config

package

v0.0.0-...-982e07a Latest Latest Go to latest Published: Dec 19, 2023 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cossacklabs/acra

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func HasTypeAwareSupport(setting ColumnEncryptionSetting) bool
func IsBinaryDataOperation(setting ColumnEncryptionSetting) bool
func ValidateCryptoEnvelopeType(value CryptoEnvelopeType) error
type BasicColumnEncryptionSetting
type ColumnEncryptionSetting
type CryptoEnvelopeType
type DatabaseSettings
type Defaults
type MapTableSchemaStore
- func MapTableSchemaStoreFromConfig(config []byte, useMySQL bool) (*MapTableSchemaStore, error)
- func NewMapTableSchemaStore() (*MapTableSchemaStore, error)
type MySQLDatabaseSettings
type PostgreSQLDatabaseSettings
type SettingMask
type TableSchema
type TableSchemaStore

Constants ¶

View Source

const (
	UseMySQL      = true
	UsePostgreSQL = false
)

UseMySQL represent constant for switching mode of encryptor config

Variables ¶

View Source

var ErrInvalidCryptoEnvelopeType = errors.New("invalid CryptoEnvelopeType")

ErrInvalidCryptoEnvelopeType used for invalid values of CryptoEnvelopeType

View Source

var ErrInvalidEncryptorConfig = errors.New("invalid encryptor config")

ErrInvalidEncryptorConfig has invalid configuration

Functions ¶

func HasTypeAwareSupport ¶

func HasTypeAwareSupport(setting ColumnEncryptionSetting) bool

HasTypeAwareSupport return true if setting configured for decryption with type awareness

func IsBinaryDataOperation ¶

func IsBinaryDataOperation(setting ColumnEncryptionSetting) bool

IsBinaryDataOperation return true if setting related to operation over binary data

func ValidateCryptoEnvelopeType ¶

func ValidateCryptoEnvelopeType(value CryptoEnvelopeType) error

ValidateCryptoEnvelopeType return error if value is unsupported CryptoEnvelopeType

Types ¶

type BasicColumnEncryptionSetting ¶

type BasicColumnEncryptionSetting struct {
	Name         string `yaml:"column"`
	UsedClientID string `yaml:"client_id"`

	// same as TokenType but related for encryption operations
	DataType string `yaml:"data_type"`
	// same as DataType but expect exact ID type
	DataTypeID uint32 `yaml:"data_type_db_identifier"`
	// string for str/email/int32/int64 ans base64 string for binary data
	DefaultDataValue *string `yaml:"default_data_value"`
	// an action that should be performed on failure
	// possible actions are "ciphertext", "error" or "default"
	ResponseOnFail common.ResponseOnFail `yaml:"response_on_fail"`

	// Tokenized is DEPRECATED, but left to provide backwards compatibility.
	// Was used to enable tokenization. Right now the `TokenType` serves that
	// purpose: if it's not empty, tokenization is enabled.
	Tokenized              *bool  `yaml:"tokenized"`
	ConsistentTokenization *bool  `yaml:"consistent_tokenization"`
	TokenType              string `yaml:"token_type"`

	// Searchable encryption
	Searchable bool `yaml:"searchable"`
	// Data masking
	MaskingPattern           string                      `yaml:"masking"`
	PartialPlaintextLenBytes int                         `yaml:"plaintext_length"`
	PlaintextSide            maskingCommon.PlainTextSide `yaml:"plaintext_side"`
	CryptoEnvelope           *CryptoEnvelopeType         `yaml:"crypto_envelope"`
	ReEncryptToAcraBlock     *bool                       `yaml:"reencrypting_to_acrablocks"`
	// contains filtered or unexported fields
}

BasicColumnEncryptionSetting is a basic set of column encryption settings.

func (*BasicColumnEncryptionSetting) ClientID ¶

func (s *BasicColumnEncryptionSetting) ClientID() []byte

ClientID returns client ID to use when encrypting this column.

func (*BasicColumnEncryptionSetting) ColumnName ¶

func (s *BasicColumnEncryptionSetting) ColumnName() string

ColumnName returns name of the column for which these settings are for.

func (*BasicColumnEncryptionSetting) GetConsistentTokenization ¶

func (s *BasicColumnEncryptionSetting) GetConsistentTokenization() bool

GetConsistentTokenization return ConsistentTokenization bool option

func (*BasicColumnEncryptionSetting) GetCryptoEnvelope ¶

func (s *BasicColumnEncryptionSetting) GetCryptoEnvelope() CryptoEnvelopeType

GetCryptoEnvelope returns type of crypto envelope

func (*BasicColumnEncryptionSetting) GetDBDataTypeID ¶

func (s *BasicColumnEncryptionSetting) GetDBDataTypeID() uint32

GetDBDataTypeID returns the DataTypeID of corresponded DB got from `data_type_db_identifier` encryptor config option

func (*BasicColumnEncryptionSetting) GetDefaultDataValue ¶

func (s *BasicColumnEncryptionSetting) GetDefaultDataValue() *string

GetDefaultDataValue returns default data value for encrypted data

func (*BasicColumnEncryptionSetting) GetEncryptedDataType ¶

func (s *BasicColumnEncryptionSetting) GetEncryptedDataType() common.EncryptedType

GetEncryptedDataType returns data type for encrypted data

func (*BasicColumnEncryptionSetting) GetMaskingPattern ¶

func (s *BasicColumnEncryptionSetting) GetMaskingPattern() string

GetMaskingPattern returns string which should be used to mask AcraStruct data.

func (*BasicColumnEncryptionSetting) GetPartialPlaintextLen ¶

func (s *BasicColumnEncryptionSetting) GetPartialPlaintextLen() int

GetPartialPlaintextLen returns number of bytes to be left untouched in masked value.

func (*BasicColumnEncryptionSetting) GetResponseOnFail ¶

func (s *BasicColumnEncryptionSetting) GetResponseOnFail() common.ResponseOnFail

GetResponseOnFail returns the action that should be performed on failure Valid values are "", "ciphertext", "error" and "default"

func (*BasicColumnEncryptionSetting) GetSettingMask ¶

func (s *BasicColumnEncryptionSetting) GetSettingMask() SettingMask

GetSettingMask return SettingMask

func (*BasicColumnEncryptionSetting) GetTokenType ¶

func (s *BasicColumnEncryptionSetting) GetTokenType() tokenizationCommon.TokenType

GetTokenType return the type of tokenization to apply to the column.

func (*BasicColumnEncryptionSetting) Init ¶

func (s *BasicColumnEncryptionSetting) Init(useMySQL bool) (err error)

Init validate and initialize SettingMask

func (*BasicColumnEncryptionSetting) IsConsistentTokenization ¶

func (s *BasicColumnEncryptionSetting) IsConsistentTokenization() bool

IsConsistentTokenization returns true if column tokens should be consistent.

func (*BasicColumnEncryptionSetting) IsEndMasking ¶

func (s *BasicColumnEncryptionSetting) IsEndMasking() bool

IsEndMasking returns true if the right part of the value should be masked.

func (*BasicColumnEncryptionSetting) IsSearchable ¶

func (s *BasicColumnEncryptionSetting) IsSearchable() bool

IsSearchable returns true if column should be searchable.

func (*BasicColumnEncryptionSetting) IsTokenized ¶

func (s *BasicColumnEncryptionSetting) IsTokenized() bool

IsTokenized returns true if the column should be tokenized.

func (*BasicColumnEncryptionSetting) OnlyEncryption ¶

func (s *BasicColumnEncryptionSetting) OnlyEncryption() bool

OnlyEncryption return true if should be applied only AcraStruct/AcraBlock encryption without tokenization/masking/etc

func (*BasicColumnEncryptionSetting) ShouldReEncryptAcraStructToAcraBlock ¶

func (s *BasicColumnEncryptionSetting) ShouldReEncryptAcraStructToAcraBlock() bool

ShouldReEncryptAcraStructToAcraBlock return true if should re-encrypt data with AcraBlock

type ColumnEncryptionSetting ¶

type ColumnEncryptionSetting interface {
	common.TokenSetting

	ColumnName() string
	ClientID() []byte

	GetDBDataTypeID() uint32
	GetEncryptedDataType() common2.EncryptedType
	GetDefaultDataValue() *string
	GetResponseOnFail() common2.ResponseOnFail

	// Searchable encryption
	IsSearchable() bool
	// Data masking
	GetMaskingPattern() string
	GetPartialPlaintextLen() int
	IsEndMasking() bool
	OnlyEncryption() bool

	Defaults
}

ColumnEncryptionSetting describes how to encrypt a table column.

type CryptoEnvelopeType ¶

type CryptoEnvelopeType string

CryptoEnvelopeType type of crypto envelope for encryptors

const (
	CryptoEnvelopeTypeAcraStruct CryptoEnvelopeType = "acrastruct"
	CryptoEnvelopeTypeAcraBlock  CryptoEnvelopeType = "acrablock"
)

Supported CryptoEnvelopeTypes

type DatabaseSettings ¶

type DatabaseSettings interface {
	GetMySQLDatabaseSettings() MySQLDatabaseSettings
	GetPostgreSQLDatabaseSettings() PostgreSQLDatabaseSettings
}

DatabaseSettings stores different database-specific configuration options

type Defaults ¶

type Defaults interface {
	GetCryptoEnvelope() CryptoEnvelopeType
	ShouldReEncryptAcraStructToAcraBlock() bool
	GetConsistentTokenization() bool
}

Defaults default parameters that may be configured for whole config to allow omit them for specific columns

type MapTableSchemaStore ¶

type MapTableSchemaStore struct {
	// contains filtered or unexported fields
}

MapTableSchemaStore store schemas per table name

func MapTableSchemaStoreFromConfig ¶

func MapTableSchemaStoreFromConfig(config []byte, useMySQL bool) (*MapTableSchemaStore, error)

MapTableSchemaStoreFromConfig parse config and return MapTableSchemaStore with data from config

func NewMapTableSchemaStore ¶

func NewMapTableSchemaStore() (*MapTableSchemaStore, error)

NewMapTableSchemaStore return new MapTableSchemaStore

func (*MapTableSchemaStore) GetDatabaseSettings ¶

func (store *MapTableSchemaStore) GetDatabaseSettings() DatabaseSettings

GetDatabaseSettings return struct with database-specific configuration

func (*MapTableSchemaStore) GetGlobalSettingsMask ¶

func (store *MapTableSchemaStore) GetGlobalSettingsMask() SettingMask

GetGlobalSettingsMask return OR of all masks of column settings

func (*MapTableSchemaStore) GetTableSchema ¶

func (store *MapTableSchemaStore) GetTableSchema(tableName string) TableSchema

GetTableSchema return table schema if exists otherwise nil

type MySQLDatabaseSettings ¶

type MySQLDatabaseSettings interface {
	GetCaseSensitiveTableIdentifiers() bool
	GetPreparedStatementsSetArgDelimiter() string
}

MySQLDatabaseSettings stores MySQL-specific configuration

type PostgreSQLDatabaseSettings ¶

type PostgreSQLDatabaseSettings interface{}

PostgreSQLDatabaseSettings stores PostgreSQL-specific configuration

type SettingMask ¶

type SettingMask int32

SettingMask bitmask used to store info about encryptor configuration

const (
	SettingReEncryptionFlag SettingMask = 1 << iota
	SettingMaskingFlag
	SettingMaskingPlaintextLengthFlag
	SettingMaskingPlaintextSideFlag
	SettingTokenizationFlag
	SettingConsistentTokenizationFlag
	SettingTokenTypeFlag
	SettingSearchFlag
	SettingClientIDFlag
	SettingAcraBlockEncryptionFlag
	SettingAcraStructEncryptionFlag
	SettingDataTypeFlag
	SettingDefaultDataValueFlag
	SettingOnFailFlag
	SettingDataTypeIDFlag
)

set of flags according to BasicColumnEncryptionSetting public fields except Name which is required

type TableSchema ¶

type TableSchema interface {
	Name() string
	Columns() []string
	NeedToEncrypt(columnName string) bool
	// GetColumnEncryptionSettings fetches encryption settings for given column,
	// or returns nil if the column should not be encrypted.
	GetColumnEncryptionSettings(columnName string) ColumnEncryptionSetting
}

TableSchema describes a table and its encryption settings per column.

type TableSchemaStore ¶

type TableSchemaStore interface {
	GetDatabaseSettings() DatabaseSettings
	// GetTableSchema returns schema for given table if configured, or nil otherwise.
	GetTableSchema(tableName string) TableSchema
	GetGlobalSettingsMask() SettingMask
}

TableSchemaStore fetches schema for encryptable tables in the database.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
common

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL