apiserver: k8s.io/apiserver/pkg/storage/value Index | Files | Directories

package value

import "k8s.io/apiserver/pkg/storage/value"

Package value contains methods for assisting with transformation of values in storage.

Index

Package Files

metrics.go transformer.go

func RecordCacheMiss Uses

func RecordCacheMiss()

RecordCacheMiss records a miss on Key Encryption Key(KEK) - call to KMS was required to decrypt KEK.

func RecordDataKeyGeneration Uses

func RecordDataKeyGeneration(start time.Time, err error)

RecordDataKeyGeneration records latencies and count of Data Encryption Key generation operations.

func RecordTransformation Uses

func RecordTransformation(transformationType, transformerPrefix string, start time.Time, err error)

RecordTransformation records latencies and count of TransformFromStorage and TransformToStorage operations. Note that transformation_failures_total metric is deprecated, use transformation_operations_total instead.

func RegisterMetrics Uses

func RegisterMetrics()

type Context Uses

type Context interface {
    // AuthenticatedData should return an array of bytes that describes the current value. If the value changes,
    // the transformer may report the value as unreadable or tampered. This may be nil if no such description exists
    // or is needed. For additional verification, set this to data that strongly identifies the value, such as
    // the key and creation version of the stored data.
    AuthenticatedData() []byte
}

Context is additional information that a storage transformation may need to verify the data at rest.

type DefaultContext Uses

type DefaultContext []byte

DefaultContext is a simple implementation of Context for a slice of bytes.

func (DefaultContext) AuthenticatedData Uses

func (c DefaultContext) AuthenticatedData() []byte

AuthenticatedData returns itself.

type MutableTransformer Uses

type MutableTransformer struct {
    // contains filtered or unexported fields
}

MutableTransformer allows a transformer to be changed safely at runtime.

func NewMutableTransformer Uses

func NewMutableTransformer(transformer Transformer) *MutableTransformer

NewMutableTransformer creates a transformer that can be updated at any time by calling Set()

func (*MutableTransformer) Set Uses

func (t *MutableTransformer) Set(transformer Transformer)

Set updates the nested transformer.

func (*MutableTransformer) TransformFromStorage Uses

func (t *MutableTransformer) TransformFromStorage(data []byte, context Context) (out []byte, stale bool, err error)

func (*MutableTransformer) TransformToStorage Uses

func (t *MutableTransformer) TransformToStorage(data []byte, context Context) (out []byte, err error)

type PrefixTransformer Uses

type PrefixTransformer struct {
    Prefix      []byte
    Transformer Transformer
}

PrefixTransformer holds a transformer interface and the prefix that the transformation is located under.

type Transformer Uses

type Transformer interface {
    // TransformFromStorage may transform the provided data from its underlying storage representation or return an error.
    // Stale is true if the object on disk is stale and a write to etcd should be issued, even if the contents of the object
    // have not changed.
    TransformFromStorage(data []byte, context Context) (out []byte, stale bool, err error)
    // TransformToStorage may transform the provided data into the appropriate form in storage or return an error.
    TransformToStorage(data []byte, context Context) (out []byte, err error)
}

Transformer allows a value to be transformed before being read from or written to the underlying store. The methods must be able to undo the transformation caused by the other.

var IdentityTransformer Transformer = identityTransformer{}

IdentityTransformer performs no transformation of the provided data.

func NewPrefixTransformers Uses

func NewPrefixTransformers(err error, transformers ...PrefixTransformer) Transformer

NewPrefixTransformers supports the Transformer interface by checking the incoming data against the provided prefixes in order. The first matching prefix will be used to transform the value (the prefix is stripped before the Transformer interface is invoked). The first provided transformer will be used when writing to the store.

Directories

PathSynopsis
encrypt/aesPackage aes transforms values for storage at rest using AES-GCM.
encrypt/envelopePackage envelope transforms values for storage at rest using a Envelope provider
encrypt/envelope/testing
encrypt/envelope/v1beta1Package v1beta1 contains definition of kms-plugin's gRPC service.
encrypt/identity
encrypt/secretboxPackage secretbox transforms values for storage at rest using XSalsa20 and Poly1305.

Package value imports 8 packages (graph) and is imported by 19 packages. Updated 2019-12-12. Refresh now. Tools for package owners.