luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/vault/seal_access.go
Victor Rodriguez 2656c020ae
Convert seal.Access struct into a interface (OSS) (#20510) 
* Move seal barrier type field from Access to autoSeal struct.

Remove method Access.SetType(), which was only being used by a single test, and
which can use the name option of NewTestSeal() to specify the type.

* Change method signatures of Access to match those of Wrapper.

* Turn seal.Access struct into an interface.

* Tweak Access implementation.

Change `access` struct to have a field of type wrapping.Wrapper, rather than
extending it.

* Add method Seal.GetShamirWrapper().

Add method Seal.GetShamirWrapper() for use by code that need to perform
Shamir-specific operations.
2023-05-04 14:22:30 -04:00

60 lines
1.4 KiB
Go
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package vault
import (
"context"
wrapping "github.com/hashicorp/go-kms-wrapping/v2"
"github.com/hashicorp/vault/vault/seal"
)
// SealAccess is a wrapper around Seal that exposes accessor methods
// through Core.SealAccess() while restricting the ability to modify
// Core.seal itself.
type SealAccess struct {
seal Seal
}
func NewSealAccess(seal Seal) *SealAccess {
return &SealAccess{seal: seal}
}
func (s *SealAccess) StoredKeysSupported() seal.StoredKeysSupport {
return s.seal.StoredKeysSupported()
}
func (s *SealAccess) BarrierType() wrapping.WrapperType {
return s.seal.BarrierType()
}
func (s *SealAccess) BarrierConfig(ctx context.Context) (*SealConfig, error) {
return s.seal.BarrierConfig(ctx)
}
func (s *SealAccess) RecoveryKeySupported() bool {
return s.seal.RecoveryKeySupported()
}
func (s *SealAccess) RecoveryConfig(ctx context.Context) (*SealConfig, error) {
return s.seal.RecoveryConfig(ctx)
}
func (s *SealAccess) VerifyRecoveryKey(ctx context.Context, key []byte) error {
return s.seal.VerifyRecoveryKey(ctx, key)
}
// TODO(SEALHA): This looks like it belongs in Seal instead, it only has two callers
func (s *SealAccess) ClearCaches(ctx context.Context) {
s.seal.SetBarrierConfig(ctx, nil)
if s.RecoveryKeySupported() {
s.seal.SetRecoveryConfig(ctx, nil)
}
}
func (s *SealAccess) GetAccess() seal.Access {
return s.seal.GetAccess()
}
Reference in a new issue View git blame Copy permalink