rebase: bump github.com/IBM/keyprotect-go-client from 0.8.1 to 0.9.0

Bumps [github.com/IBM/keyprotect-go-client](https://github.com/IBM/keyprotect-go-client) from 0.8.1 to 0.9.0.
- [Release notes](https://github.com/IBM/keyprotect-go-client/releases)
- [Commits](https://github.com/IBM/keyprotect-go-client/compare/v0.8.1...v0.9.0)

---
updated-dependencies:
- dependency-name: github.com/IBM/keyprotect-go-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

go.mod

@@ -3,7 +3,7 @@ module github.com/ceph/ceph-csi
 go 1.17
 
 require (
-	github.com/IBM/keyprotect-go-client v0.8.1
+	github.com/IBM/keyprotect-go-client v0.9.0
 	github.com/aws/aws-sdk-go v1.44.127
 	github.com/aws/aws-sdk-go-v2/service/sts v1.17.1
 	github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000

go.sum

@@ -88,8 +88,8 @@ github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3
 github.com/DataDog/zstd v1.4.4/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
 github.com/GoogleCloudPlatform/k8s-cloud-provider v1.18.1-0.20220218231025-f11817397a1b/go.mod h1:FNj4KYEAAHfYu68kRYolGoxkaJn+6mdEsaM12VTwuI0=
 github.com/IBM/keyprotect-go-client v0.5.1/go.mod h1:5TwDM/4FRJq1ZOlwQL1xFahLWQ3TveR88VmL1u3njyI=
-github.com/IBM/keyprotect-go-client v0.8.1 h1:viTQCtoeWQeDRTe8S0ed++uM4J2uf1DGuQbV9mNTCj8=
+github.com/IBM/keyprotect-go-client v0.9.0 h1:UwbyEHcaGlmLNK7PW0qo9VlxneN+0/2zoGBubHzbtro=
-github.com/IBM/keyprotect-go-client v0.8.1/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM=
+github.com/IBM/keyprotect-go-client v0.9.0/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM=
 github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab/go.mod h1:3VYc5hodBMJ5+l/7J4xAyMeuM2PNuepvHlGs8yilUCA=
 github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E=
 github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=

vendor/github.com/IBM/keyprotect-go-client/.secrets.baseline

@@ -0,0 +1,268 @@
+{
+  "exclude": {
+    "files": "go.sum|^.secrets.baseline$",
+    "lines": null
+  },
+  "generated_at": "2022-09-30T10:57:54Z",
+  "plugins_used": [
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "base64_limit": 4.5,
+      "name": "Base64HighEntropyString"
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "BoxDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "ghe_instance": "github.ibm.com",
+      "name": "GheDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "hex_limit": 3,
+      "name": "HexHighEntropyString"
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "keyword_exclude": null,
+      "name": "KeywordDetector"
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "results": {
+    "README.md": [
+      {
+        "hashed_secret": "93fcbf4c3221f6e6fc21e07ec6e87ad94e60bd26",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 35,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "0b60828897517e2b8013af62b288e055bf0d095d",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 126,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "example_cycle_test.go": [
+      {
+        "hashed_secret": "f75b33f87ffeacb3a4f793a09693e672e07449ff",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 27,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "example_test.go": [
+      {
+        "hashed_secret": "e80b5f30389f2162470fe780e27b90146e5fb0ca",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 81,
+        "type": "Base64 High Entropy String",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "75d5cc62475c1ed3db14215d819514749ae25f53",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 181,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "iam/iam.go": [
+      {
+        "hashed_secret": "f75b33f87ffeacb3a4f793a09693e672e07449ff",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 51,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "3e4bdbe0b80e63c22b178576e906810777387b50",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 120,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "integration_test.go": [
+      {
+        "hashed_secret": "f75b33f87ffeacb3a4f793a09693e672e07449ff",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 57,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "kp_test.go": [
+      {
+        "hashed_secret": "11634ea6495b17ca913d24b49dca32b40e491dc0",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 44,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "9f4ed0cc38e03da4c3caf3d8500e0af69cfaefd3",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 189,
+        "type": "JSON Web Token",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "3e48fe9928e96dde5f50bd5514ccaecc504e378e",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 629,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "1db0b23a23282227489c79a9fd31998add2b66f5",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 863,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "f7f8eb2ffbd249e8c0e2ce429466c04a6342318b",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 986,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "90f826b48e4e4832be16dd63237e7aede72ec384",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 1800,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "0599eac7c4ebc38a9fb5407c1cee19877850ff78",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 3514,
+        "type": "Base64 High Entropy String",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "4a8f6f853d71b777faef1c0f50d59df808f377a7",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 4019,
+        "type": "Base64 High Entropy String",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "8ee338cf3361b4fbd663c51393c44ea685e7e31b",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 4020,
+        "type": "Base64 High Entropy String",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "7200008cccd3ebe5eb314c7ce57bbe95113e11ff",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 4055,
+        "type": "Base64 High Entropy String",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "7056dab9fea569e2fcb5122c763bfe90d3fa8204",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 4523,
+        "type": "Base64 High Entropy String",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "54b1ab73986eecb14a1839184e4b51ce9668b35e",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 4568,
+        "type": "Base64 High Entropy String",
+        "verified_result": null
+      }
+    ],
+    "policy.go": [
+      {
+        "hashed_secret": "6a361a4e087eab69b48211aecc712bdc3403b2eb",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 335,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ]
+  },
+  "version": "0.13.1+ibm.52.dss",
+  "word_list": {
+    "file": null,
+    "hash": null
+  }
+}

vendor/github.com/IBM/keyprotect-go-client/.travis.yml

@@ -1,9 +1,10 @@
 language: go
 dist: xenial
 
-go: 
+go:
- - 1.14.x
+ - 1.17.x
- - 1.15.x
+ - 1.18.x
+ - 1.19.x
 
 env:
   - GO111MODULE=on

vendor/github.com/IBM/keyprotect-go-client/README.md

@@ -113,6 +113,31 @@ fmt.Println(key.ID, key.Name)
 crkID := key.ID
 ```
 
+### Generating a root key with policy overrides (CRK)
+
+```go
+enable := true
+// Specify policy data
+policy := kp.Policy{
+  Rotation: &kp.Rotation{
+    Enabled:  &enable,
+    Interval: 3,
+  },
+  DualAuth: &kp.DualAuth{
+    Enabled:  &enable,
+  },
+}
+
+// Create a root key named MyRootKey with a rotation and a dualAuthDelete policy
+key, err := client.CreateRootKeyWithPolicyOverrides(ctx, "MyRootKey", nil, nil, policy)
+if err != nil {
+    fmt.Println(err)
+}
+fmt.Println(key.ID, key.Name)
+
+crkID := key.ID
+```
+
 ### Wrapping and Unwrapping a DEK using a specific Root Key.
 
 ```go
@@ -171,7 +196,51 @@ dek = nil
 // Save the wrapped DEK for later.  Call Unwrap to use it, make
 // sure to specify the same AAD.
 ```
-### Fetching List Key Versions With Parameters.
+
+### Fetching keys based on query parameters
+
+```go
+
+limit := uint32(5)
+offset := uint32(0)
+extractable := false
+keyStates := []kp.KeyState{kp.KeyState(kp.Active), kp.KeyState(kp.Suspended)}
+searchStr := "foobar"
+searchQuery, _ := kp.GetKeySearchQuery(&searchStr, kp.ApplyNot(), kp.AddAliasScope())
+
+listKeysOptions := &kp.ListKeysOptions{
+  Limit : &limit,
+  Offset : &offset,
+  Extractable : &extractable,
+  State : keyStates,
+  Search: searchQuery,
+}
+
+keys, err := client.ListKeys(ctx, listKeysOptions)
+if err != nil {
+    fmt.Println(err)
+}
+fmt.Println(keys)
+```
+
+### Fetching keys in ascending or descending sorted order of parameters
+
+```go
+srtStr, _ := kp.GetKeySortStr(kp.WithCreationDate(), WithImportedDesc())
+
+listKeysOptions := &kp.ListKeysOptions{
+  Sort:srtStr,
+}
+
+keys, err := client.ListKeys(ctx, listKeysOptions)
+if err != nil {
+    fmt.Println(err)
+}
+fmt.Println(keys)
+```
+For more information about KeySearch visit: https://cloud.ibm.com/apidocs/key-protect#kp-get-key-search-api
+
+### Fetching key versions based on query parameters
 
 ```go
 
@@ -192,20 +261,76 @@ if err != nil {
 fmt.Println(keyVersions)
 ```
 
-### Fetching List Key With Parameters.
+### Enable instance rotation policy
 
 ```go
 
-limit := uint32(5)
+intervalMonth := 3
-offset := uint32(0)
+enable := true
-extractable := false
+
-keyStates := []kp.KeyState{kp.KeyState(kp.Active), kp.KeyState(kp.Suspended)}
+err := client.SetRotationInstancePolicy(context.Background(), enable, &intervalMonth)
+if err != nil {
+    fmt.Println(err)
+}
+
+rotationInstancePolicy, err := client.GetRotationInstancePolicy(context.Background())
+if err != nil {
+  fmt.Println(err)
+}
+fmt.Println(rotationInstancePolicy)
+```
+
+### Set key rotation policy
+
+```go
+
+rotationInterval := 3
+enabled := true
+keyRotationPolicy, err := client.SetRotationPolicy(context.Background(), "key_id_or_alias", rotationInterval, enabled)
+if err != nil {
+  fmt.Println(err)
+}
+fmt.Println(keyRotationPolicy)
+```
+
+### Enable key rotation policy
+
+```go
+
+keyRotationPolicy, err := client.EnableRotationPolicy(context.Background(), "key_id_or_alias")
+if err != nil {
+  fmt.Println(err)
+}
+fmt.Println(keyRotationPolicy)
+```
+
+### List keys based on filter properties
+
+```go
+// Option-1 - Directly passing the filter query in the format that the API supports.
+filterQuery := "creationDate=gt:\"2022-07-05T00:00:00Z\" state=1,5 extractable=false"
 
 listKeysOptions := &kp.ListKeysOptions{
-  Limit : &limit,
+  Filter:&filterQuery,
-  Offset : &offset,
+}
-  Extractable : &extractable,
+
-  State : keyStates,
+keys, err := client.ListKeys(ctx, listKeysOptions)
+if err != nil {
+    fmt.Println(err)
+}
+fmt.Println(keys)
+
+// Option-2 - Using the builder provided by SDK to construct the filter query
+fb := kp.GetFilterQueryBuilder()
+dateQ := time.Date(2022, 07, 04, 07, 43, 23, 100, time.UTC)
+
+filterQuery := fb.CreationDate().GreaterThan(dateQ).
+	State([]kp.KeyState{kp.KeyState(kp.Destroyed), kp.KeyState(kp.Active)}).
+	Extractable(true).
+	Build()
+
+listKeysOptions := &kp.ListKeysOptions{
+  Filter:&filterQuery,
 }
 
 keys, err := client.ListKeys(ctx, listKeysOptions)
@@ -214,56 +339,3 @@ if err != nil {
 }
 fmt.Println(keys)
 ```
-
-### Fetching List Key In Sorted Ascending Order Based On Paramaeters.
-
-```go
-srtStr, _ := kp.GetKeySortStr(kp.WithCreationDate(), kp.WithImported())
-
-listKeysOptions := &kp.ListKeysOptions{
-  Sort:srtStr,
-}
-
-keys, err := client.ListKeys(ctx, listKeysOptions)
-if err != nil {
-    fmt.Println(err)
-}
-fmt.Println(keys)
-```
-
-### Fetching List Key In Sorted Descending Order Based On Paramaeters.
-
-```go
-srtStr, _ := GetKeySortStr(WithCreationDateDesc(), WithImportedDesc())
-
-listKeysOptions := &ListKeysOptions{
-  Sort: srtStr,
-}
-
-keys, err := client.ListKeys(ctx, listKeysOptions)
-if err != nil {
-    fmt.Println(err)
-}
-fmt.Println(keys)
-```
-
-For more information about KeySearch visit: https://cloud.ibm.com/apidocs/key-protect#kp-get-key-search-api
-
-### Using Search functionality in list Keys API
-
-```go
-
-searchStr := "foobar"
-srcStr2, _ := kp.GetKeySearchQuery(&searchStr, kp.ApplyNot(), kp.AddAliasScope())
-
-listKeysOptions := &kp.ListKeysOptions{
-		Search: srcStr2,
-	}
-
-keys, err := client.ListKeys(ctx, listKeysOptions)
-if err != nil {
-		fmt.Println(err)
-	}
-fmt.Println(keys)
-
-```

vendor/github.com/IBM/keyprotect-go-client/instances.go

@@ -17,14 +17,12 @@ package kp
 import (
 	"context"
 	"fmt"
+	"net/http"
 	"net/url"
 	"time"
 )
 
 const (
-	// DualAuthDelete defines the policy type as dual auth delete
-	DualAuthDelete = "dualAuthDelete"
-
 	// AllowedNetwork defines the policy type as allowed network
 	AllowedNetwork = "allowedNetwork"
 
@@ -44,7 +42,6 @@ const (
 	EnforceToken      = "EnforceToken"
 )
 
-
 // InstancePolicy represents a instance-level policy of a key as returned by the KP API.
 // this policy enables dual authorization for deleting a key
 type InstancePolicy struct {
@@ -62,7 +59,7 @@ type PolicyData struct {
 	Attributes *Attributes `json:"attributes,omitempty"`
 }
 
-// Attributes contains the detals of allowed network policy type
+// Attributes contains the details of an instance policy
 type Attributes struct {
 	AllowedNetwork    *string     `json:"allowed_network,omitempty"`
 	AllowedIP         IPAddresses `json:"allowed_ip,omitempty"`
@@ -71,6 +68,7 @@ type Attributes struct {
 	ImportRootKey     *bool       `json:"import_root_key,omitempty"`
 	ImportStandardKey *bool       `json:"import_standard_key,omitempty"`
 	EnforceToken      *bool       `json:"enforce_token,omitempty"`
+	IntervalMonth     *int        `json:"interval_month,omitempty"`
 }
 
 // IPAddresses ...
@@ -154,7 +152,7 @@ func (c *Client) GetKeyCreateImportAccessInstancePolicy(ctx context.Context) (*I
 }
 
 func (c *Client) getInstancePolicy(ctx context.Context, policyType string, policyResponse *InstancePolicies) error {
-	req, err := c.newRequest("GET", "instance/policies", nil)
+	req, err := c.newRequest(http.MethodGet, "instance/policies", nil)
 	if err != nil {
 		return err
 	}
@@ -185,11 +183,26 @@ func (c *Client) GetMetricsInstancePolicy(ctx context.Context) (*InstancePolicy,
 	return &policyResponse.Policies[0], nil
 }
 
+// GetRotationInstancePolicy retrieves the rotation policy details associated with the instance
+func (c *Client) GetRotationInstancePolicy(ctx context.Context) (*InstancePolicy, error) {
+	policyResponse := InstancePolicies{}
+
+	err := c.getInstancePolicy(ctx, RotationPolicy, &policyResponse)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(policyResponse.Policies) == 0 {
+		return nil, nil
+	}
+	return &policyResponse.Policies[0], nil
+}
+
 // GetInstancePolicies retrieves all policies of an Instance.
 func (c *Client) GetInstancePolicies(ctx context.Context) ([]InstancePolicy, error) {
 	policyresponse := InstancePolicies{}
 
-	req, err := c.newRequest("GET", "instance/policies", nil)
+	req, err := c.newRequest(http.MethodGet, "instance/policies", nil)
 	if err != nil {
 		return nil, err
 	}
@@ -203,7 +216,7 @@ func (c *Client) GetInstancePolicies(ctx context.Context) ([]InstancePolicy, err
 }
 
 func (c *Client) setInstancePolicy(ctx context.Context, policyType string, policyRequest InstancePolicies) error {
-	req, err := c.newRequest("PUT", "instance/policies", &policyRequest)
+	req, err := c.newRequest(http.MethodPut, "instance/policies", &policyRequest)
 	if err != nil {
 		return err
 	}
@@ -242,6 +255,49 @@ func (c *Client) SetDualAuthInstancePolicy(ctx context.Context, enable bool) err
 	return err
 }
 
+func addRotationInstancePolicyData(enable bool, intervalMonth *int) (InstancePolicy, error) {
+
+	rotationPolicyData := InstancePolicy{
+		PolicyType: RotationPolicy,
+		PolicyData: PolicyData{
+			Enabled: &enable,
+		},
+	}
+
+	if enable && intervalMonth == nil {
+		return InstancePolicy{}, fmt.Errorf("Interval Month is required to enable rotation instance policy")
+	} else if !enable && intervalMonth != nil {
+		return InstancePolicy{}, fmt.Errorf("Interval Month should only be provided if the policy is being enabled")
+	} else if intervalMonth != nil {
+		rotationPolicyData.PolicyData.Attributes = &Attributes{
+			IntervalMonth: intervalMonth,
+		}
+	}
+
+	return rotationPolicyData, nil
+}
+
+// SetRotationInstancePolicy updates the rotation instance policy details associated with an instance.
+func (c *Client) SetRotationInstancePolicy(ctx context.Context, enable bool, intervalMonth *int) error {
+
+	rotationPolicyData, err := addRotationInstancePolicyData(enable, intervalMonth)
+	if err != nil {
+		return err
+	}
+
+	policyRequest := InstancePolicies{
+		Metadata: PoliciesMetadata{
+			CollectionType:   policyType,
+			NumberOfPolicies: 1,
+		},
+		Policies: []InstancePolicy{rotationPolicyData},
+	}
+
+	err = c.setInstancePolicy(ctx, RotationPolicy, policyRequest)
+
+	return err
+}
+
 // SetAllowedIPInstancePolices updates the allowed IP instance policy details associated with an instance.
 // For more information can refet to the Key Protect docs in the link below:
 // https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-allowed-ip
@@ -394,21 +450,27 @@ type AllowedIPPolicyData struct {
 
 // KeyAccessInstancePolicyData defines the attribute input for the Key Create Import Access instance policy
 type KeyCreateImportAccessInstancePolicy struct {
-	Enabled bool
+	Enabled           bool
-	CreateRootKey bool
+	CreateRootKey     bool
 	CreateStandardKey bool
-	ImportRootKey bool
+	ImportRootKey     bool
 	ImportStandardKey bool
-	EnforceToken bool
+	EnforceToken      bool
+}
+
+type RotationPolicyData struct {
+	Enabled       bool
+	IntervalMonth *int
 }
 
 // MultiplePolicies defines the input for the SetInstancPolicies method that can hold multiple policy details
 type MultiplePolicies struct {
-	DualAuthDelete *BasicPolicyData
+	DualAuthDelete        *BasicPolicyData
-	AllowedNetwork *AllowedNetworkPolicyData
+	AllowedNetwork        *AllowedNetworkPolicyData
-	AllowedIP      *AllowedIPPolicyData
+	AllowedIP             *AllowedIPPolicyData
-	Metrics        *BasicPolicyData
+	Metrics               *BasicPolicyData
 	KeyCreateImportAccess *KeyCreateImportAccessInstancePolicy
+	Rotation              *RotationPolicyData
 }
 
 // SetInstancePolicies updates single or multiple policy details of an instance.
@@ -465,7 +527,7 @@ func (c *Client) SetInstancePolicies(ctx context.Context, policies MultiplePolic
 		policy := InstancePolicy{
 			PolicyType: KeyCreateImportAccess,
 			PolicyData: PolicyData{
-				Enabled: &(policies.KeyCreateImportAccess.Enabled),
+				Enabled:    &(policies.KeyCreateImportAccess.Enabled),
 				Attributes: &Attributes{},
 			},
 		}
@@ -489,6 +551,15 @@ func (c *Client) SetInstancePolicies(ctx context.Context, policies MultiplePolic
 		resPolicies = append(resPolicies, policy)
 	}
 
+	if policies.Rotation != nil {
+		policy, err := addRotationInstancePolicyData(policies.Rotation.Enabled, policies.Rotation.IntervalMonth)
+		if err != nil {
+			return err
+		}
+
+		resPolicies = append(resPolicies, policy)
+	}
+
 	policyRequest := InstancePolicies{
 		Metadata: PoliciesMetadata{
 			CollectionType:   policyType,
@@ -499,7 +570,7 @@ func (c *Client) SetInstancePolicies(ctx context.Context, policies MultiplePolic
 
 	policyresponse := Policies{}
 
-	req, err := c.newRequest("PUT", "instance/policies", &policyRequest)
+	req, err := c.newRequest(http.MethodPut, "instance/policies", &policyRequest)
 	if err != nil {
 		return err
 	}
@@ -526,7 +597,7 @@ type privatePort struct {
 func (c *Client) GetAllowedIPPrivateNetworkPort(ctx context.Context) (int, error) {
 	var portResponse portResponse
 
-	req, err := c.newRequest("GET", "instance/allowed_ip_port", nil)
+	req, err := c.newRequest(http.MethodGet, "instance/allowed_ip_port", nil)
 	if err != nil {
 		return 0, err
 	}

vendor/github.com/IBM/keyprotect-go-client/keys.go

@@ -19,6 +19,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	"log"
+	"net/http"
 	"net/url"
 	"strconv"
 	"time"
@@ -32,7 +33,9 @@ const (
 )
 
 var (
-	preferHeaders = []string{"return=minimal", "return=representation"}
+	preferHeaders               = []string{"return=minimal", "return=representation"}
+	keysPath                    = "keys"
+	keysWithPolicyOverridesPath = "keys_with_policy_overrides"
 )
 
 // PreferReturn designates the value for the "Prefer" header.
@@ -80,6 +83,7 @@ type Key struct {
 	PurgeAllowedFrom    *time.Time  `json:"purgeAllowedFrom,omitempty"`
 	PurgeScheduledOn    *time.Time  `json:"purgeScheduledOn,omitempty"`
 	DualAuthDelete      *DualAuth   `json:"dualAuthDelete,omitempty"`
+	Rotation            *Rotation   `json:"rotation,omitempty"`
 }
 
 // KeysMetadata represents the metadata of a collection of keys.
@@ -129,14 +133,14 @@ func (c *Client) CreateKey(ctx context.Context, name string, expiration *time.Ti
 
 // CreateImportedKey creates a new KP key from the given key material.
 func (c *Client) CreateImportedKey(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool) (*Key, error) {
-	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, nil, AlgorithmRSAOAEP256)
+	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, nil, AlgorithmRSAOAEP256, nil)
 	return c.createKey(ctx, key)
 }
 
 // CreateImportedKeyWithSHA1 creates a new KP key from the given key material
 // using RSAES OAEP SHA 1 as encryption algorithm.
 func (c *Client) CreateImportedKeyWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
-	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1)
+	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, nil)
 	return c.createKey(ctx, key)
 }
 
@@ -179,11 +183,11 @@ func (c *Client) CreateKeyWithAliases(ctx context.Context, name string, expirati
 // https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-root-keys#import-root-key-api
 // https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-standard-keys#import-standard-key-gui
 func (c *Client) CreateImportedKeyWithAliases(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
-	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256)
+	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, nil)
 	return c.createKey(ctx, key)
 }
 
-func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, encryptionAlgorithm string) Key {
+func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, encryptionAlgorithm string, policy *Policy) Key {
 	key := Key{
 		Name:        name,
 		Type:        keyType,
@@ -205,10 +209,23 @@ func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration
 		key.Expiration = expiration
 	}
 
+	if policy != nil {
+		key.Rotation = policy.Rotation
+		key.DualAuthDelete = policy.DualAuth
+	}
+
 	return key
 }
 
 func (c *Client) createKey(ctx context.Context, key Key) (*Key, error) {
+	return c.createKeyResource(ctx, key, keysPath)
+}
+
+func (c *Client) createKeyWithPolicyOverrides(ctx context.Context, key Key) (*Key, error) {
+	return c.createKeyResource(ctx, key, keysWithPolicyOverridesPath)
+}
+
+func (c *Client) createKeyResource(ctx context.Context, key Key, path string) (*Key, error) {
 	keysRequest := Keys{
 		Metadata: KeysMetadata{
 			CollectionType: keyType,
@@ -217,11 +234,10 @@ func (c *Client) createKey(ctx context.Context, key Key) (*Key, error) {
 		Keys: []Key{key},
 	}
 
-	req, err := c.newRequest("POST", "keys", &keysRequest)
+	req, err := c.newRequest(http.MethodPost, path, &keysRequest)
 	if err != nil {
 		return nil, err
 	}
-
 	keysResponse := Keys{}
 	if _, err := c.do(ctx, req, &keysResponse); err != nil {
 		return nil, err
@@ -260,6 +276,57 @@ func (c *Client) SetKeyRing(ctx context.Context, idOrAlias, newKeyRingID string)
 	return &response.Keys[0], nil
 }
 
+// CreateImportedKeyWithPolicyOverridesWithSHA1 creates a new KP key with policy overrides from the given key material
+// and key policy details using RSAES OAEP SHA 1 as encryption algorithm.
+func (c *Client) CreateImportedKeyWithPolicyOverridesWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
+	/*
+	 Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
+	*/
+	if policy.Rotation != nil && policy.Rotation.Interval == 0 {
+		policy.Rotation.Interval = -1
+	}
+	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, &policy)
+	return c.createKeyWithPolicyOverrides(ctx, key)
+}
+
+// CreateKeyWithPolicyOverrides creates a new KP key with given key policy details
+func (c *Client) CreateKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, extractable bool, aliases []string, policy Policy) (*Key, error) {
+	return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, "", "", "", extractable, aliases, policy)
+}
+
+// CreateImportedKeyWithPolicyOverrides creates a new Imported KP key from the given key material and with given key policy details
+func (c *Client) CreateImportedKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
+	/*
+	 Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
+	*/
+	if policy.Rotation != nil && policy.Rotation.Interval == 0 {
+		policy.Rotation.Interval = -1
+	}
+	key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, &policy)
+
+	return c.createKeyWithPolicyOverrides(ctx, key)
+}
+
+// CreateRootKeyWithPolicyOverrides creates a new, non-extractable key resource without key material and with given key policy details
+func (c *Client) CreateRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
+	return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, false, aliases, policy)
+}
+
+// CreateStandardKeyWithPolicyOverrides creates a new, extractable key resource without key material and with given key policy details
+func (c *Client) CreateStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
+	return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, true, aliases, policy)
+}
+
+// CreateImportedRootKeyWithPolicyOverrides creates a new, non-extractable key resource with the given key material and with given key policy details
+func (c *Client) CreateImportedRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, aliases []string, policy Policy) (*Key, error) {
+	return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, encryptedNonce, iv, false, aliases, policy)
+}
+
+// CreateImportedStandardKeyWithPolicyOverrides creates a new, extractable key resource with the given key material and with given key policy details
+func (c *Client) CreateImportedStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload string, aliases []string, policy Policy) (*Key, error) {
+	return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, "", "", true, aliases, policy)
+}
+
 // GetKeys retrieves a collection of keys that can be paged through.
 func (c *Client) GetKeys(ctx context.Context, limit int, offset int) (*Keys, error) {
 	if limit == 0 {

vendor/github.com/IBM/keyprotect-go-client/listkeys.go

@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+	"time"
 )
 
 //ListKeysOptions struct to add the query parameters for the List Keys function
@@ -30,6 +31,7 @@ type ListKeysOptions struct {
 	State       []KeyState
 	Sort        *string
 	Search      *string
+	Filter      *string
 }
 
 // ListKeys retrieves a list of keys that are stored in your Key Protect service instance.
@@ -67,6 +69,9 @@ func (c *Client) ListKeys(ctx context.Context, listKeysOptions *ListKeysOptions)
 		if listKeysOptions.Sort != nil {
 			values.Set("sort", fmt.Sprint(*listKeysOptions.Sort))
 		}
+		if listKeysOptions.Filter != nil {
+			values.Set("filter", fmt.Sprint(*listKeysOptions.Filter))
+		}
 		req.URL.RawQuery = values.Encode()
 	}
 
@@ -211,3 +216,97 @@ func AddAliasScope() SearchOpts {
 func AddKeyNameScope() SearchOpts {
 	return buildSearcOpts("name")
 }
+
+// Filter related functions
+type filterQuery struct {
+	queryStr string
+}
+
+type FilterQueryBuilder struct {
+	filterQueryString filterQuery
+}
+
+func GetFilterQueryBuilder() *FilterQueryBuilder {
+	return &FilterQueryBuilder{filterQuery{queryStr: ""}}
+}
+
+func (fq *FilterQueryBuilder) Build() string {
+	return fq.filterQueryString.queryStr
+}
+
+func (fq *FilterQueryBuilder) CreationDate() *FilterQueryBuilder {
+	fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " creationDate="
+	return fq
+}
+
+func (fq *FilterQueryBuilder) ExpirationDate() *FilterQueryBuilder {
+	fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " expirationDate="
+	return fq
+}
+
+func (fq *FilterQueryBuilder) LastRotationDate() *FilterQueryBuilder {
+	fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " lastRotateDate="
+	return fq
+}
+
+func (fq *FilterQueryBuilder) DeletionDate() *FilterQueryBuilder {
+	fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " deletionDate="
+	return fq
+}
+
+func (fq *FilterQueryBuilder) LastUpdateDate() *FilterQueryBuilder {
+	fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " lastUpdateDate="
+	return fq
+}
+
+func (fq *FilterQueryBuilder) State(states []KeyState) *FilterQueryBuilder {
+	str := " state="
+	for _, val := range states {
+		str += strconv.Itoa(int(val)) + ","
+	}
+	// remove the extra comma appended at the end of the string
+	str = strings.TrimSuffix(str, ",")
+	fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + str
+	return fq
+}
+
+func (fq *FilterQueryBuilder) Extractable(val bool) *FilterQueryBuilder {
+	extractable := " extractable=" + strconv.FormatBool(val)
+	fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + extractable
+	return fq
+}
+
+func (fq *FilterQueryBuilder) GreaterThan(dateInput time.Time) *FilterQueryBuilder {
+	date := dateInput.Format(time.RFC3339Nano)
+	fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "gt:" + "\"" + date + "\""
+	return fq
+}
+
+func (fq *FilterQueryBuilder) GreaterThanOrEqual(dateInput time.Time) *FilterQueryBuilder {
+	date := dateInput.Format(time.RFC3339Nano)
+	fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "gte:" + "\"" + date + "\""
+	return fq
+}
+
+func (fq *FilterQueryBuilder) LessThan(dateInput time.Time) *FilterQueryBuilder {
+	date := dateInput.Format(time.RFC3339Nano)
+	fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "lt:" + "\"" + date + "\""
+	return fq
+}
+
+func (fq *FilterQueryBuilder) LessThanOrEqual(dateInput time.Time) *FilterQueryBuilder {
+	date := dateInput.Format(time.RFC3339Nano)
+	fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "lte:" + "\"" + date + "\""
+	return fq
+}
+
+func (fq *FilterQueryBuilder) Equal(dateInput time.Time) *FilterQueryBuilder {
+	date := dateInput.Format(time.RFC3339Nano)
+	fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "\"" + date + "\""
+	return fq
+}
+
+func (fq *FilterQueryBuilder) None() *FilterQueryBuilder {
+	fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "none"
+	return fq
+}

vendor/github.com/IBM/keyprotect-go-client/policy.go

@@ -22,9 +22,13 @@ import (
 )
 
 const (
-	policyType = "application/vnd.ibm.kms.policy+json"
+	// DualAuthDelete defines the policy type as dual auth delete
+	DualAuthDelete = "dualAuthDelete"
 
+	//RotationPolicy defines the policy type as rotation
 	RotationPolicy = "rotation"
+
+	policyType = "application/vnd.ibm.kms.policy+json"
 )
 
 // Policy represents a policy as returned by the KP API.
@@ -40,7 +44,8 @@ type Policy struct {
 }
 
 type Rotation struct {
-	Interval int `json:"interval_month,omitempty"`
+	Enabled  *bool `json:"enabled,omitempty"`
+	Interval int   `json:"interval_month,omitempty"`
 }
 
 type DualAuth struct {
@@ -152,7 +157,7 @@ func (c *Client) getPolicy(ctx context.Context, id, policyType string, policyres
 	return err
 }
 
-// GetRotationPolivy method retrieves rotation policy details of a key
+// GetRotationPolicy method retrieves rotation policy details of a key
 // For more information can refet the Key Protect docs in the link below:
 // https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-rotation-policy#view-rotation-policy-api
 func (c *Client) GetRotationPolicy(ctx context.Context, idOrAlias string) (*Policy, error) {
@@ -207,13 +212,11 @@ func (c *Client) setPolicy(ctx context.Context, idOrAlias, policyType string, po
 	return &policyresponse, nil
 }
 
-// SetRotationPolicy updates the rotation policy associated with a key by specifying key ID  or alias and rotation interval.
+func (c *Client) setKeyRotationPolicy(ctx context.Context, idOrAlias string, enable *bool, rotationInterval int) (*Policy, error) {
-// For more information can refer the Key Protect docs in the link below:
-// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-rotation-policy#update-rotation-policy-api
-func (c *Client) SetRotationPolicy(ctx context.Context, idOrAlias string, rotationInterval int) (*Policy, error) {
 	policy := Policy{
 		Type: policyType,
 		Rotation: &Rotation{
+			Enabled:  enable,
 			Interval: rotationInterval,
 		},
 	}
@@ -238,6 +241,35 @@ func (c *Client) SetRotationPolicy(ctx context.Context, idOrAlias string, rotati
 	return &policyresponse.Policies[0], nil
 }
 
+func (c *Client) EnableRotationPolicy(ctx context.Context, idOrAlias string) (*Policy, error) {
+	enabled := true
+	return c.setKeyRotationPolicy(ctx, idOrAlias, &enabled, 0)
+}
+
+func (c *Client) DisableRotationPolicy(ctx context.Context, idOrAlias string) (*Policy, error) {
+	enabled := false
+	return c.setKeyRotationPolicy(ctx, idOrAlias, &enabled, 0)
+}
+
+// SetRotationPolicy updates the rotation policy associated with a key by specifying key ID  or alias and rotation interval.
+// For more information can refer the Key Protect docs in the link below:
+// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-rotation-policy#update-rotation-policy-api
+func (c *Client) SetRotationPolicy(ctx context.Context, idOrAlias string, rotationInterval int, enabled ...bool) (*Policy, error) {
+	/*
+	 Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling
+	 so that we can get correct error msg from REST API saying interval_month should be between 1 to 12
+	 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
+	*/
+	if rotationInterval == 0 {
+		rotationInterval = -1
+	}
+	var enable *bool
+	if enabled != nil {
+		enable = &enabled[0]
+	}
+	return c.setKeyRotationPolicy(ctx, idOrAlias, enable, rotationInterval)
+}
+
 // SetDualAuthDeletePolicy updates the dual auth delete policy by passing the key ID  or alias and enable detail
 // For more information can refer the Key Protect docs in the link below:
 // https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-dual-auth-key-policy#create-dual-auth-key-policy-api
@@ -273,12 +305,25 @@ func (c *Client) SetDualAuthDeletePolicy(ctx context.Context, idOrAlias string,
 // To set rotation policy for the key pass the setRotationPolicy parameter as true and set the rotationInterval detail.
 // To set dual auth delete policy for the key pass the setDualAuthDeletePolicy parameter as true and set the dualAuthEnable detail.
 // Both the policies can be set or either of the policies can be set.
-func (c *Client) SetPolicies(ctx context.Context, idOrAlias string, setRotationPolicy bool, rotationInterval int, setDualAuthDeletePolicy, dualAuthEnable bool) ([]Policy, error) {
+func (c *Client) SetPolicies(ctx context.Context, idOrAlias string, setRotationPolicy bool, rotationInterval int, setDualAuthDeletePolicy, dualAuthEnable bool, rotationEnable ...bool) ([]Policy, error) {
+	/*
+	 Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling
+	 so that we can get correct error msg from REST API saying interval_month should be between 1 to 12
+	 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
+	*/
+	if rotationInterval == 0 {
+		rotationInterval = -1
+	}
+	var enable *bool
+	if rotationEnable != nil {
+		enable = &rotationEnable[0]
+	}
 	policies := []Policy{}
 	if setRotationPolicy {
 		rotationPolicy := Policy{
 			Type: policyType,
 			Rotation: &Rotation{
+				Enabled:  enable,
 				Interval: rotationInterval,
 			},
 		}

vendor/modules.txt

@@ -1,4 +1,4 @@
-# github.com/IBM/keyprotect-go-client v0.8.1
+# github.com/IBM/keyprotect-go-client v0.9.0
 ## explicit; go 1.15
 github.com/IBM/keyprotect-go-client
 github.com/IBM/keyprotect-go-client/iam