github.com/mdaxf/iac@v0.0.0-20240519030858-58a061660378/vendor_skip/go.mongodb.org/mongo-driver/mongo/options/datakeyoptions.go (about) 1 // Copyright (C) MongoDB, Inc. 2017-present. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); you may 4 // not use this file except in compliance with the License. You may obtain 5 // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 6 7 package options 8 9 // DataKeyOptions represents all possible options used to create a new data key. 10 type DataKeyOptions struct { 11 MasterKey interface{} 12 KeyAltNames []string 13 14 // KeyMaterial is used to encrypt data. If omitted, keyMaterial is generated form a cryptographically secure random 15 // source. "Key Material" is used interchangeably with "dataKey" and "Data Encryption Key" (DEK). 16 KeyMaterial []byte 17 } 18 19 // DataKey creates a new DataKeyOptions instance. 20 func DataKey() *DataKeyOptions { 21 return &DataKeyOptions{} 22 } 23 24 // SetMasterKey specifies a KMS-specific key used to encrypt the new data key. 25 // 26 // If being used with a local KMS provider, this option is not applicable and should not be specified. 27 // 28 // For the AWS, Azure, and GCP KMS providers, this option is required and must be a document. For each, the value of the 29 // "endpoint" or "keyVaultEndpoint" must be a host name with an optional port number (e.g. "foo.com" or "foo.com:443"). 30 // 31 // When using AWS, the document must have the format: 32 // 33 // { 34 // region: <string>, 35 // key: <string>, // The Amazon Resource Name (ARN) to the AWS customer master key (CMK). 36 // endpoint: Optional<string> // An alternate host identifier to send KMS requests to. 37 // } 38 // 39 // If unset, the "endpoint" defaults to "kms.<region>.amazonaws.com". 40 // 41 // When using Azure, the document must have the format: 42 // 43 // { 44 // keyVaultEndpoint: <string>, // A host identifier to send KMS requests to. 45 // keyName: <string>, 46 // keyVersion: Optional<string> // A specific version of the named key. 47 // } 48 // 49 // If unset, "keyVersion" defaults to the key's primary version. 50 // 51 // When using GCP, the document must have the format: 52 // 53 // { 54 // projectId: <string>, 55 // location: <string>, 56 // keyRing: <string>, 57 // keyName: <string>, 58 // keyVersion: Optional<string>, // A specific version of the named key. 59 // endpoint: Optional<string> // An alternate host identifier to send KMS requests to. 60 // } 61 // 62 // If unset, "keyVersion" defaults to the key's primary version and "endpoint" defaults to "cloudkms.googleapis.com". 63 func (dk *DataKeyOptions) SetMasterKey(masterKey interface{}) *DataKeyOptions { 64 dk.MasterKey = masterKey 65 return dk 66 } 67 68 // SetKeyAltNames specifies an optional list of string alternate names used to reference a key. If a key is created' 69 // with alternate names, encryption may refer to the key by a unique alternate name instead of by _id. 70 func (dk *DataKeyOptions) SetKeyAltNames(keyAltNames []string) *DataKeyOptions { 71 dk.KeyAltNames = keyAltNames 72 return dk 73 } 74 75 // SetKeyMaterial will set a custom keyMaterial to DataKeyOptions which can be used to encrypt data. 76 func (dk *DataKeyOptions) SetKeyMaterial(keyMaterial []byte) *DataKeyOptions { 77 dk.KeyMaterial = keyMaterial 78 return dk 79 } 80 81 // MergeDataKeyOptions combines the argued DataKeyOptions in a last-one wins fashion. 82 // 83 // Deprecated: Merging options structs will not be supported in Go Driver 2.0. Users should create a 84 // single options struct instead. 85 func MergeDataKeyOptions(opts ...*DataKeyOptions) *DataKeyOptions { 86 dko := DataKey() 87 for _, opt := range opts { 88 if opt == nil { 89 continue 90 } 91 92 if opt.MasterKey != nil { 93 dko.MasterKey = opt.MasterKey 94 } 95 if opt.KeyAltNames != nil { 96 dko.KeyAltNames = opt.KeyAltNames 97 } 98 if opt.KeyMaterial != nil { 99 dko.KeyMaterial = opt.KeyMaterial 100 } 101 } 102 103 return dko 104 }