Crate ockam

Expand description

End-to-end encrypted, mutually authenticated, secure communication.

Data, within modern distributed applications, are rarely exchanged over a single point-to-point transport connection. Application messages routinely flow over complex, multi-hop, multi-protocol routes — across data centers, through queues and caches, via gateways and brokers — before reaching their end destination.

Transport layer security protocols are unable to protect application messages because their protection is constrained by the length and duration of the underlying transport connection.

Ockam makes it simple for our applications to guarantee end-to-end integrity, authenticity, and confidentiality of data. We no longer have to implicitly depend on the defenses of every machine or application within the same, usually porous, network boundary. Our application’s messages don’t have to be vulnerable at every point, along their journey, where a transport connection terminates.

Instead, our application can have a strikingly smaller vulnerability surface and easily make granular authorization decisions about all incoming information and commands.

§Features

End-to-end encrypted, mutually authenticated secure channels.
Multi-hop, multi-transport, application layer routing.
Key establishment, rotation, and revocation - for fleets, at scale.
Lightweight, Concurrent, Stateful Workers that enable simple APIs.
Attribute-based Access Control - credentials with selective disclosure.
Add-ons for a variety of operating environments, transport protocols, and cryptographic hardware.

§Documentation

Tutorials, examples and reference guides are available at docs.ockam.io.

Re-exports§

pub use ockam_abac as abac;
pub use ockam_identity as identity;
pub use node::*;

Modules§

access_control: Access Control
application_migration_set: This module defines the migrations to apply to the application database
compat: Compatibility adapter, mostly for no_std use.
debugger: Debugger
errcode: A module to export the error code in a meaningful way
flow_control: Flow Controls
node: List of all top-level services
node_migration_set: This module defines the migrations to apply to the application database
postgres: Postgres rust migrations
remote: RemoteRelay allows registering node within a Cloud Node with dynamic or static alias, which allows other nodes forward messages to local workers on this node using that alias.
sqlite: SQLite rust migrations
tcp: TCP transport
transport: Transport
udp: UDP transport
vault: Types and traits relating to ockam vaults.
workers: Helper workers

Macros§

route: Creates a new Route from a comma-delimited list of Addresses.

Structs§

Address: A generic address type.
Any: A passthrough marker message type.
AutoRetry: Wrapper for an auto-retried struct
Boolean: This type is used to map boolean fields for the types deriving FrowRow. Postgres provides a proper boolean type but SQLite maps them as integers.
Context: Context contains Node state and references to the runtime.
DatabaseUser: User of the Postgres database
DelayedEvent: Allow to send message to destination address periodically after some delay Only one scheduled heartbeat allowed at a time Dropping this handle cancels scheduled heartbeat
Error: The type of errors returned by Ockam functions.
Executor: Underlying Ockam node executor
LocalMessage: A message type that is routed locally within a single node.
Mailbox: A Mailbox controls the dispatch of incoming messages for a particular Address Note that Worker, Processor and Context may have multiple Mailboxes (with different addresses), but they always have exactly one mpsc receiver (message queue)
Mailboxes: A collection of Mailboxes for a specific Worker, Processor or Context
MessageReceiveOptions: Full set of options to send_and_receive_extended function
MessageSendReceiveOptions: Full set of options to send_and_receive_extended function
Migrator: Migrator is responsible for running Sql and Rust migrations side by side in the correct order, checking for conflicts, duplicates; making sure each migration runs only once
NodeBuilder: Start a node with a custom setup configuration
Nullable: This type is used to map Option fields for the types deriving FromRow
ProtocolId: A user-defined protocol identifier.
RelayService: Alias worker to register remote workers under local names.
RelayServiceOptions: Trust Options for a Forwarding Service
Route: A full route to a peer.
Routed: A message wrapper that provides message route information.
SqlxDatabase: The SqlxDatabase struct is used to create a database:
TransportMessage: A generic transport message type.
Version: Migration version
WorkerBuilder: Start a Worker with a custom configuration

Enums§

DatabaseConfiguration: Configuration for the database. We either use Sqlite or Postgres
DatabaseType: Type of database
MigrationFailure: This enum models possible causes for migration failures. Either for a simple migration or several.
MigrationResult: This enum models the result of executing one migration.
MigrationStatus: This enum models the state of a database with respect to migrations
OckamError: An enumeration of different error types emitted by this library.

Constants§

OCKAM_DATABASE_CONNECTION_URL: Database connection URL
OCKAM_DATABASE_INSTANCE: Database instance as HOST:PORT/name
OCKAM_DATABASE_PASSWORD: Database password
OCKAM_DATABASE_USER: Database user
OCKAM_DATABASE_USERNAME_AND_PASSWORD: Database user + password in the format {“username”:“pgadmin”, “password”:“s3cr3t”}
OCKAM_SQLITE_IN_MEMORY: Use an in-memory SQLite database

Traits§

Decodable: Decode a slice.
Encodable: Encode the type into an Encoded type.
FromSqlxError: This trait provides some syntax for transforming sqlx errors into ockam errors
Message: A user defined message that can be serialised and deserialized.
MigrationSet: This trait runs migrations on a given database
Processor: Defines an interface for Ockam Workers that need to continuously perform background operations.
RustMigration: Individual rust migration
ToVoid: This trait provides some syntax to shorten queries execution returning ()
TryClone: Clone trait when clone can fail.
Worker: Defines the core interface shared by all Ockam Workers.

Functions§

allow: Produces Ok(true) to avoid an ambiguous reading from using the unadorned value in auth code.
create_temp_db_file: Create a temporary database file that won’t be cleaned-up automatically
deny: Produces Ok(false) to avoid an ambiguous reading from using the unadorned value in auth code.
deserialize: Serialize a type using serde_bare
serialize: Serialize a type using serde_bare
skip_if_postgres: This function can be used to avoid running a test if the postgres database is used.
with_application_dbs: This function can be used to run some test code with the 3 different databases implementations of the application database
with_dbs: This function can be used to run some test code with the 3 different databases implementations
with_postgres: This function can be used to run some test code with a postgres database
with_sqlite_dbs: This function can be used to run some test code with the 2 SQLite databases implementations

Type Aliases§

Encoded: Alias of the type used for encoded data.
Result

Attribute Macros§

node: Marks an async function to be run in an ockam node.
processor: Mark an Ockam Processor implementation.
test: Marks an async test function to be run in an ockam node.
worker: Mark an Ockam Worker implementation.

Derive Macros§

Message: Implements the Message trait for a type.
TryClone: Implements the TryClone trait for a type.

Crate ockamCopy item path