/proc/self/cwd/envoy/secret/secret_manager.h

Source
#pragma once

#include <string>

#include "envoy/config/core/v3/config_source.pb.h"
#include "envoy/extensions/transport_sockets/tls/v3/cert.pb.h"
#include "envoy/secret/secret_provider.h"

namespace Envoy {

namespace Server {
namespace Configuration {
class TransportSocketFactoryContext;
} // namespace Configuration
} // namespace Server

namespace Secret {

/**
 * A manager for static and dynamic secrets.
 */
class SecretManager {
public:
  virtual ~SecretManager() = default;

  /**
   * @param add a static secret from envoy::extensions::transport_sockets::tls::v3::Secret.
   * @throw an EnvoyException if the secret is invalid or not supported, or there is duplicate.
   */
  virtual void
  addStaticSecret(const envoy::extensions::transport_sockets::tls::v3::Secret& secret) PURE;

  /**
   * @param name a name of the static TlsCertificateConfigProvider.
   * @return the TlsCertificateConfigProviderSharedPtr. Returns nullptr if the static secret is not
   * found.
   */
  virtual TlsCertificateConfigProviderSharedPtr
  findStaticTlsCertificateProvider(const std::string& name) const PURE;

  /**
   * @param name a name of the static CertificateValidationContextConfigProviderSharedPtr.
   * @return the CertificateValidationContextConfigProviderSharedPtr. Returns nullptr
   * if the static certificate validation context is not found.
   */
  virtual CertificateValidationContextConfigProviderSharedPtr
  findStaticCertificateValidationContextProvider(const std::string& name) const PURE;

  /**
   * @param name a name of the static TlsSessionTicketKeysConfigProviderSharedPtr.
   * @return the TlsSessionTicketKeysConfigProviderSharedPtr. Returns nullptr
   * if the static tls session ticket keys are not found.
   */
  virtual TlsSessionTicketKeysConfigProviderSharedPtr
  findStaticTlsSessionTicketKeysContextProvider(const std::string& name) const PURE;

  /**
   * @param name a name of the static GenericSecretConfigProvider.
   * @return the GenericSecretConfigProviderSharedPtr. Returns nullptr if the static secret is not
   * found.
   */
  virtual GenericSecretConfigProviderSharedPtr
  findStaticGenericSecretProvider(const std::string& name) const PURE;

  /**
   * @param tls_certificate the protobuf config of the TLS certificate.
   * @return a TlsCertificateConfigProviderSharedPtr created from tls_certificate.
   */
  virtual TlsCertificateConfigProviderSharedPtr createInlineTlsCertificateProvider(
      const envoy::extensions::transport_sockets::tls::v3::TlsCertificate& tls_certificate) PURE;

  /**
   * @param certificate_validation_context the protobuf config of the certificate validation
   * context.
   * @return a CertificateValidationContextConfigProviderSharedPtr created from
   * certificate_validation_context.
   */
  virtual CertificateValidationContextConfigProviderSharedPtr
  createInlineCertificateValidationContextProvider(
      const envoy::extensions::transport_sockets::tls::v3::CertificateValidationContext&
          certificate_validation_context) PURE;

  /**
   * @param tls_certificate the protobuf config of the TLS session ticket keys.
   * @return a TlsSessionTicketKeysConfigProviderSharedPtr created from session_ticket_keys.
   */
  virtual TlsSessionTicketKeysConfigProviderSharedPtr createInlineTlsSessionTicketKeysProvider(
      const envoy::extensions::transport_sockets::tls::v3::TlsSessionTicketKeys& tls_certificate)
      PURE;

  /**
   * @param generic_secret the protobuf config of the generic secret.
   * @return a GenericSecretConfigProviderSharedPtr created from tls_certificate.
   */
  virtual GenericSecretConfigProviderSharedPtr createInlineGenericSecretProvider(
      const envoy::extensions::transport_sockets::tls::v3::GenericSecret& generic_secret) PURE;

  /**
   * Finds and returns a dynamic secret provider associated to SDS config. Create
   * a new one if such provider does not exist.
   *
   * @param config_source a protobuf message object containing a SDS config source.
   * @param config_name a name that uniquely refers to the SDS config source.
   * @param secret_provider_context context that provides components for creating and initializing
   * secret provider.
   * @return TlsCertificateConfigProviderSharedPtr the dynamic TLS secret provider.
   */
  virtual TlsCertificateConfigProviderSharedPtr findOrCreateTlsCertificateProvider(
      const envoy::config::core::v3::ConfigSource& config_source, const std::string& config_name,
      Server::Configuration::TransportSocketFactoryContext& secret_provider_context,
      Init::Manager& init_manager) PURE;

  /**
   * Finds and returns a dynamic secret provider associated to SDS config. Create
   * a new one if such provider does not exist.
   *
   * @param config_source a protobuf message object containing a SDS config source.
   * @param config_name a name that uniquely refers to the SDS config source.
   * @param secret_provider_context context that provides components for creating and initializing
   * secret provider.
   * @return CertificateValidationContextConfigProviderSharedPtr the dynamic certificate validation
   * context secret provider.
   */
  virtual CertificateValidationContextConfigProviderSharedPtr
  findOrCreateCertificateValidationContextProvider(
      const envoy::config::core::v3::ConfigSource& config_source, const std::string& config_name,
      Server::Configuration::TransportSocketFactoryContext& secret_provider_context,
      Init::Manager& init_manager) PURE;

  /**
   * Finds and returns a dynamic secret provider associated to SDS config. Create
   * a new one if such provider does not exist.
   *
   * @param config_source a protobuf message object containing a SDS config source.
   * @param config_name a name that uniquely refers to the SDS config source.
   * @param secret_provider_context context that provides components for creating and initializing
   * secret provider.
   * @return TlsSessionTicketKeysConfigProviderSharedPtr the dynamic tls session ticket keys secret
   * provider.
   */
  virtual TlsSessionTicketKeysConfigProviderSharedPtr
  findOrCreateTlsSessionTicketKeysContextProvider(
      const envoy::config::core::v3::ConfigSource& config_source, const std::string& config_name,
      Server::Configuration::TransportSocketFactoryContext& secret_provider_context,
      Init::Manager& init_manager) PURE;

  /**
   * Finds and returns a dynamic secret provider associated to SDS config. Create a new one if such
   * provider does not exist.
   *
   * @param config_source a protobuf message object containing a SDS config source.
   * @param config_name a name that uniquely refers to the SDS config source.
   * @param secret_provider_context context that provides components for creating and initializing
   * secret provider.
   * @return GenericSecretConfigProviderSharedPtr the dynamic generic secret provider.
   */
  virtual GenericSecretConfigProviderSharedPtr findOrCreateGenericSecretProvider(
      const envoy::config::core::v3::ConfigSource& config_source, const std::string& config_name,
      Server::Configuration::TransportSocketFactoryContext& secret_provider_context,
      Init::Manager& init_manager) PURE;
};

using SecretManagerPtr = std::unique_ptr<SecretManager>;

} // namespace Secret
} // namespace Envoy

Line	Count	Source
1		#pragma once
2
3		#include <string>
4
5		#include "envoy/config/core/v3/config_source.pb.h"
6		#include "envoy/extensions/transport_sockets/tls/v3/cert.pb.h"
7		#include "envoy/secret/secret_provider.h"
8
9		namespace Envoy {
10
11		namespace Server {
12		namespace Configuration {
13		class TransportSocketFactoryContext;
14		} // namespace Configuration
15		} // namespace Server
16
17		namespace Secret {
18
19		/**
20		* A manager for static and dynamic secrets.
21		*/
22		class SecretManager {
23		public:
24	47.6k	virtual ~SecretManager() = default;
25
26		/**
27		* @param add a static secret from envoy::extensions::transport_sockets::tls::v3::Secret.
28		* @throw an EnvoyException if the secret is invalid or not supported, or there is duplicate.
29		*/
30		virtual void
31		addStaticSecret(const envoy::extensions::transport_sockets::tls::v3::Secret& secret) PURE;
32
33		/**
34		* @param name a name of the static TlsCertificateConfigProvider.
35		* @return the TlsCertificateConfigProviderSharedPtr. Returns nullptr if the static secret is not
36		* found.
37		*/
38		virtual TlsCertificateConfigProviderSharedPtr
39		findStaticTlsCertificateProvider(const std::string& name) const PURE;
40
41		/**
42		* @param name a name of the static CertificateValidationContextConfigProviderSharedPtr.
43		* @return the CertificateValidationContextConfigProviderSharedPtr. Returns nullptr
44		* if the static certificate validation context is not found.
45		*/
46		virtual CertificateValidationContextConfigProviderSharedPtr
47		findStaticCertificateValidationContextProvider(const std::string& name) const PURE;
48
49		/**
50		* @param name a name of the static TlsSessionTicketKeysConfigProviderSharedPtr.
51		* @return the TlsSessionTicketKeysConfigProviderSharedPtr. Returns nullptr
52		* if the static tls session ticket keys are not found.
53		*/
54		virtual TlsSessionTicketKeysConfigProviderSharedPtr
55		findStaticTlsSessionTicketKeysContextProvider(const std::string& name) const PURE;
56
57		/**
58		* @param name a name of the static GenericSecretConfigProvider.
59		* @return the GenericSecretConfigProviderSharedPtr. Returns nullptr if the static secret is not
60		* found.
61		*/
62		virtual GenericSecretConfigProviderSharedPtr
63		findStaticGenericSecretProvider(const std::string& name) const PURE;
64
65		/**
66		* @param tls_certificate the protobuf config of the TLS certificate.
67		* @return a TlsCertificateConfigProviderSharedPtr created from tls_certificate.
68		*/
69		virtual TlsCertificateConfigProviderSharedPtr createInlineTlsCertificateProvider(
70		const envoy::extensions::transport_sockets::tls::v3::TlsCertificate& tls_certificate) PURE;
71
72		/**
73		* @param certificate_validation_context the protobuf config of the certificate validation
74		* context.
75		* @return a CertificateValidationContextConfigProviderSharedPtr created from
76		* certificate_validation_context.
77		*/
78		virtual CertificateValidationContextConfigProviderSharedPtr
79		createInlineCertificateValidationContextProvider(
80		const envoy::extensions::transport_sockets::tls::v3::CertificateValidationContext&
81		certificate_validation_context) PURE;
82
83		/**
84		* @param tls_certificate the protobuf config of the TLS session ticket keys.
85		* @return a TlsSessionTicketKeysConfigProviderSharedPtr created from session_ticket_keys.
86		*/
87		virtual TlsSessionTicketKeysConfigProviderSharedPtr createInlineTlsSessionTicketKeysProvider(
88		const envoy::extensions::transport_sockets::tls::v3::TlsSessionTicketKeys& tls_certificate)
89		PURE;
90
91		/**
92		* @param generic_secret the protobuf config of the generic secret.
93		* @return a GenericSecretConfigProviderSharedPtr created from tls_certificate.
94		*/
95		virtual GenericSecretConfigProviderSharedPtr createInlineGenericSecretProvider(
96		const envoy::extensions::transport_sockets::tls::v3::GenericSecret& generic_secret) PURE;
97
98		/**
99		* Finds and returns a dynamic secret provider associated to SDS config. Create
100		* a new one if such provider does not exist.
101		*
102		* @param config_source a protobuf message object containing a SDS config source.
103		* @param config_name a name that uniquely refers to the SDS config source.
104		* @param secret_provider_context context that provides components for creating and initializing
105		* secret provider.
106		* @return TlsCertificateConfigProviderSharedPtr the dynamic TLS secret provider.
107		*/
108		virtual TlsCertificateConfigProviderSharedPtr findOrCreateTlsCertificateProvider(
109		const envoy::config::core::v3::ConfigSource& config_source, const std::string& config_name,
110		Server::Configuration::TransportSocketFactoryContext& secret_provider_context,
111		Init::Manager& init_manager) PURE;
112
113		/**
114		* Finds and returns a dynamic secret provider associated to SDS config. Create
115		* a new one if such provider does not exist.
116		*
117		* @param config_source a protobuf message object containing a SDS config source.
118		* @param config_name a name that uniquely refers to the SDS config source.
119		* @param secret_provider_context context that provides components for creating and initializing
120		* secret provider.
121		* @return CertificateValidationContextConfigProviderSharedPtr the dynamic certificate validation
122		* context secret provider.
123		*/
124		virtual CertificateValidationContextConfigProviderSharedPtr
125		findOrCreateCertificateValidationContextProvider(
126		const envoy::config::core::v3::ConfigSource& config_source, const std::string& config_name,
127		Server::Configuration::TransportSocketFactoryContext& secret_provider_context,
128		Init::Manager& init_manager) PURE;
129
130		/**
131		* Finds and returns a dynamic secret provider associated to SDS config. Create
132		* a new one if such provider does not exist.
133		*
134		* @param config_source a protobuf message object containing a SDS config source.
135		* @param config_name a name that uniquely refers to the SDS config source.
136		* @param secret_provider_context context that provides components for creating and initializing
137		* secret provider.
138		* @return TlsSessionTicketKeysConfigProviderSharedPtr the dynamic tls session ticket keys secret
139		* provider.
140		*/
141		virtual TlsSessionTicketKeysConfigProviderSharedPtr
142		findOrCreateTlsSessionTicketKeysContextProvider(
143		const envoy::config::core::v3::ConfigSource& config_source, const std::string& config_name,
144		Server::Configuration::TransportSocketFactoryContext& secret_provider_context,
145		Init::Manager& init_manager) PURE;
146
147		/**
148		* Finds and returns a dynamic secret provider associated to SDS config. Create a new one if such
149		* provider does not exist.
150		*
151		* @param config_source a protobuf message object containing a SDS config source.
152		* @param config_name a name that uniquely refers to the SDS config source.
153		* @param secret_provider_context context that provides components for creating and initializing
154		* secret provider.
155		* @return GenericSecretConfigProviderSharedPtr the dynamic generic secret provider.
156		*/
157		virtual GenericSecretConfigProviderSharedPtr findOrCreateGenericSecretProvider(
158		const envoy::config::core::v3::ConfigSource& config_source, const std::string& config_name,
159		Server::Configuration::TransportSocketFactoryContext& secret_provider_context,
160		Init::Manager& init_manager) PURE;
161		};
162
163		using SecretManagerPtr = std::unique_ptr<SecretManager>;
164
165		} // namespace Secret
166		} // namespace Envoy

Coverage Report

Created: 2023-11-12 09:30