sql

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 18, 2020 License: Apache-2.0 Imports: 39 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PluginName = "sql"

	// MySQL database type
	MySQL = "mysql"
	// PostgreSQL database type
	PostgreSQL = "postgres"
	// SQLite database type
	SQLite = "sqlite3"
)

Variables

This section is empty.

Functions

func BuiltIn 

func BuiltIn() catalog.Plugin

Types

type AttestedNode 

type AttestedNode struct {
	Model

	SpiffeID        string `gorm:"unique_index"`
	DataType        string
	SerialNumber    string
	ExpiresAt       time.Time `gorm:"index"`
	NewSerialNumber string
	NewExpiresAt    *time.Time

	Selectors []*NodeSelector
}

AttestedNode holds an attested node (agent)

func (AttestedNode) TableName 

func (AttestedNode) TableName() string

TableName gets table name of AttestedNode

type Bundle 

type Bundle struct {
	Model

	TrustDomain string `gorm:"not null;unique_index"`
	Data        []byte `gorm:"size:16777215"` // make MySQL to use MEDIUMBLOB (max 24MB) - doesn't affect PostgreSQL/SQLite

	FederatedEntries []RegisteredEntry `gorm:"many2many:federated_registration_entries;"`
}

Bundle holds a trust bundle.

type DNSName 

type DNSName struct {
	Model

	RegisteredEntryID uint   `gorm:"unique_index:idx_dns_entry"`
	Value             string `gorm:"unique_index:idx_dns_entry"`
}

DNSName holds a DNS for a registration entry

func (DNSName) TableName 

func (DNSName) TableName() string

TableName gets table name for DNS entries

type JoinToken 

type JoinToken struct {
	Model

	Token  string `gorm:"unique_index"`
	Expiry int64
}

JoinToken holds a join token

type Migration 

type Migration struct {
	Model

	// Database version
	Version int

	// SPIRE Code versioning
	CodeVersion string
}

Migration holds database schema version number, and the SPIRE Code version number

type Model 

type Model struct {
	ID        uint `gorm:"primary_key"`
	CreatedAt time.Time
	UpdatedAt time.Time
}

Model is used as a base for other models. Similar to gorm.Model without `DeletedAt`. We don't want soft-delete support.

type NodeSelector 

type NodeSelector struct {
	Model

	SpiffeID string `gorm:"unique_index:idx_node_resolver_map"`
	Type     string `gorm:"unique_index:idx_node_resolver_map"`
	Value    string `gorm:"unique_index:idx_node_resolver_map"`
}

NodeSelector holds a node selector by spiffe ID

func (NodeSelector) TableName 

func (NodeSelector) TableName() string

TableName gets table name of NodeSelector

type Plugin 

type Plugin struct {
	datastore.UnsafeDataStoreServer
	// contains filtered or unexported fields
}

Plugin is a DataStore plugin implemented via a SQL database

func New 

func New() *Plugin

New creates a new sql plugin struct. Configure must be called in order to start the db.

func (*Plugin) AppendBundle 

func (ds *Plugin) AppendBundle(ctx context.Context, req *datastore.AppendBundleRequest) (resp *datastore.AppendBundleResponse, err error)

AppendBundle append bundle contents to the existing bundle (by trust domain). If no existing one is present, create it.

func (*Plugin) Configure 

func (ds *Plugin) Configure(ctx context.Context, req *spi.ConfigureRequest) (*spi.ConfigureResponse, error)

Configure parses HCL config payload into config struct, and opens new DB based on the result

func (*Plugin) CountAttestedNodes added in v0.12.0 

func (ds *Plugin) CountAttestedNodes(ctx context.Context,
	req *datastore.CountAttestedNodesRequest) (resp *datastore.CountAttestedNodesResponse, err error)

CountAttestedNodes counts all attested nodes

func (*Plugin) CountBundles added in v0.12.0 

func (ds *Plugin) CountBundles(ctx context.Context, req *datastore.CountBundlesRequest) (resp *datastore.CountBundlesResponse, err error)

CountBundles can be used to count all existing bundles.

func (*Plugin) CountRegistrationEntries added in v0.12.0 

func (ds *Plugin) CountRegistrationEntries(ctx context.Context,
	req *datastore.CountRegistrationEntriesRequest) (resp *datastore.CountRegistrationEntriesResponse, err error)

CounCountRegistrationEntries counts all registrations (pagination available)

func (*Plugin) CreateAttestedNode 

func (ds *Plugin) CreateAttestedNode(ctx context.Context,
	req *datastore.CreateAttestedNodeRequest) (resp *datastore.CreateAttestedNodeResponse, err error)

CreateAttestedNode stores the given attested node

func (*Plugin) CreateBundle 

func (ds *Plugin) CreateBundle(ctx context.Context, req *datastore.CreateBundleRequest) (resp *datastore.CreateBundleResponse, err error)

CreateBundle stores the given bundle

func (*Plugin) CreateJoinToken 

func (ds *Plugin) CreateJoinToken(ctx context.Context, req *datastore.CreateJoinTokenRequest) (resp *datastore.CreateJoinTokenResponse, err error)

CreateJoinToken takes a Token message and stores it

func (*Plugin) CreateRegistrationEntry 

func (ds *Plugin) CreateRegistrationEntry(ctx context.Context,
	req *datastore.CreateRegistrationEntryRequest) (resp *datastore.CreateRegistrationEntryResponse, err error)

CreateRegistrationEntry stores the given registration entry

func (*Plugin) DeleteAttestedNode 

func (ds *Plugin) DeleteAttestedNode(ctx context.Context,
	req *datastore.DeleteAttestedNodeRequest) (resp *datastore.DeleteAttestedNodeResponse, err error)

DeleteAttestedNode deletes the given attested node

func (*Plugin) DeleteBundle 

func (ds *Plugin) DeleteBundle(ctx context.Context, req *datastore.DeleteBundleRequest) (resp *datastore.DeleteBundleResponse, err error)

DeleteBundle deletes the bundle with the matching TrustDomain. Any CACert data passed is ignored.

func (*Plugin) DeleteJoinToken 

func (ds *Plugin) DeleteJoinToken(ctx context.Context, req *datastore.DeleteJoinTokenRequest) (resp *datastore.DeleteJoinTokenResponse, err error)

DeleteJoinToken deletes the given join token

func (*Plugin) DeleteRegistrationEntry 

func (ds *Plugin) DeleteRegistrationEntry(ctx context.Context,
	req *datastore.DeleteRegistrationEntryRequest) (resp *datastore.DeleteRegistrationEntryResponse, err error)

DeleteRegistrationEntry deletes the given registration

func (*Plugin) FetchAttestedNode 

func (ds *Plugin) FetchAttestedNode(ctx context.Context,
	req *datastore.FetchAttestedNodeRequest) (resp *datastore.FetchAttestedNodeResponse, err error)

FetchAttestedNode fetches an existing attested node by SPIFFE ID

func (*Plugin) FetchBundle 

func (ds *Plugin) FetchBundle(ctx context.Context, req *datastore.FetchBundleRequest) (resp *datastore.FetchBundleResponse, err error)

FetchBundle returns the bundle matching the specified Trust Domain.

func (*Plugin) FetchJoinToken 

func (ds *Plugin) FetchJoinToken(ctx context.Context, req *datastore.FetchJoinTokenRequest) (resp *datastore.FetchJoinTokenResponse, err error)

FetchJoinToken takes a Token message and returns one, populating the fields we have knowledge of

func (*Plugin) FetchRegistrationEntry 

func (ds *Plugin) FetchRegistrationEntry(ctx context.Context,
	req *datastore.FetchRegistrationEntryRequest) (resp *datastore.FetchRegistrationEntryResponse, err error)

FetchRegistrationEntry fetches an existing registration by entry ID

func (*Plugin) GetNodeSelectors 

func (ds *Plugin) GetNodeSelectors(ctx context.Context,
	req *datastore.GetNodeSelectorsRequest) (resp *datastore.GetNodeSelectorsResponse, err error)

GetNodeSelectors gets node (agent) selectors by SPIFFE ID

func (*Plugin) GetPluginInfo 

func (*Plugin) GetPluginInfo(context.Context, *spi.GetPluginInfoRequest) (*spi.GetPluginInfoResponse, error)

GetPluginInfo returns the sql plugin

func (*Plugin) ListAttestedNodes 

func (ds *Plugin) ListAttestedNodes(ctx context.Context,
	req *datastore.ListAttestedNodesRequest) (resp *datastore.ListAttestedNodesResponse, err error)

ListAttestedNodes lists all attested nodes (pagination available)

func (*Plugin) ListBundles 

func (ds *Plugin) ListBundles(ctx context.Context, req *datastore.ListBundlesRequest) (resp *datastore.ListBundlesResponse, err error)

ListBundles can be used to fetch all existing bundles.

func (*Plugin) ListNodeSelectors added in v0.12.0 

func (ds *Plugin) ListNodeSelectors(ctx context.Context,
	req *datastore.ListNodeSelectorsRequest) (resp *datastore.ListNodeSelectorsResponse, err error)

ListNodeSelectors gets node (agent) selectors by SPIFFE ID

func (*Plugin) ListRegistrationEntries 

func (ds *Plugin) ListRegistrationEntries(ctx context.Context,
	req *datastore.ListRegistrationEntriesRequest) (resp *datastore.ListRegistrationEntriesResponse, err error)

ListRegistrationEntries lists all registrations (pagination available)

func (*Plugin) PruneBundle 

func (ds *Plugin) PruneBundle(ctx context.Context, req *datastore.PruneBundleRequest) (resp *datastore.PruneBundleResponse, err error)

PruneBundle removes expired certs and keys from a bundle

func (*Plugin) PruneJoinTokens 

func (ds *Plugin) PruneJoinTokens(ctx context.Context, req *datastore.PruneJoinTokensRequest) (resp *datastore.PruneJoinTokensResponse, err error)

PruneJoinTokens takes a Token message, and deletes all tokens which have expired before the date in the message

func (*Plugin) PruneRegistrationEntries 

func (ds *Plugin) PruneRegistrationEntries(ctx context.Context, req *datastore.PruneRegistrationEntriesRequest) (resp *datastore.PruneRegistrationEntriesResponse, err error)

PruneRegistrationEntries takes a registration entry message, and deletes all entries which have expired before the date in the message

func (*Plugin) SetBundle 

func (ds *Plugin) SetBundle(ctx context.Context, req *datastore.SetBundleRequest) (resp *datastore.SetBundleResponse, err error)

SetBundle sets bundle contents. If no bundle exists for the trust domain, it is created.

func (*Plugin) SetLogger 

func (ds *Plugin) SetLogger(logger hclog.Logger)

func (*Plugin) SetNodeSelectors 

func (ds *Plugin) SetNodeSelectors(ctx context.Context, req *datastore.SetNodeSelectorsRequest) (resp *datastore.SetNodeSelectorsResponse, err error)

SetNodeSelectors sets node (agent) selectors by SPIFFE ID, deleting old selectors first

func (*Plugin) UpdateAttestedNode 

func (ds *Plugin) UpdateAttestedNode(ctx context.Context,
	req *datastore.UpdateAttestedNodeRequest) (resp *datastore.UpdateAttestedNodeResponse, err error)

UpdateAttestedNode updates the given node's cert serial and expiration.

func (*Plugin) UpdateBundle 

func (ds *Plugin) UpdateBundle(ctx context.Context, req *datastore.UpdateBundleRequest) (resp *datastore.UpdateBundleResponse, err error)

UpdateBundle updates an existing bundle with the given CAs. Overwrites any existing certificates.

func (*Plugin) UpdateRegistrationEntry 

func (ds *Plugin) UpdateRegistrationEntry(ctx context.Context,
	req *datastore.UpdateRegistrationEntryRequest) (resp *datastore.UpdateRegistrationEntryResponse, err error)

UpdateRegistrationEntry updates an existing registration entry

type RegisteredEntry 

type RegisteredEntry struct {
	Model

	EntryID  string `gorm:"unique_index"`
	SpiffeID string `gorm:"index"`
	ParentID string `gorm:"index"`
	// TTL of identities derived from this entry
	TTL           int32
	Selectors     []Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
	Downstream    bool
	// (optional) expiry of this entry
	Expiry int64 `gorm:"index"`
	// (optional) DNS entries
	DNSList []DNSName

	// RevisionNumber is a counter that is incremented when the entry is
	// updated.
	RevisionNumber int64
}

RegisteredEntry holds a registered entity entry

type Selector 

type Selector struct {
	Model

	RegisteredEntryID uint   `gorm:"unique_index:idx_selector_entry"`
	Type              string `gorm:"unique_index:idx_selector_entry;index:idx_selectors_type_value"`
	Value             string `gorm:"unique_index:idx_selector_entry;index:idx_selectors_type_value"`
}

type V10RegisteredEntry added in v0.10.0 

type V10RegisteredEntry struct {
	Model

	EntryID  string `gorm:"unique_index"`
	SpiffeID string `gorm:"index"`
	ParentID string `gorm:"index"`
	// TTL of identities derived from this entry
	TTL           int32
	Selectors     []Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
	Downstream    bool
	// (optional) expiry of this entry
	Expiry int64 `gorm:"index"`
	// (optional) DNS entries
	DNSList []DNSName
}

V10RegisteredEntry holds a registered entity entry

func (V10RegisteredEntry) TableName added in v0.10.0 

func (V10RegisteredEntry) TableName() string

TableName gets table name for v10 registered entry

type V11Migration 

type V11Migration struct {
	Model

	// Database version
	Version int
}

func (V11Migration) TableName 

func (V11Migration) TableName() string

TableName gets table name for v11 migrations table

type V3AttestedNode 

type V3AttestedNode struct {
	Model

	SpiffeID     string `gorm:"unique_index"`
	DataType     string
	SerialNumber string
	ExpiresAt    time.Time
}

func (V3AttestedNode) TableName 

func (V3AttestedNode) TableName() string

type V3Bundle 

type V3Bundle struct {
	Model

	TrustDomain string `gorm:"not null;unique_index"`
	CACerts     []V3CACert

	FederatedEntries []RegisteredEntry `gorm:"many2many:federated_registration_entries;"`
}

V3Bundle holds a version 3 trust bundle

func (V3Bundle) TableName 

func (V3Bundle) TableName() string

TableName get table name for v3 bundle

type V3CACert 

type V3CACert struct {
	Model

	Cert   []byte    `gorm:"not null"`
	Expiry time.Time `gorm:"not null;index"`

	BundleID uint `gorm:"not null;index" sql:"type:integer REFERENCES bundles(id)"`
}

V3CACert holds a version 3 CA certificate

func (V3CACert) TableName 

func (V3CACert) TableName() string

TableName gets table name for v3 bundle

type V4RegisteredEntry 

type V4RegisteredEntry struct {
	Model

	EntryID       string `gorm:"unique_index"`
	SpiffeID      string
	ParentID      string
	TTL           int32
	Selectors     []V8Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
}

V4RegisteredEntry holds a version 4 registered entry

func (V4RegisteredEntry) TableName 

func (V4RegisteredEntry) TableName() string

TableName gets table name for v4 registered entry

type V5RegisteredEntry 

type V5RegisteredEntry struct {
	Model

	EntryID       string `gorm:"unique_index"`
	SpiffeID      string
	ParentID      string
	TTL           int32
	Selectors     []V8Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
}

V5RegisteredEntry holds a version 5 registered entry

func (V5RegisteredEntry) TableName 

func (V5RegisteredEntry) TableName() string

TableName gets table name for v5 registered entry

type V6RegisteredEntry 

type V6RegisteredEntry struct {
	Model

	EntryID       string `gorm:"unique_index"`
	SpiffeID      string
	ParentID      string
	TTL           int32
	Selectors     []V8Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
	Downstream    bool
}

V6RegisteredEntry holds a version 6 registered entry

func (V6RegisteredEntry) TableName 

func (V6RegisteredEntry) TableName() string

TableName gets table name for v6 registered entry

type V7RegisteredEntry 

type V7RegisteredEntry struct {
	Model

	EntryID  string `gorm:"unique_index"`
	SpiffeID string
	ParentID string
	// TTL of identities derived from this entry
	TTL           int32
	Selectors     []V8Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
	Downstream    bool
	// (optional) expiry of this entry
	Expiry int64
}

V7RegisteredEntry holds a version 7 registered entry

func (V7RegisteredEntry) TableName 

func (V7RegisteredEntry) TableName() string

TableName gets table name for v7 registered entry

type V8RegisteredEntry 

type V8RegisteredEntry struct {
	Model

	EntryID  string `gorm:"unique_index"`
	SpiffeID string
	ParentID string
	// TTL of identities derived from this entry
	TTL           int32
	Selectors     []V8Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
	Downstream    bool
	// (optional) expiry of this entry
	Expiry int64
	// (optional) DNS entries
	DNSList []DNSName
}

func (V8RegisteredEntry) TableName 

func (V8RegisteredEntry) TableName() string

TableName gets table name for v8 registered entry

type V8Selector 

type V8Selector struct {
	Model

	RegisteredEntryID uint   `gorm:"unique_index:idx_selector_entry"`
	Type              string `gorm:"unique_index:idx_selector_entry"`
	Value             string `gorm:"unique_index:idx_selector_entry"`
}

type V9RegisteredEntry 

type V9RegisteredEntry struct {
	Model

	EntryID  string `gorm:"unique_index"`
	SpiffeID string `gorm:"index"`
	ParentID string `gorm:"index"`
	// TTL of identities derived from this entry
	TTL           int32
	Selectors     []Selector
	FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"`
	Admin         bool
	Downstream    bool
	// (optional) expiry of this entry
	Expiry int64
	// (optional) DNS entries
	DNSList []DNSName
}

func (V9RegisteredEntry) TableName 

func (V9RegisteredEntry) TableName() string

TableName gets table name for v9 registered entry

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.