Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrNotFound = errors.New("secret not found") ErrAccessDenied = errors.New("access denied") // nuh, uh, uh! )
var ErrInvalidPattern = errors.New("invalid pattern")
Functions ¶
This section is empty.
Types ¶
type Envelope ¶
type Envelope struct {
ID ID `json:"-"`
Value []byte `json:"-"`
Metadata map[string]string `json:"-"`
Provider string `json:"-"`
Version string `json:"-"`
CreatedAt time.Time `json:"-"`
ResolvedAt time.Time `json:"-"`
ExpiresAt time.Time `json:"-"`
}
func (Envelope) MarshalJSON ¶
type ErrInvalidID ¶
type ErrInvalidID struct {
ID string
}
func (ErrInvalidID) Error ¶
func (e ErrInvalidID) Error() string
type ID ¶
type ID interface {
// String formats the [ID] as a string
String() string
// Match the [ID] against a [Pattern]
// It checks if a given identifier matches the pattern.
// - "*" matches a single component
// - "**" matches zero or more components
// - "/" is the separator
Match(pattern Pattern) bool
}
ID contains a secret identifier. Valid secret identifiers must match the format ^[A-Za-z0-9._:-]+(?:/[A-Za-z0-9._:-]+)*$.
For storage, we don't really differentiate much about the ID format but by convention we do simple, slash-separated management, providing a groupable access control system for management across plugins.
func MustParseID ¶
MustParseID parses a string into a ID and behaves similar to ParseID, however, it panics when the id is invalid
type Pattern ¶
type Pattern interface {
// Match the [Pattern] against an [ID]
Match(id ID) bool
// Includes returns true if all matches of Pattern [other] are also matches of the current pattern.
Includes(other Pattern) bool
// String formats the [Pattern] as a string
String() string
ExpandID(other ID) (ID, error)
ExpandPattern(other Pattern) (Pattern, error)
}
Pattern can be used to match secret identifiers. Valid patterns must follow the same validation rules as secret identifiers, with the exception that '*' can be used to match a single component, and '**' can be used to match zero or more components.
func Filter ¶
Filter returns a reduced Pattern that is subset equal to [filter]. Returns false if there's no overlap between [filter] and [other]. Examples: - Filter(MustParsePattern("bar/**"), MustParsePattern("**")) => returns "bar/**" - Filter(MustParsePattern("**"), MustParsePattern("**")) => returns "**" - Filter(MustParsePattern("bar/**"), MustParsePattern("bar")) => returns "bar" - Filter(MustParsePattern("bar/**"), MustParsePattern("foo/**")) => returns false
func MustParsePattern ¶
MustParsePattern parses a string into a Pattern like with ParsePattern, however, it panics when a validation error occurs.
func ParsePattern ¶
ParsePattern parses a string into a Pattern Rules: - Components separated by '/' - Each component is non-empty - Only characters A-Z, a-z, 0-9, '.', '-', '_' or '*' - No leading, trailing, or double slashes - Asterisks rules:
- '*' cannot be mixed with other characters in the same component
- there can be no more than two '*' per component
Source Files