1package vault 2 3import ( 4 "regexp" 5 "sync" 6 7 log "github.com/hashicorp/go-hclog" 8 "github.com/hashicorp/go-memdb" 9 "github.com/hashicorp/vault/helper/identity" 10 "github.com/hashicorp/vault/helper/storagepacker" 11 "github.com/hashicorp/vault/sdk/framework" 12 "github.com/hashicorp/vault/sdk/logical" 13) 14 15const ( 16 // Storage prefixes 17 entityPrefix = "entity/" 18) 19 20// metaKeyFormatRegEx checks if a metadata key string is valid 21var metaKeyFormatRegEx = regexp.MustCompile(`^[a-zA-Z0-9=/+_-]+$`).MatchString 22 23const ( 24 // The meta key prefix reserved for Vault's internal use 25 metaKeyReservedPrefix = "vault-" 26 27 // The maximum number of metadata key pairs allowed to be registered 28 metaMaxKeyPairs = 64 29 30 // The maximum allowed length of a metadata key 31 metaKeyMaxLength = 128 32 33 // The maximum allowed length of a metadata value 34 metaValueMaxLength = 512 35) 36 37// IdentityStore is composed of its own storage view and a MemDB which 38// maintains active in-memory replicas of the storage contents indexed by 39// multiple fields. 40type IdentityStore struct { 41 // IdentityStore is a secret backend in Vault 42 *framework.Backend 43 44 // view is the storage sub-view where all the artifacts of identity store 45 // gets persisted 46 view logical.Storage 47 48 // db is the in-memory database where the storage artifacts gets replicated 49 // to enable richer queries based on multiple indexes. 50 db *memdb.MemDB 51 52 // locks to make sure things are consistent 53 lock sync.RWMutex 54 oidcLock sync.RWMutex 55 56 // groupLock is used to protect modifications to group entries 57 groupLock sync.RWMutex 58 59 // oidcCache stores common response data as well as when the periodic func needs 60 // to run. This is conservatively managed, and most writes to the OIDC endpoints 61 // will invalidate the cache. 62 oidcCache *oidcCache 63 64 // logger is the server logger copied over from core 65 logger log.Logger 66 67 // entityPacker is used to pack multiple entity storage entries into 256 68 // buckets 69 entityPacker *storagepacker.StoragePacker 70 71 // groupPacker is used to pack multiple group storage entries into 256 72 // buckets 73 groupPacker *storagepacker.StoragePacker 74 75 // core is the pointer to Vault's core 76 core *Core 77 78 // disableLowerCaseNames indicates whether or not identity artifacts are 79 // operated case insensitively 80 disableLowerCasedNames bool 81} 82 83type groupDiff struct { 84 New []*identity.Group 85 Deleted []*identity.Group 86 Unmodified []*identity.Group 87} 88 89type casesensitivity struct { 90 DisableLowerCasedNames bool `json:"disable_lower_cased_names"` 91} 92