) error

Put is used to insert or update an entry.

type EtcdLock Uses

type EtcdLock struct {
    // contains filtered or unexported fields
}

EtcdLock emplements a lock using and etcd backend.

func (*EtcdLock) Lock Uses

func (c *EtcdLock) Lock(stopCh <-chan struct{}) (doneCh <-chan struct{}, retErr error)

Lock attempts to aquire the lock by waiting for a new semaphore key in etcd to become the first in the queue and will block until it is successful or it recieves a signal on the provided channel. The returned channel will be closed when the lock is lost, either by an explicit call to Unlock or by the associated semaphore key in etcd otherwise being deleted or expiring.

If the lock is currently held by this instance of EtcdLock, Lock will return an EtcdLockHeldError error.

func (*EtcdLock) Unlock Uses

func (c *EtcdLock) Unlock() error

Unlock releases the lock by deleting the associated semaphore key in etcd.

If the lock is not currently held by this instance of EtcdLock, Unlock will return an EtcdLockNotHeldError error.

func (*EtcdLock) Value Uses

func (c *EtcdLock) Value() (bool, string, error)

Value checks whether or not the lock is held by any instance of EtcdLock, including this one, and returns the current value.

type Factory Uses

type Factory func(map[string]string) (Backend, error)

Factory is the factory function to create a physical backend.

type FileBackend Uses

type FileBackend struct {
    Path string
    // contains filtered or unexported fields
}

FileBackend is a physical backend that stores data on disk at a given file path. It can be used for durable single server situations, or to develop locally where durability is not critical.

WARNING: the file backend implementation is currently extremely unsafe and non-performant. It is meant mostly for local testing and development. It can be improved in the future.

func (*FileBackend) Delete Uses

func (b *FileBackend) Delete(k string) error

func (*FileBackend) Get Uses

func (b *FileBackend) Get(k string) (*Entry, error)

func (*FileBackend) List Uses

func (b *FileBackend) List(prefix string) ([]string, error)

func (*FileBackend) Put Uses

func (b *FileBackend) Put(entry *Entry) error

type HABackend Uses

type HABackend interface {
    // LockWith is used for mutual exclusion based on the given key.
    LockWith(key, value string) (Lock, error)
}

HABackend is an extentions to the standard physical backend to support high-availability. Vault only expects to use mutual exclusion to allow multiple instances to act as a hot standby for a leader that services all requests.

type InmemBackend Uses

type InmemBackend struct {
    // contains filtered or unexported fields
}

InmemBackend is an in-memory only physical backend. It is useful for testing and development situations where the data is not expected to be durable.

func NewInmem Uses

func NewInmem() *InmemBackend

NewInmem constructs a new in-memory backend

func (*InmemBackend) Delete Uses

func (i *InmemBackend) Delete(key string) error

Delete is used to permanently delete an entry

func (*InmemBackend) Get Uses

func (i *InmemBackend) Get(key string) (*Entry, error)

Get is used to fetch an entry

func (*InmemBackend) List Uses

func (i *InmemBackend) List(prefix string) ([]string, error)

List is used ot list all the keys under a given prefix, up to the next prefix.

func (*InmemBackend) Put Uses

func (i *InmemBackend) Put(entry *Entry) error

Put is used to insert or update an entry

type InmemHABackend Uses

type InmemHABackend struct {
    InmemBackend
    // contains filtered or unexported fields
}

func NewInmemHA Uses

func NewInmemHA() *InmemHABackend

NewInmemHA constructs a new in-memory HA backend. This is only for testing.

func (*InmemHABackend) LockMapSize Uses

func (i *InmemHABackend) LockMapSize() int

LockMapSize is used in some tests to determine whether this backend has ever been used for HA purposes rather than simply for storage

func (*InmemHABackend) LockWith Uses

func (i *InmemHABackend) LockWith(key, value string) (Lock, error)

LockWith is used for mutual exclusion based on the given key.

type InmemLock Uses

type InmemLock struct {
    // contains filtered or unexported fields
}

InmemLock is an in-memory Lock implementation for the HABackend

func (*InmemLock) Lock Uses

func (i *InmemLock) Lock(stopCh <-chan struct{}) (<-chan struct{}, error)

func (*InmemLock) Unlock Uses

func (i *InmemLock) Unlock() error

func (*InmemLock) Value Uses

func (i *InmemLock) Value() (bool, string, error)

type Lock Uses

type Lock interface {
    // Lock is used to acquire the given lock
    // The stopCh is optional and if closed should interrupt the lock
    // acquisition attempt. The return struct should be closed when
    // leadership is lost.
    Lock(stopCh <-chan struct{}) (<-chan struct{}, error)

    // Unlock is used to release the lock
    Unlock() error

    // Returns the value of the lock and if it is held
    Value() (bool, string, error)
}

type MySQLBackend Uses

type MySQLBackend struct {
    // contains filtered or unexported fields
}

MySQLBackend is a physical backend that stores data within MySQL database.

func (*MySQLBackend) Delete Uses

func (m *MySQLBackend) Delete(key string) error

Delete is used to permanently delete an entry

func (*MySQLBackend) Get Uses

func (m *MySQLBackend) Get(key string) (*Entry, error)

Get is used to fetch and entry.

func (*MySQLBackend) List Uses

func (m *MySQLBackend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix, up to the next prefix.

func (*MySQLBackend) Put Uses

func (m *MySQLBackend) Put(entry *Entry) error

Put is used to insert or update an entry.

type PermitPool Uses

type PermitPool struct {
    // contains filtered or unexported fields
}

PermitPool is a wrapper around a semaphore library to keep things agnostic

func NewPermitPool Uses

func NewPermitPool(permits int) *PermitPool

NewPermitPool returns a new permit pool with the provided number of permits

func (*PermitPool) Acquire Uses

func (c *PermitPool) Acquire()

Acquire returns when a permit has been acquired

func (*PermitPool) Release Uses

func (c *PermitPool) Release()

Release returns a permit to the pool

type S3Backend Uses

type S3Backend struct {
    // contains filtered or unexported fields
}

S3Backend is a physical backend that stores data within an S3 bucket.

func (*S3Backend) Delete Uses

func (s *S3Backend) Delete(key string) error

Delete is used to permanently delete an entry

func (*S3Backend) Get Uses

func (s *S3Backend) Get(key string) (*Entry, error)

Get is used to fetch an entry

func (*S3Backend) List Uses

func (s *S3Backend) List(prefix string) ([]string, error)

List is used to list all the keys under a given prefix, up to the next prefix.

func (*S3Backend) Put Uses

func (s *S3Backend) Put(entry *Entry) error

Put is used to insert or update an entry

type ZookeeperBackend Uses

type ZookeeperBackend struct {
    // contains filtered or unexported fields
}

ZookeeperBackend is a physical backend that stores data at specific prefix within Zookeeper. It is used in production situations as it allows Vault to run on multiple machines in a highly-available manner.

func (*ZookeeperBackend) Delete Uses

func (c *ZookeeperBackend) Delete(key string) error

Delete is used to permanently delete an entry

func (*ZookeeperBackend) Get Uses

func (c *ZookeeperBackend) Get(key string) (*Entry, error)

Get is used to fetch an entry

func (*ZookeeperBackend) List Uses

func (c *ZookeeperBackend) List(prefix string) ([]string, error)

List is used ot list all the keys under a given prefix, up to the next prefix.

func (*ZookeeperBackend) LockWith Uses

func (c *ZookeeperBackend) LockWith(key, value string) (Lock, error)

LockWith is used for mutual exclusion based on the given key.

func (*ZookeeperBackend) Put Uses

func (c *ZookeeperBackend) Put(entry *Entry) error

Put is used to insert or update an entry

type ZookeeperHALock Uses

type ZookeeperHALock struct {
    // contains filtered or unexported fields
}

ZookeeperHALock is a Zookeeper Lock implementation for the HABackend

func (*ZookeeperHALock) Lock Uses

func (i *ZookeeperHALock) Lock(stopCh <-chan struct{}) (<-chan struct{}, error)

func (*ZookeeperHALock) Unlock Uses

func (i *ZookeeperHALock) Unlock() error

func (*ZookeeperHALock) Value Uses

func (i *ZookeeperHALock) Value() (bool, string, error)

Package physical imports 36 packages (graph). Updated 2016-12-23. Refresh now. Tools for package owners. This is a quick bug-fix fork (has fewer than three commits, and only during the week it was created).