mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-09 16:00:22 +00:00
rebase: Bump github.com/IBM/keyprotect-go-client from 0.10.0 to 0.12.2
Bumps [github.com/IBM/keyprotect-go-client](https://github.com/IBM/keyprotect-go-client) from 0.10.0 to 0.12.2. - [Release notes](https://github.com/IBM/keyprotect-go-client/releases) - [Changelog](https://github.com/IBM/keyprotect-go-client/blob/master/CHANGELOG.md) - [Commits](https://github.com/IBM/keyprotect-go-client/compare/v0.10.0...v0.12.2) --- updated-dependencies: - dependency-name: github.com/IBM/keyprotect-go-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
parent
eb24ae5cfc
commit
97d9f701ec
2
go.mod
2
go.mod
@ -3,7 +3,7 @@ module github.com/ceph/ceph-csi
|
||||
go 1.20
|
||||
|
||||
require (
|
||||
github.com/IBM/keyprotect-go-client v0.10.0
|
||||
github.com/IBM/keyprotect-go-client v0.12.2
|
||||
github.com/aws/aws-sdk-go v1.44.333
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.21.5
|
||||
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
|
||||
|
4
go.sum
4
go.sum
@ -643,8 +643,8 @@ github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dX
|
||||
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
|
||||
github.com/DataDog/zstd v1.4.4/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
|
||||
github.com/IBM/keyprotect-go-client v0.5.1/go.mod h1:5TwDM/4FRJq1ZOlwQL1xFahLWQ3TveR88VmL1u3njyI=
|
||||
github.com/IBM/keyprotect-go-client v0.10.0 h1:UdVOwJfyVNmL4O3Aw2eGluiEr5FpV5h8EaNVJKCtLvY=
|
||||
github.com/IBM/keyprotect-go-client v0.10.0/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM=
|
||||
github.com/IBM/keyprotect-go-client v0.12.2 h1:Cjxcqin9Pl0xz3MnxdiVd4v/eIa79xL3hQpSbwOr/DQ=
|
||||
github.com/IBM/keyprotect-go-client v0.12.2/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM=
|
||||
github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E=
|
||||
github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=
|
||||
github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk=
|
||||
|
2
vendor/github.com/IBM/keyprotect-go-client/README.md
generated
vendored
2
vendor/github.com/IBM/keyprotect-go-client/README.md
generated
vendored
@ -1,4 +1,4 @@
|
||||
# IBM Cloud Go SDK Version 0.9.2
|
||||
# IBM Cloud Go SDK
|
||||
|
||||
# keyprotect-go-client
|
||||
|
||||
|
19
vendor/github.com/IBM/keyprotect-go-client/key_rings.go
generated
vendored
19
vendor/github.com/IBM/keyprotect-go-client/key_rings.go
generated
vendored
@ -3,6 +3,8 @@ package kp
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"time"
|
||||
)
|
||||
|
||||
@ -18,7 +20,7 @@ type KeyRing struct {
|
||||
|
||||
type KeyRings struct {
|
||||
Metadata KeysMetadata `json:"metadata"`
|
||||
KeyRings []KeyRing `json:"resources"`
|
||||
KeyRings []KeyRing `json:"resources"`
|
||||
}
|
||||
|
||||
// CreateRing method creates a key ring in the instance with the provided name
|
||||
@ -57,11 +59,24 @@ func (c *Client) GetKeyRings(ctx context.Context) (*KeyRings, error) {
|
||||
return &rings, nil
|
||||
}
|
||||
|
||||
type DeleteKeyRingQueryOption func(*http.Request)
|
||||
|
||||
func WithForce(force bool) DeleteKeyRingQueryOption {
|
||||
return func(req *http.Request) {
|
||||
query := req.URL.Query()
|
||||
query.Add("force", strconv.FormatBool(force))
|
||||
req.URL.RawQuery = query.Encode()
|
||||
}
|
||||
}
|
||||
|
||||
// DeleteRing method deletes the key ring with the provided name in the instance
|
||||
// For information please refer to the link below:
|
||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-managing-key-rings#delete-key-ring-api
|
||||
func (c *Client) DeleteKeyRing(ctx context.Context, id string) error {
|
||||
func (c *Client) DeleteKeyRing(ctx context.Context, id string, opts ...DeleteKeyRingQueryOption) error {
|
||||
req, err := c.newRequest("DELETE", fmt.Sprintf(path+"/%s", id), nil)
|
||||
for _, opt := range opts {
|
||||
opt(req)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
246
vendor/github.com/IBM/keyprotect-go-client/keys.go
generated
vendored
246
vendor/github.com/IBM/keyprotect-go-client/keys.go
generated
vendored
@ -133,22 +133,118 @@ type KeyVersion struct {
|
||||
CreationDate *time.Time `json:"creationDate,omitempty"`
|
||||
}
|
||||
|
||||
// This function returns a string so we can pass extra info not in the key struct if needed
|
||||
type CreateKeyOption func(k *Key)
|
||||
|
||||
func WithExpiration(expiration *time.Time) CreateKeyOption {
|
||||
return func(key *Key) {
|
||||
key.Expiration = expiration
|
||||
}
|
||||
}
|
||||
|
||||
func WithDescription(description string) CreateKeyOption {
|
||||
return func(key *Key) {
|
||||
key.Description = description
|
||||
}
|
||||
}
|
||||
|
||||
func WithPayload(payload string, encryptedNonce, iv *string, sha1 bool) CreateKeyOption {
|
||||
return func(key *Key) {
|
||||
key.Payload = payload
|
||||
if !key.Extractable {
|
||||
hasNonce := encryptedNonce != nil && *encryptedNonce != ""
|
||||
hasIV := iv != nil && *iv != ""
|
||||
if hasNonce {
|
||||
key.EncryptedNonce = *encryptedNonce
|
||||
}
|
||||
if hasIV {
|
||||
key.IV = *iv
|
||||
}
|
||||
// Encryption algo field is only for secure import.
|
||||
// Only included it if either nonce or IV are specified.
|
||||
// API will error if only one of IV or nonce are specified but the other is empty.
|
||||
if hasNonce || hasIV {
|
||||
algorithm := AlgorithmRSAOAEP256
|
||||
if sha1 {
|
||||
algorithm = AlgorithmRSAOAEP1
|
||||
}
|
||||
key.EncryptionAlgorithm = algorithm
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func WithAliases(aliases []string) CreateKeyOption {
|
||||
return func(key *Key) {
|
||||
key.Aliases = aliases
|
||||
}
|
||||
}
|
||||
|
||||
func WithTags(tags []string) CreateKeyOption {
|
||||
return func(key *Key) {
|
||||
key.Tags = tags
|
||||
}
|
||||
}
|
||||
|
||||
func (c *Client) CreateKeyWithOptions(ctx context.Context, name string, extractable bool, options ...CreateKeyOption) (*Key, error) {
|
||||
key := &Key{
|
||||
Name: name,
|
||||
Type: keyType,
|
||||
Extractable: extractable,
|
||||
}
|
||||
for _, opt := range options {
|
||||
opt(key)
|
||||
}
|
||||
return c.createKeyResource(ctx, *key, keysPath)
|
||||
}
|
||||
|
||||
func (c *Client) CreateKeyWithPolicyOverridesWithOptions(ctx context.Context, name string, extractable bool, policy Policy, options ...CreateKeyOption) (*Key, error) {
|
||||
key := &Key{
|
||||
Name: name,
|
||||
Type: keyType,
|
||||
Extractable: extractable,
|
||||
}
|
||||
for _, opt := range options {
|
||||
opt(key)
|
||||
}
|
||||
/*
|
||||
Setting the value of rotationInterval to -1 in case user passes 0 value
|
||||
as we want to retain the param `interval_month` after marshalling
|
||||
so that we can get correct error msg from REST API saying interval_month should be between 1 to 12
|
||||
Otherwise the param would not be sent to REST API in case of value 0
|
||||
and it would throw error saying interval_month is missing
|
||||
*/
|
||||
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
|
||||
policy.Rotation.Interval = -1
|
||||
}
|
||||
key.Rotation = policy.Rotation
|
||||
key.DualAuthDelete = policy.DualAuth
|
||||
|
||||
return c.createKeyResource(ctx, *key, keysWithPolicyOverridesPath)
|
||||
}
|
||||
|
||||
// CreateKey creates a new KP key.
|
||||
func (c *Client) CreateKey(ctx context.Context, name string, expiration *time.Time, extractable bool) (*Key, error) {
|
||||
return c.CreateImportedKey(ctx, name, expiration, "", "", "", extractable)
|
||||
return c.CreateKeyWithOptions(ctx, name, extractable, WithExpiration(expiration))
|
||||
}
|
||||
|
||||
// CreateImportedKey creates a new KP key from the given key material.
|
||||
func (c *Client) CreateImportedKey(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool) (*Key, error) {
|
||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, nil, AlgorithmRSAOAEP256, nil)
|
||||
return c.createKey(ctx, key)
|
||||
return c.CreateKeyWithOptions(ctx, name, extractable,
|
||||
WithExpiration(expiration),
|
||||
WithPayload(payload, &encryptedNonce, &iv, false),
|
||||
)
|
||||
}
|
||||
|
||||
// CreateImportedKeyWithSHA1 creates a new KP key from the given key material
|
||||
// using RSAES OAEP SHA 1 as encryption algorithm.
|
||||
func (c *Client) CreateImportedKeyWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
|
||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, nil)
|
||||
return c.createKey(ctx, key)
|
||||
func (c *Client) CreateImportedKeyWithSHA1(ctx context.Context, name string, expiration *time.Time,
|
||||
payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
|
||||
return c.CreateKeyWithOptions(ctx, name, extractable,
|
||||
WithExpiration(expiration),
|
||||
WithPayload(payload, &encryptedNonce, &iv, true),
|
||||
WithAliases(aliases),
|
||||
)
|
||||
}
|
||||
|
||||
// CreateRootKey creates a new, non-extractable key resource without
|
||||
@ -189,47 +285,64 @@ func (c *Client) CreateKeyWithAliases(ctx context.Context, name string, expirati
|
||||
// For more information please refer to the links below:
|
||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-root-keys#import-root-key-api
|
||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-standard-keys#import-standard-key-gui
|
||||
func (c *Client) CreateImportedKeyWithAliases(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
|
||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, nil)
|
||||
return c.createKey(ctx, key)
|
||||
func (c *Client) CreateImportedKeyWithAliases(ctx context.Context, name string, expiration *time.Time,
|
||||
payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
|
||||
return c.CreateKeyWithOptions(ctx, name, extractable,
|
||||
WithExpiration(expiration),
|
||||
WithPayload(payload, &encryptedNonce, &iv, false),
|
||||
WithAliases(aliases),
|
||||
)
|
||||
}
|
||||
|
||||
func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, encryptionAlgorithm string, policy *Policy) Key {
|
||||
key := Key{
|
||||
Name: name,
|
||||
Type: keyType,
|
||||
Extractable: extractable,
|
||||
Payload: payload,
|
||||
}
|
||||
|
||||
if aliases != nil {
|
||||
key.Aliases = aliases
|
||||
}
|
||||
|
||||
if !extractable && payload != "" && encryptedNonce != "" && iv != "" {
|
||||
key.EncryptedNonce = encryptedNonce
|
||||
key.IV = iv
|
||||
key.EncryptionAlgorithm = encryptionAlgorithm
|
||||
}
|
||||
|
||||
if expiration != nil {
|
||||
key.Expiration = expiration
|
||||
}
|
||||
|
||||
if policy != nil {
|
||||
key.Rotation = policy.Rotation
|
||||
key.DualAuthDelete = policy.DualAuth
|
||||
}
|
||||
|
||||
return key
|
||||
// CreateImportedKeyWithPolicyOverridesWithSHA1 creates a new KP key with policy overrides from the given key material
|
||||
// and key policy details using RSAES OAEP SHA 1 as encryption algorithm.
|
||||
func (c *Client) CreateImportedKeyWithPolicyOverridesWithSHA1(ctx context.Context, name string, expiration *time.Time,
|
||||
payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateKeyWithPolicyOverridesWithOptions(ctx, name, extractable, policy,
|
||||
WithExpiration(expiration),
|
||||
WithPayload(payload, &encryptedNonce, &iv, true),
|
||||
WithAliases(aliases),
|
||||
)
|
||||
}
|
||||
|
||||
func (c *Client) createKey(ctx context.Context, key Key) (*Key, error) {
|
||||
return c.createKeyResource(ctx, key, keysPath)
|
||||
// CreateKeyWithPolicyOverrides creates a new KP key with given key policy details
|
||||
func (c *Client) CreateKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, extractable bool, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateKeyWithPolicyOverridesWithOptions(ctx, name, extractable, policy,
|
||||
WithExpiration(expiration),
|
||||
WithAliases(aliases),
|
||||
)
|
||||
}
|
||||
|
||||
func (c *Client) createKeyWithPolicyOverrides(ctx context.Context, key Key) (*Key, error) {
|
||||
return c.createKeyResource(ctx, key, keysWithPolicyOverridesPath)
|
||||
// CreateImportedKeyWithPolicyOverrides creates a new Imported KP key from the given key material and with given key policy details
|
||||
func (c *Client) CreateImportedKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time,
|
||||
payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateKeyWithPolicyOverridesWithOptions(ctx, name, extractable, policy,
|
||||
WithExpiration(expiration),
|
||||
WithPayload(payload, &encryptedNonce, &iv, false),
|
||||
WithAliases(aliases),
|
||||
)
|
||||
}
|
||||
|
||||
// CreateRootKeyWithPolicyOverrides creates a new, non-extractable key resource without key material and with given key policy details
|
||||
func (c *Client) CreateRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, false, aliases, policy)
|
||||
}
|
||||
|
||||
// CreateStandardKeyWithPolicyOverrides creates a new, extractable key resource without key material and with given key policy details
|
||||
func (c *Client) CreateStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, true, aliases, policy)
|
||||
}
|
||||
|
||||
// CreateImportedRootKeyWithPolicyOverrides creates a new, non-extractable key resource with the given key material and with given key policy details
|
||||
func (c *Client) CreateImportedRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time,
|
||||
payload, encryptedNonce, iv string, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, encryptedNonce, iv, false, aliases, policy)
|
||||
}
|
||||
|
||||
// CreateImportedStandardKeyWithPolicyOverrides creates a new, extractable key resource with the given key material and with given key policy details
|
||||
func (c *Client) CreateImportedStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time,
|
||||
payload string, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, "", "", true, aliases, policy)
|
||||
}
|
||||
|
||||
func (c *Client) createKeyResource(ctx context.Context, key Key, path string) (*Key, error) {
|
||||
@ -283,57 +396,6 @@ func (c *Client) SetKeyRing(ctx context.Context, idOrAlias, newKeyRingID string)
|
||||
return &response.Keys[0], nil
|
||||
}
|
||||
|
||||
// CreateImportedKeyWithPolicyOverridesWithSHA1 creates a new KP key with policy overrides from the given key material
|
||||
// and key policy details using RSAES OAEP SHA 1 as encryption algorithm.
|
||||
func (c *Client) CreateImportedKeyWithPolicyOverridesWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
|
||||
/*
|
||||
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
|
||||
*/
|
||||
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
|
||||
policy.Rotation.Interval = -1
|
||||
}
|
||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, &policy)
|
||||
return c.createKeyWithPolicyOverrides(ctx, key)
|
||||
}
|
||||
|
||||
// CreateKeyWithPolicyOverrides creates a new KP key with given key policy details
|
||||
func (c *Client) CreateKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, extractable bool, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, "", "", "", extractable, aliases, policy)
|
||||
}
|
||||
|
||||
// CreateImportedKeyWithPolicyOverrides creates a new Imported KP key from the given key material and with given key policy details
|
||||
func (c *Client) CreateImportedKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
|
||||
/*
|
||||
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
|
||||
*/
|
||||
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
|
||||
policy.Rotation.Interval = -1
|
||||
}
|
||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, &policy)
|
||||
|
||||
return c.createKeyWithPolicyOverrides(ctx, key)
|
||||
}
|
||||
|
||||
// CreateRootKeyWithPolicyOverrides creates a new, non-extractable key resource without key material and with given key policy details
|
||||
func (c *Client) CreateRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, false, aliases, policy)
|
||||
}
|
||||
|
||||
// CreateStandardKeyWithPolicyOverrides creates a new, extractable key resource without key material and with given key policy details
|
||||
func (c *Client) CreateStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, true, aliases, policy)
|
||||
}
|
||||
|
||||
// CreateImportedRootKeyWithPolicyOverrides creates a new, non-extractable key resource with the given key material and with given key policy details
|
||||
func (c *Client) CreateImportedRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, encryptedNonce, iv, false, aliases, policy)
|
||||
}
|
||||
|
||||
// CreateImportedStandardKeyWithPolicyOverrides creates a new, extractable key resource with the given key material and with given key policy details
|
||||
func (c *Client) CreateImportedStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload string, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, "", "", true, aliases, policy)
|
||||
}
|
||||
|
||||
// GetKeys retrieves a collection of keys that can be paged through.
|
||||
func (c *Client) GetKeys(ctx context.Context, limit int, offset int) (*Keys, error) {
|
||||
if limit == 0 {
|
||||
|
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -1,4 +1,4 @@
|
||||
# github.com/IBM/keyprotect-go-client v0.10.0
|
||||
# github.com/IBM/keyprotect-go-client v0.12.2
|
||||
## explicit; go 1.15
|
||||
github.com/IBM/keyprotect-go-client
|
||||
github.com/IBM/keyprotect-go-client/iam
|
||||
|
Loading…
Reference in New Issue
Block a user