diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index a6671c7..bf0db19 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -21,7 +21,6 @@ jobs: run: | echo "${{secrets.CERTIFICATE}}" > tls.crt echo "${{secrets.PRIVATE_KEY}}" > tls.key - cat > okms.yaml <<-EOF version: 1 profile: default @@ -59,4 +58,3 @@ jobs: ./tests/out/coverage.txt ./tests/out/coverage.html retention-days: 5 - \ No newline at end of file diff --git a/cmd/okms/keys/keys.go b/cmd/okms/keys/keys.go index 54d02d1..375ebc7 100644 --- a/cmd/okms/keys/keys.go +++ b/cmd/okms/keys/keys.go @@ -43,9 +43,9 @@ func newListServiceKeysCmd() *cobra.Command { } // Let's list all the keys by putting them all in memory. The memory is not an issue, unless a domain has hundreds of thousands of keys // Filter keys by activation state - stateFilter := types.Active + stateFilter := types.KeyStatesActive if listAll { - stateFilter = types.All + stateFilter = types.KeyStatesAll } for key, err := range common.Client().ListAllServiceKeys(&keysPageSize, &stateFilter).Iter(cmd.Context()) { exit.OnErr(err) diff --git a/cmd/okms/secrets/config.go b/cmd/okms/secrets/config.go index d820856..d33464b 100644 --- a/cmd/okms/secrets/config.go +++ b/cmd/okms/secrets/config.go @@ -1,5 +1,3 @@ -//go:build unstable - package secrets import ( @@ -54,7 +52,7 @@ func kvReadConfigCommand() *cobra.Command { func kvWriteConfigCommand() *cobra.Command { var ( casRequired bool - maxVersions int32 + maxVersions uint32 deleteVersionAfter string ) @@ -73,7 +71,7 @@ func kvWriteConfigCommand() *cobra.Command { d = &deleteVersionAfter } - var m *int32 + var m *uint32 if cmd.Flag("max-versions").Changed { m = &maxVersions } @@ -89,7 +87,7 @@ func kvWriteConfigCommand() *cobra.Command { } cmd.Flags().BoolVar(&casRequired, "cas-required", false, "If true all keys will require the cas parameter to be set on all write requests.") - cmd.Flags().Int32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ") + cmd.Flags().Uint32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ") cmd.Flags().StringVar(&deleteVersionAfter, "delete-after", "0s", "If set, specifies the length of time before a version is deleted.\nDate format, see: https://developer.hashicorp.com/vault/docs/concepts/duration-format") return cmd } diff --git a/cmd/okms/secrets/metadata.go b/cmd/okms/secrets/metadata.go index 508178b..18fc0cc 100644 --- a/cmd/okms/secrets/metadata.go +++ b/cmd/okms/secrets/metadata.go @@ -1,5 +1,3 @@ -//go:build unstable - package secrets import ( @@ -112,7 +110,7 @@ func kvGetMetadataCommand() *cobra.Command { func kvPutMetadataCommand() *cobra.Command { var ( casRequired bool - maxVersions int32 + maxVersions uint32 deleteVersionAfter string customMetadata map[string]string ) @@ -132,34 +130,24 @@ func kvPutMetadataCommand() *cobra.Command { d = &deleteVersionAfter } - var m *int32 + var m *uint32 if cmd.Flag("max-versions").Changed { m = &maxVersions } - var cm *map[string]interface{} - if len(customMetadata) > 0 { - tmp := make(map[string]interface{}) - cm = &tmp - for k, v := range customMetadata { - (*cm)[k] = v - } - } - body := types.SecretUpdatableMetadata{ CasRequired: c, DeleteVersionAfter: d, MaxVersions: m, - CustomMetadata: new(any), + CustomMetadata: &customMetadata, } - *body.CustomMetadata = cm exit.OnErr(common.Client().PostSecretMetadata(cmd.Context(), args[0], body)) }, } cmd.Flags().BoolVar(&casRequired, "cas-required", false, "If true all keys will require the cas parameter to be set on all write requests.") - cmd.Flags().Int32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ") + cmd.Flags().Uint32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ") cmd.Flags().StringVar(&deleteVersionAfter, "delete-after", "0s", "If set, specifies the length of time before a version is deleted.\nDate format, see: https://developer.hashicorp.com/vault/docs/concepts/duration-format") cmd.Flags().StringToStringVar(&customMetadata, "custom-metadata", map[string]string{}, "Specifies arbitrary version-agnostic key=value metadata meant to describe a secret.\nThis can be specified multiple times to add multiple pieces of metadata.") return cmd @@ -168,7 +156,7 @@ func kvPutMetadataCommand() *cobra.Command { func kvPatchMetadataCommand() *cobra.Command { var ( casRequired bool - maxVersions int32 + maxVersions uint32 deleteVersionAfter string customMetadata map[string]string ) @@ -188,34 +176,24 @@ func kvPatchMetadataCommand() *cobra.Command { d = &deleteVersionAfter } - var m *int32 + var m *uint32 if cmd.Flag("max-versions").Changed { m = &maxVersions } - var cm *map[string]interface{} - if len(customMetadata) > 0 { - tmp := make(map[string]interface{}) - cm = &tmp - for k, v := range customMetadata { - (*cm)[k] = v - } - } - body := types.SecretUpdatableMetadata{ CasRequired: c, DeleteVersionAfter: d, MaxVersions: m, - CustomMetadata: new(any), + CustomMetadata: &customMetadata, } - *body.CustomMetadata = cm exit.OnErr(common.Client().PatchSecretMetadata(cmd.Context(), args[0], body)) }, } cmd.Flags().BoolVar(&casRequired, "cas-required", false, "If true all keys will require the cas parameter to be set on all write requests.") - cmd.Flags().Int32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ") + cmd.Flags().Uint32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ") cmd.Flags().StringVar(&deleteVersionAfter, "delete-after", "0s", "If set, specifies the length of time before a version is deleted.\nDate format, see: https://developer.hashicorp.com/vault/docs/concepts/duration-format") cmd.Flags().StringToStringVar(&customMetadata, "custom-metadata", map[string]string{}, "Specifies arbitrary version-agnostic key=value metadata meant to describe a secret.\nThis can be specified multiple times to add multiple pieces of metadata.") return cmd diff --git a/cmd/okms/secrets/root.go b/cmd/okms/secrets/root.go index 11b7791..a148697 100644 --- a/cmd/okms/secrets/root.go +++ b/cmd/okms/secrets/root.go @@ -1,5 +1,3 @@ -//go:build unstable - package secrets import ( diff --git a/cmd/okms/secrets/secrets.go b/cmd/okms/secrets/secrets.go index 3c88c72..d77689f 100644 --- a/cmd/okms/secrets/secrets.go +++ b/cmd/okms/secrets/secrets.go @@ -1,5 +1,3 @@ -//go:build unstable - package secrets import ( @@ -21,7 +19,7 @@ import ( func kvGetCmd() *cobra.Command { var ( - version int32 + version uint32 ) cmd := &cobra.Command{ @@ -29,7 +27,7 @@ func kvGetCmd() *cobra.Command { Short: "Retrieves the value from KMS's key-value store at the given key name", Args: cobra.ExactArgs(1), Run: func(cmd *cobra.Command, args []string) { - var v *int32 + var v *uint32 if version != 0 { v = &version } @@ -56,7 +54,7 @@ func kvGetCmd() *cobra.Command { }, } - cmd.Flags().Int32Var(&version, "version", 0, "If passed, the value at the version number will be returned") + cmd.Flags().Uint32Var(&version, "version", 0, "If passed, the value at the version number will be returned") return cmd } @@ -78,14 +76,14 @@ func kvPutCmd() *cobra.Command { os.Exit(1) } - var c *int32 + var c uint32 if cas != -1 { - c = &cas + c = utils.ToUint32(c) } body := types.PostSecretRequest{ Data: new(any), Options: &types.PostSecretOptions{ - Cas: c, + Cas: &c, }, } @@ -122,14 +120,14 @@ func kvPatchCmd() *cobra.Command { os.Exit(1) } - var c *int32 + var c uint32 if cas != -1 { - c = &cas + c = utils.ToUint32(cas) } body := types.PostSecretRequest{ Data: new(any), Options: &types.PostSecretOptions{ - Cas: c, + Cas: &c, }, } @@ -150,7 +148,7 @@ func kvPatchCmd() *cobra.Command { func kvDeleteCmd() *cobra.Command { var ( - versions []int32 + versions []uint ) cmd := &cobra.Command{ @@ -161,18 +159,18 @@ func kvDeleteCmd() *cobra.Command { if len(versions) == 0 { exit.OnErr(common.Client().DeleteSecretRequest(cmd.Context(), args[0])) } else { - exit.OnErr(common.Client().DeleteSecretVersions(cmd.Context(), args[0], versions)) + exit.OnErr(common.Client().DeleteSecretVersions(cmd.Context(), args[0], utils.ToUint32Array(versions))) } }, } - cmd.Flags().Int32SliceVar(&versions, "versions", []int32{}, "Specifies the version numbers to delete. (Comma separated list of versions)") + cmd.Flags().UintSliceVar(&versions, "versions", []uint{}, "Specifies the version numbers to delete. (Comma separated list of versions)") return cmd } func kvUndeleteCmd() *cobra.Command { var ( - versions []int32 + versions []uint ) cmd := &cobra.Command{ @@ -180,18 +178,18 @@ func kvUndeleteCmd() *cobra.Command { Short: "Undeletes the data for the provided version and path in the key-value store.", Args: cobra.ExactArgs(1), Run: func(cmd *cobra.Command, args []string) { - exit.OnErr(common.Client().PostSecretUndelete(cmd.Context(), args[0], versions)) + exit.OnErr(common.Client().PostSecretUndelete(cmd.Context(), args[0], utils.ToUint32Array(versions))) }, } - cmd.Flags().Int32SliceVar(&versions, "versions", []int32{}, "Specifies the version numbers to delete. (Comma separated list of versions)") + cmd.Flags().UintSliceVar(&versions, "versions", []uint{}, "Specifies the version numbers to delete. (Comma separated list of versions)") _ = cmd.MarkFlagRequired("versions") return cmd } func kvDestroyCmd() *cobra.Command { var ( - versions []int32 + versions []uint ) cmd := &cobra.Command{ @@ -199,19 +197,19 @@ func kvDestroyCmd() *cobra.Command { Short: "Permanently removes the specified versions' data from the key-value store.", Args: cobra.ExactArgs(1), Run: func(cmd *cobra.Command, args []string) { - exit.OnErr(common.Client().PostSecretDestroy(cmd.Context(), args[0], versions)) + exit.OnErr(common.Client().PutSecretDestroy(cmd.Context(), args[0], utils.ToUint32Array(versions))) }, } - cmd.Flags().Int32SliceVar(&versions, "versions", []int32{}, "Specifies the version numbers to delete. (Comma separated list of versions)") + cmd.Flags().UintSliceVar(&versions, "versions", []uint{}, "Specifies the version numbers to delete. (Comma separated list of versions)") _ = cmd.MarkFlagRequired("versions") return cmd } func kvSubkeysCmd() *cobra.Command { var ( - version int32 - depth int32 + version uint32 + depth uint32 ) cmd := &cobra.Command{ @@ -219,12 +217,12 @@ func kvSubkeysCmd() *cobra.Command { Short: "Provides the subkeys within a secret entry that exists at the requested path.", Args: cobra.ExactArgs(1), Run: func(cmd *cobra.Command, args []string) { - var v *int32 + var v *uint32 if cmd.Flag("version").Changed { v = &version } - var d *int32 + var d *uint32 if cmd.Flag("depth").Changed { d = &depth } @@ -251,8 +249,8 @@ func kvSubkeysCmd() *cobra.Command { }, } - cmd.Flags().Int32Var(&version, "version", 0, "The version to return") - cmd.Flags().Int32Var(&depth, "depth", 0, "Deepest nesting level to provide in the output") + cmd.Flags().Uint32Var(&version, "version", 0, "The version to return") + cmd.Flags().Uint32Var(&depth, "depth", 0, "Deepest nesting level to provide in the output") return cmd } diff --git a/common/utils/int.go b/common/utils/int.go index b8166bb..9b53e27 100644 --- a/common/utils/int.go +++ b/common/utils/int.go @@ -28,16 +28,17 @@ func ToUint64[N Integer](n N) uint64 { return uint64(n) } -// func ToUint32[N Integer](n N) uint32 { -// if n < 0 || uint64(n) > math.MaxUint32 { -// panic("Integer overflow") -// } -// return uint32(n) -// } +func ToUint32[N Integer](n N) uint32 { + if n < 0 || uint64(n) > math.MaxUint32 { + panic("Integer overflow") + } + return uint32(n) +} -// func ToUint16[N Integer](n N) uint16 { -// if n < 0 || uint64(n) > math.MaxUint16 { -// panic("Integer overflow") -// } -// return uint16(n) -// } +func ToUint32Array[N Integer](l []N) []uint32 { + var v []uint32 + for _, val := range l { + v = append(v, ToUint32(val)) + } + return v +} diff --git a/go.mod b/go.mod index adeed14..af7876d 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/knadh/koanf/v2 v2.1.2 github.com/olekukonko/tablewriter v0.0.5 github.com/ovh/kmip-go v0.3.3 - github.com/ovh/okms-sdk-go v0.4.3-0.20250312132334-73bb8f020781 + github.com/ovh/okms-sdk-go v0.4.3-0.20250326103329-2a75059822d8 github.com/pterm/pterm v0.12.80 github.com/schollz/progressbar/v3 v3.18.0 github.com/spf13/cobra v1.9.1 diff --git a/go.sum b/go.sum index c440b6f..148e197 100644 --- a/go.sum +++ b/go.sum @@ -107,6 +107,10 @@ github.com/ovh/okms-sdk-go v0.4.2 h1:Vr1HQA0tWoREq5b94Ze2BnG+M1/J87ekWB2/9Cm9wAA github.com/ovh/okms-sdk-go v0.4.2/go.mod h1:qHignKksvZNNywbHvwJCmy5C6Ro1ZZgNKu2PZO7XTJs= github.com/ovh/okms-sdk-go v0.4.3-0.20250312132334-73bb8f020781 h1:6zYOcxm6Zqs0rgpNLtN6a1OnJlwWXmOr4NF+okj5oDM= github.com/ovh/okms-sdk-go v0.4.3-0.20250312132334-73bb8f020781/go.mod h1:qHignKksvZNNywbHvwJCmy5C6Ro1ZZgNKu2PZO7XTJs= +github.com/ovh/okms-sdk-go v0.4.3-0.20250325141909-a44a71a4b427 h1:oUJrxf2kcO/Y/I8wGFMIiP35Of9WHemWKF0uhlSBazY= +github.com/ovh/okms-sdk-go v0.4.3-0.20250325141909-a44a71a4b427/go.mod h1:qHignKksvZNNywbHvwJCmy5C6Ro1ZZgNKu2PZO7XTJs= +github.com/ovh/okms-sdk-go v0.4.3-0.20250326103329-2a75059822d8 h1:Xj2clTOAYD2dQSmHVBoT0SDXK+FHoZqgfx/5aloH7wQ= +github.com/ovh/okms-sdk-go v0.4.3-0.20250326103329-2a75059822d8/go.mod h1:qHignKksvZNNywbHvwJCmy5C6Ro1ZZgNKu2PZO7XTJs= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= diff --git a/tests/keys.yaml b/tests/keys.yaml index 8051f88..fd4cfcc 100644 --- a/tests/keys.yaml +++ b/tests/keys.yaml @@ -230,7 +230,7 @@ testcases: - result.code ShouldEqual 1 - name: Verify RS256 failure type: okms-cmd - args: keys verify --alg RS256 {{ .Create-Keys.rsaKeyId }} "hello world !!!" "bad signature" + args: keys verify --alg RS256 {{ .Create-Keys.rsaKeyId }} "hello world !!!" "YmFkIHNpZ25hdHVyZQo=" assertions: - result.code ShouldEqual 1 - result.systemoutjson ShouldJSONEqual false @@ -283,11 +283,10 @@ testcases: - result.code ShouldEqual 1 - name: Verify ES256 failure type: okms-cmd - args: keys verify --alg ES256 {{ .Create-Keys.ecKeyId }} "hello world !!!" "bad signature" + args: keys verify --alg ES256 {{ .Create-Keys.ecKeyId }} "hello world !!!" "YmFkIHNpZ25hdHVyZQo=" assertions: - result.code ShouldEqual 1 - result.systemoutjson ShouldJSONEqual false - - name: Key export steps: - name: Export AES