monitoring

package

v1.7.0 Latest Latest Go to latest Published: Aug 10, 2022 License: Apache-2.0 Imports: 0 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/google/tink

Links

Open Source Insights

Documentation ¶

Overview ¶

Package monitoring defines the structs and interfaces for monitoring primitives with Tink. This package isn't yet production ready and might go through various changes.

Index ¶

type Client
type Context
- func NewContext(primitive string, apiFunction string, keysetInfo *KeysetInfo) *Context
type Entry
type KeyStatus
type KeysetInfo
- func NewKeysetInfo(annotations map[string]string, primaryKeyID uint32, entries []*Entry) *KeysetInfo
type Logger

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client interface {
	NewLogger(context *Context) (Logger, error)
}

Client represents an interface to hold monitoring client context to create a `Logger`. A Client is registered with Tink's registry and used by primitives to obtain a `Logger`.

type Context ¶

type Context struct {
	Primitive   string
	APIFunction string
	KeysetInfo  *KeysetInfo
}

Context defines a context for monitoring events, wich includes the primitive and API used, and information on the keyset.

func NewContext ¶

func NewContext(primitive string, apiFunction string, keysetInfo *KeysetInfo) *Context

NewContext creates a new monitoring context.

type Entry ¶

type Entry struct {
	Status         KeyStatus
	KeyID          uint32
	FormatAsString string
}

Entry represents each entry inside a Keyset.

type KeyStatus ¶

type KeyStatus int

KeyStatus represents KeyStatusType in tink/proto/tink.proto.

const (
	// Enabled keys can be used for cryptographic operations.
	Enabled KeyStatus = iota
	// Disabled keys can't be used, but can be re-enabled.
	Disabled
	// Destroyed keys don't exist in the keyset anymore.
	Destroyed

	// DoNotUse is intended to guard from failures that may be caused by future expansions.
	DoNotUse KeyStatus = 20
)

type KeysetInfo ¶

type KeysetInfo struct {
	Annotations  map[string]string
	PrimaryKeyID uint32
	Entries      []*Entry
}

KeysetInfo represents a keyset in a certain point in time for the purpose of monitoring operations involving cryptographic keys.

func NewKeysetInfo ¶

func NewKeysetInfo(annotations map[string]string, primaryKeyID uint32, entries []*Entry) *KeysetInfo

NewKeysetInfo creates a new KeysetInfo.

type Logger ¶

type Logger interface {
	// Logs a successful use of `keyID` on an input of `numBytes`. Tink primitive
	// wrappers call this method when they  successfully use a key to carry out a
	// primitive method, e.g. aead.Encrypt(). As a consequence, implementations of
	// MonitoringClient should be mindful on the amount of work performed by this
	// method, as this will be called on each cryptographic operation. Implementations
	// of MonitoringClient are responsible to add context to identify, e.g., the
	// primitive and the API function.
	Log(keyID uint32, numBytes int)

	// Logs a failure. Tink calls this method when a cryptographic operation
	// failed, e.g. no key could be found to decrypt a ciphertext. In this
	// case the failure is not associated with a specific key, therefore this
	// method has no arguments. The MonitoringClient implementation is responsible
	// to add context to identify where the failure comes from.
	LogFailure()
}

Logger is an interface for logging which can be created through a `Client`. monitoring clients are invoked by Tink during cryptographic operations to emit certain events.

Source Files ¶

View all Source files

monitoring.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL