-
Notifications
You must be signed in to change notification settings - Fork 4.2k
/
identity_store_structs.go
151 lines (116 loc) · 4.13 KB
/
identity_store_structs.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
package vault
import (
"context"
"regexp"
"sync"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-memdb"
"github.com/hashicorp/vault/helper/identity"
"github.com/hashicorp/vault/helper/metricsutil"
"github.com/hashicorp/vault/helper/namespace"
"github.com/hashicorp/vault/helper/storagepacker"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/logical"
)
const (
// Storage prefixes
entityPrefix = "entity/"
)
// metaKeyFormatRegEx checks if a metadata key string is valid
var metaKeyFormatRegEx = regexp.MustCompile(`^[a-zA-Z0-9=/+_-]+$`).MatchString
const (
// The meta key prefix reserved for Vault's internal use
metaKeyReservedPrefix = "vault-"
// The maximum number of metadata key pairs allowed to be registered
metaMaxKeyPairs = 64
// The maximum allowed length of a metadata key
metaKeyMaxLength = 128
// The maximum allowed length of a metadata value
metaValueMaxLength = 512
)
// IdentityStore is composed of its own storage view and a MemDB which
// maintains active in-memory replicas of the storage contents indexed by
// multiple fields.
type IdentityStore struct {
// IdentityStore is a secret backend in Vault
*framework.Backend
// view is the storage sub-view where all the artifacts of identity store
// gets persisted
view logical.Storage
// db is the in-memory database where the storage artifacts gets replicated
// to enable richer queries based on multiple indexes.
db *memdb.MemDB
// locks to make sure things are consistent
lock sync.RWMutex
oidcLock sync.RWMutex
// groupLock is used to protect modifications to group entries
groupLock sync.RWMutex
// oidcCache stores common response data as well as when the periodic func needs
// to run. This is conservatively managed, and most writes to the OIDC endpoints
// will invalidate the cache.
oidcCache *oidcCache
// oidcAuthCodeCache stores OIDC authorization codes to be exchanged
// for an ID token during an authorization code flow.
oidcAuthCodeCache *oidcCache
// logger is the server logger copied over from core
logger log.Logger
// entityPacker is used to pack multiple entity storage entries into 256
// buckets
entityPacker *storagepacker.StoragePacker
// localAliasPacker is used to pack multiple local alias entries into lesser
// storage entries. This is also used to cache entities in the secondary
// clusters, those entities which were created by the primary but hasn't
// reached secondary via invalidations.
localAliasPacker *storagepacker.StoragePacker
// groupPacker is used to pack multiple group storage entries into 256
// buckets
groupPacker *storagepacker.StoragePacker
// disableLowerCaseNames indicates whether or not identity artifacts are
// operated case insensitively
disableLowerCasedNames bool
router *Router
redirectAddr string
localNode LocalNode
namespacer Namespacer
metrics metricsutil.Metrics
totpPersister TOTPPersister
groupUpdater GroupUpdater
tokenStorer TokenStorer
entityCreator EntityCreator
}
type groupDiff struct {
New []*identity.Group
Deleted []*identity.Group
Unmodified []*identity.Group
}
type casesensitivity struct {
DisableLowerCasedNames bool `json:"disable_lower_cased_names"`
}
type LocalNode interface {
ReplicationState() consts.ReplicationState
HAState() consts.HAState
}
var _ LocalNode = &Core{}
type Namespacer interface {
NamespaceByID(context.Context, string) (*namespace.Namespace, error)
ListNamespaces() []*namespace.Namespace
}
var _ Namespacer = &Core{}
type TOTPPersister interface {
PersistTOTPKey(ctx context.Context, configID string, entityID string, key string) error
}
var _ TOTPPersister = &Core{}
type GroupUpdater interface {
SendGroupUpdate(ctx context.Context, group *identity.Group) (bool, error)
}
var _ GroupUpdater = &Core{}
type TokenStorer interface {
LookupToken(context.Context, string) (*logical.TokenEntry, error)
CreateToken(context.Context, *logical.TokenEntry) error
}
var _ TokenStorer = &Core{}
type EntityCreator interface {
CreateEntity(ctx context.Context) (*identity.Entity, error)
}
var _ EntityCreator = &Core{}