-
Notifications
You must be signed in to change notification settings - Fork 164
/
Copy pathvaultmgrtypes.go
179 lines (150 loc) · 5.43 KB
/
vaultmgrtypes.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
// Copyright (c) 2019 Zededa, Inc.
// SPDX-License-Identifier: Apache-2.0
package types
import (
"github.com/lf-edge/eve-api/go/info"
"github.com/google/go-cmp/cmp"
"github.com/lf-edge/eve/pkg/pillar/base"
)
// VaultStatus represents running status of a Vault
type VaultStatus struct {
Name string
Status info.DataSecAtRestStatus
PCRStatus info.PCRStatus
ConversionComplete bool
// only valid if TPM is enabled and Sealed key is used
MismatchingPCRs []int
// ErrorAndTime provides SetErrorNow() and ClearError()
ErrorAndTime
}
// VaultConfig represents vault key to be used
type VaultConfig struct {
TpmKeyOnly bool
}
// Key :
func (config VaultConfig) Key() string {
return "global"
}
// Key returns the key used for indexing into a list of vaults
func (status VaultStatus) Key() string {
return status.Name
}
// LogCreate :
func (status VaultStatus) LogCreate(logBase *base.LogObject) {
logObject := base.NewLogObject(logBase, base.VaultStatusLogType, status.Name,
nilUUID, status.LogKey())
if logObject == nil {
return
}
logObject.Noticef("Vault status create")
}
// LogModify :
func (status VaultStatus) LogModify(logBase *base.LogObject, old interface{}) {
logObject := base.EnsureLogObject(logBase, base.VaultStatusLogType, status.Name,
nilUUID, status.LogKey())
oldStatus, ok := old.(VaultStatus)
if !ok {
logObject.Clone().Fatalf("LogModify: Old object interface passed is not of VaultStatus type")
}
// XXX remove?
logObject.CloneAndAddField("diff", cmp.Diff(oldStatus, status)).
Noticef("Vault status modify")
if status.HasError() {
errAndTime := status.ErrorAndTime
logObject.CloneAndAddField("error", errAndTime.Error).
AddField("error-time", errAndTime.ErrorTime).
Noticef("Vault status modify")
}
}
// LogDelete :
func (status VaultStatus) LogDelete(logBase *base.LogObject) {
logObject := base.EnsureLogObject(logBase, base.VaultStatusLogType, status.Name,
nilUUID, status.LogKey())
logObject.Noticef("Vault status delete")
base.DeleteLogObject(logBase, status.LogKey())
}
// LogKey :
func (status VaultStatus) LogKey() string {
return string(base.VaultStatusLogType) + "-" + status.Key()
}
// EncryptedVaultKeyFromDevice is published by vaultmgr towards Controller (through zedagent)
type EncryptedVaultKeyFromDevice struct {
Name string
EncryptedVaultKey []byte // empty if no TPM enabled
IsTpmEnabled bool
}
// Key returns name of the vault corresponding to this object
// for now it is only the default vault i.e. "Application Volume Store"
func (key EncryptedVaultKeyFromDevice) Key() string {
return key.Name
}
// LogCreate :
func (key EncryptedVaultKeyFromDevice) LogCreate(logBase *base.LogObject) {
logObject := base.NewLogObject(logBase, base.EncryptedVaultKeyFromDeviceLogType, key.Name,
nilUUID, key.LogKey())
if logObject == nil {
return
}
logObject.Noticef("EncryptedVaultKeyFromDevice create")
}
// LogModify :
func (key EncryptedVaultKeyFromDevice) LogModify(logBase *base.LogObject, old interface{}) {
logObject := base.EnsureLogObject(logBase, base.EncryptedVaultKeyFromDeviceLogType, key.Name,
nilUUID, key.LogKey())
_, ok := old.(EncryptedVaultKeyFromDevice)
if !ok {
logObject.Clone().Fatalf("LogModify: Old object interface passed is not of EncryptedVaultKeyFromDevice type")
}
logObject.Noticef("EncryptedVaultKeyFromDevice modify")
}
// LogDelete :
func (key EncryptedVaultKeyFromDevice) LogDelete(logBase *base.LogObject) {
logObject := base.EnsureLogObject(logBase, base.EncryptedVaultKeyFromDeviceLogType, key.Name,
nilUUID, key.LogKey())
logObject.Noticef("EncryptedVaultKeyFromDevice delete")
base.DeleteLogObject(logBase, key.LogKey())
}
// LogKey :
func (key EncryptedVaultKeyFromDevice) LogKey() string {
return string(base.EncryptedVaultKeyFromDeviceLogType) + "-" + key.Key()
}
// EncryptedVaultKeyFromController is published from Controller to vaultmgr (through zedagent)
type EncryptedVaultKeyFromController struct {
Name string
EncryptedVaultKey []byte
}
// Key returns name of the vault corresponding to this object
// for now it is only the default vault i.e. "Application Volume Store"
func (key EncryptedVaultKeyFromController) Key() string {
return key.Name
}
// LogCreate :
func (key EncryptedVaultKeyFromController) LogCreate(logBase *base.LogObject) {
logObject := base.NewLogObject(logBase, base.EncryptedVaultKeyFromControllerLogType, key.Name,
nilUUID, key.LogKey())
if logObject == nil {
return
}
logObject.Noticef("EncryptedVaultKeyFromController create")
}
// LogModify :
func (key EncryptedVaultKeyFromController) LogModify(logBase *base.LogObject, old interface{}) {
logObject := base.EnsureLogObject(logBase, base.EncryptedVaultKeyFromControllerLogType, key.Name,
nilUUID, key.LogKey())
_, ok := old.(EncryptedVaultKeyFromController)
if !ok {
logObject.Clone().Fatalf("LogModify: Old object interface passed is not of EncryptedVaultKeyFromController type")
}
logObject.Noticef("EncryptedVaultKeyFromController modify")
}
// LogDelete :
func (key EncryptedVaultKeyFromController) LogDelete(logBase *base.LogObject) {
logObject := base.EnsureLogObject(logBase, base.EncryptedVaultKeyFromControllerLogType, key.Name,
nilUUID, key.LogKey())
logObject.Noticef("EncryptedVaultKeyFromController delete")
base.DeleteLogObject(logBase, key.LogKey())
}
// LogKey :
func (key EncryptedVaultKeyFromController) LogKey() string {
return string(base.EncryptedVaultKeyFromControllerLogType) + "-" + key.Key()
}