forked from openbao/go-kms-wrapping
-
Notifications
You must be signed in to change notification settings - Fork 0
/
options.go
156 lines (139 loc) · 3.85 KB
/
options.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package wrapping
import (
"errors"
)
// GetOpts iterates the inbound Options and returns a struct
func GetOpts(opt ...Option) (*Options, error) {
opts := getDefaultOptions()
for _, o := range opt {
if o == nil {
continue
}
iface := o()
switch to := iface.(type) {
case OptionFunc:
if err := to(opts); err != nil {
return nil, err
}
default:
return nil, errors.New("option passed into top-level wrapping options handler" +
" that is not from this package; this is likely due to the wrapper being" +
" invoked as a plugin but options being sent from a specific wrapper package;" +
" use WithConfigMap to send options via the plugin interface")
}
}
return opts, nil
}
// Option - a type that wraps an interface for compile-time safety but can
// contain an option for this package or for wrappers implementing this
// interface.
type Option func() interface{}
// OptionFunc - a type for funcs that operate on the shared Options struct. The
// options below explicitly wrap this so that we can switch on it when parsing
// opts for various wrappers.
type OptionFunc func(*Options) error
func getDefaultOptions() *Options {
return &Options{}
}
// WithAad provides optional additional authenticated data
func WithAad(with []byte) Option {
return func() interface{} {
return OptionFunc(func(o *Options) error {
o.WithAad = with
return nil
})
}
}
// WithKeyId provides a common way to pass in a key identifier
func WithKeyId(with string) Option {
return func() interface{} {
return OptionFunc(func(o *Options) error {
o.WithKeyId = with
return nil
})
}
}
// WithKeyPurpose provides a common way to pass in a key purpose
func WithKeyPurposes(purpose ...KeyPurpose) Option {
return func() interface{} {
return OptionFunc(func(o *Options) error {
o.WithKeyPurposes = purpose
return nil
})
}
}
// WithKeyType provides a common way to pass in a key type
func WithKeyType(keyType KeyType) Option {
return func() interface{} {
return OptionFunc(func(o *Options) error {
o.WithKeyType = keyType
return nil
})
}
}
// WithRandomBytes provides a common way to pass in entropy
func WithRandomBytes(b []byte) Option {
return func() interface{} {
return OptionFunc(func(o *Options) error {
o.WithRandomBytes = b
return nil
})
}
}
// WithConfigMap is an option accepted by wrappers at configuration time
// and/or in other function calls to control wrapper-specific behavior.
func WithConfigMap(with map[string]string) Option {
return func() interface{} {
return OptionFunc(func(o *Options) error {
o.WithConfigMap = with
return nil
})
}
}
// WithIV provides
func WithIV(with []byte) Option {
return func() interface{} {
return OptionFunc(func(o *Options) error {
o.WithIv = with
return nil
})
}
}
// WithKeyEncoding provides a common way to pass in a key encoding
func WithKeyEncoding(encoding KeyEncoding) Option {
return func() interface{} {
return OptionFunc(func(o *Options) error {
o.WithKeyEncoding = encoding
return nil
})
}
}
// WithWrappedKeyEncoding provides a common way to pass in a wrapped_key encoding
func WithWrappedKeyEncoding(encoding KeyEncoding) Option {
return func() interface{} {
return OptionFunc(func(o *Options) error {
o.WithWrappedKeyEncoding = encoding
return nil
})
}
}
// WithDisallowEnvVars provides a common way to configure ignoring environment variables
func WithDisallowEnvVars(disallowEnvVars bool) Option {
return func() interface{} {
return OptionFunc(func(o *Options) error {
o.WithDisallowEnvVars = disallowEnvVars
return nil
})
}
}
// WithoutHMAC disables the requirement for an HMAC to be included with the mechanism.
func WithoutHMAC() Option {
return func() interface{} {
return OptionFunc(func(o *Options) error {
o.WithoutHmac = true
return nil
})
}
}