mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-09 16:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

rebase: bump github.com/IBM/keyprotect-go-client from 0.8.1 to 0.9.0

Browse Source 
Bumps [github.com/IBM/keyprotect-go-client](https://github.com/IBM/keyprotect-go-client) from 0.8.1 to 0.9.0.
- [Release notes](https://github.com/IBM/keyprotect-go-client/releases)
- [Commits](https://github.com/IBM/keyprotect-go-client/compare/v0.8.1...v0.9.0)

---
updated-dependencies:
- dependency-name: github.com/IBM/keyprotect-go-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2022-11-07 20:03:12 +00:00 committed by mergify[bot]
parent 8650538b78
commit fe13fff9fa
10 changed files with 727 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -3,7 +3,7 @@ module github.com/ceph/ceph-csi
go 1.17
require (
github.com/IBM/keyprotect-go-client v0.8.1
github.com/IBM/keyprotect-go-client v0.9.0
github.com/aws/aws-sdk-go v1.44.127
github.com/aws/aws-sdk-go-v2/service/sts v1.17.1
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000

4
go.sum
View File

@ -88,8 +88,8 @@ github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3
github.com/DataDog/zstd v1.4.4/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
github.com/GoogleCloudPlatform/k8s-cloud-provider v1.18.1-0.20220218231025-f11817397a1b/go.mod h1:FNj4KYEAAHfYu68kRYolGoxkaJn+6mdEsaM12VTwuI0=
github.com/IBM/keyprotect-go-client v0.5.1/go.mod h1:5TwDM/4FRJq1ZOlwQL1xFahLWQ3TveR88VmL1u3njyI=
github.com/IBM/keyprotect-go-client v0.8.1 h1:viTQCtoeWQeDRTe8S0ed++uM4J2uf1DGuQbV9mNTCj8=
github.com/IBM/keyprotect-go-client v0.8.1/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM=
github.com/IBM/keyprotect-go-client v0.9.0 h1:UwbyEHcaGlmLNK7PW0qo9VlxneN+0/2zoGBubHzbtro=
github.com/IBM/keyprotect-go-client v0.9.0/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM=
github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab/go.mod h1:3VYc5hodBMJ5+l/7J4xAyMeuM2PNuepvHlGs8yilUCA=
github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E=
github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=

268
vendor/github.com/IBM/keyprotect-go-client/.secrets.baseline generated vendored Normal file
View File

@ -0,0 +1,268 @@
{
"exclude": {
"files": "go.sum|^.secrets.baseline$",
"lines": null
},
"generated_at": "2022-09-30T10:57:54Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
},
{
"name": "ArtifactoryDetector"
},
{
"name": "AzureStorageKeyDetector"
},
{
"base64_limit": 4.5,
"name": "Base64HighEntropyString"
},
{
"name": "BasicAuthDetector"
},
{
"name": "BoxDetector"
},
{
"name": "CloudantDetector"
},
{
"ghe_instance": "github.ibm.com",
"name": "GheDetector"
},
{
"name": "GitHubTokenDetector"
},
{
"hex_limit": 3,
"name": "HexHighEntropyString"
},
{
"name": "IbmCloudIamDetector"
},
{
"name": "IbmCosHmacDetector"
},
{
"name": "JwtTokenDetector"
},
{
"keyword_exclude": null,
"name": "KeywordDetector"
},
{
"name": "MailchimpDetector"
},
{
"name": "NpmDetector"
},
{
"name": "PrivateKeyDetector"
},
{
"name": "SlackDetector"
},
{
"name": "SoftlayerDetector"
},
{
"name": "SquareOAuthDetector"
},
{
"name": "StripeDetector"
},
{
"name": "TwilioKeyDetector"
}
],
"results": {
"README.md": [
{
"hashed_secret": "93fcbf4c3221f6e6fc21e07ec6e87ad94e60bd26",
"is_secret": false,
"is_verified": false,
"line_number": 35,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "0b60828897517e2b8013af62b288e055bf0d095d",
"is_secret": false,
"is_verified": false,
"line_number": 126,
"type": "Secret Keyword",
"verified_result": null
}
],
"example_cycle_test.go": [
{
"hashed_secret": "f75b33f87ffeacb3a4f793a09693e672e07449ff",
"is_secret": false,
"is_verified": false,
"line_number": 27,
"type": "Secret Keyword",
"verified_result": null
}
],
"example_test.go": [
{
"hashed_secret": "e80b5f30389f2162470fe780e27b90146e5fb0ca",
"is_secret": false,
"is_verified": false,
"line_number": 81,
"type": "Base64 High Entropy String",
"verified_result": null
},
{
"hashed_secret": "75d5cc62475c1ed3db14215d819514749ae25f53",
"is_secret": false,
"is_verified": false,
"line_number": 181,
"type": "Secret Keyword",
"verified_result": null
}
],
"iam/iam.go": [
{
"hashed_secret": "f75b33f87ffeacb3a4f793a09693e672e07449ff",
"is_secret": false,
"is_verified": false,
"line_number": 51,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "3e4bdbe0b80e63c22b178576e906810777387b50",
"is_secret": false,
"is_verified": false,
"line_number": 120,
"type": "Secret Keyword",
"verified_result": null
}
],
"integration_test.go": [
{
"hashed_secret": "f75b33f87ffeacb3a4f793a09693e672e07449ff",
"is_secret": false,
"is_verified": false,
"line_number": 57,
"type": "Secret Keyword",
"verified_result": null
}
],
"kp_test.go": [
{
"hashed_secret": "11634ea6495b17ca913d24b49dca32b40e491dc0",
"is_secret": false,
"is_verified": false,
"line_number": 44,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "9f4ed0cc38e03da4c3caf3d8500e0af69cfaefd3",
"is_secret": false,
"is_verified": false,
"line_number": 189,
"type": "JSON Web Token",
"verified_result": null
},
{
"hashed_secret": "3e48fe9928e96dde5f50bd5514ccaecc504e378e",
"is_secret": false,
"is_verified": false,
"line_number": 629,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "1db0b23a23282227489c79a9fd31998add2b66f5",
"is_secret": false,
"is_verified": false,
"line_number": 863,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "f7f8eb2ffbd249e8c0e2ce429466c04a6342318b",
"is_secret": false,
"is_verified": false,
"line_number": 986,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "90f826b48e4e4832be16dd63237e7aede72ec384",
"is_secret": false,
"is_verified": false,
"line_number": 1800,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "0599eac7c4ebc38a9fb5407c1cee19877850ff78",
"is_secret": false,
"is_verified": false,
"line_number": 3514,
"type": "Base64 High Entropy String",
"verified_result": null
},
{
"hashed_secret": "4a8f6f853d71b777faef1c0f50d59df808f377a7",
"is_secret": false,
"is_verified": false,
"line_number": 4019,
"type": "Base64 High Entropy String",
"verified_result": null
},
{
"hashed_secret": "8ee338cf3361b4fbd663c51393c44ea685e7e31b",
"is_secret": false,
"is_verified": false,
"line_number": 4020,
"type": "Base64 High Entropy String",
"verified_result": null
},
{
"hashed_secret": "7200008cccd3ebe5eb314c7ce57bbe95113e11ff",
"is_secret": false,
"is_verified": false,
"line_number": 4055,
"type": "Base64 High Entropy String",
"verified_result": null
},
{
"hashed_secret": "7056dab9fea569e2fcb5122c763bfe90d3fa8204",
"is_secret": false,
"is_verified": false,
"line_number": 4523,
"type": "Base64 High Entropy String",
"verified_result": null
},
{
"hashed_secret": "54b1ab73986eecb14a1839184e4b51ce9668b35e",
"is_secret": false,
"is_verified": false,
"line_number": 4568,
"type": "Base64 High Entropy String",
"verified_result": null
}
],
"policy.go": [
{
"hashed_secret": "6a361a4e087eab69b48211aecc712bdc3403b2eb",
"is_secret": false,
"is_verified": false,
"line_number": 335,
"type": "Secret Keyword",
"verified_result": null
}
]
},
"version": "0.13.1+ibm.52.dss",
"word_list": {
"file": null,
"hash": null
}
}

5
vendor/github.com/IBM/keyprotect-go-client/.travis.yml generated vendored
View File

@ -2,8 +2,9 @@ language: go
dist: xenial
go:
- 1.14.x
- 1.15.x
- 1.17.x
- 1.18.x
- 1.19.x
env:
- GO111MODULE=on

176
vendor/github.com/IBM/keyprotect-go-client/README.md generated vendored
View File

@ -113,6 +113,31 @@ fmt.Println(key.ID, key.Name)
crkID := key.ID
```
### Generating a root key with policy overrides (CRK)
```go
enable := true
// Specify policy data
policy := kp.Policy{
Rotation: &kp.Rotation{
Enabled: &enable,
Interval: 3,
},
DualAuth: &kp.DualAuth{
Enabled: &enable,
},
}
// Create a root key named MyRootKey with a rotation and a dualAuthDelete policy
key, err := client.CreateRootKeyWithPolicyOverrides(ctx, "MyRootKey", nil, nil, policy)
if err != nil {
fmt.Println(err)
}
fmt.Println(key.ID, key.Name)
crkID := key.ID
```
### Wrapping and Unwrapping a DEK using a specific Root Key.
```go
@ -171,7 +196,51 @@ dek = nil
// Save the wrapped DEK for later. Call Unwrap to use it, make
// sure to specify the same AAD.
```
### Fetching List Key Versions With Parameters.
### Fetching keys based on query parameters
```go
limit := uint32(5)
offset := uint32(0)
extractable := false
keyStates := []kp.KeyState{kp.KeyState(kp.Active), kp.KeyState(kp.Suspended)}
searchStr := "foobar"
searchQuery, _ := kp.GetKeySearchQuery(&searchStr, kp.ApplyNot(), kp.AddAliasScope())
listKeysOptions := &kp.ListKeysOptions{
Limit : &limit,
Offset : &offset,
Extractable : &extractable,
State : keyStates,
Search: searchQuery,
}
keys, err := client.ListKeys(ctx, listKeysOptions)
if err != nil {
fmt.Println(err)
}
fmt.Println(keys)
```
### Fetching keys in ascending or descending sorted order of parameters
```go
srtStr, _ := kp.GetKeySortStr(kp.WithCreationDate(), WithImportedDesc())
listKeysOptions := &kp.ListKeysOptions{
Sort:srtStr,
}
keys, err := client.ListKeys(ctx, listKeysOptions)
if err != nil {
fmt.Println(err)
}
fmt.Println(keys)
```
For more information about KeySearch visit: https://cloud.ibm.com/apidocs/key-protect#kp-get-key-search-api
### Fetching key versions based on query parameters
```go
@ -192,20 +261,57 @@ if err != nil {
fmt.Println(keyVersions)
```
### Fetching List Key With Parameters.
### Enable instance rotation policy
```go
limit := uint32(5)
offset := uint32(0)
extractable := false
keyStates := []kp.KeyState{kp.KeyState(kp.Active), kp.KeyState(kp.Suspended)}
intervalMonth := 3
enable := true
err := client.SetRotationInstancePolicy(context.Background(), enable, &intervalMonth)
if err != nil {
fmt.Println(err)
}
rotationInstancePolicy, err := client.GetRotationInstancePolicy(context.Background())
if err != nil {
fmt.Println(err)
}
fmt.Println(rotationInstancePolicy)
```
### Set key rotation policy
```go
rotationInterval := 3
enabled := true
keyRotationPolicy, err := client.SetRotationPolicy(context.Background(), "key_id_or_alias", rotationInterval, enabled)
if err != nil {
fmt.Println(err)
}
fmt.Println(keyRotationPolicy)
```
### Enable key rotation policy
```go
keyRotationPolicy, err := client.EnableRotationPolicy(context.Background(), "key_id_or_alias")
if err != nil {
fmt.Println(err)
}
fmt.Println(keyRotationPolicy)
```
### List keys based on filter properties
```go
// Option-1 - Directly passing the filter query in the format that the API supports.
filterQuery := "creationDate=gt:\"2022-07-05T00:00:00Z\" state=1,5 extractable=false"
listKeysOptions := &kp.ListKeysOptions{
Limit : &limit,
Offset : &offset,
Extractable : &extractable,
State : keyStates,
Filter:&filterQuery,
}
keys, err := client.ListKeys(ctx, listKeysOptions)
@ -213,15 +319,18 @@ if err != nil {
fmt.Println(err)
}
fmt.Println(keys)
```
### Fetching List Key In Sorted Ascending Order Based On Paramaeters.
// Option-2 - Using the builder provided by SDK to construct the filter query
fb := kp.GetFilterQueryBuilder()
dateQ := time.Date(2022, 07, 04, 07, 43, 23, 100, time.UTC)
```go
srtStr, _ := kp.GetKeySortStr(kp.WithCreationDate(), kp.WithImported())
filterQuery := fb.CreationDate().GreaterThan(dateQ).
State([]kp.KeyState{kp.KeyState(kp.Destroyed), kp.KeyState(kp.Active)}).
Extractable(true).
Build()
listKeysOptions := &kp.ListKeysOptions{
Sort:srtStr,
Filter:&filterQuery,
}
keys, err := client.ListKeys(ctx, listKeysOptions)
@ -230,40 +339,3 @@ if err != nil {
}
fmt.Println(keys)
```
### Fetching List Key In Sorted Descending Order Based On Paramaeters.
```go
srtStr, _ := GetKeySortStr(WithCreationDateDesc(), WithImportedDesc())
listKeysOptions := &ListKeysOptions{
Sort: srtStr,
}
keys, err := client.ListKeys(ctx, listKeysOptions)
if err != nil {
fmt.Println(err)
}
fmt.Println(keys)
```
For more information about KeySearch visit: https://cloud.ibm.com/apidocs/key-protect#kp-get-key-search-api
### Using Search functionality in list Keys API
```go
searchStr := "foobar"
srcStr2, _ := kp.GetKeySearchQuery(&searchStr, kp.ApplyNot(), kp.AddAliasScope())
listKeysOptions := &kp.ListKeysOptions{
Search: srcStr2,
}
keys, err := client.ListKeys(ctx, listKeysOptions)
if err != nil {
fmt.Println(err)
}
fmt.Println(keys)
```

91
vendor/github.com/IBM/keyprotect-go-client/instances.go generated vendored
View File

@ -17,14 +17,12 @@ package kp
import (
"context"
"fmt"
"net/http"
"net/url"
"time"
)
const (
// DualAuthDelete defines the policy type as dual auth delete
DualAuthDelete = "dualAuthDelete"
// AllowedNetwork defines the policy type as allowed network
AllowedNetwork = "allowedNetwork"
@ -44,7 +42,6 @@ const (
EnforceToken = "EnforceToken"
)
// InstancePolicy represents a instance-level policy of a key as returned by the KP API.
// this policy enables dual authorization for deleting a key
type InstancePolicy struct {
@ -62,7 +59,7 @@ type PolicyData struct {
Attributes *Attributes `json:"attributes,omitempty"`
}
// Attributes contains the detals of allowed network policy type
// Attributes contains the details of an instance policy
type Attributes struct {
AllowedNetwork *string `json:"allowed_network,omitempty"`
AllowedIP IPAddresses `json:"allowed_ip,omitempty"`
@ -71,6 +68,7 @@ type Attributes struct {
ImportRootKey *bool `json:"import_root_key,omitempty"`
ImportStandardKey *bool `json:"import_standard_key,omitempty"`
EnforceToken *bool `json:"enforce_token,omitempty"`
IntervalMonth *int `json:"interval_month,omitempty"`
}
// IPAddresses ...
@ -154,7 +152,7 @@ func (c *Client) GetKeyCreateImportAccessInstancePolicy(ctx context.Context) (*I
}
func (c *Client) getInstancePolicy(ctx context.Context, policyType string, policyResponse *InstancePolicies) error {
req, err := c.newRequest("GET", "instance/policies", nil)
req, err := c.newRequest(http.MethodGet, "instance/policies", nil)
if err != nil {
return err
}
@ -185,11 +183,26 @@ func (c *Client) GetMetricsInstancePolicy(ctx context.Context) (*InstancePolicy,
return &policyResponse.Policies[0], nil
}
// GetRotationInstancePolicy retrieves the rotation policy details associated with the instance
func (c *Client) GetRotationInstancePolicy(ctx context.Context) (*InstancePolicy, error) {
policyResponse := InstancePolicies{}
err := c.getInstancePolicy(ctx, RotationPolicy, &policyResponse)
if err != nil {
return nil, err
}
if len(policyResponse.Policies) == 0 {
return nil, nil
}
return &policyResponse.Policies[0], nil
}
// GetInstancePolicies retrieves all policies of an Instance.
func (c *Client) GetInstancePolicies(ctx context.Context) ([]InstancePolicy, error) {
policyresponse := InstancePolicies{}
req, err := c.newRequest("GET", "instance/policies", nil)
req, err := c.newRequest(http.MethodGet, "instance/policies", nil)
if err != nil {
return nil, err
}
@ -203,7 +216,7 @@ func (c *Client) GetInstancePolicies(ctx context.Context) ([]InstancePolicy, err
}
func (c *Client) setInstancePolicy(ctx context.Context, policyType string, policyRequest InstancePolicies) error {
req, err := c.newRequest("PUT", "instance/policies", &policyRequest)
req, err := c.newRequest(http.MethodPut, "instance/policies", &policyRequest)
if err != nil {
return err
}
@ -242,6 +255,49 @@ func (c *Client) SetDualAuthInstancePolicy(ctx context.Context, enable bool) err
return err
}
func addRotationInstancePolicyData(enable bool, intervalMonth *int) (InstancePolicy, error) {
rotationPolicyData := InstancePolicy{
PolicyType: RotationPolicy,
PolicyData: PolicyData{
Enabled: &enable,
},
}
if enable && intervalMonth == nil {
return InstancePolicy{}, fmt.Errorf("Interval Month is required to enable rotation instance policy")
} else if !enable && intervalMonth != nil {
return InstancePolicy{}, fmt.Errorf("Interval Month should only be provided if the policy is being enabled")
} else if intervalMonth != nil {
rotationPolicyData.PolicyData.Attributes = &Attributes{
IntervalMonth: intervalMonth,
}
}
return rotationPolicyData, nil
}
// SetRotationInstancePolicy updates the rotation instance policy details associated with an instance.
func (c *Client) SetRotationInstancePolicy(ctx context.Context, enable bool, intervalMonth *int) error {
rotationPolicyData, err := addRotationInstancePolicyData(enable, intervalMonth)
if err != nil {
return err
}
policyRequest := InstancePolicies{
Metadata: PoliciesMetadata{
CollectionType: policyType,
NumberOfPolicies: 1,
},
Policies: []InstancePolicy{rotationPolicyData},
}
err = c.setInstancePolicy(ctx, RotationPolicy, policyRequest)
return err
}
// SetAllowedIPInstancePolices updates the allowed IP instance policy details associated with an instance.
// For more information can refet to the Key Protect docs in the link below:
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-allowed-ip
@ -402,6 +458,11 @@ type KeyCreateImportAccessInstancePolicy struct {
EnforceToken bool
}
type RotationPolicyData struct {
Enabled bool
IntervalMonth *int
}
// MultiplePolicies defines the input for the SetInstancPolicies method that can hold multiple policy details
type MultiplePolicies struct {
DualAuthDelete *BasicPolicyData
@ -409,6 +470,7 @@ type MultiplePolicies struct {
AllowedIP *AllowedIPPolicyData
Metrics *BasicPolicyData
KeyCreateImportAccess *KeyCreateImportAccessInstancePolicy
Rotation *RotationPolicyData
}
// SetInstancePolicies updates single or multiple policy details of an instance.
@ -489,6 +551,15 @@ func (c *Client) SetInstancePolicies(ctx context.Context, policies MultiplePolic
resPolicies = append(resPolicies, policy)
}
if policies.Rotation != nil {
policy, err := addRotationInstancePolicyData(policies.Rotation.Enabled, policies.Rotation.IntervalMonth)
if err != nil {
return err
}
resPolicies = append(resPolicies, policy)
}
policyRequest := InstancePolicies{
Metadata: PoliciesMetadata{
CollectionType: policyType,
@ -499,7 +570,7 @@ func (c *Client) SetInstancePolicies(ctx context.Context, policies MultiplePolic
policyresponse := Policies{}
req, err := c.newRequest("PUT", "instance/policies", &policyRequest)
req, err := c.newRequest(http.MethodPut, "instance/policies", &policyRequest)
if err != nil {
return err
}
@ -526,7 +597,7 @@ type privatePort struct {
func (c *Client) GetAllowedIPPrivateNetworkPort(ctx context.Context) (int, error) {
var portResponse portResponse
req, err := c.newRequest("GET", "instance/allowed_ip_port", nil)
req, err := c.newRequest(http.MethodGet, "instance/allowed_ip_port", nil)
if err != nil {
return 0, err
}

79
vendor/github.com/IBM/keyprotect-go-client/keys.go generated vendored
View File

@ -19,6 +19,7 @@ import (
"encoding/base64"
"fmt"
"log"
"net/http"
"net/url"
"strconv"
"time"
@ -33,6 +34,8 @@ const (
var (
preferHeaders = []string{"return=minimal", "return=representation"}
keysPath = "keys"
keysWithPolicyOverridesPath = "keys_with_policy_overrides"
)
// PreferReturn designates the value for the "Prefer" header.
@ -80,6 +83,7 @@ type Key struct {
PurgeAllowedFrom *time.Time `json:"purgeAllowedFrom,omitempty"`
PurgeScheduledOn *time.Time `json:"purgeScheduledOn,omitempty"`
DualAuthDelete *DualAuth `json:"dualAuthDelete,omitempty"`
Rotation *Rotation `json:"rotation,omitempty"`
}
// KeysMetadata represents the metadata of a collection of keys.
@ -129,14 +133,14 @@ func (c *Client) CreateKey(ctx context.Context, name string, expiration *time.Ti
// CreateImportedKey creates a new KP key from the given key material.
func (c *Client) CreateImportedKey(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool) (*Key, error) {
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, nil, AlgorithmRSAOAEP256)
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, nil, AlgorithmRSAOAEP256, nil)
return c.createKey(ctx, key)
}
// CreateImportedKeyWithSHA1 creates a new KP key from the given key material
// using RSAES OAEP SHA 1 as encryption algorithm.
func (c *Client) CreateImportedKeyWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1)
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, nil)
return c.createKey(ctx, key)
}
@ -179,11 +183,11 @@ func (c *Client) CreateKeyWithAliases(ctx context.Context, name string, expirati
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-root-keys#import-root-key-api
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-import-standard-keys#import-standard-key-gui
func (c *Client) CreateImportedKeyWithAliases(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string) (*Key, error) {
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256)
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, nil)
return c.createKey(ctx, key)
}
func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, encryptionAlgorithm string) Key {
func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, encryptionAlgorithm string, policy *Policy) Key {
key := Key{
Name: name,
Type: keyType,
@ -205,10 +209,23 @@ func (c *Client) createKeyTemplate(ctx context.Context, name string, expiration
key.Expiration = expiration
}
if policy != nil {
key.Rotation = policy.Rotation
key.DualAuthDelete = policy.DualAuth
}
return key
}
func (c *Client) createKey(ctx context.Context, key Key) (*Key, error) {
return c.createKeyResource(ctx, key, keysPath)
}
func (c *Client) createKeyWithPolicyOverrides(ctx context.Context, key Key) (*Key, error) {
return c.createKeyResource(ctx, key, keysWithPolicyOverridesPath)
}
func (c *Client) createKeyResource(ctx context.Context, key Key, path string) (*Key, error) {
keysRequest := Keys{
Metadata: KeysMetadata{
CollectionType: keyType,
@ -217,11 +234,10 @@ func (c *Client) createKey(ctx context.Context, key Key) (*Key, error) {
Keys: []Key{key},
}
req, err := c.newRequest("POST", "keys", &keysRequest)
req, err := c.newRequest(http.MethodPost, path, &keysRequest)
if err != nil {
return nil, err
}
keysResponse := Keys{}
if _, err := c.do(ctx, req, &keysResponse); err != nil {
return nil, err
@ -260,6 +276,57 @@ func (c *Client) SetKeyRing(ctx context.Context, idOrAlias, newKeyRingID string)
return &response.Keys[0], nil
}
// CreateImportedKeyWithPolicyOverridesWithSHA1 creates a new KP key with policy overrides from the given key material
// and key policy details using RSAES OAEP SHA 1 as encryption algorithm.
func (c *Client) CreateImportedKeyWithPolicyOverridesWithSHA1(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
/*
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
*/
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
policy.Rotation.Interval = -1
}
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP1, &policy)
return c.createKeyWithPolicyOverrides(ctx, key)
}
// CreateKeyWithPolicyOverrides creates a new KP key with given key policy details
func (c *Client) CreateKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, extractable bool, aliases []string, policy Policy) (*Key, error) {
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, "", "", "", extractable, aliases, policy)
}
// CreateImportedKeyWithPolicyOverrides creates a new Imported KP key from the given key material and with given key policy details
func (c *Client) CreateImportedKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool, aliases []string, policy Policy) (*Key, error) {
/*
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling so that we can get correct error msg from REST API saying interval_month should be between 1 to 12 Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
*/
if policy.Rotation != nil && policy.Rotation.Interval == 0 {
policy.Rotation.Interval = -1
}
key := c.createKeyTemplate(ctx, name, expiration, payload, encryptedNonce, iv, extractable, aliases, AlgorithmRSAOAEP256, &policy)
return c.createKeyWithPolicyOverrides(ctx, key)
}
// CreateRootKeyWithPolicyOverrides creates a new, non-extractable key resource without key material and with given key policy details
func (c *Client) CreateRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, false, aliases, policy)
}
// CreateStandardKeyWithPolicyOverrides creates a new, extractable key resource without key material and with given key policy details
func (c *Client) CreateStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, aliases []string, policy Policy) (*Key, error) {
return c.CreateKeyWithPolicyOverrides(ctx, name, expiration, true, aliases, policy)
}
// CreateImportedRootKeyWithPolicyOverrides creates a new, non-extractable key resource with the given key material and with given key policy details
func (c *Client) CreateImportedRootKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, aliases []string, policy Policy) (*Key, error) {
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, encryptedNonce, iv, false, aliases, policy)
}
// CreateImportedStandardKeyWithPolicyOverrides creates a new, extractable key resource with the given key material and with given key policy details
func (c *Client) CreateImportedStandardKeyWithPolicyOverrides(ctx context.Context, name string, expiration *time.Time, payload string, aliases []string, policy Policy) (*Key, error) {
return c.CreateImportedKeyWithPolicyOverrides(ctx, name, expiration, payload, "", "", true, aliases, policy)
}
// GetKeys retrieves a collection of keys that can be paged through.
func (c *Client) GetKeys(ctx context.Context, limit int, offset int) (*Keys, error) {
if limit == 0 {

99
vendor/github.com/IBM/keyprotect-go-client/listkeys.go generated vendored
View File

@ -20,6 +20,7 @@ import (
"fmt"
"strconv"
"strings"
"time"
)
//ListKeysOptions struct to add the query parameters for the List Keys function
@ -30,6 +31,7 @@ type ListKeysOptions struct {
State []KeyState
Sort *string
Search *string
Filter *string
}
// ListKeys retrieves a list of keys that are stored in your Key Protect service instance.
@ -67,6 +69,9 @@ func (c *Client) ListKeys(ctx context.Context, listKeysOptions *ListKeysOptions)
if listKeysOptions.Sort != nil {
values.Set("sort", fmt.Sprint(*listKeysOptions.Sort))
}
if listKeysOptions.Filter != nil {
values.Set("filter", fmt.Sprint(*listKeysOptions.Filter))
}
req.URL.RawQuery = values.Encode()
}
@ -211,3 +216,97 @@ func AddAliasScope() SearchOpts {
func AddKeyNameScope() SearchOpts {
return buildSearcOpts("name")
}
// Filter related functions
type filterQuery struct {
queryStr string
}
type FilterQueryBuilder struct {
filterQueryString filterQuery
}
func GetFilterQueryBuilder() *FilterQueryBuilder {
return &FilterQueryBuilder{filterQuery{queryStr: ""}}
}
func (fq *FilterQueryBuilder) Build() string {
return fq.filterQueryString.queryStr
}
func (fq *FilterQueryBuilder) CreationDate() *FilterQueryBuilder {
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " creationDate="
return fq
}
func (fq *FilterQueryBuilder) ExpirationDate() *FilterQueryBuilder {
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " expirationDate="
return fq
}
func (fq *FilterQueryBuilder) LastRotationDate() *FilterQueryBuilder {
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " lastRotateDate="
return fq
}
func (fq *FilterQueryBuilder) DeletionDate() *FilterQueryBuilder {
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " deletionDate="
return fq
}
func (fq *FilterQueryBuilder) LastUpdateDate() *FilterQueryBuilder {
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + " lastUpdateDate="
return fq
}
func (fq *FilterQueryBuilder) State(states []KeyState) *FilterQueryBuilder {
str := " state="
for _, val := range states {
str += strconv.Itoa(int(val)) + ","
}
// remove the extra comma appended at the end of the string
str = strings.TrimSuffix(str, ",")
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + str
return fq
}
func (fq *FilterQueryBuilder) Extractable(val bool) *FilterQueryBuilder {
extractable := " extractable=" + strconv.FormatBool(val)
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + extractable
return fq
}
func (fq *FilterQueryBuilder) GreaterThan(dateInput time.Time) *FilterQueryBuilder {
date := dateInput.Format(time.RFC3339Nano)
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "gt:" + "\"" + date + "\""
return fq
}
func (fq *FilterQueryBuilder) GreaterThanOrEqual(dateInput time.Time) *FilterQueryBuilder {
date := dateInput.Format(time.RFC3339Nano)
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "gte:" + "\"" + date + "\""
return fq
}
func (fq *FilterQueryBuilder) LessThan(dateInput time.Time) *FilterQueryBuilder {
date := dateInput.Format(time.RFC3339Nano)
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "lt:" + "\"" + date + "\""
return fq
}
func (fq *FilterQueryBuilder) LessThanOrEqual(dateInput time.Time) *FilterQueryBuilder {
date := dateInput.Format(time.RFC3339Nano)
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "lte:" + "\"" + date + "\""
return fq
}
func (fq *FilterQueryBuilder) Equal(dateInput time.Time) *FilterQueryBuilder {
date := dateInput.Format(time.RFC3339Nano)
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "\"" + date + "\""
return fq
}
func (fq *FilterQueryBuilder) None() *FilterQueryBuilder {
fq.filterQueryString.queryStr = fq.filterQueryString.queryStr + "none"
return fq
}

59
vendor/github.com/IBM/keyprotect-go-client/policy.go generated vendored
View File

@ -22,9 +22,13 @@ import (
)
const (
policyType = "application/vnd.ibm.kms.policy+json"
// DualAuthDelete defines the policy type as dual auth delete
DualAuthDelete = "dualAuthDelete"
//RotationPolicy defines the policy type as rotation
RotationPolicy = "rotation"
policyType = "application/vnd.ibm.kms.policy+json"
)
// Policy represents a policy as returned by the KP API.
@ -40,6 +44,7 @@ type Policy struct {
}
type Rotation struct {
Enabled *bool `json:"enabled,omitempty"`
Interval int `json:"interval_month,omitempty"`
}
@ -152,7 +157,7 @@ func (c *Client) getPolicy(ctx context.Context, id, policyType string, policyres
return err
}
// GetRotationPolivy method retrieves rotation policy details of a key
// GetRotationPolicy method retrieves rotation policy details of a key
// For more information can refet the Key Protect docs in the link below:
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-rotation-policy#view-rotation-policy-api
func (c *Client) GetRotationPolicy(ctx context.Context, idOrAlias string) (*Policy, error) {
@ -207,13 +212,11 @@ func (c *Client) setPolicy(ctx context.Context, idOrAlias, policyType string, po
return &policyresponse, nil
}
// SetRotationPolicy updates the rotation policy associated with a key by specifying key ID or alias and rotation interval.
// For more information can refer the Key Protect docs in the link below:
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-rotation-policy#update-rotation-policy-api
func (c *Client) SetRotationPolicy(ctx context.Context, idOrAlias string, rotationInterval int) (*Policy, error) {
func (c *Client) setKeyRotationPolicy(ctx context.Context, idOrAlias string, enable *bool, rotationInterval int) (*Policy, error) {
policy := Policy{
Type: policyType,
Rotation: &Rotation{
Enabled: enable,
Interval: rotationInterval,
},
}
@ -238,6 +241,35 @@ func (c *Client) SetRotationPolicy(ctx context.Context, idOrAlias string, rotati
return &policyresponse.Policies[0], nil
}
func (c *Client) EnableRotationPolicy(ctx context.Context, idOrAlias string) (*Policy, error) {
enabled := true
return c.setKeyRotationPolicy(ctx, idOrAlias, &enabled, 0)
}
func (c *Client) DisableRotationPolicy(ctx context.Context, idOrAlias string) (*Policy, error) {
enabled := false
return c.setKeyRotationPolicy(ctx, idOrAlias, &enabled, 0)
}
// SetRotationPolicy updates the rotation policy associated with a key by specifying key ID or alias and rotation interval.
// For more information can refer the Key Protect docs in the link below:
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-rotation-policy#update-rotation-policy-api
func (c *Client) SetRotationPolicy(ctx context.Context, idOrAlias string, rotationInterval int, enabled ...bool) (*Policy, error) {
/*
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling
so that we can get correct error msg from REST API saying interval_month should be between 1 to 12
Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
*/
if rotationInterval == 0 {
rotationInterval = -1
}
var enable *bool
if enabled != nil {
enable = &enabled[0]
}
return c.setKeyRotationPolicy(ctx, idOrAlias, enable, rotationInterval)
}
// SetDualAuthDeletePolicy updates the dual auth delete policy by passing the key ID or alias and enable detail
// For more information can refer the Key Protect docs in the link below:
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-set-dual-auth-key-policy#create-dual-auth-key-policy-api
@ -273,12 +305,25 @@ func (c *Client) SetDualAuthDeletePolicy(ctx context.Context, idOrAlias string,
// To set rotation policy for the key pass the setRotationPolicy parameter as true and set the rotationInterval detail.
// To set dual auth delete policy for the key pass the setDualAuthDeletePolicy parameter as true and set the dualAuthEnable detail.
// Both the policies can be set or either of the policies can be set.
func (c *Client) SetPolicies(ctx context.Context, idOrAlias string, setRotationPolicy bool, rotationInterval int, setDualAuthDeletePolicy, dualAuthEnable bool) ([]Policy, error) {
func (c *Client) SetPolicies(ctx context.Context, idOrAlias string, setRotationPolicy bool, rotationInterval int, setDualAuthDeletePolicy, dualAuthEnable bool, rotationEnable ...bool) ([]Policy, error) {
/*
Setting the value of rotationInterval to -1 in case user passes 0 value as we want to retain the param `interval_month` after marshalling
so that we can get correct error msg from REST API saying interval_month should be between 1 to 12
Otherwise the param would not be sent to REST API in case of value 0 and it would throw error saying interval_month is missing
*/
if rotationInterval == 0 {
rotationInterval = -1
}
var enable *bool
if rotationEnable != nil {
enable = &rotationEnable[0]
}
policies := []Policy{}
if setRotationPolicy {
rotationPolicy := Policy{
Type: policyType,
Rotation: &Rotation{
Enabled: enable,
Interval: rotationInterval,
},
}

2
vendor/modules.txt vendored
View File

@ -1,4 +1,4 @@
# github.com/IBM/keyprotect-go-client v0.8.1
# github.com/IBM/keyprotect-go-client v0.9.0
## explicit; go 1.15
github.com/IBM/keyprotect-go-client
github.com/IBM/keyprotect-go-client/iam