rebase: update github.com/libopenstorage/secrets to latest

With this update, we no longer import github.com/hashicorp/vault which now is under BSL license. https://github.com/hashicorp/vault/blob/main/LICENSE resolves: #4196 Signed-off-by: Rakshith R <rar@redhat.com>
2025-06-14 18:53:35 +00:00 · 2023-10-17 10:29:04 +05:30
parent 5ff0607360
commit e46a007961
131 changed files with 3931 additions and 16000 deletions
--- a/vendor/github.com/libopenstorage/secrets/secrets.go
+++ b/vendor/github.com/libopenstorage/secrets/secrets.go
@ -42,16 +42,17 @@ const (
 )

 const (
-	TypeAWS          = "aws-kms"
-	TypeAzure        = "azure-kv"
-	TypeDCOS         = "dcos"
-	TypeDocker       = "docker"
-	TypeGCloud       = "gcloud-kms"
-	TypeIBM          = "ibm-kp"
-	TypeK8s          = "k8s"
-	TypeKVDB         = "kvdb"
-	TypeVault        = "vault"
-	TypeVaultTransit = "vault-transit"
+	TypeAWSKMS            = "aws-kms"
+	TypeAzure             = "azure-kv"
+	TypeDCOS              = "dcos"
+	TypeDocker            = "docker"
+	TypeGCloud            = "gcloud-kms"
+	TypeIBM               = "ibm-kp"
+	TypeK8s               = "k8s"
+	TypeKVDB              = "kvdb"
+	TypeVault             = "vault"
+	TypeVaultTransit      = "vault-transit"
+	TypeAWSSecretsManager = "aws-secrets-manager"
 )

 const (
@ -64,6 +65,14 @@ const (
 	DestroySecret = "destroy-all-secret-versions"
 )

+// Version represents the unique identifier associated with the version of the new secret.
+type Version string
+
+const (
+	// NoVersion indicates that the provider does not support versions for secrets
+	NoVersion Version = "noversion"
+)
+
 // Secrets interface implemented by backend Key Management Systems (KMS)
 type Secrets interface {
 	// String representation of the backend KMS
@ -76,15 +85,17 @@ type Secrets interface {
 	GetSecret(
 		secretId string,
 		keyContext map[string]string,
-	) (map[string]interface{}, error)
+	) (map[string]interface{}, Version, error)

 	// PutSecret will associate an secretId to its secret data
 	// provided in the arguments and store it into the secret backend
+	// The caller should ensure they use unique secretIDs so that they won't
+	// unknowingly overwrite an existing secret.
 	PutSecret(
 		secretId string,
 		plainText map[string]interface{},
 		keyContext map[string]string,
-	) error
+	) (Version, error)

 	// DeleteSecret deletes the secret data associated with the
 	// supplied secretId.
@ -141,6 +152,17 @@ func (e *ErrInvalidKeyContext) Error() string {
 	return fmt.Sprintf("invalid key context: %v", e.Reason)
 }

+// ErrProviderInternal is returned when an error is received from the secrets provider which
+// is not known to this library
+type ErrProviderInternal struct {
+	Provider string
+	Reason   string
+}
+
+func (e *ErrProviderInternal) Error() string {
+	return fmt.Sprintf("%v returned error: %v", e.Provider, e.Reason)
+}
+
 // KeyContextChecks performs a series of checks on the keys and values
 // passed through the key context map
 func KeyContextChecks(