data

package
v0.0.0-...-abf550e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 2, 2020 License: MPL-2.0 Imports: 37 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CmdNone int = iota // if command == 0 the command has a problem or programming error
	CmdSet
	CmdDelete
	CmdJoin
	CmdLeave
)

Commands:

Variables

View Source 
var (
	ErrMalformed      = errors.New("malformed")                 // returned if share is invalid
	ErrBadCombination = errors.New("bad combination of shares") // returned when shares cannot decrypt the master key
	ErrNotFound       = errors.New("not found")                 // returned when key/metadata is not found
	ErrAlreadySealed  = errors.New("already sealed")            // returned when database still not open
)

Shares / key errors

View Source 
var (
	ErrNotLeader                 = errors.New("not leader") // returned when server is not leader and asked to apply information
	ErrCouldNotJoin              = errors.New("could not join the cluster")
	ErrNotLeaderInCluster        = errors.New("no leader in cluster")
	ErrSealed                    = errors.New("cluster is sealed")
	ErrInvalidReplicationCommand = errors.New("invalid replication command")
	ErrTimeout                   = errors.New("timeout")
)

RAFT errors

View Source 
var (
	ErrPasswordDoesNotMeetRequirements = errors.New("Password does not meet strategy password requirements")
	ErrPasswordIsManagedByThirdParty   = errors.New("Password is managed by third party")
)

user / validation errors

Functions

This section is empty.

Types

type Data 

type Data struct {
	Masterkey []byte // DB: key to open the database

	RaftID string // RAFT: server id that will be used to identify the server in the cluster

	sync.RWMutex // mutex for maps / tree

	cluster.UnimplementedClusterServer // required for implement the GRPC interface
	// contains filtered or unexported fields
}

Data holds the database and its operations

func New 

func New(dbPath string, metrics *metrics.Metrics, sharesMin, sharesTotal int, logger *logging.Logging, apiAddr, raftID, raftDir, raftBind, raftCertPath, raftKeyPath, raftCAPath string, raftTimeout int64, raftPeers []string, raftBootstrap bool) *Data

New returns a Data object with the default configuration

func (*Data) AddShare 

func (d *Data) AddShare(share string) error

AddShare adds a share to the array of shares, returns error if verification fails

func (*Data) Apply 

func (d *Data) Apply(l *raft.Log) interface{}

Apply the log received from peers

func (*Data) Bootstrap 

func (d *Data) Bootstrap(username, name, desc, passwd, certDN string) (err error)

Bootstrap creates default api bucket, first user and super admin policy

func (*Data) BuildBootstrap 

func (d *Data) BuildBootstrap() (masterKey []byte, sharedKeys []string, err error)

BuildBootstrap creates a masterkey and its parts, it returns the parts and/or the error if arised

func (*Data) Can 

func (d *Data) Can(session structs.Session, path, permission string) bool

Can returns the ability to execute an action for the current user

func (*Data) Close 

func (d *Data) Close() (err error)

Close the database connection safely

func (*Data) Delete 

func (d *Data) Delete(k []byte) error

Delete deletes a key and its data

func (*Data) DeleteTemporalConfiguration 

func (d *Data) DeleteTemporalConfiguration(bucket string) (err error)

DeleteTemporalConfiguration deletes configuration and key

func (*Data) DeleteVersion 

func (d *Data) DeleteVersion(bucket, key string, version uint16) (err error)

DeleteVersion deletes a desired version of the key

func (*Data) DeleteVersionFullKey 

func (d *Data) DeleteVersionFullKey(bucket, key string) (err error)

DeleteVersionFullKey deletes all remaining versions and the metadata key

func (*Data) ForEach 

func (d *Data) ForEach(fn func(k, v []byte) error) error

ForEach get all key and value

func (*Data) ForEachPrefix 

func (d *Data) ForEachPrefix(prefix []byte, fn func(k, v []byte) error) error

ForEachPrefix get all key and value

func (*Data) Get 

func (d *Data) Get(k []byte) (v []byte, err error)

Get looks for key and returns a value. If key is not found, value is nil.

func (*Data) GetCiphered 

func (d *Data) GetCiphered(k, c []byte) (v []byte, err error)

GetCiphered returns an ciphered value

func (*Data) GetDataVersion 

func (d *Data) GetDataVersion(bucket, key string, version uint16) (data []byte, err error)

GetDataVersion retrieves the value from the database as []byte

func (*Data) GetInterface 

func (d *Data) GetInterface(k []byte, i interface{}) error

GetInterface retrieves the requested key and stores the result on the interface passed

func (*Data) GetMetadata 

func (d *Data) GetMetadata(bucket, key string) (meta veil.KVMetadata, err error)

GetMetadata retrieves the metadata for the required key

func (*Data) GetTemporal 

func (d *Data) GetTemporal(bucket, key string) (data []byte, err error)

GetTemporal get the temporal info on the /temporal/:bucket/:id

func (*Data) GetTemporalConfiguration 

func (d *Data) GetTemporalConfiguration(bucket string) (temporal veil.TemporalConfiguration, err error)

GetTemporalConfiguration returns the configuration for the temporal store on the bucket `bucket` It will create a new one with default values if not found

func (*Data) GetTransit 

func (d *Data) GetTransit(bucket string, source string) (data []byte, err error)

GetTransit returns the data decrypted from the encrypted one This endpoint expects the source string to have two parts 

<hmac>:<cyphered>

This ensure accuracy of data

func (*Data) GetVersionCiphered 

func (d *Data) GetVersionCiphered(bucket, key string, version uint16, c []byte) (data []byte, err error)

GetVersionCiphered retrieves the value from the database and its type to allow its treatment

func (*Data) GetVersioned 

func (d *Data) GetVersioned(bucket, key string, version uint16) (data []byte, v uint16, creationDate int64, err error)

GetVersioned returns raw output for the api

func (*Data) GetVersionedStruct 

func (d *Data) GetVersionedStruct(bucket, key string, version uint16) (entry veil.KVEntry, err error)

GetVersionedStruct returns a formatted output for the api

func (*Data) Has 

func (d *Data) Has(k []byte) (exists bool, err error)

Has returns true if the DB contains data in the given key.

func (*Data) IsLeader 

func (d *Data) IsLeader() bool

IsLeader returns true when the current server is the leader of the cluster

func (*Data) LeaderAddress 

func (d *Data) LeaderAddress(timeout time.Duration) (raft.ServerAddress, error)

LeaderAddress returns the current leader address

func (*Data) Len 

func (d *Data) Len() (int64, int64)

Len returns the size of lsm and value log files in bytes. It can be used to decide how often to call RunValueLogGC.

func (*Data) LoadPolicies 

func (d *Data) LoadPolicies() error

LoadPolicies loads/refresh the policies from the database this process blocks sessionmgr to ensure no other goroutine tries to read from the paths/permisions radix tree

func (*Data) LoginCertificateList 

func (d *Data) LoginCertificateList(session structs.Session) (certLogins map[string]veil.LoginCertificate, err error)

LoginCertificateList returns those certificates the user can read

func (*Data) LoginCertificateSet 

func (d *Data) LoginCertificateSet(key string, loginCertificate veil.LoginCertificate) error

LoginCertificateSet creates/updates a login certificate with its policies

func (*Data) LoginWithCertificate 

func (d *Data) LoginWithCertificate(conn *tls.ConnectionState) (session structs.Session, err error)

LoginWithCertificate returns a session struct if certificate has associated a policy (so can be used for login)

func (*Data) LoginWithPassword 

func (d *Data) LoginWithPassword(bucket, username, password string) (user structs.User, maxTTL int64, err error)

LoginWithPassword tries a login by using the strategy defined by the bucket metadata

func (*Data) LoginWithPasswordAPI 

func (d *Data) LoginWithPasswordAPI(bucket, username, password string) (user structs.User, err error)

LoginWithPasswordAPI retrieves from the database the user and try to log in the user X

func (*Data) Open 

func (d *Data) Open() (err error)

Open the database directory, it will try to create the directory if not exists

func (*Data) PoliciesAll 

func (d *Data) PoliciesAll() (policies map[string]veil.Policy, err error)

PoliciesAll retrieves all policies from the database

func (*Data) PoliciesAllByPath 

func (d *Data) PoliciesAllByPath() (policies map[string]map[string][]string, err error)

PoliciesAllByPath retrieves all policies from the database for radix tree

func (*Data) PolicyCreate 

func (d *Data) PolicyCreate(name string, policy veil.Policy) error

PolicyCreate creates the policy on the database

func (*Data) PolicyCreateDefault 

func (d *Data) PolicyCreateDefault() error

PolicyCreateDefault creates the default policies needed to bootstrap the service

func (*Data) PolicyCreateRaft 

func (d *Data) PolicyCreateRaft() error

PolicyCreateRaft creates the default policies needed to bootstrap the service

func (*Data) PolicyDelete 

func (d *Data) PolicyDelete(name string) (err error)

PolicyDelete ensures policy is not locked so can be deleted

func (*Data) PolicyList 

func (d *Data) PolicyList(session structs.Session) (policies map[string]veil.Policy, err error)

PolicyList returns those policies the user can read

func (*Data) RAFTPeers 

func (d *Data) RAFTPeers() (peers []veil.Peer)

RAFTPeers returns the peers as array, as expected by the API (don't want to send more information as ids)

func (*Data) RAFTStart 

func (d *Data) RAFTStart() error

RAFTStart starts the RAFT server and begin its duties

func (*Data) RAFTStop 

func (d *Data) RAFTStop() error

RAFTStop stops the RAFT server in an ordered way

func (*Data) RaftAnnounce 

func (d *Data) RaftAnnounce(ctx context.Context, req *cluster.Peer) (*cluster.GenericResponse, error)

RaftAnnounce is the command used to anounce the server into the cluster.

func (*Data) RaftJoin 

func (d *Data) RaftJoin(ctx context.Context, req *cluster.JoinRequest) (*cluster.Key, error)

RaftJoin ask for join the node on the cluster

func (*Data) RaftLeave 

func (d *Data) RaftLeave(ctx context.Context, req *cluster.LeaveRequest) (*cluster.GenericResponse, error)

RaftLeave leaves the cluster

func (*Data) RaftLocalJoin 

func (d *Data) RaftLocalJoin(ctx context.Context, req *cluster.Empty) (*cluster.GenericResponse, error)

RaftLocalJoin is the command received locally that tries to connect to the cluster

func (*Data) RaftSeal 

func (d *Data) RaftSeal(ctx context.Context, req *cluster.Empty) (*cluster.GenericResponse, error)

RaftSeal is the command used to seal the servers.

func (*Data) RaftTryJoinCluster 

func (d *Data) RaftTryJoinCluster(remotes []string) error

RaftTryJoinCluster tries join to the configured remotes, it could fail if remotes are sealed but it's expected

func (*Data) RaftUnseal 

func (d *Data) RaftUnseal(ctx context.Context, req *cluster.Key) (*cluster.GenericResponse, error)

RaftUnseal is the command used to receive the unseal key. Executed when leader gets the correctly the shared keys to unseal.

func (*Data) Resolve 

func (d *Data) Resolve(source interface{}) interface{}

Resolve iterates over the keys to find commands on values executing them

func (*Data) ResolveByte 

func (d *Data) ResolveByte(source []byte) (destination []byte, err error)

ResolveByte takes a []byte, unmarshals, resolves and return marshalled []byte

func (*Data) ResolveMap 

func (d *Data) ResolveMap(source map[string]interface{}) (destination map[string]interface{})

ResolveMap iterates over a map

func (*Data) Restore 

func (d *Data) Restore(rc io.ReadCloser) error

Restore ...

func (*Data) Seal 

func (d *Data) Seal() (err error)

Seal closes the storage encryption by removing the master key

func (*Data) Sealed 

func (d *Data) Sealed() bool

Sealed returns the seal status

func (*Data) SessionCreate 

func (d *Data) SessionCreate(bucket, username string, user structs.User, ttl, maxTTL int64) (session structs.Session, err error)

SessionCreate creates, saves and returns a session object

func (*Data) SessionDelete 

func (d *Data) SessionDelete(token string) error

SessionDelete removes a session from the database by Token

func (*Data) SessionGet 

func (d *Data) SessionGet(token string) (session structs.Session, err error)

SessionGet returns a session object

func (*Data) Set 

func (d *Data) Set(k, v []byte, ttl int64) error

Set send the set/update command to the raft cluster to apply the change on quorum k: key where store the data v: value to store ttl: time in seconds the key will expire

func (*Data) SetCiphered 

func (d *Data) SetCiphered(k, v, c []byte, ttl int64) error

SetCiphered sets and encrypts the data using the cypher key k: key where store the data v: value to store c: cypher key

func (*Data) SetInterface 

func (d *Data) SetInterface(k []byte, i interface{}, ttl int64) error

SetInterface creates or updates data: k: key where store the data i: interface

func (*Data) SetTemporal 

func (d *Data) SetTemporal(bucket, key string, data []byte) error

SetTemporal sets the temporal info on the /temporal/:bucket/:key key

func (*Data) SetTemporalConfiguration 

func (d *Data) SetTemporalConfiguration(bucket string, temporal veil.TemporalConfiguration) error

SetTemporalConfiguration save the configuration information and creates if not exists a new key for the bucket

func (*Data) SetTransit 

func (d *Data) SetTransit(bucket string, source []byte) (response string, err error)

SetTransit returns the data source encrypted and signed

func (*Data) SetVersion 

func (d *Data) SetVersion(bucket, key string, value []byte) error

SetVersion writes a new version of the data on the desired bucket and key

func (*Data) SetVersionChipered 

func (d *Data) SetVersionChipered(bucket, key string, value []byte, c []byte) error

SetVersionChipered writes a new version of the data on the desired bucket and key

func (*Data) Snapshot 

func (d *Data) Snapshot() (raft.FSMSnapshot, error)

Snapshot ...

func (*Data) StrategyCreateDefault 

func (d *Data) StrategyCreateDefault() (err error)

StrategyCreateDefault creates the default API strategy, used on the PostBootstrap

func (*Data) StrategyGet 

func (d *Data) StrategyGet(bucket string) (strategy veil.LoginStrategy, err error)

StrategyGet retrieves the information about a strategy on the database

func (*Data) StrategyList 

func (d *Data) StrategyList(session structs.Session) (strategies map[string]veil.LoginStrategy, err error)

StrategyList returns those strategies the user can read

func (*Data) StrategySet 

func (d *Data) StrategySet(bucket string, strategy veil.LoginStrategy) (err error)

StrategySet saves the information about a strategy on the database

func (*Data) Unseal 

func (d *Data) Unseal() (err error)

Unseal tries to start the Data service by unsealing the database by using the master key

func (*Data) UserGet 

func (d *Data) UserGet(bucket, username string) (user structs.User, err error)

UserGet returns the information about a user

func (*Data) UserList 

func (d *Data) UserList(session structs.Session, strategy string) (users map[string]veil.User, err error)

UserList returns those users the user can read

func (*Data) UserSet 

func (d *Data) UserSet(bucket, username string, usersimple *veil.User) (err error)

UserSet saves the information of a user on the database

func (*Data) WaitForDetectLeader 

func (d *Data) WaitForDetectLeader(timeout time.Duration) error

WaitForDetectLeader is used to search for the leader, returns error on timeout

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.