rebase: Bump github.com/IBM/keyprotect-go-client from 0.10.0 to 0.12.2

Bumps [github.com/IBM/keyprotect-go-client](https://github.com/IBM/keyprotect-go-client) from 0.10.0 to 0.12.2.
- [Release notes](https://github.com/IBM/keyprotect-go-client/releases)
- [Changelog](https://github.com/IBM/keyprotect-go-client/blob/master/CHANGELOG.md)
- [Commits](https://github.com/IBM/keyprotect-go-client/compare/v0.10.0...v0.12.2)

---
updated-dependencies:
- dependency-name: github.com/IBM/keyprotect-go-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2023-08-29 08:13:35 +00:00 committed by mergify[bot]
parent eb24ae5cfc
commit 97d9f701ec
6 changed files with 176 additions and 99 deletions

2
go.mod
View File

@ -3,7 +3,7 @@ module github.com/ceph/ceph-csi
go 1.20 go 1.20
require ( require (
github.com/IBM/keyprotect-go-client v0.10.0 github.com/IBM/keyprotect-go-client v0.12.2
github.com/aws/aws-sdk-go v1.44.333 github.com/aws/aws-sdk-go v1.44.333
github.com/aws/aws-sdk-go-v2/service/sts v1.21.5 github.com/aws/aws-sdk-go-v2/service/sts v1.21.5
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000 github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000

4
go.sum
View File

@ -643,8 +643,8 @@ github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dX
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/DataDog/zstd v1.4.4/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= github.com/DataDog/zstd v1.4.4/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
github.com/IBM/keyprotect-go-client v0.5.1/go.mod h1:5TwDM/4FRJq1ZOlwQL1xFahLWQ3TveR88VmL1u3njyI= github.com/IBM/keyprotect-go-client v0.5.1/go.mod h1:5TwDM/4FRJq1ZOlwQL1xFahLWQ3TveR88VmL1u3njyI=
github.com/IBM/keyprotect-go-client v0.10.0 h1:UdVOwJfyVNmL4O3Aw2eGluiEr5FpV5h8EaNVJKCtLvY= github.com/IBM/keyprotect-go-client v0.12.2 h1:Cjxcqin9Pl0xz3MnxdiVd4v/eIa79xL3hQpSbwOr/DQ=
github.com/IBM/keyprotect-go-client v0.10.0/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM= github.com/IBM/keyprotect-go-client v0.12.2/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM=
github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E= github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E=
github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc= github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=
github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk= github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk=

View File

@ -1,4 +1,4 @@
# IBM Cloud Go SDK Version 0.9.2 # IBM Cloud Go SDK
# keyprotect-go-client # keyprotect-go-client

View File

@ -3,6 +3,8 @@ package kp
import ( import (
"context" "context"
"fmt" "fmt"
"net/http"
"strconv"
"time" "time"
) )
@ -57,11 +59,24 @@ func (c *Client) GetKeyRings(ctx context.Context) (*KeyRings, error) {
return &rings, nil return &rings, nil
} }
type DeleteKeyRingQueryOption func(*http.Request)
func WithForce(force bool) DeleteKeyRingQueryOption {
return func(req *http.Request) {
query := req.URL.Query()
query.Add("force", strconv.FormatBool(force))
req.URL.RawQuery = query.Encode()
}
}
// DeleteRing method deletes the key ring with the provided name in the instance // DeleteRing method deletes the key ring with the provided name in the instance
// For information please refer to the link below: // For information please refer to the link below:
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-managing-key-rings#delete-key-ring-api // https://cloud.ibm.com/docs/key-protect?topic=key-protect-managing-key-rings#delete-key-ring-api
func (c *Client) DeleteKeyRing(ctx context.Context, id string) error { func (c *Client) DeleteKeyRing(ctx context.Context, id string, opts ...DeleteKeyRingQueryOption) error {
req, err := c.newRequest("DELETE", fmt.Sprintf(path+"/%s", id), nil) req, err := c.newRequest("DELETE", fmt.Sprintf(path+"/%s", id), nil)
for _, opt := range opts {
opt(req)
}
if err != nil { if err != nil {
return err return err
} }

View File

@ -133,22 +133,118 @@ type KeyVersion struct {
CreationDate *time.Time `json:"creationDate,omitempty"` CreationDate *time.Time `json:"creationDate,omitempty"`
} }
// This function returns a string so we can pass extra info not in the key struct if needed
type CreateKeyOption func(k *Key)
func WithExpiration(expiration *time.Time) CreateKeyOption {
return func(key *Key) {
key.Expiration = expiration
}
}
func WithDescription(description string) CreateKeyOption {
return func(key *Key) {
key.Description = description
}
}
func WithPayload(payload string, encryptedNonce, iv *string, sha1 bool) CreateKeyOption {
return func(key *Key) {
key.Payload = payload
if !key.Extractable {
hasNonce := encryptedNonce != nil && *encryptedNonce != ""
hasIV := iv != nil && *iv != ""
if hasNonce {
key.EncryptedNonce = *encryptedNonce
}
if hasIV {
key.IV = *iv
}
// Encryption algo field is only for secure import.
// Only included it if either nonce or IV are specified.
// API will error if only one of IV or nonce are specified but the other is empty.
if hasNonce || hasIV {
algorithm := AlgorithmRSAOAEP256
if sha1 {
algorithm = AlgorithmRSAOAEP1
}
key.EncryptionAlgorithm = algorithm
}
}
}
}
func WithAliases(aliases []string) CreateKeyOption {
return func(key *Key) {
key.Aliases = aliases
}
}
func WithTags(tags []string) CreateKeyOption {
return func(key *Key) {
key.Tags = tags
}
}
func (c *Client) CreateKeyWithOptions(ctx context.Context, name string, extractable bool, options ...CreateKeyOption) (*Key, error) {
key := &Key{
Name: name,
Type: keyType,
Extractable: extractable,
}
for _, opt := range options {
opt(key)
}
return c.createKeyResource(ctx, *key, keysPath)
}
func (c *Client) CreateKeyWithPolicyOverridesWithOptions(ctx context.Context, name string, extractable bool, policy Policy, options ...CreateKeyOption) (*Key, error) {
key := &Key{
Name: name,
Type: keyType,
Extractable: extractable,
}
for _, opt := range options {
opt(key)
}
/*
Setting the value of rotationInterval to -1 in case user passes 0 value
as we want to retain the param `interval_month` after marshalling
so that we can get correct error msg from REST API saying interval_month should be between 1 to 12
Otherwise the param would not be sent to REST API in case of value 0
and it would throw error saying interval_month is missing
*/
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
policy.Rotation.Interval = -1
}
key.Rotation = policy.Rotation
key.DualAuthDelete = policy.DualAuth
return c.createKeyResource(ctx, *key, keysWithPolicyOverridesPath)
}
// CreateKey creates a new KP key. // CreateKey creates a new KP key.
func (c *Client) CreateKey(ctx context.Context, name string, expiration *time.Time, extractable bool) (*Key, error) { func (c *Client) CreateKey(ctx context.Context, name string, expiration *time.Time, extractable bool) (*Key, error) {
return c.CreateImportedKey(ctx, name, expiration, "", "", "", extractable) return c.CreateKeyWithOptions(ctx, name, extractable, WithExpiration(expiration))
} }
// CreateImportedKey creates a new KP key from the given key material. // CreateImportedKey creates a new KP key from the given key material.
func (c *Client) CreateImportedKey(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool) (*Key, error) { func (c *Client) CreateImportedKey(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool) (*Key, error) {
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, nil, AlgorithmRSAOAEP256, nil) return c.CreateKeyWithOptions(ctx, name, extractable,
return c.createKey(ctx, key) WithExpiration(expiration),
WithPayload(payload, &encryptedNonce, &iv, false),
)
} }
// CreateImportedKeyWithSHA1 creates a new KP key from the given key material // CreateImportedKeyWithSHA1 creates a new KP key from the given key material
// using RSAES OAEP SHA 1 as encryption algorithm. // using RSAES OAEP SHA 1 as encryption algorithm.
func (c *Client) CreateImportedKeyWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) { func (c *Client) CreateImportedKeyWithSHA1(ctx context.Context, name string, expiration *time.Time,
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, nil) payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
return c.createKey(ctx, key) return c.CreateKeyWithOptions(ctx, name, extractable,
WithExpiration(expiration),
WithPayload(payload, &encryptedNonce, &iv, true),
WithAliases(aliases),
)
} }
// CreateRootKey creates a new, non-extractable key resource without // CreateRootKey creates a new, non-extractable key resource without
@ -189,47 +285,64 @@ func (c *Client) CreateKeyWithAliases(ctx context.Context, name string, expirati
// For more information please refer to the links below: // For more information please refer to the links below:
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-root-keys#import-root-key-api // https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-root-keys#import-root-key-api
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-standard-keys#import-standard-key-gui // https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-standard-keys#import-standard-key-gui
func (c *Client) CreateImportedKeyWithAliases(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) { func (c *Client) CreateImportedKeyWithAliases(ctx context.Context, name string, expiration *time.Time,
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, nil) payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
return c.createKey(ctx, key) return c.CreateKeyWithOptions(ctx, name, extractable,
WithExpiration(expiration),
WithPayload(payload, &encryptedNonce, &iv, false),
WithAliases(aliases),
)
} }
func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, encryptionAlgorithm string, policy *Policy) Key { // CreateImportedKeyWithPolicyOverridesWithSHA1 creates a new KP key with policy overrides from the given key material
key := Key{ // and key policy details using RSAES OAEP SHA 1 as encryption algorithm.
Name: name, func (c *Client) CreateImportedKeyWithPolicyOverridesWithSHA1(ctx context.Context, name string, expiration *time.Time,
Type: keyType, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
Extractable: extractable, return c.CreateKeyWithPolicyOverridesWithOptions(ctx, name, extractable, policy,
Payload: payload, WithExpiration(expiration),
WithPayload(payload, &encryptedNonce, &iv, true),
WithAliases(aliases),
)
} }
if aliases != nil { // CreateKeyWithPolicyOverrides creates a new KP key with given key policy details
key.Aliases = aliases func (c *Client) CreateKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, extractable bool, aliases []string, policy Policy) (*Key, error) {
return c.CreateKeyWithPolicyOverridesWithOptions(ctx, name, extractable, policy,
WithExpiration(expiration),
WithAliases(aliases),
)
} }
if !extractable && payload != "" && encryptedNonce != "" && iv != "" { // CreateImportedKeyWithPolicyOverrides creates a new Imported KP key from the given key material and with given key policy details
key.EncryptedNonce = encryptedNonce func (c *Client) CreateImportedKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time,
key.IV = iv payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
key.EncryptionAlgorithm = encryptionAlgorithm return c.CreateKeyWithPolicyOverridesWithOptions(ctx, name, extractable, policy,
WithExpiration(expiration),
WithPayload(payload, &encryptedNonce, &iv, false),
WithAliases(aliases),
)
} }
if expiration != nil { // CreateRootKeyWithPolicyOverrides creates a new, non-extractable key resource without key material and with given key policy details
key.Expiration = expiration func (c *Client) CreateRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, false, aliases, policy)
} }
if policy != nil { // CreateStandardKeyWithPolicyOverrides creates a new, extractable key resource without key material and with given key policy details
key.Rotation = policy.Rotation func (c *Client) CreateStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
key.DualAuthDelete = policy.DualAuth return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, true, aliases, policy)
} }
return key // CreateImportedRootKeyWithPolicyOverrides creates a new, non-extractable key resource with the given key material and with given key policy details
func (c *Client) CreateImportedRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time,
payload, encryptedNonce, iv string, aliases []string, policy Policy) (*Key, error) {
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, encryptedNonce, iv, false, aliases, policy)
} }
func (c *Client) createKey(ctx context.Context, key Key) (*Key, error) { // CreateImportedStandardKeyWithPolicyOverrides creates a new, extractable key resource with the given key material and with given key policy details
return c.createKeyResource(ctx, key, keysPath) func (c *Client) CreateImportedStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time,
} payload string, aliases []string, policy Policy) (*Key, error) {
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, "", "", true, aliases, policy)
func (c *Client) createKeyWithPolicyOverrides(ctx context.Context, key Key) (*Key, error) {
return c.createKeyResource(ctx, key, keysWithPolicyOverridesPath)
} }
func (c *Client) createKeyResource(ctx context.Context, key Key, path string) (*Key, error) { func (c *Client) createKeyResource(ctx context.Context, key Key, path string) (*Key, error) {
@ -283,57 +396,6 @@ func (c *Client) SetKeyRing(ctx context.Context, idOrAlias, newKeyRingID string)
return &response.Keys[0], nil return &response.Keys[0], nil
} }
// CreateImportedKeyWithPolicyOverridesWithSHA1 creates a new KP key with policy overrides from the given key material
// and key policy details using RSAES OAEP SHA 1 as encryption algorithm.
func (c *Client) CreateImportedKeyWithPolicyOverridesWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
/*
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
*/
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
policy.Rotation.Interval = -1
}
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, &policy)
return c.createKeyWithPolicyOverrides(ctx, key)
}
// CreateKeyWithPolicyOverrides creates a new KP key with given key policy details
func (c *Client) CreateKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, extractable bool, aliases []string, policy Policy) (*Key, error) {
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, "", "", "", extractable, aliases, policy)
}
// CreateImportedKeyWithPolicyOverrides creates a new Imported KP key from the given key material and with given key policy details
func (c *Client) CreateImportedKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
/*
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
*/
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
policy.Rotation.Interval = -1
}
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, &policy)
return c.createKeyWithPolicyOverrides(ctx, key)
}
// CreateRootKeyWithPolicyOverrides creates a new, non-extractable key resource without key material and with given key policy details
func (c *Client) CreateRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, false, aliases, policy)
}
// CreateStandardKeyWithPolicyOverrides creates a new, extractable key resource without key material and with given key policy details
func (c *Client) CreateStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, true, aliases, policy)
}
// CreateImportedRootKeyWithPolicyOverrides creates a new, non-extractable key resource with the given key material and with given key policy details
func (c *Client) CreateImportedRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, aliases []string, policy Policy) (*Key, error) {
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, encryptedNonce, iv, false, aliases, policy)
}
// CreateImportedStandardKeyWithPolicyOverrides creates a new, extractable key resource with the given key material and with given key policy details
func (c *Client) CreateImportedStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload string, aliases []string, policy Policy) (*Key, error) {
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, "", "", true, aliases, policy)
}
// GetKeys retrieves a collection of keys that can be paged through. // GetKeys retrieves a collection of keys that can be paged through.
func (c *Client) GetKeys(ctx context.Context, limit int, offset int) (*Keys, error) { func (c *Client) GetKeys(ctx context.Context, limit int, offset int) (*Keys, error) {
if limit == 0 { if limit == 0 {

2
vendor/modules.txt vendored
View File

@ -1,4 +1,4 @@
# github.com/IBM/keyprotect-go-client v0.10.0 # github.com/IBM/keyprotect-go-client v0.12.2
## explicit; go 1.15 ## explicit; go 1.15
github.com/IBM/keyprotect-go-client github.com/IBM/keyprotect-go-client
github.com/IBM/keyprotect-go-client/iam github.com/IBM/keyprotect-go-client/iam