rebase: Bump github.com/IBM/keyprotect-go-client from 0.10.0 to 0.12.2

Bumps [github.com/IBM/keyprotect-go-client](https://github.com/IBM/keyprotect-go-client) from 0.10.0 to 0.12.2.
- [Release notes](https://github.com/IBM/keyprotect-go-client/releases)
- [Changelog](https://github.com/IBM/keyprotect-go-client/blob/master/CHANGELOG.md)
- [Commits](https://github.com/IBM/keyprotect-go-client/compare/v0.10.0...v0.12.2)

---
updated-dependencies:
- dependency-name: github.com/IBM/keyprotect-go-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2023-08-29 08:13:35 +00:00 committed by mergify[bot]
parent eb24ae5cfc
commit 97d9f701ec
6 changed files with 176 additions and 99 deletions

2
go.mod
View File

@ -3,7 +3,7 @@ module github.com/ceph/ceph-csi
go 1.20
require (
github.com/IBM/keyprotect-go-client v0.10.0
github.com/IBM/keyprotect-go-client v0.12.2
github.com/aws/aws-sdk-go v1.44.333
github.com/aws/aws-sdk-go-v2/service/sts v1.21.5
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000

4
go.sum
View File

@ -643,8 +643,8 @@ github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dX
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/DataDog/zstd v1.4.4/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
github.com/IBM/keyprotect-go-client v0.5.1/go.mod h1:5TwDM/4FRJq1ZOlwQL1xFahLWQ3TveR88VmL1u3njyI=
github.com/IBM/keyprotect-go-client v0.10.0 h1:UdVOwJfyVNmL4O3Aw2eGluiEr5FpV5h8EaNVJKCtLvY=
github.com/IBM/keyprotect-go-client v0.10.0/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM=
github.com/IBM/keyprotect-go-client v0.12.2 h1:Cjxcqin9Pl0xz3MnxdiVd4v/eIa79xL3hQpSbwOr/DQ=
github.com/IBM/keyprotect-go-client v0.12.2/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM=
github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E=
github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=
github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk=

View File

@ -1,4 +1,4 @@
# IBM Cloud Go SDK Version 0.9.2
# IBM Cloud Go SDK
# keyprotect-go-client

View File

@ -3,6 +3,8 @@ package kp
import (
"context"
"fmt"
"net/http"
"strconv"
"time"
)
@ -57,11 +59,24 @@ func (c *Client) GetKeyRings(ctx context.Context) (*KeyRings, error) {
return &rings, nil
}
type DeleteKeyRingQueryOption func(*http.Request)
func WithForce(force bool) DeleteKeyRingQueryOption {
return func(req *http.Request) {
query := req.URL.Query()
query.Add("force", strconv.FormatBool(force))
req.URL.RawQuery = query.Encode()
}
}
// DeleteRing method deletes the key ring with the provided name in the instance
// For information please refer to the link below:
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-managing-key-rings#delete-key-ring-api
func (c *Client) DeleteKeyRing(ctx context.Context, id string) error {
func (c *Client) DeleteKeyRing(ctx context.Context, id string, opts ...DeleteKeyRingQueryOption) error {
req, err := c.newRequest("DELETE", fmt.Sprintf(path+"/%s", id), nil)
for _, opt := range opts {
opt(req)
}
if err != nil {
return err
}

View File

@ -133,22 +133,118 @@ type KeyVersion struct {
CreationDate *time.Time `json:"creationDate,omitempty"`
}
// This function returns a string so we can pass extra info not in the key struct if needed
type CreateKeyOption func(k *Key)
func WithExpiration(expiration *time.Time) CreateKeyOption {
return func(key *Key) {
key.Expiration = expiration
}
}
func WithDescription(description string) CreateKeyOption {
return func(key *Key) {
key.Description = description
}
}
func WithPayload(payload string, encryptedNonce, iv *string, sha1 bool) CreateKeyOption {
return func(key *Key) {
key.Payload = payload
if !key.Extractable {
hasNonce := encryptedNonce != nil && *encryptedNonce != ""
hasIV := iv != nil && *iv != ""
if hasNonce {
key.EncryptedNonce = *encryptedNonce
}
if hasIV {
key.IV = *iv
}
// Encryption algo field is only for secure import.
// Only included it if either nonce or IV are specified.
// API will error if only one of IV or nonce are specified but the other is empty.
if hasNonce || hasIV {
algorithm := AlgorithmRSAOAEP256
if sha1 {
algorithm = AlgorithmRSAOAEP1
}
key.EncryptionAlgorithm = algorithm
}
}
}
}
func WithAliases(aliases []string) CreateKeyOption {
return func(key *Key) {
key.Aliases = aliases
}
}
func WithTags(tags []string) CreateKeyOption {
return func(key *Key) {
key.Tags = tags
}
}
func (c *Client) CreateKeyWithOptions(ctx context.Context, name string, extractable bool, options ...CreateKeyOption) (*Key, error) {
key := &Key{
Name: name,
Type: keyType,
Extractable: extractable,
}
for _, opt := range options {
opt(key)
}
return c.createKeyResource(ctx, *key, keysPath)
}
func (c *Client) CreateKeyWithPolicyOverridesWithOptions(ctx context.Context, name string, extractable bool, policy Policy, options ...CreateKeyOption) (*Key, error) {
key := &Key{
Name: name,
Type: keyType,
Extractable: extractable,
}
for _, opt := range options {
opt(key)
}
/*
Setting the value of rotationInterval to -1 in case user passes 0 value
as we want to retain the param `interval_month` after marshalling
so that we can get correct error msg from REST API saying interval_month should be between 1 to 12
Otherwise the param would not be sent to REST API in case of value 0
and it would throw error saying interval_month is missing
*/
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
policy.Rotation.Interval = -1
}
key.Rotation = policy.Rotation
key.DualAuthDelete = policy.DualAuth
return c.createKeyResource(ctx, *key, keysWithPolicyOverridesPath)
}
// CreateKey creates a new KP key.
func (c *Client) CreateKey(ctx context.Context, name string, expiration *time.Time, extractable bool) (*Key, error) {
return c.CreateImportedKey(ctx, name, expiration, "", "", "", extractable)
return c.CreateKeyWithOptions(ctx, name, extractable, WithExpiration(expiration))
}
// CreateImportedKey creates a new KP key from the given key material.
func (c *Client) CreateImportedKey(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool) (*Key, error) {
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, nil, AlgorithmRSAOAEP256, nil)
return c.createKey(ctx, key)
return c.CreateKeyWithOptions(ctx, name, extractable,
WithExpiration(expiration),
WithPayload(payload, &encryptedNonce, &iv, false),
)
}
// CreateImportedKeyWithSHA1 creates a new KP key from the given key material
// using RSAES OAEP SHA 1 as encryption algorithm.
func (c *Client) CreateImportedKeyWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, nil)
return c.createKey(ctx, key)
func (c *Client) CreateImportedKeyWithSHA1(ctx context.Context, name string, expiration *time.Time,
payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
return c.CreateKeyWithOptions(ctx, name, extractable,
WithExpiration(expiration),
WithPayload(payload, &encryptedNonce, &iv, true),
WithAliases(aliases),
)
}
// CreateRootKey creates a new, non-extractable key resource without
@ -189,47 +285,64 @@ func (c *Client) CreateKeyWithAliases(ctx context.Context, name string, expirati
// For more information please refer to the links below:
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-root-keys#import-root-key-api
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-standard-keys#import-standard-key-gui
func (c *Client) CreateImportedKeyWithAliases(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, nil)
return c.createKey(ctx, key)
func (c *Client) CreateImportedKeyWithAliases(ctx context.Context, name string, expiration *time.Time,
payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
return c.CreateKeyWithOptions(ctx, name, extractable,
WithExpiration(expiration),
WithPayload(payload, &encryptedNonce, &iv, false),
WithAliases(aliases),
)
}
func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, encryptionAlgorithm string, policy *Policy) Key {
key := Key{
Name: name,
Type: keyType,
Extractable: extractable,
Payload: payload,
}
if aliases != nil {
key.Aliases = aliases
}
if !extractable && payload != "" && encryptedNonce != "" && iv != "" {
key.EncryptedNonce = encryptedNonce
key.IV = iv
key.EncryptionAlgorithm = encryptionAlgorithm
}
if expiration != nil {
key.Expiration = expiration
}
if policy != nil {
key.Rotation = policy.Rotation
key.DualAuthDelete = policy.DualAuth
}
return key
// CreateImportedKeyWithPolicyOverridesWithSHA1 creates a new KP key with policy overrides from the given key material
// and key policy details using RSAES OAEP SHA 1 as encryption algorithm.
func (c *Client) CreateImportedKeyWithPolicyOverridesWithSHA1(ctx context.Context, name string, expiration *time.Time,
payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
return c.CreateKeyWithPolicyOverridesWithOptions(ctx, name, extractable, policy,
WithExpiration(expiration),
WithPayload(payload, &encryptedNonce, &iv, true),
WithAliases(aliases),
)
}
func (c *Client) createKey(ctx context.Context, key Key) (*Key, error) {
return c.createKeyResource(ctx, key, keysPath)
// CreateKeyWithPolicyOverrides creates a new KP key with given key policy details
func (c *Client) CreateKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, extractable bool, aliases []string, policy Policy) (*Key, error) {
return c.CreateKeyWithPolicyOverridesWithOptions(ctx, name, extractable, policy,
WithExpiration(expiration),
WithAliases(aliases),
)
}
func (c *Client) createKeyWithPolicyOverrides(ctx context.Context, key Key) (*Key, error) {
return c.createKeyResource(ctx, key, keysWithPolicyOverridesPath)
// CreateImportedKeyWithPolicyOverrides creates a new Imported KP key from the given key material and with given key policy details
func (c *Client) CreateImportedKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time,
payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
return c.CreateKeyWithPolicyOverridesWithOptions(ctx, name, extractable, policy,
WithExpiration(expiration),
WithPayload(payload, &encryptedNonce, &iv, false),
WithAliases(aliases),
)
}
// CreateRootKeyWithPolicyOverrides creates a new, non-extractable key resource without key material and with given key policy details
func (c *Client) CreateRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, false, aliases, policy)
}
// CreateStandardKeyWithPolicyOverrides creates a new, extractable key resource without key material and with given key policy details
func (c *Client) CreateStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, true, aliases, policy)
}
// CreateImportedRootKeyWithPolicyOverrides creates a new, non-extractable key resource with the given key material and with given key policy details
func (c *Client) CreateImportedRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time,
payload, encryptedNonce, iv string, aliases []string, policy Policy) (*Key, error) {
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, encryptedNonce, iv, false, aliases, policy)
}
// CreateImportedStandardKeyWithPolicyOverrides creates a new, extractable key resource with the given key material and with given key policy details
func (c *Client) CreateImportedStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time,
payload string, aliases []string, policy Policy) (*Key, error) {
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, "", "", true, aliases, policy)
}
func (c *Client) createKeyResource(ctx context.Context, key Key, path string) (*Key, error) {
@ -283,57 +396,6 @@ func (c *Client) SetKeyRing(ctx context.Context, idOrAlias, newKeyRingID string)
return &response.Keys[0], nil
}
// CreateImportedKeyWithPolicyOverridesWithSHA1 creates a new KP key with policy overrides from the given key material
// and key policy details using RSAES OAEP SHA 1 as encryption algorithm.
func (c *Client) CreateImportedKeyWithPolicyOverridesWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
/*
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
*/
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
policy.Rotation.Interval = -1
}
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, &policy)
return c.createKeyWithPolicyOverrides(ctx, key)
}
// CreateKeyWithPolicyOverrides creates a new KP key with given key policy details
func (c *Client) CreateKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, extractable bool, aliases []string, policy Policy) (*Key, error) {
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, "", "", "", extractable, aliases, policy)
}
// CreateImportedKeyWithPolicyOverrides creates a new Imported KP key from the given key material and with given key policy details
func (c *Client) CreateImportedKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
/*
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
*/
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
policy.Rotation.Interval = -1
}
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, &policy)
return c.createKeyWithPolicyOverrides(ctx, key)
}
// CreateRootKeyWithPolicyOverrides creates a new, non-extractable key resource without key material and with given key policy details
func (c *Client) CreateRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, false, aliases, policy)
}
// CreateStandardKeyWithPolicyOverrides creates a new, extractable key resource without key material and with given key policy details
func (c *Client) CreateStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, true, aliases, policy)
}
// CreateImportedRootKeyWithPolicyOverrides creates a new, non-extractable key resource with the given key material and with given key policy details
func (c *Client) CreateImportedRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, aliases []string, policy Policy) (*Key, error) {
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, encryptedNonce, iv, false, aliases, policy)
}
// CreateImportedStandardKeyWithPolicyOverrides creates a new, extractable key resource with the given key material and with given key policy details
func (c *Client) CreateImportedStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload string, aliases []string, policy Policy) (*Key, error) {
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, "", "", true, aliases, policy)
}
// GetKeys retrieves a collection of keys that can be paged through.
func (c *Client) GetKeys(ctx context.Context, limit int, offset int) (*Keys, error) {
if limit == 0 {

2
vendor/modules.txt vendored
View File

@ -1,4 +1,4 @@
# github.com/IBM/keyprotect-go-client v0.10.0
# github.com/IBM/keyprotect-go-client v0.12.2
## explicit; go 1.15
github.com/IBM/keyprotect-go-client
github.com/IBM/keyprotect-go-client/iam