open-vault/vault/identity_store_structs.go

package vault

import (
	"regexp"
	"sync"

	memdb "github.com/hashicorp/go-memdb"
	"github.com/hashicorp/vault/helper/locksutil"
	"github.com/hashicorp/vault/helper/storagepacker"
	"github.com/hashicorp/vault/logical"
	"github.com/hashicorp/vault/logical/framework"
	log "github.com/mgutz/logxi/v1"
)

const (
	// Storage prefixes
	entityPrefix = "entity/"
)

var (
	// metaKeyFormatRegEx checks if a metadata key string is valid
	metaKeyFormatRegEx = regexp.MustCompile(`^[a-zA-Z0-9=/+_-]+$`).MatchString
)

const (
	// The meta key prefix reserved for Vault's internal use
	metaKeyReservedPrefix = "vault-"

	// The maximum number of metadata key pairs allowed to be registered
	metaMaxKeyPairs = 64

	// The maximum allowed length of a metadata key
	metaKeyMaxLength = 128

	// The maximum allowed length of a metadata value
	metaValueMaxLength = 512
)

// IdentityStore is composed of its own storage view and a MemDB which
// maintains active in-memory replicas of the storage contents indexed by
// multiple fields.
type IdentityStore struct {
	// IdentityStore is a secret backend in Vault
	*framework.Backend

	// view is the storage sub-view where all the artifacts of identity store
	// gets persisted
	view logical.Storage

	// db is the in-memory database where the storage artifacts gets replicated
	// to enable richer queries based on multiple indexes.
	db *memdb.MemDB

	// validateMountAccessorFunc is a utility from router which returnes the
	// properties of the mount given the mount accessor.
	validateMountAccessorFunc func(string) *validateMountResponse

	// entityLocks are a set of 256 locks to which all the entities will be
	// categorized to while performing storage modifications.
	entityLocks []*locksutil.LockEntry

	// groupLock is used to protect modifications to group entries
	groupLock sync.RWMutex

	// logger is the server logger copied over from core
	logger log.Logger

	// entityPacker is used to pack multiple entity storage entries into 256
	// buckets
	entityPacker *storagepacker.StoragePacker

	// groupPacker is used to pack multiple group storage entries into 256
	// buckets
	groupPacker *storagepacker.StoragePacker
}
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor 2017-10-11 17:21:20 +00:00			`package vault`

			`import (`
			`"regexp"`
			`"sync"`

			`memdb "github.com/hashicorp/go-memdb"`
			`"github.com/hashicorp/vault/helper/locksutil"`
			`"github.com/hashicorp/vault/helper/storagepacker"`
			`"github.com/hashicorp/vault/logical"`
			`"github.com/hashicorp/vault/logical/framework"`
			`log "github.com/mgutz/logxi/v1"`
			`)`

			`const (`
			`// Storage prefixes`
			`entityPrefix = "entity/"`
			`)`

			`var (`
			`// metaKeyFormatRegEx checks if a metadata key string is valid`
			metaKeyFormatRegEx = regexp.MustCompile(`^[a-zA-Z0-9=/+_-]+$`).MatchString
			`)`

			`const (`
			`// The meta key prefix reserved for Vault's internal use`
			`metaKeyReservedPrefix = "vault-"`

			`// The maximum number of metadata key pairs allowed to be registered`
			`metaMaxKeyPairs = 64`

			`// The maximum allowed length of a metadata key`
			`metaKeyMaxLength = 128`

			`// The maximum allowed length of a metadata value`
			`metaValueMaxLength = 512`
			`)`

			`// IdentityStore is composed of its own storage view and a MemDB which`
			`// maintains active in-memory replicas of the storage contents indexed by`
			`// multiple fields.`
			`type IdentityStore struct {`
			`// IdentityStore is a secret backend in Vault`
			`*framework.Backend`

			`// view is the storage sub-view where all the artifacts of identity store`
			`// gets persisted`
			`view logical.Storage`

			`// db is the in-memory database where the storage artifacts gets replicated`
			`// to enable richer queries based on multiple indexes.`
			`db *memdb.MemDB`

			`// validateMountAccessorFunc is a utility from router which returnes the`
			`// properties of the mount given the mount accessor.`
			`validateMountAccessorFunc func(string) *validateMountResponse`

			`// entityLocks are a set of 256 locks to which all the entities will be`
			`// categorized to while performing storage modifications.`
			`entityLocks []*locksutil.LockEntry`

			`// groupLock is used to protect modifications to group entries`
			`groupLock sync.RWMutex`

			`// logger is the server logger copied over from core`
			`logger log.Logger`

			`// entityPacker is used to pack multiple entity storage entries into 256`
			`// buckets`
			`entityPacker *storagepacker.StoragePacker`

			`// groupPacker is used to pack multiple group storage entries into 256`
			`// buckets`
			`groupPacker *storagepacker.StoragePacker`
			`}`