vault: github.com/hashicorp/vault/sdk/physical Index | Files | Directories

package physical

import "github.com/hashicorp/vault/sdk/physical"

Index

Package Files

cache.go encoding.go entry.go error.go latency.go physical.go physical_access.go physical_view.go testing.go transactions.go types.pb.go

Constants

const (
    DeleteOperation Operation = "delete"
    GetOperation              = "get"
    ListOperation             = "list"
    PutOperation              = "put"
)
const (
    // DefaultCacheSize is used if no cache size is specified for NewCache
    DefaultCacheSize = 128 * 1024
)
const (
    // DefaultErrorPercent is used to determin how often we error
    DefaultErrorPercent = 20
)
const (
    // DefaultJitterPercent is used if no cache size is specified for NewCache
    DefaultJitterPercent = 20
)
const DefaultParallelOperations = 128
const (
    ErrValueTooLarge = "put failed due to value being too large"
)

Variables

var ErrNonPrintable = errors.New("key contains non-printable characters")
var ErrNonUTF8 = errors.New("key contains invalid UTF-8 characters")
var (
    ErrRelativePath = errors.New("relative paths not supported")
)

func CacheRefreshContext Uses

func CacheRefreshContext(ctx context.Context, r bool) context.Context

CacheRefreshContext returns a context with an added value denoting if the cache should attempt a refresh.

func ExerciseBackend Uses

func ExerciseBackend(t testing.TB, b Backend)

func ExerciseBackend_ListPrefix Uses

func ExerciseBackend_ListPrefix(t testing.TB, b Backend)

func ExerciseHABackend Uses

func ExerciseHABackend(t testing.TB, b HABackend, b2 HABackend)

func ExerciseTransactionalBackend Uses

func ExerciseTransactionalBackend(t testing.TB, b Backend)

func GenericTransactionHandler Uses

func GenericTransactionHandler(ctx context.Context, t PseudoTransactional, txns []*TxnEntry) (retErr error)

Implements the transaction interface

func Prefixes Uses

func Prefixes(s string) []string

Prefixes is a shared helper function returns all parent 'folders' for a given vault key. e.g. for 'foo/bar/baz', it returns ['foo', 'foo/bar']

type ActiveFunction Uses

type ActiveFunction func() bool

Callback signatures for RunServiceDiscovery

type Backend Uses

type Backend interface {
    // Put is used to insert or update an entry
    Put(ctx context.Context, entry *Entry) error

    // Get is used to fetch an entry
    Get(ctx context.Context, key string) (*Entry, error)

    // Delete is used to permanently delete an entry
    Delete(ctx context.Context, key string) error

    // List is used to list all the keys under a given
    // prefix, up to the next prefix.
    List(ctx context.Context, prefix string) ([]string, error)
}

Backend is the interface required for a physical backend. A physical backend is used to durably store data outside of Vault. As such, it is completely untrusted, and is only accessed via a security barrier. The backends must represent keys in a hierarchical manner. All methods are expected to be thread safe.

func NewStorageEncoding Uses

func NewStorageEncoding(b Backend) Backend

NewStorageEncoding returns a wrapped physical backend and verifies the key encoding

type Cache Uses

type Cache struct {
    // contains filtered or unexported fields
}

Cache is used to wrap an underlying physical backend and provide an LRU cache layer on top. Most of the reads done by Vault are for policy objects so there is a large read reduction by using a simple write-through cache.

func NewCache Uses

func NewCache(b Backend, size int, logger log.Logger) *Cache

NewCache returns a physical cache of the given size. If no size is provided, the default size is used.

func (*Cache) Delete Uses

func (c *Cache) Delete(ctx context.Context, key string) error

func (*Cache) Get Uses

func (c *Cache) Get(ctx context.Context, key string) (*Entry, error)

func (*Cache) List Uses

func (c *Cache) List(ctx context.Context, prefix string) ([]string, error)

func (*Cache) Purge Uses

func (c *Cache) Purge(ctx context.Context)

Purge is used to clear the cache

func (*Cache) Put Uses

func (c *Cache) Put(ctx context.Context, entry *Entry) error

func (*Cache) SetEnabled Uses

func (c *Cache) SetEnabled(enabled bool)

SetEnabled is used to toggle whether the cache is on or off. It must be called with true to actually activate the cache after creation.

func (*Cache) ShouldCache Uses

func (c *Cache) ShouldCache(key string) bool

type EncryptedBlobInfo Uses

type EncryptedBlobInfo struct {
    Ciphertext []byte       `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
    IV         []byte       `protobuf:"bytes,2,opt,name=iv,proto3" json:"iv,omitempty"`
    HMAC       []byte       `protobuf:"bytes,3,opt,name=hmac,proto3" json:"hmac,omitempty"`
    Wrapped    bool         `protobuf:"varint,4,opt,name=wrapped,proto3" json:"wrapped,omitempty"`
    KeyInfo    *SealKeyInfo `protobuf:"bytes,5,opt,name=key_info,json=keyInfo,proto3" json:"key_info,omitempty"`
    // Key is the Key value for the entry that corresponds to
    // physical.Entry.Key's value
    Key                  string   `protobuf:"bytes,6,opt,name=key,proto3" json:"key,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

func (*EncryptedBlobInfo) Descriptor Uses

func (*EncryptedBlobInfo) Descriptor() ([]byte, []int)

func (*EncryptedBlobInfo) GetCiphertext Uses

func (m *EncryptedBlobInfo) GetCiphertext() []byte

func (*EncryptedBlobInfo) GetHMAC Uses

func (m *EncryptedBlobInfo) GetHMAC() []byte

func (*EncryptedBlobInfo) GetIV Uses

func (m *EncryptedBlobInfo) GetIV() []byte

func (*EncryptedBlobInfo) GetKey Uses

func (m *EncryptedBlobInfo) GetKey() string

func (*EncryptedBlobInfo) GetKeyInfo Uses

func (m *EncryptedBlobInfo) GetKeyInfo() *SealKeyInfo

func (*EncryptedBlobInfo) GetWrapped Uses

func (m *EncryptedBlobInfo) GetWrapped() bool

func (*EncryptedBlobInfo) ProtoMessage Uses

func (*EncryptedBlobInfo) ProtoMessage()

func (*EncryptedBlobInfo) Reset Uses

func (m *EncryptedBlobInfo) Reset()

func (*EncryptedBlobInfo) String Uses

func (m *EncryptedBlobInfo) String() string

func (*EncryptedBlobInfo) XXX_DiscardUnknown Uses

func (m *EncryptedBlobInfo) XXX_DiscardUnknown()

func (*EncryptedBlobInfo) XXX_Marshal Uses

func (m *EncryptedBlobInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EncryptedBlobInfo) XXX_Merge Uses

func (m *EncryptedBlobInfo) XXX_Merge(src proto.Message)

func (*EncryptedBlobInfo) XXX_Size Uses

func (m *EncryptedBlobInfo) XXX_Size() int

func (*EncryptedBlobInfo) XXX_Unmarshal Uses

func (m *EncryptedBlobInfo) XXX_Unmarshal(b []byte) error

type Entry Uses

type Entry struct {
    Key      string
    Value    []byte
    SealWrap bool `json:"seal_wrap,omitempty"`

    // Only used in replication
    ValueHash []byte

    // The bool above is an easy control for whether it should be enabled; it
    // is used to carry information about whether seal wrapping is *desired*
    // regardless of whether it's currently available. The struct below stores
    // needed information when it's actually performed.
    SealWrapInfo *EncryptedBlobInfo `json:"seal_wrap_info,omitempty"`
}

Entry is used to represent data stored by the physical backend

type ErrorInjector Uses

type ErrorInjector struct {
    // contains filtered or unexported fields
}

ErrorInjector is used to add errors into underlying physical requests

func NewErrorInjector Uses

func NewErrorInjector(b Backend, errorPercent int, logger log.Logger) *ErrorInjector

NewErrorInjector returns a wrapped physical backend to inject error

func (*ErrorInjector) Delete Uses

func (e *ErrorInjector) Delete(ctx context.Context, key string) error

func (*ErrorInjector) Get Uses

func (e *ErrorInjector) Get(ctx context.Context, key string) (*Entry, error)

func (*ErrorInjector) List Uses

func (e *ErrorInjector) List(ctx context.Context, prefix string) ([]string, error)

func (*ErrorInjector) Put Uses

func (e *ErrorInjector) Put(ctx context.Context, entry *Entry) error

func (*ErrorInjector) SetErrorPercentage Uses

func (e *ErrorInjector) SetErrorPercentage(p int)

type Factory Uses

type Factory func(config map[string]string, logger log.Logger) (Backend, error)

Factory is the factory function to create a physical backend.

type HABackend Uses

type HABackend interface {
    // LockWith is used for mutual exclusion based on the given key.
    LockWith(key, value string) (Lock, error)

    // Whether or not HA functionality is enabled
    HAEnabled() bool
}

HABackend is an extensions to the standard physical backend to support high-availability. Vault only expects to use mutual exclusion to allow multiple instances to act as a hot standby for a leader that services all requests.

type LatencyInjector Uses

type LatencyInjector struct {
    // contains filtered or unexported fields
}

LatencyInjector is used to add latency into underlying physical requests

func NewLatencyInjector Uses

func NewLatencyInjector(b Backend, latency time.Duration, jitter int, logger log.Logger) *LatencyInjector

NewLatencyInjector returns a wrapped physical backend to simulate latency

func (*LatencyInjector) Delete Uses

func (l *LatencyInjector) Delete(ctx context.Context, key string) error

Delete is a latent delete request

func (*LatencyInjector) Get Uses

func (l *LatencyInjector) Get(ctx context.Context, key string) (*Entry, error)

Get is a latent get request

func (*LatencyInjector) List Uses

func (l *LatencyInjector) List(ctx context.Context, prefix string) ([]string, error)

List is a latent list request

func (*LatencyInjector) Put Uses

func (l *LatencyInjector) Put(ctx context.Context, entry *Entry) error

Put is a latent put request

func (*LatencyInjector) SetLatency Uses

func (l *LatencyInjector) SetLatency(latency time.Duration)

type Lock Uses

type Lock interface {
    // Lock is used to acquire the given lock
    // The stopCh is optional and if closed should interrupt the lock
    // acquisition attempt. The return struct should be closed when
    // leadership is lost.
    Lock(stopCh <-chan struct{}) (<-chan struct{}, error)

    // Unlock is used to release the lock
    Unlock() error

    // Returns the value of the lock and if it is held
    Value() (bool, string, error)
}

type Operation Uses

type Operation string

The operation type

type PerformanceStandbyFunction Uses

type PerformanceStandbyFunction func() bool

type PermitPool Uses

type PermitPool struct {
    // contains filtered or unexported fields
}

PermitPool is used to limit maximum outstanding requests

func NewPermitPool Uses

func NewPermitPool(permits int) *PermitPool

NewPermitPool returns a new permit pool with the provided number of permits

func (*PermitPool) Acquire Uses

func (c *PermitPool) Acquire()

Acquire returns when a permit has been acquired

func (*PermitPool) CurrentPermits Uses

func (c *PermitPool) CurrentPermits() int

Get number of requests in the permit pool

func (*PermitPool) Release Uses

func (c *PermitPool) Release()

Release returns a permit to the pool

type PhysicalAccess Uses

type PhysicalAccess struct {
    // contains filtered or unexported fields
}

PhysicalAccess is a wrapper around physical.Backend that allows Core to expose its physical storage operations through PhysicalAccess() while restricting the ability to modify Core.physical itself.

func NewPhysicalAccess Uses

func NewPhysicalAccess(physical Backend) *PhysicalAccess

func (*PhysicalAccess) Delete Uses

func (p *PhysicalAccess) Delete(ctx context.Context, key string) error

func (*PhysicalAccess) Get Uses

func (p *PhysicalAccess) Get(ctx context.Context, key string) (*Entry, error)

func (*PhysicalAccess) List Uses

func (p *PhysicalAccess) List(ctx context.Context, prefix string) ([]string, error)

func (*PhysicalAccess) Purge Uses

func (p *PhysicalAccess) Purge(ctx context.Context)

func (*PhysicalAccess) Put Uses

func (p *PhysicalAccess) Put(ctx context.Context, entry *Entry) error

type PseudoTransactional Uses

type PseudoTransactional interface {
    // An internal function should do no locking or permit pool acquisition.
    // Depending on the backend and if it natively supports transactions, these
    // may simply chain to the normal backend functions.
    GetInternal(context.Context, string) (*Entry, error)
    PutInternal(context.Context, *Entry) error
    DeleteInternal(context.Context, string) error
}

type RedirectDetect Uses

type RedirectDetect interface {
    // DetectHostAddr is used to detect the host address
    DetectHostAddr() (string, error)
}

RedirectDetect is an optional interface that an HABackend can implement. If they do, a redirect address can be automatically detected.

type SealKeyInfo Uses

type SealKeyInfo struct {
    // Mechanism is the method used by the seal to encrypt and sign the
    // data as defined by the seal.
    Mechanism     uint64 `protobuf:"varint,1,opt,name=Mechanism,proto3" json:"Mechanism,omitempty"`
    HMACMechanism uint64 `protobuf:"varint,2,opt,name=HMACMechanism,proto3" json:"HMACMechanism,omitempty"`
    // This is an opaque ID used by the seal to identify the specific
    // key to use as defined by the seal.  This could be a version, key
    // label, or something else.
    KeyID     string `protobuf:"bytes,3,opt,name=KeyID,proto3" json:"KeyID,omitempty"`
    HMACKeyID string `protobuf:"bytes,4,opt,name=HMACKeyID,proto3" json:"HMACKeyID,omitempty"`
    // These value are used when generating our own data encryption keys
    // and encrypting them using the autoseal
    WrappedKey []byte `protobuf:"bytes,5,opt,name=WrappedKey,proto3" json:"WrappedKey,omitempty"`
    // Mechanism specific flags
    Flags                uint64   `protobuf:"varint,6,opt,name=Flags,proto3" json:"Flags,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

SealKeyInfo contains information regarding the seal used to encrypt the entry.

func (*SealKeyInfo) Descriptor Uses

func (*SealKeyInfo) Descriptor() ([]byte, []int)

func (*SealKeyInfo) GetFlags Uses

func (m *SealKeyInfo) GetFlags() uint64

func (*SealKeyInfo) GetHMACKeyID Uses

func (m *SealKeyInfo) GetHMACKeyID() string

func (*SealKeyInfo) GetHMACMechanism Uses

func (m *SealKeyInfo) GetHMACMechanism() uint64

func (*SealKeyInfo) GetKeyID Uses

func (m *SealKeyInfo) GetKeyID() string

func (*SealKeyInfo) GetMechanism Uses

func (m *SealKeyInfo) GetMechanism() uint64

func (*SealKeyInfo) GetWrappedKey Uses

func (m *SealKeyInfo) GetWrappedKey() []byte

func (*SealKeyInfo) ProtoMessage Uses

func (*SealKeyInfo) ProtoMessage()

func (*SealKeyInfo) Reset Uses

func (m *SealKeyInfo) Reset()

func (*SealKeyInfo) String Uses

func (m *SealKeyInfo) String() string

func (*SealKeyInfo) XXX_DiscardUnknown Uses

func (m *SealKeyInfo) XXX_DiscardUnknown()

func (*SealKeyInfo) XXX_Marshal Uses

func (m *SealKeyInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SealKeyInfo) XXX_Merge Uses

func (m *SealKeyInfo) XXX_Merge(src proto.Message)

func (*SealKeyInfo) XXX_Size Uses

func (m *SealKeyInfo) XXX_Size() int

func (*SealKeyInfo) XXX_Unmarshal Uses

func (m *SealKeyInfo) XXX_Unmarshal(b []byte) error

type SealedFunction Uses

type SealedFunction func() bool

type ServiceDiscovery Uses

type ServiceDiscovery interface {
    // NotifyActiveStateChange is used by Core to notify a backend
    // capable of ServiceDiscovery that this Vault instance has changed
    // its status to active or standby.
    NotifyActiveStateChange() error

    // NotifySealedStateChange is used by Core to notify a backend
    // capable of ServiceDiscovery that Vault has changed its Sealed
    // status to sealed or unsealed.
    NotifySealedStateChange() error

    // NotifyPerformanceStandbyStateChange is used by Core to notify a backend
    // capable of ServiceDiscovery that this Vault instance has changed it
    // status to performance standby or standby.
    NotifyPerformanceStandbyStateChange() error

    // Run executes any background service discovery tasks until the
    // shutdown channel is closed.
    RunServiceDiscovery(waitGroup *sync.WaitGroup, shutdownCh ShutdownChannel, redirectAddr string, activeFunc ActiveFunction, sealedFunc SealedFunction, perfStandbyFunc PerformanceStandbyFunction) error
}

ServiceDiscovery is an optional interface that an HABackend can implement. If they do, the state of a backend is advertised to the service discovery network.

type ShutdownChannel Uses

type ShutdownChannel chan struct{}

ShutdownSignal

type StorageEncoding Uses

type StorageEncoding struct {
    Backend
}

StorageEncoding is used to add errors into underlying physical requests

func (*StorageEncoding) Delete Uses

func (e *StorageEncoding) Delete(ctx context.Context, key string) error

func (*StorageEncoding) Purge Uses

func (e *StorageEncoding) Purge(ctx context.Context)

func (*StorageEncoding) Put Uses

func (e *StorageEncoding) Put(ctx context.Context, entry *Entry) error

func (*StorageEncoding) SetEnabled Uses

func (e *StorageEncoding) SetEnabled(enabled bool)

type ToggleablePurgemonster Uses

type ToggleablePurgemonster interface {
    Purge(ctx context.Context)
    SetEnabled(bool)
}

ToggleablePurgemonster is an interface for backends that can toggle on or off special functionality and/or support purging. This is only used for the cache, don't use it for other things.

type Transactional Uses

type Transactional interface {
    // The function to run a transaction
    Transaction(context.Context, []*TxnEntry) error
}

Transactional is an optional interface for backends that support doing transactional updates of multiple keys. This is required for some features such as replication.

type TransactionalBackend Uses

type TransactionalBackend interface {
    Backend
    Transactional
}

type TransactionalCache Uses

type TransactionalCache struct {
    *Cache
    Transactional
}

TransactionalCache is a Cache that wraps the physical that is transactional

func NewTransactionalCache Uses

func NewTransactionalCache(b Backend, size int, logger log.Logger) *TransactionalCache

func (*TransactionalCache) LRU Uses

func (c *TransactionalCache) LRU() *lru.TwoQueueCache

func (*TransactionalCache) Locks Uses

func (c *TransactionalCache) Locks() []*locksutil.LockEntry

func (*TransactionalCache) Transaction Uses

func (c *TransactionalCache) Transaction(ctx context.Context, txns []*TxnEntry) error

type TransactionalErrorInjector Uses

type TransactionalErrorInjector struct {
    *ErrorInjector
    Transactional
}

TransactionalErrorInjector is the transactional version of the error injector

func NewTransactionalErrorInjector Uses

func NewTransactionalErrorInjector(b Backend, errorPercent int, logger log.Logger) *TransactionalErrorInjector

NewTransactionalErrorInjector creates a new transactional ErrorInjector

func (*TransactionalErrorInjector) Transaction Uses

func (e *TransactionalErrorInjector) Transaction(ctx context.Context, txns []*TxnEntry) error

type TransactionalLatencyInjector Uses

type TransactionalLatencyInjector struct {
    *LatencyInjector
    Transactional
}

TransactionalLatencyInjector is the transactional version of the latency injector

func NewTransactionalLatencyInjector Uses

func NewTransactionalLatencyInjector(b Backend, latency time.Duration, jitter int, logger log.Logger) *TransactionalLatencyInjector

NewTransactionalLatencyInjector creates a new transactional LatencyInjector

func (*TransactionalLatencyInjector) Transaction Uses

func (l *TransactionalLatencyInjector) Transaction(ctx context.Context, txns []*TxnEntry) error

Transaction is a latent transaction request

type TransactionalStorageEncoding Uses

type TransactionalStorageEncoding struct {
    *StorageEncoding
    Transactional
}

TransactionalStorageEncoding is the transactional version of the error injector

func (*TransactionalStorageEncoding) Transaction Uses

func (e *TransactionalStorageEncoding) Transaction(ctx context.Context, txns []*TxnEntry) error

type TxnEntry Uses

type TxnEntry struct {
    Operation Operation
    Entry     *Entry
}

TxnEntry is an operation that takes atomically as part of a transactional update. Only supported by Transactional backends.

func SetupTestingTransactions Uses

func SetupTestingTransactions(t testing.TB, b Backend) []*TxnEntry

type View Uses

type View struct {
    // contains filtered or unexported fields
}

View represents a prefixed view of a physical backend

func NewView Uses

func NewView(backend Backend, prefix string) *View

NewView takes an underlying physical backend and returns a view of it that can only operate with the given prefix.

func (*View) Delete Uses

func (v *View) Delete(ctx context.Context, key string) error

Delete the entry from the prefix view

func (*View) Get Uses

func (v *View) Get(ctx context.Context, key string) (*Entry, error)

Get the key of the prefixed view

func (*View) List Uses

func (v *View) List(ctx context.Context, prefix string) ([]string, error)

List the contents of the prefixed view

func (*View) Put Uses

func (v *View) Put(ctx context.Context, entry *Entry) error

Put the entry into the prefix view

Directories

PathSynopsis
file
inmem

Package physical imports 20 packages (graph) and is imported by 53 packages. Updated 2019-10-09. Refresh now. Tools for package owners.