boundary/internal/kms/options.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1

package kms

import (
	"io"

	"github.com/hashicorp/boundary/internal/db"
	wrapping "github.com/hashicorp/go-kms-wrapping/v2"
)

// getOpts - iterate the inbound Options and return a struct
func getOpts(opt ...Option) options {
	opts := getDefaultOptions()
	for _, o := range opt {
		o(&opts)
	}
	return opts
}

// Option - how Options are passed as arguments
type Option func(*options)

// options = how options are represented
type options struct {
	withLimit                    int
	withRootWrapper              wrapping.Wrapper
	withWorkerAuthWrapper        wrapping.Wrapper
	withWorkerAuthStorageWrapper wrapping.Wrapper
	withRecoveryWrapper          wrapping.Wrapper
	withBsrWrapper               wrapping.Wrapper
	withOrderByVersion           db.OrderBy
	withKeyId                    string
	withScopeIds                 []string
	withRandomReader             io.Reader
	withReader                   db.Reader
	withWriter                   db.Writer
	withRewrap                   bool
}

func getDefaultOptions() options {
	return options{}
}

// WithLimit provides an option to provide a limit. Intentionally allowing
// negative integers. If WithLimit < 0, then unlimited results are returned. If
// WithLimit == 0, then default limits are used for results.
func WithLimit(limit int) Option {
	return func(o *options) {
		o.withLimit = limit
	}
}

// WithRootWrapper sets the external root wrapper for a given scope
func WithRootWrapper(w wrapping.Wrapper) Option {
	return func(o *options) {
		o.withRootWrapper = w
	}
}

// WithWorkerAuthWrapper sets the external worker authentication wrapper for a
// given scope
func WithWorkerAuthWrapper(w wrapping.Wrapper) Option {
	return func(o *options) {
		o.withWorkerAuthWrapper = w
	}
}

// WithWorkerAuthStorageWrapper sets the external pki worker storage wrapper for a
// given scope
func WithWorkerAuthStorageWrapper(w wrapping.Wrapper) Option {
	return func(o *options) {
		o.withWorkerAuthStorageWrapper = w
	}
}

// WithRecoveryWrapper sets the recovery wrapper for a given scope
func WithRecoveryWrapper(w wrapping.Wrapper) Option {
	return func(o *options) {
		o.withRecoveryWrapper = w
	}
}

// WithBsrWrapper sets the external Bsr wrapper for a KMS
func WithBsrWrapper(w wrapping.Wrapper) Option {
	return func(o *options) {
		o.withBsrWrapper = w
	}
}

// WithOrderByVersion provides an option to specify ordering by the
// CreateTime field.
func WithOrderByVersion(orderBy db.OrderBy) Option {
	const col = "version"
	return func(o *options) {
		o.withOrderByVersion = orderBy
	}
}

// WithKeyId allows specifying a key ID that should be found in a scope's
// multiwrapper; if it is not found, keys will be refreshed
func WithKeyId(keyId string) Option {
	return func(o *options) {
		o.withKeyId = keyId
	}
}

// WithScopeIds allows the specifying of optional scope ids.
func WithScopeIds(scopeId ...string) Option {
	return func(o *options) {
		o.withScopeIds = scopeId
	}
}

// WithRandomReader(...) option allows an optional random reader to be
// provided.  By default the reader from crypto/rand will be used.
func WithRandomReader(randomReader io.Reader) Option {
	return func(o *options) {
		o.withRandomReader = randomReader
	}
}

// WithReaderWriter allows the caller to pass an inflight transaction to be used
// for all database operations. If WithReaderWriter(...) is used, then the
// caller is responsible for managing the transaction. The purpose of the
// WithReaderWriter(...) option is to allow the caller to create the scope and
// all of its keys in the same transaction.
func WithReaderWriter(r db.Reader, w db.Writer) Option {
	return func(o *options) {
		o.withReader = r
		o.withWriter = w
	}
}

// WithRewrap allows for optionally specifying that the keys should be
// rewrapped.
func WithRewrap(enableRewrap bool) Option {
	return func(o *options) {
		o.withRewrap = enableRewrap
	}
}