vaults

package

v1.2.0 Latest Latest Go to latest Published: Nov 28, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/piprate/metalocker

Links

Open Source Insights

Documentation ¶

Index ¶

func ReceiveBlob(res *model.StoredResource, accessToken string, receiverFn blobReceiverFn) (io.ReadCloser, error)
func Register(vaultType string, ctor VaultConstructor)
func SendBlob(r io.Reader, vaultID string, cleartext bool, senderFn blobSenderFn) (*model.StoredResource, error)
type Config
type LocalBlobManager
- func NewLocalBlobManager() *LocalBlobManager
type Params
type Vault
- func CreateVault(cfg *Config, resolver cmdbase.ParameterResolver, verifier model.AccessVerifier) (Vault, error)
type VaultConstructor

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ReceiveBlob ¶

func ReceiveBlob(res *model.StoredResource, accessToken string, receiverFn blobReceiverFn) (io.ReadCloser, error)

ReceiveBlob returns a decrypted blob stream from the vault (either local or remote)

func Register ¶

func Register(vaultType string, ctor VaultConstructor)

func SendBlob ¶

func SendBlob(r io.Reader, vaultID string, cleartext bool, senderFn blobSenderFn) (*model.StoredResource, error)

SendBlob sends the given blob to a vault and takes care of building StoredResource and applying encryption where necessary.

Types ¶

type Config ¶

type Config struct {
	// ID is the vault's globally unique ID.
	ID string `json:"id"`
	// ID is the vault's locally (within the MetaLocker node) unique name.
	Name string `json:"name"`
	// Type is the registered vault algorithm type.
	Type string `json:"type"`
	// SSE is true if the vault uses Server Side Encryption
	SSE bool `json:"sse"`
	// CAS is true if the vault generates content addressable resource IDs
	CAS bool `json:"cas"`
	// Params are vault parameters that are specific to its Type.
	Params Params `json:"params"`
}

Config defines vault's configuration.

type LocalBlobManager ¶

type LocalBlobManager struct {
	// contains filtered or unexported fields
}

func NewLocalBlobManager ¶

func NewLocalBlobManager() *LocalBlobManager

func (*LocalBlobManager) AddVault ¶

func (lbm *LocalBlobManager) AddVault(v Vault, cfg *Config)

func (*LocalBlobManager) GetBlob ¶

func (lbm *LocalBlobManager) GetBlob(ctx context.Context, res *model.StoredResource, accessToken string) (io.ReadCloser, error)

func (*LocalBlobManager) GetVault ¶

func (lbm *LocalBlobManager) GetVault(id string) (Vault, error)

func (*LocalBlobManager) GetVaultMap ¶

func (lbm *LocalBlobManager) GetVaultMap(ctx context.Context) (map[string]*model.VaultProperties, error)

func (*LocalBlobManager) PurgeBlob ¶

func (lbm *LocalBlobManager) PurgeBlob(ctx context.Context, res *model.StoredResource) error

func (*LocalBlobManager) SendBlob ¶

func (lbm *LocalBlobManager) SendBlob(ctx context.Context, data io.Reader, cleartext bool, vaultName string) (*model.StoredResource, error)

type Params ¶

type Params map[string]any

type Vault ¶

type Vault interface {
	io.Closer

	// ID returns the vault's globally unique ID.
	ID() string
	// Name returns the vault's locally (within the node) unique name.
	Name() string
	// SSE returns true if server side encryption is enabled in this vault
	// If true, there may be no need to encrypt the blob before storing it in the vault.
	SSE() bool
	// CAS returns true if the vault produces content-addressable blob IDs. This means that
	// if the same blob is uploaded twice, it will receive a storage configuration with
	// the same ID and same parameters. This may not be desirable for private storage
	// as records can be correlated by its data asset IDs. However, it is essential
	// for off-chain operation storage to use content-addressable IDs.
	CAS() bool
	// CreateBlob stores a blob in the vault and returns a resource definition.
	CreateBlob(ctx context.Context, blob io.Reader) (*model.StoredResource, error)
	// ServeBlob returns a binary stream for the stored resource. Depending on the vault's
	// SSE property, it may be in cleartext or encrypted. The vault will check if
	// the caller can access the resource by checking the provided accessToken
	// against the ledger and other sources.
	ServeBlob(ctx context.Context, id string, params map[string]any, accessToken string) (io.ReadCloser, error)
	// PurgeBlob permanently purges the given resource from the vault. If will only
	// succeed in the resource is related to a revoked lease.
	PurgeBlob(ctx context.Context, id string, params map[string]any) error
}

Vault is a data storage facility for all user's datasets that are stored in MetaLocker.

func CreateVault ¶

func CreateVault(cfg *Config, resolver cmdbase.ParameterResolver, verifier model.AccessVerifier) (Vault, error)

type VaultConstructor ¶

type VaultConstructor func(cfg *Config, resolver cmdbase.ParameterResolver, verifier model.AccessVerifier) (Vault, error)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
fs
memory

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL