package persist

import "github.com/cloudflare/redoctober/persist"

Package persist implements delegation persistence. It is primarily concerned with configuration and serialisation; encryption and decryption is done by the cryptor package.

Index ¶

• Constants
• Variables
• type File
• func (f *File) Blob() []byte
• func (f *File) Cache() *keycache.Cache
• func (f *File) Delegate(record passvault.PasswordRecord, name, password string, users, labels []string, uses int, slot, durationString string) error
• func (f *File) Load() error
• func (f *File) Persist()
• func (f *File) Policy() string
• func (f *File) Purge() error
• func (f *File) Status() *Status
• func (f *File) Store(blob []byte) error
• func (f *File) Users() []string
• func (f *File) Valid() bool
• type Null
• func (n *Null) Blob() []byte
• func (n *Null) Cache() *keycache.Cache
• func (n *Null) Delegate(record passvault.PasswordRecord, name, password string, users, labels []string, uses int, slot, durationString string) error
• func (n *Null) Load() error
• func (n *Null) Persist()
• func (n *Null) Policy() string
• func (n *Null) Purge() error
• func (n *Null) Status() *Status
• func (n *Null) Store(bs []byte) error
• func (n *Null) Users() []string
• type Status
• type Store
• func New(config *config.Delegations) (Store, error)

Constants ¶

const (
	// Disabled indicates that the persistence store will never
	// persist active delegations.
	Disabled = "disabled"

	// Inactive indicates that the persistence store requires
	// more delegations to unlock, and isn't currently persisting
	// the store.
	Inactive = "inactive"

	// Active indicates that the persistence store is
	// actively persisting delegations.
	Active = "active"
)

const FileMechanism = "file"

FileMechanism indicates that the persistence mechanism is a file.

Variables ¶

var ErrInvalidConfig = errors.New("persist: invalid configuration")

ErrInvalidConfig is returned when the configuration is invalid for the type of persistence store in use.

var Labels = []string{"restore"}

Labels are the labels that the keycache should be encrypted with.

var Usages = []string{}

Usages indicate whether encrypted data can be decrypted or only used for signing

Types ¶

type File ¶

type File struct {
	// contains filtered or unexported fields
}

File implements a file-backed persistence store.

func (*File) Blob ¶

func (f *File) Blob() []byte

func (*File) Cache ¶

func (f *File) Cache() *keycache.Cache

func (*File) Delegate ¶

func (f *File) Delegate(record passvault.PasswordRecord, name, password string, users, labels []string, uses int, slot, durationString string) error

func (*File) Load ¶

func (f *File) Load() error

func (*File) Persist ¶

func (f *File) Persist()

func (*File) Policy ¶

func (f *File) Policy() string

func (*File) Purge ¶

func (f *File) Purge() error

func (*File) Status ¶

func (f *File) Status() *Status

func (*File) Store ¶

func (f *File) Store(blob []byte) error

func (*File) Users ¶

func (f *File) Users() []string

func (*File) Valid ¶

func (f *File) Valid() bool

Valid ensures the configuration is valid for a file store. Note that it won't validate the policy, it will just ensure that one is present.

type Null ¶

type Null struct {
	// contains filtered or unexported fields
}

Null is a non-persisting store. It is used when persistence is not activated.

func (*Null) Blob ¶

func (n *Null) Blob() []byte

func (*Null) Cache ¶

func (n *Null) Cache() *keycache.Cache

func (*Null) Delegate ¶

func (n *Null) Delegate(record passvault.PasswordRecord, name, password string, users, labels []string, uses int, slot, durationString string) error

func (*Null) Load ¶

func (n *Null) Load() error

func (*Null) Persist ¶

func (n *Null) Persist()

func (*Null) Policy ¶

func (n *Null) Policy() string

func (*Null) Purge ¶

func (n *Null) Purge() error

func (*Null) Status ¶

func (n *Null) Status() *Status

func (*Null) Store ¶

func (n *Null) Store(bs []byte) error

func (*Null) Users ¶

func (n *Null) Users() []string

type Status ¶

type Status struct {
	State   string `json:"state"`
	Summary map[string]keycache.ActiveUser
}

Status contains information on the current status of a persistence store.

type Store ¶

type Store interface {
	Blob() []byte
	Policy() string
	Users() []string
	Store([]byte) error
	Load() error
	Status() *Status
	// Persist tells the Store to start actively persisting.
	Persist()
	Delegate(record passvault.PasswordRecord, name, password string, users, labels []string, uses int, slot, durationString string) error
	// This is not the main keycache. This is the keycache for
	// users that can decrypt the store.
	Cache() *keycache.Cache
	// Purge clears the persisted keys.
	Purge() error
}

Store is a persistence store interface that handles delegations, serialising the persistence store, and writing the store to disk.

func New ¶

func New(config *config.Delegations) (Store, error)

New attempts to create a new persistence store from the configuration.

Source Files ¶

file.go null.go persist.go