rebase: bump github.com/IBM/keyprotect-go-client from 0.8.1 to 0.9.0

Bumps [github.com/IBM/keyprotect-go-client](https://github.com/IBM/keyprotect-go-client) from 0.8.1 to 0.9.0. - [Release notes](https://github.com/IBM/keyprotect-go-client/releases) - [Commits](https://github.com/IBM/keyprotect-go-client/compare/v0.8.1...v0.9.0) --- updated-dependencies: - dependency-name: github.com/IBM/keyprotect-go-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
2025-06-13 10:33:35 +00:00 · 2022-11-07 20:03:12 +00:00
parent 8650538b78
commit fe13fff9fa
10 changed files with 727 additions and 104 deletions
--- a/vendor/github.com/IBM/keyprotect-go-client/keys.go
+++ b/vendor/github.com/IBM/keyprotect-go-client/keys.go
@ -19,6 +19,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	"log"
+	"net/http"
 	"net/url"
 	"strconv"
 	"time"
@ -32,7 +33,9 @@ const (
 )

 var (
-	preferHeaders = []string{"return=minimal", "return=representation"}
+	preferHeaders               = []string{"return=minimal", "return=representation"}
+	keysPath                    = "keys"
+	keysWithPolicyOverridesPath = "keys_with_policy_overrides"
 )

 // PreferReturn designates the value for the "Prefer" header.
@ -80,6 +83,7 @@ type Key struct {
 	PurgeAllowedFrom    *time.Time  `json:"purgeAllowedFrom,omitempty"`
 	PurgeScheduledOn    *time.Time  `json:"purgeScheduledOn,omitempty"`
 	DualAuthDelete      *DualAuth   `json:"dualAuthDelete,omitempty"`
+	Rotation            *Rotation   `json:"rotation,omitempty"`
 }

 // KeysMetadata represents the metadata of a collection of keys.
@ -129,14 +133,14 @@ func (c *Client) CreateKey(ctx context.Context, name string, expiration *time.Ti

 // CreateImportedKey creates a new KP key from the given key material.
 func (c *Client) CreateImportedKey(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool) (*Key, error) {
-	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, nil, AlgorithmRSAOAEP256)
+	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, nil, AlgorithmRSAOAEP256, nil)
 	return c.createKey(ctx, key)
 }

 // CreateImportedKeyWithSHA1 creates a new KP key from the given key material
 // using RSAES OAEP SHA 1 as encryption algorithm.
 func (c *Client) CreateImportedKeyWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
-	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1)
+	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, nil)
 	return c.createKey(ctx, key)
 }

@ -179,11 +183,11 @@ func (c *Client) CreateKeyWithAliases(ctx context.Context, name string, expirati
 // https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-root-keys#import-root-key-api
 // https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-standard-keys#import-standard-key-gui
 func (c *Client) CreateImportedKeyWithAliases(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
-	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256)
+	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, nil)
 	return c.createKey(ctx, key)
 }

-func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, encryptionAlgorithm string) Key {
+func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, encryptionAlgorithm string, policy *Policy) Key {
 	key := Key{
 		Name:        name,
 		Type:        keyType,
@ -205,10 +209,23 @@ func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration
 		key.Expiration = expiration
 	}

+	if policy != nil {
+		key.Rotation = policy.Rotation
+		key.DualAuthDelete = policy.DualAuth
+	}
+
 	return key
 }

 func (c *Client) createKey(ctx context.Context, key Key) (*Key, error) {
+	return c.createKeyResource(ctx, key, keysPath)
+}
+
+func (c *Client) createKeyWithPolicyOverrides(ctx context.Context, key Key) (*Key, error) {
+	return c.createKeyResource(ctx, key, keysWithPolicyOverridesPath)
+}
+
+func (c *Client) createKeyResource(ctx context.Context, key Key, path string) (*Key, error) {
 	keysRequest := Keys{
 		Metadata: KeysMetadata{
 			CollectionType: keyType,
@ -217,11 +234,10 @@ func (c *Client) createKey(ctx context.Context, key Key) (*Key, error) {
 		Keys: []Key{key},
 	}

-	req, err := c.newRequest("POST", "keys", &keysRequest)
+	req, err := c.newRequest(http.MethodPost, path, &keysRequest)
 	if err != nil {
 		return nil, err
 	}
-
 	keysResponse := Keys{}
 	if _, err := c.do(ctx, req, &keysResponse); err != nil {
 		return nil, err
@ -260,6 +276,57 @@ func (c *Client) SetKeyRing(ctx context.Context, idOrAlias, newKeyRingID string)
 	return &response.Keys[0], nil
 }

+// CreateImportedKeyWithPolicyOverridesWithSHA1 creates a new KP key with policy overrides from the given key material
+// and key policy details using RSAES OAEP SHA 1 as encryption algorithm.
+func (c *Client) CreateImportedKeyWithPolicyOverridesWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
+	/*
+	 Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
+	*/
+	if policy.Rotation != nil && policy.Rotation.Interval == 0 {
+		policy.Rotation.Interval = -1
+	}
+	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, &policy)
+	return c.createKeyWithPolicyOverrides(ctx, key)
+}
+
+// CreateKeyWithPolicyOverrides creates a new KP key with given key policy details
+func (c *Client) CreateKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, extractable bool, aliases []string, policy Policy) (*Key, error) {
+	return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, "", "", "", extractable, aliases, policy)
+}
+
+// CreateImportedKeyWithPolicyOverrides creates a new Imported KP key from the given key material and with given key policy details
+func (c *Client) CreateImportedKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
+	/*
+	 Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
+	*/
+	if policy.Rotation != nil && policy.Rotation.Interval == 0 {
+		policy.Rotation.Interval = -1
+	}
+	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, &policy)
+
+	return c.createKeyWithPolicyOverrides(ctx, key)
+}
+
+// CreateRootKeyWithPolicyOverrides creates a new, non-extractable key resource without key material and with given key policy details
+func (c *Client) CreateRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
+	return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, false, aliases, policy)
+}
+
+// CreateStandardKeyWithPolicyOverrides creates a new, extractable key resource without key material and with given key policy details
+func (c *Client) CreateStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
+	return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, true, aliases, policy)
+}
+
+// CreateImportedRootKeyWithPolicyOverrides creates a new, non-extractable key resource with the given key material and with given key policy details
+func (c *Client) CreateImportedRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, aliases []string, policy Policy) (*Key, error) {
+	return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, encryptedNonce, iv, false, aliases, policy)
+}
+
+// CreateImportedStandardKeyWithPolicyOverrides creates a new, extractable key resource with the given key material and with given key policy details
+func (c *Client) CreateImportedStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload string, aliases []string, policy Policy) (*Key, error) {
+	return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, "", "", true, aliases, policy)
+}
+
 // GetKeys retrieves a collection of keys that can be paged through.
 func (c *Client) GetKeys(ctx context.Context, limit int, offset int) (*Keys, error) {
 	if limit == 0 {