mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-17 20:00:23 +00:00
rebase: bump github.com/IBM/keyprotect-go-client from 0.8.1 to 0.9.0
Bumps [github.com/IBM/keyprotect-go-client](https://github.com/IBM/keyprotect-go-client) from 0.8.1 to 0.9.0. - [Release notes](https://github.com/IBM/keyprotect-go-client/releases) - [Commits](https://github.com/IBM/keyprotect-go-client/compare/v0.8.1...v0.9.0) --- updated-dependencies: - dependency-name: github.com/IBM/keyprotect-go-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
parent
8650538b78
commit
fe13fff9fa
2
go.mod
2
go.mod
@ -3,7 +3,7 @@ module github.com/ceph/ceph-csi
|
||||
go 1.17
|
||||
|
||||
require (
|
||||
github.com/IBM/keyprotect-go-client v0.8.1
|
||||
github.com/IBM/keyprotect-go-client v0.9.0
|
||||
github.com/aws/aws-sdk-go v1.44.127
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.17.1
|
||||
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
|
||||
|
4
go.sum
4
go.sum
@ -88,8 +88,8 @@ github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3
|
||||
github.com/DataDog/zstd v1.4.4/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
|
||||
github.com/GoogleCloudPlatform/k8s-cloud-provider v1.18.1-0.20220218231025-f11817397a1b/go.mod h1:FNj4KYEAAHfYu68kRYolGoxkaJn+6mdEsaM12VTwuI0=
|
||||
github.com/IBM/keyprotect-go-client v0.5.1/go.mod h1:5TwDM/4FRJq1ZOlwQL1xFahLWQ3TveR88VmL1u3njyI=
|
||||
github.com/IBM/keyprotect-go-client v0.8.1 h1:viTQCtoeWQeDRTe8S0ed++uM4J2uf1DGuQbV9mNTCj8=
|
||||
github.com/IBM/keyprotect-go-client v0.8.1/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM=
|
||||
github.com/IBM/keyprotect-go-client v0.9.0 h1:UwbyEHcaGlmLNK7PW0qo9VlxneN+0/2zoGBubHzbtro=
|
||||
github.com/IBM/keyprotect-go-client v0.9.0/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM=
|
||||
github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab/go.mod h1:3VYc5hodBMJ5+l/7J4xAyMeuM2PNuepvHlGs8yilUCA=
|
||||
github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E=
|
||||
github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=
|
||||
|
268
vendor/github.com/IBM/keyprotect-go-client/.secrets.baseline
generated
vendored
Normal file
268
vendor/github.com/IBM/keyprotect-go-client/.secrets.baseline
generated
vendored
Normal file
@ -0,0 +1,268 @@
|
||||
{
|
||||
"exclude": {
|
||||
"files": "go.sum|^.secrets.baseline$",
|
||||
"lines": null
|
||||
},
|
||||
"generated_at": "2022-09-30T10:57:54Z",
|
||||
"plugins_used": [
|
||||
{
|
||||
"name": "AWSKeyDetector"
|
||||
},
|
||||
{
|
||||
"name": "ArtifactoryDetector"
|
||||
},
|
||||
{
|
||||
"name": "AzureStorageKeyDetector"
|
||||
},
|
||||
{
|
||||
"base64_limit": 4.5,
|
||||
"name": "Base64HighEntropyString"
|
||||
},
|
||||
{
|
||||
"name": "BasicAuthDetector"
|
||||
},
|
||||
{
|
||||
"name": "BoxDetector"
|
||||
},
|
||||
{
|
||||
"name": "CloudantDetector"
|
||||
},
|
||||
{
|
||||
"ghe_instance": "github.ibm.com",
|
||||
"name": "GheDetector"
|
||||
},
|
||||
{
|
||||
"name": "GitHubTokenDetector"
|
||||
},
|
||||
{
|
||||
"hex_limit": 3,
|
||||
"name": "HexHighEntropyString"
|
||||
},
|
||||
{
|
||||
"name": "IbmCloudIamDetector"
|
||||
},
|
||||
{
|
||||
"name": "IbmCosHmacDetector"
|
||||
},
|
||||
{
|
||||
"name": "JwtTokenDetector"
|
||||
},
|
||||
{
|
||||
"keyword_exclude": null,
|
||||
"name": "KeywordDetector"
|
||||
},
|
||||
{
|
||||
"name": "MailchimpDetector"
|
||||
},
|
||||
{
|
||||
"name": "NpmDetector"
|
||||
},
|
||||
{
|
||||
"name": "PrivateKeyDetector"
|
||||
},
|
||||
{
|
||||
"name": "SlackDetector"
|
||||
},
|
||||
{
|
||||
"name": "SoftlayerDetector"
|
||||
},
|
||||
{
|
||||
"name": "SquareOAuthDetector"
|
||||
},
|
||||
{
|
||||
"name": "StripeDetector"
|
||||
},
|
||||
{
|
||||
"name": "TwilioKeyDetector"
|
||||
}
|
||||
],
|
||||
"results": {
|
||||
"README.md": [
|
||||
{
|
||||
"hashed_secret": "93fcbf4c3221f6e6fc21e07ec6e87ad94e60bd26",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 35,
|
||||
"type": "Secret Keyword",
|
||||
"verified_result": null
|
||||
},
|
||||
{
|
||||
"hashed_secret": "0b60828897517e2b8013af62b288e055bf0d095d",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 126,
|
||||
"type": "Secret Keyword",
|
||||
"verified_result": null
|
||||
}
|
||||
],
|
||||
"example_cycle_test.go": [
|
||||
{
|
||||
"hashed_secret": "f75b33f87ffeacb3a4f793a09693e672e07449ff",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 27,
|
||||
"type": "Secret Keyword",
|
||||
"verified_result": null
|
||||
}
|
||||
],
|
||||
"example_test.go": [
|
||||
{
|
||||
"hashed_secret": "e80b5f30389f2162470fe780e27b90146e5fb0ca",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 81,
|
||||
"type": "Base64 High Entropy String",
|
||||
"verified_result": null
|
||||
},
|
||||
{
|
||||
"hashed_secret": "75d5cc62475c1ed3db14215d819514749ae25f53",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 181,
|
||||
"type": "Secret Keyword",
|
||||
"verified_result": null
|
||||
}
|
||||
],
|
||||
"iam/iam.go": [
|
||||
{
|
||||
"hashed_secret": "f75b33f87ffeacb3a4f793a09693e672e07449ff",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 51,
|
||||
"type": "Secret Keyword",
|
||||
"verified_result": null
|
||||
},
|
||||
{
|
||||
"hashed_secret": "3e4bdbe0b80e63c22b178576e906810777387b50",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 120,
|
||||
"type": "Secret Keyword",
|
||||
"verified_result": null
|
||||
}
|
||||
],
|
||||
"integration_test.go": [
|
||||
{
|
||||
"hashed_secret": "f75b33f87ffeacb3a4f793a09693e672e07449ff",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 57,
|
||||
"type": "Secret Keyword",
|
||||
"verified_result": null
|
||||
}
|
||||
],
|
||||
"kp_test.go": [
|
||||
{
|
||||
"hashed_secret": "11634ea6495b17ca913d24b49dca32b40e491dc0",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 44,
|
||||
"type": "Secret Keyword",
|
||||
"verified_result": null
|
||||
},
|
||||
{
|
||||
"hashed_secret": "9f4ed0cc38e03da4c3caf3d8500e0af69cfaefd3",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 189,
|
||||
"type": "JSON Web Token",
|
||||
"verified_result": null
|
||||
},
|
||||
{
|
||||
"hashed_secret": "3e48fe9928e96dde5f50bd5514ccaecc504e378e",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 629,
|
||||
"type": "Secret Keyword",
|
||||
"verified_result": null
|
||||
},
|
||||
{
|
||||
"hashed_secret": "1db0b23a23282227489c79a9fd31998add2b66f5",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 863,
|
||||
"type": "Secret Keyword",
|
||||
"verified_result": null
|
||||
},
|
||||
{
|
||||
"hashed_secret": "f7f8eb2ffbd249e8c0e2ce429466c04a6342318b",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 986,
|
||||
"type": "Secret Keyword",
|
||||
"verified_result": null
|
||||
},
|
||||
{
|
||||
"hashed_secret": "90f826b48e4e4832be16dd63237e7aede72ec384",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 1800,
|
||||
"type": "Secret Keyword",
|
||||
"verified_result": null
|
||||
},
|
||||
{
|
||||
"hashed_secret": "0599eac7c4ebc38a9fb5407c1cee19877850ff78",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 3514,
|
||||
"type": "Base64 High Entropy String",
|
||||
"verified_result": null
|
||||
},
|
||||
{
|
||||
"hashed_secret": "4a8f6f853d71b777faef1c0f50d59df808f377a7",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 4019,
|
||||
"type": "Base64 High Entropy String",
|
||||
"verified_result": null
|
||||
},
|
||||
{
|
||||
"hashed_secret": "8ee338cf3361b4fbd663c51393c44ea685e7e31b",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 4020,
|
||||
"type": "Base64 High Entropy String",
|
||||
"verified_result": null
|
||||
},
|
||||
{
|
||||
"hashed_secret": "7200008cccd3ebe5eb314c7ce57bbe95113e11ff",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 4055,
|
||||
"type": "Base64 High Entropy String",
|
||||
"verified_result": null
|
||||
},
|
||||
{
|
||||
"hashed_secret": "7056dab9fea569e2fcb5122c763bfe90d3fa8204",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 4523,
|
||||
"type": "Base64 High Entropy String",
|
||||
"verified_result": null
|
||||
},
|
||||
{
|
||||
"hashed_secret": "54b1ab73986eecb14a1839184e4b51ce9668b35e",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 4568,
|
||||
"type": "Base64 High Entropy String",
|
||||
"verified_result": null
|
||||
}
|
||||
],
|
||||
"policy.go": [
|
||||
{
|
||||
"hashed_secret": "6a361a4e087eab69b48211aecc712bdc3403b2eb",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 335,
|
||||
"type": "Secret Keyword",
|
||||
"verified_result": null
|
||||
}
|
||||
]
|
||||
},
|
||||
"version": "0.13.1+ibm.52.dss",
|
||||
"word_list": {
|
||||
"file": null,
|
||||
"hash": null
|
||||
}
|
||||
}
|
7
vendor/github.com/IBM/keyprotect-go-client/.travis.yml
generated
vendored
7
vendor/github.com/IBM/keyprotect-go-client/.travis.yml
generated
vendored
@ -1,9 +1,10 @@
|
||||
language: go
|
||||
dist: xenial
|
||||
|
||||
go:
|
||||
- 1.14.x
|
||||
- 1.15.x
|
||||
go:
|
||||
- 1.17.x
|
||||
- 1.18.x
|
||||
- 1.19.x
|
||||
|
||||
env:
|
||||
- GO111MODULE=on
|
||||
|
198
vendor/github.com/IBM/keyprotect-go-client/README.md
generated
vendored
198
vendor/github.com/IBM/keyprotect-go-client/README.md
generated
vendored
@ -113,6 +113,31 @@ fmt.Println(key.ID, key.Name)
|
||||
crkID := key.ID
|
||||
```
|
||||
|
||||
### Generating a root key with policy overrides (CRK)
|
||||
|
||||
```go
|
||||
enable := true
|
||||
// Specify policy data
|
||||
policy := kp.Policy{
|
||||
Rotation: &kp.Rotation{
|
||||
Enabled: &enable,
|
||||
Interval: 3,
|
||||
},
|
||||
DualAuth: &kp.DualAuth{
|
||||
Enabled: &enable,
|
||||
},
|
||||
}
|
||||
|
||||
// Create a root key named MyRootKey with a rotation and a dualAuthDelete policy
|
||||
key, err := client.CreateRootKeyWithPolicyOverrides(ctx, "MyRootKey", nil, nil, policy)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
fmt.Println(key.ID, key.Name)
|
||||
|
||||
crkID := key.ID
|
||||
```
|
||||
|
||||
### Wrapping and Unwrapping a DEK using a specific Root Key.
|
||||
|
||||
```go
|
||||
@ -171,7 +196,51 @@ dek = nil
|
||||
// Save the wrapped DEK for later. Call Unwrap to use it, make
|
||||
// sure to specify the same AAD.
|
||||
```
|
||||
### Fetching List Key Versions With Parameters.
|
||||
|
||||
### Fetching keys based on query parameters
|
||||
|
||||
```go
|
||||
|
||||
limit := uint32(5)
|
||||
offset := uint32(0)
|
||||
extractable := false
|
||||
keyStates := []kp.KeyState{kp.KeyState(kp.Active), kp.KeyState(kp.Suspended)}
|
||||
searchStr := "foobar"
|
||||
searchQuery, _ := kp.GetKeySearchQuery(&searchStr, kp.ApplyNot(), kp.AddAliasScope())
|
||||
|
||||
listKeysOptions := &kp.ListKeysOptions{
|
||||
Limit : &limit,
|
||||
Offset : &offset,
|
||||
Extractable : &extractable,
|
||||
State : keyStates,
|
||||
Search: searchQuery,
|
||||
}
|
||||
|
||||
keys, err := client.ListKeys(ctx, listKeysOptions)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
fmt.Println(keys)
|
||||
```
|
||||
|
||||
### Fetching keys in ascending or descending sorted order of parameters
|
||||
|
||||
```go
|
||||
srtStr, _ := kp.GetKeySortStr(kp.WithCreationDate(), WithImportedDesc())
|
||||
|
||||
listKeysOptions := &kp.ListKeysOptions{
|
||||
Sort:srtStr,
|
||||
}
|
||||
|
||||
keys, err := client.ListKeys(ctx, listKeysOptions)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
fmt.Println(keys)
|
||||
```
|
||||
For more information about KeySearch visit: https://cloud.ibm.com/apidocs/key-protect#kp-get-key-search-api
|
||||
|
||||
### Fetching key versions based on query parameters
|
||||
|
||||
```go
|
||||
|
||||
@ -192,20 +261,76 @@ if err != nil {
|
||||
fmt.Println(keyVersions)
|
||||
```
|
||||
|
||||
### Fetching List Key With Parameters.
|
||||
### Enable instance rotation policy
|
||||
|
||||
```go
|
||||
|
||||
limit := uint32(5)
|
||||
offset := uint32(0)
|
||||
extractable := false
|
||||
keyStates := []kp.KeyState{kp.KeyState(kp.Active), kp.KeyState(kp.Suspended)}
|
||||
intervalMonth := 3
|
||||
enable := true
|
||||
|
||||
err := client.SetRotationInstancePolicy(context.Background(), enable, &intervalMonth)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
|
||||
rotationInstancePolicy, err := client.GetRotationInstancePolicy(context.Background())
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
fmt.Println(rotationInstancePolicy)
|
||||
```
|
||||
|
||||
### Set key rotation policy
|
||||
|
||||
```go
|
||||
|
||||
rotationInterval := 3
|
||||
enabled := true
|
||||
keyRotationPolicy, err := client.SetRotationPolicy(context.Background(), "key_id_or_alias", rotationInterval, enabled)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
fmt.Println(keyRotationPolicy)
|
||||
```
|
||||
|
||||
### Enable key rotation policy
|
||||
|
||||
```go
|
||||
|
||||
keyRotationPolicy, err := client.EnableRotationPolicy(context.Background(), "key_id_or_alias")
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
fmt.Println(keyRotationPolicy)
|
||||
```
|
||||
|
||||
### List keys based on filter properties
|
||||
|
||||
```go
|
||||
// Option-1 - Directly passing the filter query in the format that the API supports.
|
||||
filterQuery := "creationDate=gt:\"2022-07-05T00:00:00Z\" state=1,5 extractable=false"
|
||||
|
||||
listKeysOptions := &kp.ListKeysOptions{
|
||||
Limit : &limit,
|
||||
Offset : &offset,
|
||||
Extractable : &extractable,
|
||||
State : keyStates,
|
||||
Filter:&filterQuery,
|
||||
}
|
||||
|
||||
keys, err := client.ListKeys(ctx, listKeysOptions)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
fmt.Println(keys)
|
||||
|
||||
// Option-2 - Using the builder provided by SDK to construct the filter query
|
||||
fb := kp.GetFilterQueryBuilder()
|
||||
dateQ := time.Date(2022, 07, 04, 07, 43, 23, 100, time.UTC)
|
||||
|
||||
filterQuery := fb.CreationDate().GreaterThan(dateQ).
|
||||
State([]kp.KeyState{kp.KeyState(kp.Destroyed), kp.KeyState(kp.Active)}).
|
||||
Extractable(true).
|
||||
Build()
|
||||
|
||||
listKeysOptions := &kp.ListKeysOptions{
|
||||
Filter:&filterQuery,
|
||||
}
|
||||
|
||||
keys, err := client.ListKeys(ctx, listKeysOptions)
|
||||
@ -214,56 +339,3 @@ if err != nil {
|
||||
}
|
||||
fmt.Println(keys)
|
||||
```
|
||||
|
||||
### Fetching List Key In Sorted Ascending Order Based On Paramaeters.
|
||||
|
||||
```go
|
||||
srtStr, _ := kp.GetKeySortStr(kp.WithCreationDate(), kp.WithImported())
|
||||
|
||||
listKeysOptions := &kp.ListKeysOptions{
|
||||
Sort:srtStr,
|
||||
}
|
||||
|
||||
keys, err := client.ListKeys(ctx, listKeysOptions)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
fmt.Println(keys)
|
||||
```
|
||||
|
||||
### Fetching List Key In Sorted Descending Order Based On Paramaeters.
|
||||
|
||||
```go
|
||||
srtStr, _ := GetKeySortStr(WithCreationDateDesc(), WithImportedDesc())
|
||||
|
||||
listKeysOptions := &ListKeysOptions{
|
||||
Sort: srtStr,
|
||||
}
|
||||
|
||||
keys, err := client.ListKeys(ctx, listKeysOptions)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
fmt.Println(keys)
|
||||
```
|
||||
|
||||
For more information about KeySearch visit: https://cloud.ibm.com/apidocs/key-protect#kp-get-key-search-api
|
||||
|
||||
### Using Search functionality in list Keys API
|
||||
|
||||
```go
|
||||
|
||||
searchStr := "foobar"
|
||||
srcStr2, _ := kp.GetKeySearchQuery(&searchStr, kp.ApplyNot(), kp.AddAliasScope())
|
||||
|
||||
listKeysOptions := &kp.ListKeysOptions{
|
||||
Search: srcStr2,
|
||||
}
|
||||
|
||||
keys, err := client.ListKeys(ctx, listKeysOptions)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
fmt.Println(keys)
|
||||
|
||||
```
|
||||
|
109
vendor/github.com/IBM/keyprotect-go-client/instances.go
generated
vendored
109
vendor/github.com/IBM/keyprotect-go-client/instances.go
generated
vendored
@ -17,14 +17,12 @@ package kp
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
// DualAuthDelete defines the policy type as dual auth delete
|
||||
DualAuthDelete = "dualAuthDelete"
|
||||
|
||||
// AllowedNetwork defines the policy type as allowed network
|
||||
AllowedNetwork = "allowedNetwork"
|
||||
|
||||
@ -44,7 +42,6 @@ const (
|
||||
EnforceToken = "EnforceToken"
|
||||
)
|
||||
|
||||
|
||||
// InstancePolicy represents a instance-level policy of a key as returned by the KP API.
|
||||
// this policy enables dual authorization for deleting a key
|
||||
type InstancePolicy struct {
|
||||
@ -62,7 +59,7 @@ type PolicyData struct {
|
||||
Attributes *Attributes `json:"attributes,omitempty"`
|
||||
}
|
||||
|
||||
// Attributes contains the detals of allowed network policy type
|
||||
// Attributes contains the details of an instance policy
|
||||
type Attributes struct {
|
||||
AllowedNetwork *string `json:"allowed_network,omitempty"`
|
||||
AllowedIP IPAddresses `json:"allowed_ip,omitempty"`
|
||||
@ -71,6 +68,7 @@ type Attributes struct {
|
||||
ImportRootKey *bool `json:"import_root_key,omitempty"`
|
||||
ImportStandardKey *bool `json:"import_standard_key,omitempty"`
|
||||
EnforceToken *bool `json:"enforce_token,omitempty"`
|
||||
IntervalMonth *int `json:"interval_month,omitempty"`
|
||||
}
|
||||
|
||||
// IPAddresses ...
|
||||
@ -154,7 +152,7 @@ func (c *Client) GetKeyCreateImportAccessInstancePolicy(ctx context.Context) (*I
|
||||
}
|
||||
|
||||
func (c *Client) getInstancePolicy(ctx context.Context, policyType string, policyResponse *InstancePolicies) error {
|
||||
req, err := c.newRequest("GET", "instance/policies", nil)
|
||||
req, err := c.newRequest(http.MethodGet, "instance/policies", nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -185,11 +183,26 @@ func (c *Client) GetMetricsInstancePolicy(ctx context.Context) (*InstancePolicy,
|
||||
return &policyResponse.Policies[0], nil
|
||||
}
|
||||
|
||||
// GetRotationInstancePolicy retrieves the rotation policy details associated with the instance
|
||||
func (c *Client) GetRotationInstancePolicy(ctx context.Context) (*InstancePolicy, error) {
|
||||
policyResponse := InstancePolicies{}
|
||||
|
||||
err := c.getInstancePolicy(ctx, RotationPolicy, &policyResponse)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(policyResponse.Policies) == 0 {
|
||||
return nil, nil
|
||||
}
|
||||
return &policyResponse.Policies[0], nil
|
||||
}
|
||||
|
||||
// GetInstancePolicies retrieves all policies of an Instance.
|
||||
func (c *Client) GetInstancePolicies(ctx context.Context) ([]InstancePolicy, error) {
|
||||
policyresponse := InstancePolicies{}
|
||||
|
||||
req, err := c.newRequest("GET", "instance/policies", nil)
|
||||
req, err := c.newRequest(http.MethodGet, "instance/policies", nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -203,7 +216,7 @@ func (c *Client) GetInstancePolicies(ctx context.Context) ([]InstancePolicy, err
|
||||
}
|
||||
|
||||
func (c *Client) setInstancePolicy(ctx context.Context, policyType string, policyRequest InstancePolicies) error {
|
||||
req, err := c.newRequest("PUT", "instance/policies", &policyRequest)
|
||||
req, err := c.newRequest(http.MethodPut, "instance/policies", &policyRequest)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -242,6 +255,49 @@ func (c *Client) SetDualAuthInstancePolicy(ctx context.Context, enable bool) err
|
||||
return err
|
||||
}
|
||||
|
||||
func addRotationInstancePolicyData(enable bool, intervalMonth *int) (InstancePolicy, error) {
|
||||
|
||||
rotationPolicyData := InstancePolicy{
|
||||
PolicyType: RotationPolicy,
|
||||
PolicyData: PolicyData{
|
||||
Enabled: &enable,
|
||||
},
|
||||
}
|
||||
|
||||
if enable && intervalMonth == nil {
|
||||
return InstancePolicy{}, fmt.Errorf("Interval Month is required to enable rotation instance policy")
|
||||
} else if !enable && intervalMonth != nil {
|
||||
return InstancePolicy{}, fmt.Errorf("Interval Month should only be provided if the policy is being enabled")
|
||||
} else if intervalMonth != nil {
|
||||
rotationPolicyData.PolicyData.Attributes = &Attributes{
|
||||
IntervalMonth: intervalMonth,
|
||||
}
|
||||
}
|
||||
|
||||
return rotationPolicyData, nil
|
||||
}
|
||||
|
||||
// SetRotationInstancePolicy updates the rotation instance policy details associated with an instance.
|
||||
func (c *Client) SetRotationInstancePolicy(ctx context.Context, enable bool, intervalMonth *int) error {
|
||||
|
||||
rotationPolicyData, err := addRotationInstancePolicyData(enable, intervalMonth)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
policyRequest := InstancePolicies{
|
||||
Metadata: PoliciesMetadata{
|
||||
CollectionType: policyType,
|
||||
NumberOfPolicies: 1,
|
||||
},
|
||||
Policies: []InstancePolicy{rotationPolicyData},
|
||||
}
|
||||
|
||||
err = c.setInstancePolicy(ctx, RotationPolicy, policyRequest)
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
// SetAllowedIPInstancePolices updates the allowed IP instance policy details associated with an instance.
|
||||
// For more information can refet to the Key Protect docs in the link below:
|
||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-allowed-ip
|
||||
@ -394,21 +450,27 @@ type AllowedIPPolicyData struct {
|
||||
|
||||
// KeyAccessInstancePolicyData defines the attribute input for the Key Create Import Access instance policy
|
||||
type KeyCreateImportAccessInstancePolicy struct {
|
||||
Enabled bool
|
||||
CreateRootKey bool
|
||||
Enabled bool
|
||||
CreateRootKey bool
|
||||
CreateStandardKey bool
|
||||
ImportRootKey bool
|
||||
ImportRootKey bool
|
||||
ImportStandardKey bool
|
||||
EnforceToken bool
|
||||
EnforceToken bool
|
||||
}
|
||||
|
||||
type RotationPolicyData struct {
|
||||
Enabled bool
|
||||
IntervalMonth *int
|
||||
}
|
||||
|
||||
// MultiplePolicies defines the input for the SetInstancPolicies method that can hold multiple policy details
|
||||
type MultiplePolicies struct {
|
||||
DualAuthDelete *BasicPolicyData
|
||||
AllowedNetwork *AllowedNetworkPolicyData
|
||||
AllowedIP *AllowedIPPolicyData
|
||||
Metrics *BasicPolicyData
|
||||
DualAuthDelete *BasicPolicyData
|
||||
AllowedNetwork *AllowedNetworkPolicyData
|
||||
AllowedIP *AllowedIPPolicyData
|
||||
Metrics *BasicPolicyData
|
||||
KeyCreateImportAccess *KeyCreateImportAccessInstancePolicy
|
||||
Rotation *RotationPolicyData
|
||||
}
|
||||
|
||||
// SetInstancePolicies updates single or multiple policy details of an instance.
|
||||
@ -465,7 +527,7 @@ func (c *Client) SetInstancePolicies(ctx context.Context, policies MultiplePolic
|
||||
policy := InstancePolicy{
|
||||
PolicyType: KeyCreateImportAccess,
|
||||
PolicyData: PolicyData{
|
||||
Enabled: &(policies.KeyCreateImportAccess.Enabled),
|
||||
Enabled: &(policies.KeyCreateImportAccess.Enabled),
|
||||
Attributes: &Attributes{},
|
||||
},
|
||||
}
|
||||
@ -489,6 +551,15 @@ func (c *Client) SetInstancePolicies(ctx context.Context, policies MultiplePolic
|
||||
resPolicies = append(resPolicies, policy)
|
||||
}
|
||||
|
||||
if policies.Rotation != nil {
|
||||
policy, err := addRotationInstancePolicyData(policies.Rotation.Enabled, policies.Rotation.IntervalMonth)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
resPolicies = append(resPolicies, policy)
|
||||
}
|
||||
|
||||
policyRequest := InstancePolicies{
|
||||
Metadata: PoliciesMetadata{
|
||||
CollectionType: policyType,
|
||||
@ -499,7 +570,7 @@ func (c *Client) SetInstancePolicies(ctx context.Context, policies MultiplePolic
|
||||
|
||||
policyresponse := Policies{}
|
||||
|
||||
req, err := c.newRequest("PUT", "instance/policies", &policyRequest)
|
||||
req, err := c.newRequest(http.MethodPut, "instance/policies", &policyRequest)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -526,7 +597,7 @@ type privatePort struct {
|
||||
func (c *Client) GetAllowedIPPrivateNetworkPort(ctx context.Context) (int, error) {
|
||||
var portResponse portResponse
|
||||
|
||||
req, err := c.newRequest("GET", "instance/allowed_ip_port", nil)
|
||||
req, err := c.newRequest(http.MethodGet, "instance/allowed_ip_port", nil)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
81
vendor/github.com/IBM/keyprotect-go-client/keys.go
generated
vendored
81
vendor/github.com/IBM/keyprotect-go-client/keys.go
generated
vendored
@ -19,6 +19,7 @@ import (
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strconv"
|
||||
"time"
|
||||
@ -32,7 +33,9 @@ const (
|
||||
)
|
||||
|
||||
var (
|
||||
preferHeaders = []string{"return=minimal", "return=representation"}
|
||||
preferHeaders = []string{"return=minimal", "return=representation"}
|
||||
keysPath = "keys"
|
||||
keysWithPolicyOverridesPath = "keys_with_policy_overrides"
|
||||
)
|
||||
|
||||
// PreferReturn designates the value for the "Prefer" header.
|
||||
@ -80,6 +83,7 @@ type Key struct {
|
||||
PurgeAllowedFrom *time.Time `json:"purgeAllowedFrom,omitempty"`
|
||||
PurgeScheduledOn *time.Time `json:"purgeScheduledOn,omitempty"`
|
||||
DualAuthDelete *DualAuth `json:"dualAuthDelete,omitempty"`
|
||||
Rotation *Rotation `json:"rotation,omitempty"`
|
||||
}
|
||||
|
||||
// KeysMetadata represents the metadata of a collection of keys.
|
||||
@ -129,14 +133,14 @@ func (c *Client) CreateKey(ctx context.Context, name string, expiration *time.Ti
|
||||
|
||||
// CreateImportedKey creates a new KP key from the given key material.
|
||||
func (c *Client) CreateImportedKey(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool) (*Key, error) {
|
||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, nil, AlgorithmRSAOAEP256)
|
||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, nil, AlgorithmRSAOAEP256, nil)
|
||||
return c.createKey(ctx, key)
|
||||
}
|
||||
|
||||
// CreateImportedKeyWithSHA1 creates a new KP key from the given key material
|
||||
// using RSAES OAEP SHA 1 as encryption algorithm.
|
||||
func (c *Client) CreateImportedKeyWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
|
||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1)
|
||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, nil)
|
||||
return c.createKey(ctx, key)
|
||||
}
|
||||
|
||||
@ -179,11 +183,11 @@ func (c *Client) CreateKeyWithAliases(ctx context.Context, name string, expirati
|
||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-root-keys#import-root-key-api
|
||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-standard-keys#import-standard-key-gui
|
||||
func (c *Client) CreateImportedKeyWithAliases(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
|
||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256)
|
||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, nil)
|
||||
return c.createKey(ctx, key)
|
||||
}
|
||||
|
||||
func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, encryptionAlgorithm string) Key {
|
||||
func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, encryptionAlgorithm string, policy *Policy) Key {
|
||||
key := Key{
|
||||
Name: name,
|
||||
Type: keyType,
|
||||
@ -205,10 +209,23 @@ func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration
|
||||
key.Expiration = expiration
|
||||
}
|
||||
|
||||
if policy != nil {
|
||||
key.Rotation = policy.Rotation
|
||||
key.DualAuthDelete = policy.DualAuth
|
||||
}
|
||||
|
||||
return key
|
||||
}
|
||||
|
||||
func (c *Client) createKey(ctx context.Context, key Key) (*Key, error) {
|
||||
return c.createKeyResource(ctx, key, keysPath)
|
||||
}
|
||||
|
||||
func (c *Client) createKeyWithPolicyOverrides(ctx context.Context, key Key) (*Key, error) {
|
||||
return c.createKeyResource(ctx, key, keysWithPolicyOverridesPath)
|
||||
}
|
||||
|
||||
func (c *Client) createKeyResource(ctx context.Context, key Key, path string) (*Key, error) {
|
||||
keysRequest := Keys{
|
||||
Metadata: KeysMetadata{
|
||||
CollectionType: keyType,
|
||||
@ -217,11 +234,10 @@ func (c *Client) createKey(ctx context.Context, key Key) (*Key, error) {
|
||||
Keys: []Key{key},
|
||||
}
|
||||
|
||||
req, err := c.newRequest("POST", "keys", &keysRequest)
|
||||
req, err := c.newRequest(http.MethodPost, path, &keysRequest)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
keysResponse := Keys{}
|
||||
if _, err := c.do(ctx, req, &keysResponse); err != nil {
|
||||
return nil, err
|
||||
@ -260,6 +276,57 @@ func (c *Client) SetKeyRing(ctx context.Context, idOrAlias, newKeyRingID string)
|
||||
return &response.Keys[0], nil
|
||||
}
|
||||
|
||||
// CreateImportedKeyWithPolicyOverridesWithSHA1 creates a new KP key with policy overrides from the given key material
|
||||
// and key policy details using RSAES OAEP SHA 1 as encryption algorithm.
|
||||
func (c *Client) CreateImportedKeyWithPolicyOverridesWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
|
||||
/*
|
||||
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
|
||||
*/
|
||||
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
|
||||
policy.Rotation.Interval = -1
|
||||
}
|
||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, &policy)
|
||||
return c.createKeyWithPolicyOverrides(ctx, key)
|
||||
}
|
||||
|
||||
// CreateKeyWithPolicyOverrides creates a new KP key with given key policy details
|
||||
func (c *Client) CreateKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, extractable bool, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, "", "", "", extractable, aliases, policy)
|
||||
}
|
||||
|
||||
// CreateImportedKeyWithPolicyOverrides creates a new Imported KP key from the given key material and with given key policy details
|
||||
func (c *Client) CreateImportedKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
|
||||
/*
|
||||
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
|
||||
*/
|
||||
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
|
||||
policy.Rotation.Interval = -1
|
||||
}
|
||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, &policy)
|
||||
|
||||
return c.createKeyWithPolicyOverrides(ctx, key)
|
||||
}
|
||||
|
||||
// CreateRootKeyWithPolicyOverrides creates a new, non-extractable key resource without key material and with given key policy details
|
||||
func (c *Client) CreateRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, false, aliases, policy)
|
||||
}
|
||||
|
||||
// CreateStandardKeyWithPolicyOverrides creates a new, extractable key resource without key material and with given key policy details
|
||||
func (c *Client) CreateStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, true, aliases, policy)
|
||||
}
|
||||
|
||||
// CreateImportedRootKeyWithPolicyOverrides creates a new, non-extractable key resource with the given key material and with given key policy details
|
||||
func (c *Client) CreateImportedRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, encryptedNonce, iv, false, aliases, policy)
|
||||
}
|
||||
|
||||
// CreateImportedStandardKeyWithPolicyOverrides creates a new, extractable key resource with the given key material and with given key policy details
|
||||
func (c *Client) CreateImportedStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload string, aliases []string, policy Policy) (*Key, error) {
|
||||
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, "", "", true, aliases, policy)
|
||||
}
|
||||
|
||||
// GetKeys retrieves a collection of keys that can be paged through.
|
||||
func (c *Client) GetKeys(ctx context.Context, limit int, offset int) (*Keys, error) {
|
||||
if limit == 0 {
|
||||
|
99
vendor/github.com/IBM/keyprotect-go-client/listkeys.go
generated
vendored
99
vendor/github.com/IBM/keyprotect-go-client/listkeys.go
generated
vendored
@ -20,6 +20,7 @@ import (
|
||||
"fmt"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
//ListKeysOptions struct to add the query parameters for the List Keys function
|
||||
@ -30,6 +31,7 @@ type ListKeysOptions struct {
|
||||
State []KeyState
|
||||
Sort *string
|
||||
Search *string
|
||||
Filter *string
|
||||
}
|
||||
|
||||
// ListKeys retrieves a list of keys that are stored in your Key Protect service instance.
|
||||
@ -67,6 +69,9 @@ func (c *Client) ListKeys(ctx context.Context, listKeysOptions *ListKeysOptions)
|
||||
if listKeysOptions.Sort != nil {
|
||||
values.Set("sort", fmt.Sprint(*listKeysOptions.Sort))
|
||||
}
|
||||
if listKeysOptions.Filter != nil {
|
||||
values.Set("filter", fmt.Sprint(*listKeysOptions.Filter))
|
||||
}
|
||||
req.URL.RawQuery = values.Encode()
|
||||
}
|
||||
|
||||
@ -211,3 +216,97 @@ func AddAliasScope() SearchOpts {
|
||||
func AddKeyNameScope() SearchOpts {
|
||||
return buildSearcOpts("name")
|
||||
}
|
||||
|
||||
// Filter related functions
|
||||
type filterQuery struct {
|
||||
queryStr string
|
||||
}
|
||||
|
||||
type FilterQueryBuilder struct {
|
||||
filterQueryString filterQuery
|
||||
}
|
||||
|
||||
func GetFilterQueryBuilder() *FilterQueryBuilder {
|
||||
return &FilterQueryBuilder{filterQuery{queryStr: ""}}
|
||||
}
|
||||
|
||||
func (fq *FilterQueryBuilder) Build() string {
|
||||
return fq.filterQueryString.queryStr
|
||||
}
|
||||
|
||||
func (fq *FilterQueryBuilder) CreationDate() *FilterQueryBuilder {
|
||||
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " creationDate="
|
||||
return fq
|
||||
}
|
||||
|
||||
func (fq *FilterQueryBuilder) ExpirationDate() *FilterQueryBuilder {
|
||||
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " expirationDate="
|
||||
return fq
|
||||
}
|
||||
|
||||
func (fq *FilterQueryBuilder) LastRotationDate() *FilterQueryBuilder {
|
||||
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " lastRotateDate="
|
||||
return fq
|
||||
}
|
||||
|
||||
func (fq *FilterQueryBuilder) DeletionDate() *FilterQueryBuilder {
|
||||
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " deletionDate="
|
||||
return fq
|
||||
}
|
||||
|
||||
func (fq *FilterQueryBuilder) LastUpdateDate() *FilterQueryBuilder {
|
||||
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " lastUpdateDate="
|
||||
return fq
|
||||
}
|
||||
|
||||
func (fq *FilterQueryBuilder) State(states []KeyState) *FilterQueryBuilder {
|
||||
str := " state="
|
||||
for _, val := range states {
|
||||
str += strconv.Itoa(int(val)) + ","
|
||||
}
|
||||
// remove the extra comma appended at the end of the string
|
||||
str = strings.TrimSuffix(str, ",")
|
||||
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + str
|
||||
return fq
|
||||
}
|
||||
|
||||
func (fq *FilterQueryBuilder) Extractable(val bool) *FilterQueryBuilder {
|
||||
extractable := " extractable=" + strconv.FormatBool(val)
|
||||
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + extractable
|
||||
return fq
|
||||
}
|
||||
|
||||
func (fq *FilterQueryBuilder) GreaterThan(dateInput time.Time) *FilterQueryBuilder {
|
||||
date := dateInput.Format(time.RFC3339Nano)
|
||||
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "gt:" + "\"" + date + "\""
|
||||
return fq
|
||||
}
|
||||
|
||||
func (fq *FilterQueryBuilder) GreaterThanOrEqual(dateInput time.Time) *FilterQueryBuilder {
|
||||
date := dateInput.Format(time.RFC3339Nano)
|
||||
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "gte:" + "\"" + date + "\""
|
||||
return fq
|
||||
}
|
||||
|
||||
func (fq *FilterQueryBuilder) LessThan(dateInput time.Time) *FilterQueryBuilder {
|
||||
date := dateInput.Format(time.RFC3339Nano)
|
||||
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "lt:" + "\"" + date + "\""
|
||||
return fq
|
||||
}
|
||||
|
||||
func (fq *FilterQueryBuilder) LessThanOrEqual(dateInput time.Time) *FilterQueryBuilder {
|
||||
date := dateInput.Format(time.RFC3339Nano)
|
||||
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "lte:" + "\"" + date + "\""
|
||||
return fq
|
||||
}
|
||||
|
||||
func (fq *FilterQueryBuilder) Equal(dateInput time.Time) *FilterQueryBuilder {
|
||||
date := dateInput.Format(time.RFC3339Nano)
|
||||
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "\"" + date + "\""
|
||||
return fq
|
||||
}
|
||||
|
||||
func (fq *FilterQueryBuilder) None() *FilterQueryBuilder {
|
||||
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "none"
|
||||
return fq
|
||||
}
|
||||
|
61
vendor/github.com/IBM/keyprotect-go-client/policy.go
generated
vendored
61
vendor/github.com/IBM/keyprotect-go-client/policy.go
generated
vendored
@ -22,9 +22,13 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
policyType = "application/vnd.ibm.kms.policy+json"
|
||||
// DualAuthDelete defines the policy type as dual auth delete
|
||||
DualAuthDelete = "dualAuthDelete"
|
||||
|
||||
//RotationPolicy defines the policy type as rotation
|
||||
RotationPolicy = "rotation"
|
||||
|
||||
policyType = "application/vnd.ibm.kms.policy+json"
|
||||
)
|
||||
|
||||
// Policy represents a policy as returned by the KP API.
|
||||
@ -40,7 +44,8 @@ type Policy struct {
|
||||
}
|
||||
|
||||
type Rotation struct {
|
||||
Interval int `json:"interval_month,omitempty"`
|
||||
Enabled *bool `json:"enabled,omitempty"`
|
||||
Interval int `json:"interval_month,omitempty"`
|
||||
}
|
||||
|
||||
type DualAuth struct {
|
||||
@ -152,7 +157,7 @@ func (c *Client) getPolicy(ctx context.Context, id, policyType string, policyres
|
||||
return err
|
||||
}
|
||||
|
||||
// GetRotationPolivy method retrieves rotation policy details of a key
|
||||
// GetRotationPolicy method retrieves rotation policy details of a key
|
||||
// For more information can refet the Key Protect docs in the link below:
|
||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-rotation-policy#view-rotation-policy-api
|
||||
func (c *Client) GetRotationPolicy(ctx context.Context, idOrAlias string) (*Policy, error) {
|
||||
@ -207,13 +212,11 @@ func (c *Client) setPolicy(ctx context.Context, idOrAlias, policyType string, po
|
||||
return &policyresponse, nil
|
||||
}
|
||||
|
||||
// SetRotationPolicy updates the rotation policy associated with a key by specifying key ID or alias and rotation interval.
|
||||
// For more information can refer the Key Protect docs in the link below:
|
||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-rotation-policy#update-rotation-policy-api
|
||||
func (c *Client) SetRotationPolicy(ctx context.Context, idOrAlias string, rotationInterval int) (*Policy, error) {
|
||||
func (c *Client) setKeyRotationPolicy(ctx context.Context, idOrAlias string, enable *bool, rotationInterval int) (*Policy, error) {
|
||||
policy := Policy{
|
||||
Type: policyType,
|
||||
Rotation: &Rotation{
|
||||
Enabled: enable,
|
||||
Interval: rotationInterval,
|
||||
},
|
||||
}
|
||||
@ -238,6 +241,35 @@ func (c *Client) SetRotationPolicy(ctx context.Context, idOrAlias string, rotati
|
||||
return &policyresponse.Policies[0], nil
|
||||
}
|
||||
|
||||
func (c *Client) EnableRotationPolicy(ctx context.Context, idOrAlias string) (*Policy, error) {
|
||||
enabled := true
|
||||
return c.setKeyRotationPolicy(ctx, idOrAlias, &enabled, 0)
|
||||
}
|
||||
|
||||
func (c *Client) DisableRotationPolicy(ctx context.Context, idOrAlias string) (*Policy, error) {
|
||||
enabled := false
|
||||
return c.setKeyRotationPolicy(ctx, idOrAlias, &enabled, 0)
|
||||
}
|
||||
|
||||
// SetRotationPolicy updates the rotation policy associated with a key by specifying key ID or alias and rotation interval.
|
||||
// For more information can refer the Key Protect docs in the link below:
|
||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-rotation-policy#update-rotation-policy-api
|
||||
func (c *Client) SetRotationPolicy(ctx context.Context, idOrAlias string, rotationInterval int, enabled ...bool) (*Policy, error) {
|
||||
/*
|
||||
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling
|
||||
so that we can get correct error msg from REST API saying interval_month should be between 1 to 12
|
||||
Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
|
||||
*/
|
||||
if rotationInterval == 0 {
|
||||
rotationInterval = -1
|
||||
}
|
||||
var enable *bool
|
||||
if enabled != nil {
|
||||
enable = &enabled[0]
|
||||
}
|
||||
return c.setKeyRotationPolicy(ctx, idOrAlias, enable, rotationInterval)
|
||||
}
|
||||
|
||||
// SetDualAuthDeletePolicy updates the dual auth delete policy by passing the key ID or alias and enable detail
|
||||
// For more information can refer the Key Protect docs in the link below:
|
||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-dual-auth-key-policy#create-dual-auth-key-policy-api
|
||||
@ -273,12 +305,25 @@ func (c *Client) SetDualAuthDeletePolicy(ctx context.Context, idOrAlias string,
|
||||
// To set rotation policy for the key pass the setRotationPolicy parameter as true and set the rotationInterval detail.
|
||||
// To set dual auth delete policy for the key pass the setDualAuthDeletePolicy parameter as true and set the dualAuthEnable detail.
|
||||
// Both the policies can be set or either of the policies can be set.
|
||||
func (c *Client) SetPolicies(ctx context.Context, idOrAlias string, setRotationPolicy bool, rotationInterval int, setDualAuthDeletePolicy, dualAuthEnable bool) ([]Policy, error) {
|
||||
func (c *Client) SetPolicies(ctx context.Context, idOrAlias string, setRotationPolicy bool, rotationInterval int, setDualAuthDeletePolicy, dualAuthEnable bool, rotationEnable ...bool) ([]Policy, error) {
|
||||
/*
|
||||
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling
|
||||
so that we can get correct error msg from REST API saying interval_month should be between 1 to 12
|
||||
Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
|
||||
*/
|
||||
if rotationInterval == 0 {
|
||||
rotationInterval = -1
|
||||
}
|
||||
var enable *bool
|
||||
if rotationEnable != nil {
|
||||
enable = &rotationEnable[0]
|
||||
}
|
||||
policies := []Policy{}
|
||||
if setRotationPolicy {
|
||||
rotationPolicy := Policy{
|
||||
Type: policyType,
|
||||
Rotation: &Rotation{
|
||||
Enabled: enable,
|
||||
Interval: rotationInterval,
|
||||
},
|
||||
}
|
||||
|
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -1,4 +1,4 @@
|
||||
# github.com/IBM/keyprotect-go-client v0.8.1
|
||||
# github.com/IBM/keyprotect-go-client v0.9.0
|
||||
## explicit; go 1.15
|
||||
github.com/IBM/keyprotect-go-client
|
||||
github.com/IBM/keyprotect-go-client/iam
|
||||
|
Loading…
Reference in New Issue
Block a user