mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 11:00:25 +00:00
rebase: bump github.com/IBM/keyprotect-go-client from 0.8.1 to 0.9.0
Bumps [github.com/IBM/keyprotect-go-client](https://github.com/IBM/keyprotect-go-client) from 0.8.1 to 0.9.0. - [Release notes](https://github.com/IBM/keyprotect-go-client/releases) - [Commits](https://github.com/IBM/keyprotect-go-client/compare/v0.8.1...v0.9.0) --- updated-dependencies: - dependency-name: github.com/IBM/keyprotect-go-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
parent
8650538b78
commit
fe13fff9fa
2
go.mod
2
go.mod
@ -3,7 +3,7 @@ module github.com/ceph/ceph-csi
|
|||||||
go 1.17
|
go 1.17
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/IBM/keyprotect-go-client v0.8.1
|
github.com/IBM/keyprotect-go-client v0.9.0
|
||||||
github.com/aws/aws-sdk-go v1.44.127
|
github.com/aws/aws-sdk-go v1.44.127
|
||||||
github.com/aws/aws-sdk-go-v2/service/sts v1.17.1
|
github.com/aws/aws-sdk-go-v2/service/sts v1.17.1
|
||||||
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
|
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
|
||||||
|
4
go.sum
4
go.sum
@ -88,8 +88,8 @@ github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3
|
|||||||
github.com/DataDog/zstd v1.4.4/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
|
github.com/DataDog/zstd v1.4.4/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
|
||||||
github.com/GoogleCloudPlatform/k8s-cloud-provider v1.18.1-0.20220218231025-f11817397a1b/go.mod h1:FNj4KYEAAHfYu68kRYolGoxkaJn+6mdEsaM12VTwuI0=
|
github.com/GoogleCloudPlatform/k8s-cloud-provider v1.18.1-0.20220218231025-f11817397a1b/go.mod h1:FNj4KYEAAHfYu68kRYolGoxkaJn+6mdEsaM12VTwuI0=
|
||||||
github.com/IBM/keyprotect-go-client v0.5.1/go.mod h1:5TwDM/4FRJq1ZOlwQL1xFahLWQ3TveR88VmL1u3njyI=
|
github.com/IBM/keyprotect-go-client v0.5.1/go.mod h1:5TwDM/4FRJq1ZOlwQL1xFahLWQ3TveR88VmL1u3njyI=
|
||||||
github.com/IBM/keyprotect-go-client v0.8.1 h1:viTQCtoeWQeDRTe8S0ed++uM4J2uf1DGuQbV9mNTCj8=
|
github.com/IBM/keyprotect-go-client v0.9.0 h1:UwbyEHcaGlmLNK7PW0qo9VlxneN+0/2zoGBubHzbtro=
|
||||||
github.com/IBM/keyprotect-go-client v0.8.1/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM=
|
github.com/IBM/keyprotect-go-client v0.9.0/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM=
|
||||||
github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab/go.mod h1:3VYc5hodBMJ5+l/7J4xAyMeuM2PNuepvHlGs8yilUCA=
|
github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab/go.mod h1:3VYc5hodBMJ5+l/7J4xAyMeuM2PNuepvHlGs8yilUCA=
|
||||||
github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E=
|
github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E=
|
||||||
github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=
|
github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=
|
||||||
|
268
vendor/github.com/IBM/keyprotect-go-client/.secrets.baseline
generated
vendored
Normal file
268
vendor/github.com/IBM/keyprotect-go-client/.secrets.baseline
generated
vendored
Normal file
@ -0,0 +1,268 @@
|
|||||||
|
{
|
||||||
|
"exclude": {
|
||||||
|
"files": "go.sum|^.secrets.baseline$",
|
||||||
|
"lines": null
|
||||||
|
},
|
||||||
|
"generated_at": "2022-09-30T10:57:54Z",
|
||||||
|
"plugins_used": [
|
||||||
|
{
|
||||||
|
"name": "AWSKeyDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "ArtifactoryDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "AzureStorageKeyDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"base64_limit": 4.5,
|
||||||
|
"name": "Base64HighEntropyString"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "BasicAuthDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "BoxDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "CloudantDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ghe_instance": "github.ibm.com",
|
||||||
|
"name": "GheDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "GitHubTokenDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hex_limit": 3,
|
||||||
|
"name": "HexHighEntropyString"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "IbmCloudIamDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "IbmCosHmacDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "JwtTokenDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"keyword_exclude": null,
|
||||||
|
"name": "KeywordDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "MailchimpDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "NpmDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "PrivateKeyDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "SlackDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "SoftlayerDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "SquareOAuthDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "StripeDetector"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "TwilioKeyDetector"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"results": {
|
||||||
|
"README.md": [
|
||||||
|
{
|
||||||
|
"hashed_secret": "93fcbf4c3221f6e6fc21e07ec6e87ad94e60bd26",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 35,
|
||||||
|
"type": "Secret Keyword",
|
||||||
|
"verified_result": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hashed_secret": "0b60828897517e2b8013af62b288e055bf0d095d",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 126,
|
||||||
|
"type": "Secret Keyword",
|
||||||
|
"verified_result": null
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"example_cycle_test.go": [
|
||||||
|
{
|
||||||
|
"hashed_secret": "f75b33f87ffeacb3a4f793a09693e672e07449ff",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 27,
|
||||||
|
"type": "Secret Keyword",
|
||||||
|
"verified_result": null
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"example_test.go": [
|
||||||
|
{
|
||||||
|
"hashed_secret": "e80b5f30389f2162470fe780e27b90146e5fb0ca",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 81,
|
||||||
|
"type": "Base64 High Entropy String",
|
||||||
|
"verified_result": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hashed_secret": "75d5cc62475c1ed3db14215d819514749ae25f53",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 181,
|
||||||
|
"type": "Secret Keyword",
|
||||||
|
"verified_result": null
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"iam/iam.go": [
|
||||||
|
{
|
||||||
|
"hashed_secret": "f75b33f87ffeacb3a4f793a09693e672e07449ff",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 51,
|
||||||
|
"type": "Secret Keyword",
|
||||||
|
"verified_result": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hashed_secret": "3e4bdbe0b80e63c22b178576e906810777387b50",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 120,
|
||||||
|
"type": "Secret Keyword",
|
||||||
|
"verified_result": null
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"integration_test.go": [
|
||||||
|
{
|
||||||
|
"hashed_secret": "f75b33f87ffeacb3a4f793a09693e672e07449ff",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 57,
|
||||||
|
"type": "Secret Keyword",
|
||||||
|
"verified_result": null
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"kp_test.go": [
|
||||||
|
{
|
||||||
|
"hashed_secret": "11634ea6495b17ca913d24b49dca32b40e491dc0",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 44,
|
||||||
|
"type": "Secret Keyword",
|
||||||
|
"verified_result": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hashed_secret": "9f4ed0cc38e03da4c3caf3d8500e0af69cfaefd3",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 189,
|
||||||
|
"type": "JSON Web Token",
|
||||||
|
"verified_result": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hashed_secret": "3e48fe9928e96dde5f50bd5514ccaecc504e378e",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 629,
|
||||||
|
"type": "Secret Keyword",
|
||||||
|
"verified_result": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hashed_secret": "1db0b23a23282227489c79a9fd31998add2b66f5",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 863,
|
||||||
|
"type": "Secret Keyword",
|
||||||
|
"verified_result": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hashed_secret": "f7f8eb2ffbd249e8c0e2ce429466c04a6342318b",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 986,
|
||||||
|
"type": "Secret Keyword",
|
||||||
|
"verified_result": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hashed_secret": "90f826b48e4e4832be16dd63237e7aede72ec384",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 1800,
|
||||||
|
"type": "Secret Keyword",
|
||||||
|
"verified_result": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hashed_secret": "0599eac7c4ebc38a9fb5407c1cee19877850ff78",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 3514,
|
||||||
|
"type": "Base64 High Entropy String",
|
||||||
|
"verified_result": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hashed_secret": "4a8f6f853d71b777faef1c0f50d59df808f377a7",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 4019,
|
||||||
|
"type": "Base64 High Entropy String",
|
||||||
|
"verified_result": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hashed_secret": "8ee338cf3361b4fbd663c51393c44ea685e7e31b",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 4020,
|
||||||
|
"type": "Base64 High Entropy String",
|
||||||
|
"verified_result": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hashed_secret": "7200008cccd3ebe5eb314c7ce57bbe95113e11ff",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 4055,
|
||||||
|
"type": "Base64 High Entropy String",
|
||||||
|
"verified_result": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hashed_secret": "7056dab9fea569e2fcb5122c763bfe90d3fa8204",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 4523,
|
||||||
|
"type": "Base64 High Entropy String",
|
||||||
|
"verified_result": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hashed_secret": "54b1ab73986eecb14a1839184e4b51ce9668b35e",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 4568,
|
||||||
|
"type": "Base64 High Entropy String",
|
||||||
|
"verified_result": null
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"policy.go": [
|
||||||
|
{
|
||||||
|
"hashed_secret": "6a361a4e087eab69b48211aecc712bdc3403b2eb",
|
||||||
|
"is_secret": false,
|
||||||
|
"is_verified": false,
|
||||||
|
"line_number": 335,
|
||||||
|
"type": "Secret Keyword",
|
||||||
|
"verified_result": null
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"version": "0.13.1+ibm.52.dss",
|
||||||
|
"word_list": {
|
||||||
|
"file": null,
|
||||||
|
"hash": null
|
||||||
|
}
|
||||||
|
}
|
5
vendor/github.com/IBM/keyprotect-go-client/.travis.yml
generated
vendored
5
vendor/github.com/IBM/keyprotect-go-client/.travis.yml
generated
vendored
@ -2,8 +2,9 @@ language: go
|
|||||||
dist: xenial
|
dist: xenial
|
||||||
|
|
||||||
go:
|
go:
|
||||||
- 1.14.x
|
- 1.17.x
|
||||||
- 1.15.x
|
- 1.18.x
|
||||||
|
- 1.19.x
|
||||||
|
|
||||||
env:
|
env:
|
||||||
- GO111MODULE=on
|
- GO111MODULE=on
|
||||||
|
176
vendor/github.com/IBM/keyprotect-go-client/README.md
generated
vendored
176
vendor/github.com/IBM/keyprotect-go-client/README.md
generated
vendored
@ -113,6 +113,31 @@ fmt.Println(key.ID, key.Name)
|
|||||||
crkID := key.ID
|
crkID := key.ID
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Generating a root key with policy overrides (CRK)
|
||||||
|
|
||||||
|
```go
|
||||||
|
enable := true
|
||||||
|
// Specify policy data
|
||||||
|
policy := kp.Policy{
|
||||||
|
Rotation: &kp.Rotation{
|
||||||
|
Enabled: &enable,
|
||||||
|
Interval: 3,
|
||||||
|
},
|
||||||
|
DualAuth: &kp.DualAuth{
|
||||||
|
Enabled: &enable,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create a root key named MyRootKey with a rotation and a dualAuthDelete policy
|
||||||
|
key, err := client.CreateRootKeyWithPolicyOverrides(ctx, "MyRootKey", nil, nil, policy)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println(err)
|
||||||
|
}
|
||||||
|
fmt.Println(key.ID, key.Name)
|
||||||
|
|
||||||
|
crkID := key.ID
|
||||||
|
```
|
||||||
|
|
||||||
### Wrapping and Unwrapping a DEK using a specific Root Key.
|
### Wrapping and Unwrapping a DEK using a specific Root Key.
|
||||||
|
|
||||||
```go
|
```go
|
||||||
@ -171,7 +196,51 @@ dek = nil
|
|||||||
// Save the wrapped DEK for later. Call Unwrap to use it, make
|
// Save the wrapped DEK for later. Call Unwrap to use it, make
|
||||||
// sure to specify the same AAD.
|
// sure to specify the same AAD.
|
||||||
```
|
```
|
||||||
### Fetching List Key Versions With Parameters.
|
|
||||||
|
### Fetching keys based on query parameters
|
||||||
|
|
||||||
|
```go
|
||||||
|
|
||||||
|
limit := uint32(5)
|
||||||
|
offset := uint32(0)
|
||||||
|
extractable := false
|
||||||
|
keyStates := []kp.KeyState{kp.KeyState(kp.Active), kp.KeyState(kp.Suspended)}
|
||||||
|
searchStr := "foobar"
|
||||||
|
searchQuery, _ := kp.GetKeySearchQuery(&searchStr, kp.ApplyNot(), kp.AddAliasScope())
|
||||||
|
|
||||||
|
listKeysOptions := &kp.ListKeysOptions{
|
||||||
|
Limit : &limit,
|
||||||
|
Offset : &offset,
|
||||||
|
Extractable : &extractable,
|
||||||
|
State : keyStates,
|
||||||
|
Search: searchQuery,
|
||||||
|
}
|
||||||
|
|
||||||
|
keys, err := client.ListKeys(ctx, listKeysOptions)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println(err)
|
||||||
|
}
|
||||||
|
fmt.Println(keys)
|
||||||
|
```
|
||||||
|
|
||||||
|
### Fetching keys in ascending or descending sorted order of parameters
|
||||||
|
|
||||||
|
```go
|
||||||
|
srtStr, _ := kp.GetKeySortStr(kp.WithCreationDate(), WithImportedDesc())
|
||||||
|
|
||||||
|
listKeysOptions := &kp.ListKeysOptions{
|
||||||
|
Sort:srtStr,
|
||||||
|
}
|
||||||
|
|
||||||
|
keys, err := client.ListKeys(ctx, listKeysOptions)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println(err)
|
||||||
|
}
|
||||||
|
fmt.Println(keys)
|
||||||
|
```
|
||||||
|
For more information about KeySearch visit: https://cloud.ibm.com/apidocs/key-protect#kp-get-key-search-api
|
||||||
|
|
||||||
|
### Fetching key versions based on query parameters
|
||||||
|
|
||||||
```go
|
```go
|
||||||
|
|
||||||
@ -192,20 +261,57 @@ if err != nil {
|
|||||||
fmt.Println(keyVersions)
|
fmt.Println(keyVersions)
|
||||||
```
|
```
|
||||||
|
|
||||||
### Fetching List Key With Parameters.
|
### Enable instance rotation policy
|
||||||
|
|
||||||
```go
|
```go
|
||||||
|
|
||||||
limit := uint32(5)
|
intervalMonth := 3
|
||||||
offset := uint32(0)
|
enable := true
|
||||||
extractable := false
|
|
||||||
keyStates := []kp.KeyState{kp.KeyState(kp.Active), kp.KeyState(kp.Suspended)}
|
err := client.SetRotationInstancePolicy(context.Background(), enable, &intervalMonth)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
rotationInstancePolicy, err := client.GetRotationInstancePolicy(context.Background())
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println(err)
|
||||||
|
}
|
||||||
|
fmt.Println(rotationInstancePolicy)
|
||||||
|
```
|
||||||
|
|
||||||
|
### Set key rotation policy
|
||||||
|
|
||||||
|
```go
|
||||||
|
|
||||||
|
rotationInterval := 3
|
||||||
|
enabled := true
|
||||||
|
keyRotationPolicy, err := client.SetRotationPolicy(context.Background(), "key_id_or_alias", rotationInterval, enabled)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println(err)
|
||||||
|
}
|
||||||
|
fmt.Println(keyRotationPolicy)
|
||||||
|
```
|
||||||
|
|
||||||
|
### Enable key rotation policy
|
||||||
|
|
||||||
|
```go
|
||||||
|
|
||||||
|
keyRotationPolicy, err := client.EnableRotationPolicy(context.Background(), "key_id_or_alias")
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println(err)
|
||||||
|
}
|
||||||
|
fmt.Println(keyRotationPolicy)
|
||||||
|
```
|
||||||
|
|
||||||
|
### List keys based on filter properties
|
||||||
|
|
||||||
|
```go
|
||||||
|
// Option-1 - Directly passing the filter query in the format that the API supports.
|
||||||
|
filterQuery := "creationDate=gt:\"2022-07-05T00:00:00Z\" state=1,5 extractable=false"
|
||||||
|
|
||||||
listKeysOptions := &kp.ListKeysOptions{
|
listKeysOptions := &kp.ListKeysOptions{
|
||||||
Limit : &limit,
|
Filter:&filterQuery,
|
||||||
Offset : &offset,
|
|
||||||
Extractable : &extractable,
|
|
||||||
State : keyStates,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
keys, err := client.ListKeys(ctx, listKeysOptions)
|
keys, err := client.ListKeys(ctx, listKeysOptions)
|
||||||
@ -213,15 +319,18 @@ if err != nil {
|
|||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
}
|
}
|
||||||
fmt.Println(keys)
|
fmt.Println(keys)
|
||||||
```
|
|
||||||
|
|
||||||
### Fetching List Key In Sorted Ascending Order Based On Paramaeters.
|
// Option-2 - Using the builder provided by SDK to construct the filter query
|
||||||
|
fb := kp.GetFilterQueryBuilder()
|
||||||
|
dateQ := time.Date(2022, 07, 04, 07, 43, 23, 100, time.UTC)
|
||||||
|
|
||||||
```go
|
filterQuery := fb.CreationDate().GreaterThan(dateQ).
|
||||||
srtStr, _ := kp.GetKeySortStr(kp.WithCreationDate(), kp.WithImported())
|
State([]kp.KeyState{kp.KeyState(kp.Destroyed), kp.KeyState(kp.Active)}).
|
||||||
|
Extractable(true).
|
||||||
|
Build()
|
||||||
|
|
||||||
listKeysOptions := &kp.ListKeysOptions{
|
listKeysOptions := &kp.ListKeysOptions{
|
||||||
Sort:srtStr,
|
Filter:&filterQuery,
|
||||||
}
|
}
|
||||||
|
|
||||||
keys, err := client.ListKeys(ctx, listKeysOptions)
|
keys, err := client.ListKeys(ctx, listKeysOptions)
|
||||||
@ -230,40 +339,3 @@ if err != nil {
|
|||||||
}
|
}
|
||||||
fmt.Println(keys)
|
fmt.Println(keys)
|
||||||
```
|
```
|
||||||
|
|
||||||
### Fetching List Key In Sorted Descending Order Based On Paramaeters.
|
|
||||||
|
|
||||||
```go
|
|
||||||
srtStr, _ := GetKeySortStr(WithCreationDateDesc(), WithImportedDesc())
|
|
||||||
|
|
||||||
listKeysOptions := &ListKeysOptions{
|
|
||||||
Sort: srtStr,
|
|
||||||
}
|
|
||||||
|
|
||||||
keys, err := client.ListKeys(ctx, listKeysOptions)
|
|
||||||
if err != nil {
|
|
||||||
fmt.Println(err)
|
|
||||||
}
|
|
||||||
fmt.Println(keys)
|
|
||||||
```
|
|
||||||
|
|
||||||
For more information about KeySearch visit: https://cloud.ibm.com/apidocs/key-protect#kp-get-key-search-api
|
|
||||||
|
|
||||||
### Using Search functionality in list Keys API
|
|
||||||
|
|
||||||
```go
|
|
||||||
|
|
||||||
searchStr := "foobar"
|
|
||||||
srcStr2, _ := kp.GetKeySearchQuery(&searchStr, kp.ApplyNot(), kp.AddAliasScope())
|
|
||||||
|
|
||||||
listKeysOptions := &kp.ListKeysOptions{
|
|
||||||
Search: srcStr2,
|
|
||||||
}
|
|
||||||
|
|
||||||
keys, err := client.ListKeys(ctx, listKeysOptions)
|
|
||||||
if err != nil {
|
|
||||||
fmt.Println(err)
|
|
||||||
}
|
|
||||||
fmt.Println(keys)
|
|
||||||
|
|
||||||
```
|
|
||||||
|
91
vendor/github.com/IBM/keyprotect-go-client/instances.go
generated
vendored
91
vendor/github.com/IBM/keyprotect-go-client/instances.go
generated
vendored
@ -17,14 +17,12 @@ package kp
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// DualAuthDelete defines the policy type as dual auth delete
|
|
||||||
DualAuthDelete = "dualAuthDelete"
|
|
||||||
|
|
||||||
// AllowedNetwork defines the policy type as allowed network
|
// AllowedNetwork defines the policy type as allowed network
|
||||||
AllowedNetwork = "allowedNetwork"
|
AllowedNetwork = "allowedNetwork"
|
||||||
|
|
||||||
@ -44,7 +42,6 @@ const (
|
|||||||
EnforceToken = "EnforceToken"
|
EnforceToken = "EnforceToken"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
// InstancePolicy represents a instance-level policy of a key as returned by the KP API.
|
// InstancePolicy represents a instance-level policy of a key as returned by the KP API.
|
||||||
// this policy enables dual authorization for deleting a key
|
// this policy enables dual authorization for deleting a key
|
||||||
type InstancePolicy struct {
|
type InstancePolicy struct {
|
||||||
@ -62,7 +59,7 @@ type PolicyData struct {
|
|||||||
Attributes *Attributes `json:"attributes,omitempty"`
|
Attributes *Attributes `json:"attributes,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Attributes contains the detals of allowed network policy type
|
// Attributes contains the details of an instance policy
|
||||||
type Attributes struct {
|
type Attributes struct {
|
||||||
AllowedNetwork *string `json:"allowed_network,omitempty"`
|
AllowedNetwork *string `json:"allowed_network,omitempty"`
|
||||||
AllowedIP IPAddresses `json:"allowed_ip,omitempty"`
|
AllowedIP IPAddresses `json:"allowed_ip,omitempty"`
|
||||||
@ -71,6 +68,7 @@ type Attributes struct {
|
|||||||
ImportRootKey *bool `json:"import_root_key,omitempty"`
|
ImportRootKey *bool `json:"import_root_key,omitempty"`
|
||||||
ImportStandardKey *bool `json:"import_standard_key,omitempty"`
|
ImportStandardKey *bool `json:"import_standard_key,omitempty"`
|
||||||
EnforceToken *bool `json:"enforce_token,omitempty"`
|
EnforceToken *bool `json:"enforce_token,omitempty"`
|
||||||
|
IntervalMonth *int `json:"interval_month,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// IPAddresses ...
|
// IPAddresses ...
|
||||||
@ -154,7 +152,7 @@ func (c *Client) GetKeyCreateImportAccessInstancePolicy(ctx context.Context) (*I
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (c *Client) getInstancePolicy(ctx context.Context, policyType string, policyResponse *InstancePolicies) error {
|
func (c *Client) getInstancePolicy(ctx context.Context, policyType string, policyResponse *InstancePolicies) error {
|
||||||
req, err := c.newRequest("GET", "instance/policies", nil)
|
req, err := c.newRequest(http.MethodGet, "instance/policies", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -185,11 +183,26 @@ func (c *Client) GetMetricsInstancePolicy(ctx context.Context) (*InstancePolicy,
|
|||||||
return &policyResponse.Policies[0], nil
|
return &policyResponse.Policies[0], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GetRotationInstancePolicy retrieves the rotation policy details associated with the instance
|
||||||
|
func (c *Client) GetRotationInstancePolicy(ctx context.Context) (*InstancePolicy, error) {
|
||||||
|
policyResponse := InstancePolicies{}
|
||||||
|
|
||||||
|
err := c.getInstancePolicy(ctx, RotationPolicy, &policyResponse)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(policyResponse.Policies) == 0 {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
return &policyResponse.Policies[0], nil
|
||||||
|
}
|
||||||
|
|
||||||
// GetInstancePolicies retrieves all policies of an Instance.
|
// GetInstancePolicies retrieves all policies of an Instance.
|
||||||
func (c *Client) GetInstancePolicies(ctx context.Context) ([]InstancePolicy, error) {
|
func (c *Client) GetInstancePolicies(ctx context.Context) ([]InstancePolicy, error) {
|
||||||
policyresponse := InstancePolicies{}
|
policyresponse := InstancePolicies{}
|
||||||
|
|
||||||
req, err := c.newRequest("GET", "instance/policies", nil)
|
req, err := c.newRequest(http.MethodGet, "instance/policies", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -203,7 +216,7 @@ func (c *Client) GetInstancePolicies(ctx context.Context) ([]InstancePolicy, err
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (c *Client) setInstancePolicy(ctx context.Context, policyType string, policyRequest InstancePolicies) error {
|
func (c *Client) setInstancePolicy(ctx context.Context, policyType string, policyRequest InstancePolicies) error {
|
||||||
req, err := c.newRequest("PUT", "instance/policies", &policyRequest)
|
req, err := c.newRequest(http.MethodPut, "instance/policies", &policyRequest)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -242,6 +255,49 @@ func (c *Client) SetDualAuthInstancePolicy(ctx context.Context, enable bool) err
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func addRotationInstancePolicyData(enable bool, intervalMonth *int) (InstancePolicy, error) {
|
||||||
|
|
||||||
|
rotationPolicyData := InstancePolicy{
|
||||||
|
PolicyType: RotationPolicy,
|
||||||
|
PolicyData: PolicyData{
|
||||||
|
Enabled: &enable,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
if enable && intervalMonth == nil {
|
||||||
|
return InstancePolicy{}, fmt.Errorf("Interval Month is required to enable rotation instance policy")
|
||||||
|
} else if !enable && intervalMonth != nil {
|
||||||
|
return InstancePolicy{}, fmt.Errorf("Interval Month should only be provided if the policy is being enabled")
|
||||||
|
} else if intervalMonth != nil {
|
||||||
|
rotationPolicyData.PolicyData.Attributes = &Attributes{
|
||||||
|
IntervalMonth: intervalMonth,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return rotationPolicyData, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetRotationInstancePolicy updates the rotation instance policy details associated with an instance.
|
||||||
|
func (c *Client) SetRotationInstancePolicy(ctx context.Context, enable bool, intervalMonth *int) error {
|
||||||
|
|
||||||
|
rotationPolicyData, err := addRotationInstancePolicyData(enable, intervalMonth)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
policyRequest := InstancePolicies{
|
||||||
|
Metadata: PoliciesMetadata{
|
||||||
|
CollectionType: policyType,
|
||||||
|
NumberOfPolicies: 1,
|
||||||
|
},
|
||||||
|
Policies: []InstancePolicy{rotationPolicyData},
|
||||||
|
}
|
||||||
|
|
||||||
|
err = c.setInstancePolicy(ctx, RotationPolicy, policyRequest)
|
||||||
|
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
// SetAllowedIPInstancePolices updates the allowed IP instance policy details associated with an instance.
|
// SetAllowedIPInstancePolices updates the allowed IP instance policy details associated with an instance.
|
||||||
// For more information can refet to the Key Protect docs in the link below:
|
// For more information can refet to the Key Protect docs in the link below:
|
||||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-allowed-ip
|
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-allowed-ip
|
||||||
@ -402,6 +458,11 @@ type KeyCreateImportAccessInstancePolicy struct {
|
|||||||
EnforceToken bool
|
EnforceToken bool
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type RotationPolicyData struct {
|
||||||
|
Enabled bool
|
||||||
|
IntervalMonth *int
|
||||||
|
}
|
||||||
|
|
||||||
// MultiplePolicies defines the input for the SetInstancPolicies method that can hold multiple policy details
|
// MultiplePolicies defines the input for the SetInstancPolicies method that can hold multiple policy details
|
||||||
type MultiplePolicies struct {
|
type MultiplePolicies struct {
|
||||||
DualAuthDelete *BasicPolicyData
|
DualAuthDelete *BasicPolicyData
|
||||||
@ -409,6 +470,7 @@ type MultiplePolicies struct {
|
|||||||
AllowedIP *AllowedIPPolicyData
|
AllowedIP *AllowedIPPolicyData
|
||||||
Metrics *BasicPolicyData
|
Metrics *BasicPolicyData
|
||||||
KeyCreateImportAccess *KeyCreateImportAccessInstancePolicy
|
KeyCreateImportAccess *KeyCreateImportAccessInstancePolicy
|
||||||
|
Rotation *RotationPolicyData
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetInstancePolicies updates single or multiple policy details of an instance.
|
// SetInstancePolicies updates single or multiple policy details of an instance.
|
||||||
@ -489,6 +551,15 @@ func (c *Client) SetInstancePolicies(ctx context.Context, policies MultiplePolic
|
|||||||
resPolicies = append(resPolicies, policy)
|
resPolicies = append(resPolicies, policy)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if policies.Rotation != nil {
|
||||||
|
policy, err := addRotationInstancePolicyData(policies.Rotation.Enabled, policies.Rotation.IntervalMonth)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
resPolicies = append(resPolicies, policy)
|
||||||
|
}
|
||||||
|
|
||||||
policyRequest := InstancePolicies{
|
policyRequest := InstancePolicies{
|
||||||
Metadata: PoliciesMetadata{
|
Metadata: PoliciesMetadata{
|
||||||
CollectionType: policyType,
|
CollectionType: policyType,
|
||||||
@ -499,7 +570,7 @@ func (c *Client) SetInstancePolicies(ctx context.Context, policies MultiplePolic
|
|||||||
|
|
||||||
policyresponse := Policies{}
|
policyresponse := Policies{}
|
||||||
|
|
||||||
req, err := c.newRequest("PUT", "instance/policies", &policyRequest)
|
req, err := c.newRequest(http.MethodPut, "instance/policies", &policyRequest)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -526,7 +597,7 @@ type privatePort struct {
|
|||||||
func (c *Client) GetAllowedIPPrivateNetworkPort(ctx context.Context) (int, error) {
|
func (c *Client) GetAllowedIPPrivateNetworkPort(ctx context.Context) (int, error) {
|
||||||
var portResponse portResponse
|
var portResponse portResponse
|
||||||
|
|
||||||
req, err := c.newRequest("GET", "instance/allowed_ip_port", nil)
|
req, err := c.newRequest(http.MethodGet, "instance/allowed_ip_port", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, err
|
return 0, err
|
||||||
}
|
}
|
||||||
|
79
vendor/github.com/IBM/keyprotect-go-client/keys.go
generated
vendored
79
vendor/github.com/IBM/keyprotect-go-client/keys.go
generated
vendored
@ -19,6 +19,7 @@ import (
|
|||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strconv"
|
"strconv"
|
||||||
"time"
|
"time"
|
||||||
@ -33,6 +34,8 @@ const (
|
|||||||
|
|
||||||
var (
|
var (
|
||||||
preferHeaders = []string{"return=minimal", "return=representation"}
|
preferHeaders = []string{"return=minimal", "return=representation"}
|
||||||
|
keysPath = "keys"
|
||||||
|
keysWithPolicyOverridesPath = "keys_with_policy_overrides"
|
||||||
)
|
)
|
||||||
|
|
||||||
// PreferReturn designates the value for the "Prefer" header.
|
// PreferReturn designates the value for the "Prefer" header.
|
||||||
@ -80,6 +83,7 @@ type Key struct {
|
|||||||
PurgeAllowedFrom *time.Time `json:"purgeAllowedFrom,omitempty"`
|
PurgeAllowedFrom *time.Time `json:"purgeAllowedFrom,omitempty"`
|
||||||
PurgeScheduledOn *time.Time `json:"purgeScheduledOn,omitempty"`
|
PurgeScheduledOn *time.Time `json:"purgeScheduledOn,omitempty"`
|
||||||
DualAuthDelete *DualAuth `json:"dualAuthDelete,omitempty"`
|
DualAuthDelete *DualAuth `json:"dualAuthDelete,omitempty"`
|
||||||
|
Rotation *Rotation `json:"rotation,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// KeysMetadata represents the metadata of a collection of keys.
|
// KeysMetadata represents the metadata of a collection of keys.
|
||||||
@ -129,14 +133,14 @@ func (c *Client) CreateKey(ctx context.Context, name string, expiration *time.Ti
|
|||||||
|
|
||||||
// CreateImportedKey creates a new KP key from the given key material.
|
// CreateImportedKey creates a new KP key from the given key material.
|
||||||
func (c *Client) CreateImportedKey(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool) (*Key, error) {
|
func (c *Client) CreateImportedKey(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool) (*Key, error) {
|
||||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, nil, AlgorithmRSAOAEP256)
|
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, nil, AlgorithmRSAOAEP256, nil)
|
||||||
return c.createKey(ctx, key)
|
return c.createKey(ctx, key)
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateImportedKeyWithSHA1 creates a new KP key from the given key material
|
// CreateImportedKeyWithSHA1 creates a new KP key from the given key material
|
||||||
// using RSAES OAEP SHA 1 as encryption algorithm.
|
// using RSAES OAEP SHA 1 as encryption algorithm.
|
||||||
func (c *Client) CreateImportedKeyWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
|
func (c *Client) CreateImportedKeyWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
|
||||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1)
|
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, nil)
|
||||||
return c.createKey(ctx, key)
|
return c.createKey(ctx, key)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -179,11 +183,11 @@ func (c *Client) CreateKeyWithAliases(ctx context.Context, name string, expirati
|
|||||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-root-keys#import-root-key-api
|
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-root-keys#import-root-key-api
|
||||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-standard-keys#import-standard-key-gui
|
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-standard-keys#import-standard-key-gui
|
||||||
func (c *Client) CreateImportedKeyWithAliases(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
|
func (c *Client) CreateImportedKeyWithAliases(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
|
||||||
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256)
|
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, nil)
|
||||||
return c.createKey(ctx, key)
|
return c.createKey(ctx, key)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, encryptionAlgorithm string) Key {
|
func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, encryptionAlgorithm string, policy *Policy) Key {
|
||||||
key := Key{
|
key := Key{
|
||||||
Name: name,
|
Name: name,
|
||||||
Type: keyType,
|
Type: keyType,
|
||||||
@ -205,10 +209,23 @@ func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration
|
|||||||
key.Expiration = expiration
|
key.Expiration = expiration
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if policy != nil {
|
||||||
|
key.Rotation = policy.Rotation
|
||||||
|
key.DualAuthDelete = policy.DualAuth
|
||||||
|
}
|
||||||
|
|
||||||
return key
|
return key
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Client) createKey(ctx context.Context, key Key) (*Key, error) {
|
func (c *Client) createKey(ctx context.Context, key Key) (*Key, error) {
|
||||||
|
return c.createKeyResource(ctx, key, keysPath)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) createKeyWithPolicyOverrides(ctx context.Context, key Key) (*Key, error) {
|
||||||
|
return c.createKeyResource(ctx, key, keysWithPolicyOverridesPath)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) createKeyResource(ctx context.Context, key Key, path string) (*Key, error) {
|
||||||
keysRequest := Keys{
|
keysRequest := Keys{
|
||||||
Metadata: KeysMetadata{
|
Metadata: KeysMetadata{
|
||||||
CollectionType: keyType,
|
CollectionType: keyType,
|
||||||
@ -217,11 +234,10 @@ func (c *Client) createKey(ctx context.Context, key Key) (*Key, error) {
|
|||||||
Keys: []Key{key},
|
Keys: []Key{key},
|
||||||
}
|
}
|
||||||
|
|
||||||
req, err := c.newRequest("POST", "keys", &keysRequest)
|
req, err := c.newRequest(http.MethodPost, path, &keysRequest)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
keysResponse := Keys{}
|
keysResponse := Keys{}
|
||||||
if _, err := c.do(ctx, req, &keysResponse); err != nil {
|
if _, err := c.do(ctx, req, &keysResponse); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@ -260,6 +276,57 @@ func (c *Client) SetKeyRing(ctx context.Context, idOrAlias, newKeyRingID string)
|
|||||||
return &response.Keys[0], nil
|
return &response.Keys[0], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CreateImportedKeyWithPolicyOverridesWithSHA1 creates a new KP key with policy overrides from the given key material
|
||||||
|
// and key policy details using RSAES OAEP SHA 1 as encryption algorithm.
|
||||||
|
func (c *Client) CreateImportedKeyWithPolicyOverridesWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
|
||||||
|
/*
|
||||||
|
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
|
||||||
|
*/
|
||||||
|
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
|
||||||
|
policy.Rotation.Interval = -1
|
||||||
|
}
|
||||||
|
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, &policy)
|
||||||
|
return c.createKeyWithPolicyOverrides(ctx, key)
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateKeyWithPolicyOverrides creates a new KP key with given key policy details
|
||||||
|
func (c *Client) CreateKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, extractable bool, aliases []string, policy Policy) (*Key, error) {
|
||||||
|
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, "", "", "", extractable, aliases, policy)
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateImportedKeyWithPolicyOverrides creates a new Imported KP key from the given key material and with given key policy details
|
||||||
|
func (c *Client) CreateImportedKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
|
||||||
|
/*
|
||||||
|
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
|
||||||
|
*/
|
||||||
|
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
|
||||||
|
policy.Rotation.Interval = -1
|
||||||
|
}
|
||||||
|
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, &policy)
|
||||||
|
|
||||||
|
return c.createKeyWithPolicyOverrides(ctx, key)
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateRootKeyWithPolicyOverrides creates a new, non-extractable key resource without key material and with given key policy details
|
||||||
|
func (c *Client) CreateRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
|
||||||
|
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, false, aliases, policy)
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateStandardKeyWithPolicyOverrides creates a new, extractable key resource without key material and with given key policy details
|
||||||
|
func (c *Client) CreateStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
|
||||||
|
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, true, aliases, policy)
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateImportedRootKeyWithPolicyOverrides creates a new, non-extractable key resource with the given key material and with given key policy details
|
||||||
|
func (c *Client) CreateImportedRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, aliases []string, policy Policy) (*Key, error) {
|
||||||
|
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, encryptedNonce, iv, false, aliases, policy)
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateImportedStandardKeyWithPolicyOverrides creates a new, extractable key resource with the given key material and with given key policy details
|
||||||
|
func (c *Client) CreateImportedStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload string, aliases []string, policy Policy) (*Key, error) {
|
||||||
|
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, "", "", true, aliases, policy)
|
||||||
|
}
|
||||||
|
|
||||||
// GetKeys retrieves a collection of keys that can be paged through.
|
// GetKeys retrieves a collection of keys that can be paged through.
|
||||||
func (c *Client) GetKeys(ctx context.Context, limit int, offset int) (*Keys, error) {
|
func (c *Client) GetKeys(ctx context.Context, limit int, offset int) (*Keys, error) {
|
||||||
if limit == 0 {
|
if limit == 0 {
|
||||||
|
99
vendor/github.com/IBM/keyprotect-go-client/listkeys.go
generated
vendored
99
vendor/github.com/IBM/keyprotect-go-client/listkeys.go
generated
vendored
@ -20,6 +20,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
//ListKeysOptions struct to add the query parameters for the List Keys function
|
//ListKeysOptions struct to add the query parameters for the List Keys function
|
||||||
@ -30,6 +31,7 @@ type ListKeysOptions struct {
|
|||||||
State []KeyState
|
State []KeyState
|
||||||
Sort *string
|
Sort *string
|
||||||
Search *string
|
Search *string
|
||||||
|
Filter *string
|
||||||
}
|
}
|
||||||
|
|
||||||
// ListKeys retrieves a list of keys that are stored in your Key Protect service instance.
|
// ListKeys retrieves a list of keys that are stored in your Key Protect service instance.
|
||||||
@ -67,6 +69,9 @@ func (c *Client) ListKeys(ctx context.Context, listKeysOptions *ListKeysOptions)
|
|||||||
if listKeysOptions.Sort != nil {
|
if listKeysOptions.Sort != nil {
|
||||||
values.Set("sort", fmt.Sprint(*listKeysOptions.Sort))
|
values.Set("sort", fmt.Sprint(*listKeysOptions.Sort))
|
||||||
}
|
}
|
||||||
|
if listKeysOptions.Filter != nil {
|
||||||
|
values.Set("filter", fmt.Sprint(*listKeysOptions.Filter))
|
||||||
|
}
|
||||||
req.URL.RawQuery = values.Encode()
|
req.URL.RawQuery = values.Encode()
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -211,3 +216,97 @@ func AddAliasScope() SearchOpts {
|
|||||||
func AddKeyNameScope() SearchOpts {
|
func AddKeyNameScope() SearchOpts {
|
||||||
return buildSearcOpts("name")
|
return buildSearcOpts("name")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Filter related functions
|
||||||
|
type filterQuery struct {
|
||||||
|
queryStr string
|
||||||
|
}
|
||||||
|
|
||||||
|
type FilterQueryBuilder struct {
|
||||||
|
filterQueryString filterQuery
|
||||||
|
}
|
||||||
|
|
||||||
|
func GetFilterQueryBuilder() *FilterQueryBuilder {
|
||||||
|
return &FilterQueryBuilder{filterQuery{queryStr: ""}}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fq *FilterQueryBuilder) Build() string {
|
||||||
|
return fq.filterQueryString.queryStr
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fq *FilterQueryBuilder) CreationDate() *FilterQueryBuilder {
|
||||||
|
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " creationDate="
|
||||||
|
return fq
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fq *FilterQueryBuilder) ExpirationDate() *FilterQueryBuilder {
|
||||||
|
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " expirationDate="
|
||||||
|
return fq
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fq *FilterQueryBuilder) LastRotationDate() *FilterQueryBuilder {
|
||||||
|
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " lastRotateDate="
|
||||||
|
return fq
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fq *FilterQueryBuilder) DeletionDate() *FilterQueryBuilder {
|
||||||
|
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " deletionDate="
|
||||||
|
return fq
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fq *FilterQueryBuilder) LastUpdateDate() *FilterQueryBuilder {
|
||||||
|
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " lastUpdateDate="
|
||||||
|
return fq
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fq *FilterQueryBuilder) State(states []KeyState) *FilterQueryBuilder {
|
||||||
|
str := " state="
|
||||||
|
for _, val := range states {
|
||||||
|
str += strconv.Itoa(int(val)) + ","
|
||||||
|
}
|
||||||
|
// remove the extra comma appended at the end of the string
|
||||||
|
str = strings.TrimSuffix(str, ",")
|
||||||
|
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + str
|
||||||
|
return fq
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fq *FilterQueryBuilder) Extractable(val bool) *FilterQueryBuilder {
|
||||||
|
extractable := " extractable=" + strconv.FormatBool(val)
|
||||||
|
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + extractable
|
||||||
|
return fq
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fq *FilterQueryBuilder) GreaterThan(dateInput time.Time) *FilterQueryBuilder {
|
||||||
|
date := dateInput.Format(time.RFC3339Nano)
|
||||||
|
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "gt:" + "\"" + date + "\""
|
||||||
|
return fq
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fq *FilterQueryBuilder) GreaterThanOrEqual(dateInput time.Time) *FilterQueryBuilder {
|
||||||
|
date := dateInput.Format(time.RFC3339Nano)
|
||||||
|
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "gte:" + "\"" + date + "\""
|
||||||
|
return fq
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fq *FilterQueryBuilder) LessThan(dateInput time.Time) *FilterQueryBuilder {
|
||||||
|
date := dateInput.Format(time.RFC3339Nano)
|
||||||
|
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "lt:" + "\"" + date + "\""
|
||||||
|
return fq
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fq *FilterQueryBuilder) LessThanOrEqual(dateInput time.Time) *FilterQueryBuilder {
|
||||||
|
date := dateInput.Format(time.RFC3339Nano)
|
||||||
|
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "lte:" + "\"" + date + "\""
|
||||||
|
return fq
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fq *FilterQueryBuilder) Equal(dateInput time.Time) *FilterQueryBuilder {
|
||||||
|
date := dateInput.Format(time.RFC3339Nano)
|
||||||
|
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "\"" + date + "\""
|
||||||
|
return fq
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fq *FilterQueryBuilder) None() *FilterQueryBuilder {
|
||||||
|
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "none"
|
||||||
|
return fq
|
||||||
|
}
|
||||||
|
59
vendor/github.com/IBM/keyprotect-go-client/policy.go
generated
vendored
59
vendor/github.com/IBM/keyprotect-go-client/policy.go
generated
vendored
@ -22,9 +22,13 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
policyType = "application/vnd.ibm.kms.policy+json"
|
// DualAuthDelete defines the policy type as dual auth delete
|
||||||
|
DualAuthDelete = "dualAuthDelete"
|
||||||
|
|
||||||
|
//RotationPolicy defines the policy type as rotation
|
||||||
RotationPolicy = "rotation"
|
RotationPolicy = "rotation"
|
||||||
|
|
||||||
|
policyType = "application/vnd.ibm.kms.policy+json"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Policy represents a policy as returned by the KP API.
|
// Policy represents a policy as returned by the KP API.
|
||||||
@ -40,6 +44,7 @@ type Policy struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type Rotation struct {
|
type Rotation struct {
|
||||||
|
Enabled *bool `json:"enabled,omitempty"`
|
||||||
Interval int `json:"interval_month,omitempty"`
|
Interval int `json:"interval_month,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -152,7 +157,7 @@ func (c *Client) getPolicy(ctx context.Context, id, policyType string, policyres
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetRotationPolivy method retrieves rotation policy details of a key
|
// GetRotationPolicy method retrieves rotation policy details of a key
|
||||||
// For more information can refet the Key Protect docs in the link below:
|
// For more information can refet the Key Protect docs in the link below:
|
||||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-rotation-policy#view-rotation-policy-api
|
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-rotation-policy#view-rotation-policy-api
|
||||||
func (c *Client) GetRotationPolicy(ctx context.Context, idOrAlias string) (*Policy, error) {
|
func (c *Client) GetRotationPolicy(ctx context.Context, idOrAlias string) (*Policy, error) {
|
||||||
@ -207,13 +212,11 @@ func (c *Client) setPolicy(ctx context.Context, idOrAlias, policyType string, po
|
|||||||
return &policyresponse, nil
|
return &policyresponse, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetRotationPolicy updates the rotation policy associated with a key by specifying key ID or alias and rotation interval.
|
func (c *Client) setKeyRotationPolicy(ctx context.Context, idOrAlias string, enable *bool, rotationInterval int) (*Policy, error) {
|
||||||
// For more information can refer the Key Protect docs in the link below:
|
|
||||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-rotation-policy#update-rotation-policy-api
|
|
||||||
func (c *Client) SetRotationPolicy(ctx context.Context, idOrAlias string, rotationInterval int) (*Policy, error) {
|
|
||||||
policy := Policy{
|
policy := Policy{
|
||||||
Type: policyType,
|
Type: policyType,
|
||||||
Rotation: &Rotation{
|
Rotation: &Rotation{
|
||||||
|
Enabled: enable,
|
||||||
Interval: rotationInterval,
|
Interval: rotationInterval,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -238,6 +241,35 @@ func (c *Client) SetRotationPolicy(ctx context.Context, idOrAlias string, rotati
|
|||||||
return &policyresponse.Policies[0], nil
|
return &policyresponse.Policies[0], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Client) EnableRotationPolicy(ctx context.Context, idOrAlias string) (*Policy, error) {
|
||||||
|
enabled := true
|
||||||
|
return c.setKeyRotationPolicy(ctx, idOrAlias, &enabled, 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) DisableRotationPolicy(ctx context.Context, idOrAlias string) (*Policy, error) {
|
||||||
|
enabled := false
|
||||||
|
return c.setKeyRotationPolicy(ctx, idOrAlias, &enabled, 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetRotationPolicy updates the rotation policy associated with a key by specifying key ID or alias and rotation interval.
|
||||||
|
// For more information can refer the Key Protect docs in the link below:
|
||||||
|
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-rotation-policy#update-rotation-policy-api
|
||||||
|
func (c *Client) SetRotationPolicy(ctx context.Context, idOrAlias string, rotationInterval int, enabled ...bool) (*Policy, error) {
|
||||||
|
/*
|
||||||
|
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling
|
||||||
|
so that we can get correct error msg from REST API saying interval_month should be between 1 to 12
|
||||||
|
Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
|
||||||
|
*/
|
||||||
|
if rotationInterval == 0 {
|
||||||
|
rotationInterval = -1
|
||||||
|
}
|
||||||
|
var enable *bool
|
||||||
|
if enabled != nil {
|
||||||
|
enable = &enabled[0]
|
||||||
|
}
|
||||||
|
return c.setKeyRotationPolicy(ctx, idOrAlias, enable, rotationInterval)
|
||||||
|
}
|
||||||
|
|
||||||
// SetDualAuthDeletePolicy updates the dual auth delete policy by passing the key ID or alias and enable detail
|
// SetDualAuthDeletePolicy updates the dual auth delete policy by passing the key ID or alias and enable detail
|
||||||
// For more information can refer the Key Protect docs in the link below:
|
// For more information can refer the Key Protect docs in the link below:
|
||||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-dual-auth-key-policy#create-dual-auth-key-policy-api
|
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-dual-auth-key-policy#create-dual-auth-key-policy-api
|
||||||
@ -273,12 +305,25 @@ func (c *Client) SetDualAuthDeletePolicy(ctx context.Context, idOrAlias string,
|
|||||||
// To set rotation policy for the key pass the setRotationPolicy parameter as true and set the rotationInterval detail.
|
// To set rotation policy for the key pass the setRotationPolicy parameter as true and set the rotationInterval detail.
|
||||||
// To set dual auth delete policy for the key pass the setDualAuthDeletePolicy parameter as true and set the dualAuthEnable detail.
|
// To set dual auth delete policy for the key pass the setDualAuthDeletePolicy parameter as true and set the dualAuthEnable detail.
|
||||||
// Both the policies can be set or either of the policies can be set.
|
// Both the policies can be set or either of the policies can be set.
|
||||||
func (c *Client) SetPolicies(ctx context.Context, idOrAlias string, setRotationPolicy bool, rotationInterval int, setDualAuthDeletePolicy, dualAuthEnable bool) ([]Policy, error) {
|
func (c *Client) SetPolicies(ctx context.Context, idOrAlias string, setRotationPolicy bool, rotationInterval int, setDualAuthDeletePolicy, dualAuthEnable bool, rotationEnable ...bool) ([]Policy, error) {
|
||||||
|
/*
|
||||||
|
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling
|
||||||
|
so that we can get correct error msg from REST API saying interval_month should be between 1 to 12
|
||||||
|
Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
|
||||||
|
*/
|
||||||
|
if rotationInterval == 0 {
|
||||||
|
rotationInterval = -1
|
||||||
|
}
|
||||||
|
var enable *bool
|
||||||
|
if rotationEnable != nil {
|
||||||
|
enable = &rotationEnable[0]
|
||||||
|
}
|
||||||
policies := []Policy{}
|
policies := []Policy{}
|
||||||
if setRotationPolicy {
|
if setRotationPolicy {
|
||||||
rotationPolicy := Policy{
|
rotationPolicy := Policy{
|
||||||
Type: policyType,
|
Type: policyType,
|
||||||
Rotation: &Rotation{
|
Rotation: &Rotation{
|
||||||
|
Enabled: enable,
|
||||||
Interval: rotationInterval,
|
Interval: rotationInterval,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -1,4 +1,4 @@
|
|||||||
# github.com/IBM/keyprotect-go-client v0.8.1
|
# github.com/IBM/keyprotect-go-client v0.9.0
|
||||||
## explicit; go 1.15
|
## explicit; go 1.15
|
||||||
github.com/IBM/keyprotect-go-client
|
github.com/IBM/keyprotect-go-client
|
||||||
github.com/IBM/keyprotect-go-client/iam
|
github.com/IBM/keyprotect-go-client/iam
|
||||||
|
Loading…
Reference in New Issue
Block a user