File: persist.go

package info (click to toggle)
golang-github-cloudflare-redoctober 0.0~git20161017.0.78e9720-5
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, forky, sid, trixie
  • size: 636 kB
  • sloc: sh: 65; makefile: 7
file content (91 lines) | stat: -rw-r--r-- 2,550 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
// Package persist implements delegation persistence. It is primarily
// concerned with configuration and serialisation; encryption and
// decryption is done by the cryptor package.
package persist

import (
	"errors"

	"github.com/cloudflare/redoctober/config"
	"github.com/cloudflare/redoctober/keycache"
	"github.com/cloudflare/redoctober/passvault"
)

var defaultStore Store = &File{}

// Labels are the labels that the keycache should be encrypted with.
var Labels = []string{"restore"}

const (
	// Disabled indicates that the persistence store will never
	// persist active delegations.
	Disabled = "disabled"

	// Inactive indicates that the persistence store requires
	// more delegations to unlock, and isn't currently persisting
	// the store.
	Inactive = "inactive"

	// Active indicates that the persistence store is
	// actively persisting delegations.
	Active = "active"
)

// Status contains information on the current status of a persistence
// store.
type Status struct {
	State   string `json:"state"`
	Summary map[string]keycache.ActiveUser
}

// Store is a persistence store interface that handles delegations,
// serialising the persistence store, and writing the store to disk.
type Store interface {
	Blob() []byte
	Policy() string
	Users() []string
	Store([]byte) error
	Load() error
	Status() *Status
	// Persist tells the Store to start actively persisting.
	Persist()
	Delegate(record passvault.PasswordRecord, name, password string, users, labels []string, uses int, slot, durationString string) error
	// This is not the main keycache. This is the keycache for
	// users that can decrypt the store.
	Cache() *keycache.Cache
	// Purge clears the persisted keys.
	Purge() error
}

// FileMechanism indicates that the persistence mechanism is a file.
const FileMechanism = "file"

type mechanism func(*config.Delegations) (Store, error)

var stores = map[string]mechanism{
	"":            newNull,
	FileMechanism: newFile,
}

// New attempts to create a new persistence store from the
// configuration.
func New(config *config.Delegations) (Store, error) {
	if config == nil {
		return nil, errors.New("persist: nil configuration")
	}

	if !config.Persist {
		return newNull(config)
	}

	constructor, ok := stores[config.Mechanism]
	if !ok {
		return nil, errors.New("persist: invalid persistence mechanism")
	}

	return constructor(config)
}

// ErrInvalidConfig is returned when the configuration is invalid for
// the type of persistence store in use.
var ErrInvalidConfig = errors.New("persist: invalid configuration")