ovh · inessebz · Mar 26, 2025 · Mar 12, 2025
@@ -21,7 +21,6 @@ jobs:
         run: |
           echo "${{secrets.CERTIFICATE}}" > tls.crt
           echo "${{secrets.PRIVATE_KEY}}" > tls.key
-
           cat > okms.yaml <<-EOF
           version: 1
           profile: default
@@ -59,4 +58,3 @@ jobs:
             ./tests/out/coverage.txt
             ./tests/out/coverage.html
           retention-days: 5
-
@@ -43,9 +43,9 @@ func newListServiceKeysCmd() *cobra.Command {
 			}
 			// Let's list all the keys by putting them all in memory. The memory is not an issue, unless a domain has hundreds of thousands of keys
 			// Filter keys by activation state
-			stateFilter := types.Active
+			stateFilter := types.KeyStatesActive
 			if listAll {
-				stateFilter = types.All
+				stateFilter = types.KeyStatesAll
 			}
 			for key, err := range common.Client().ListAllServiceKeys(&keysPageSize, &stateFilter).Iter(cmd.Context()) {
 				exit.OnErr(err)

@@ -1,5 +1,3 @@
-//go:build unstable
-
 package secrets
 
 import (
@@ -54,7 +52,7 @@ func kvReadConfigCommand() *cobra.Command {
 func kvWriteConfigCommand() *cobra.Command {
 	var (
 		casRequired        bool
-		maxVersions        int32
+		maxVersions        uint32
 		deleteVersionAfter string
 	)
 
@@ -73,7 +71,7 @@ func kvWriteConfigCommand() *cobra.Command {
 				d = &deleteVersionAfter
 			}
 
-			var m *int32
+			var m *uint32
 			if cmd.Flag("max-versions").Changed {
 				m = &maxVersions
 			}
@@ -89,7 +87,7 @@ func kvWriteConfigCommand() *cobra.Command {
 	}
 
 	cmd.Flags().BoolVar(&casRequired, "cas-required", false, "If true all keys will require the cas parameter to be set on all write requests.")
-	cmd.Flags().Int32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ")
+	cmd.Flags().Uint32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ")
 	cmd.Flags().StringVar(&deleteVersionAfter, "delete-after", "0s", "If set, specifies the length of time before a version is deleted.\nDate format, see: https://developer.hashicorp.com/vault/docs/concepts/duration-format")
 	return cmd
 }
@@ -1,5 +1,3 @@
-//go:build unstable
-
 package secrets
 
 import (
@@ -112,7 +110,7 @@ func kvGetMetadataCommand() *cobra.Command {
 func kvPutMetadataCommand() *cobra.Command {
 	var (
 		casRequired        bool
-		maxVersions        int32
+		maxVersions        uint32
 		deleteVersionAfter string
 		customMetadata     map[string]string
 	)
@@ -132,34 +130,24 @@ func kvPutMetadataCommand() *cobra.Command {
 				d = &deleteVersionAfter
 			}
 
-			var m *int32
+			var m *uint32
 			if cmd.Flag("max-versions").Changed {
 				m = &maxVersions
 			}
 
-			var cm *map[string]interface{}
-			if len(customMetadata) > 0 {
-				tmp := make(map[string]interface{})
-				cm = &tmp
-				for k, v := range customMetadata {
-					(*cm)[k] = v
-				}
-			}
-
 			body := types.SecretUpdatableMetadata{
 				CasRequired:        c,
 				DeleteVersionAfter: d,
 				MaxVersions:        m,
-				CustomMetadata:     new(any),
+				CustomMetadata:     &customMetadata,
 			}
-			*body.CustomMetadata = cm
 
 			exit.OnErr(common.Client().PostSecretMetadata(cmd.Context(), args[0], body))
 		},
 	}
 
 	cmd.Flags().BoolVar(&casRequired, "cas-required", false, "If true all keys will require the cas parameter to be set on all write requests.")
-	cmd.Flags().Int32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ")
+	cmd.Flags().Uint32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ")
 	cmd.Flags().StringVar(&deleteVersionAfter, "delete-after", "0s", "If set, specifies the length of time before a version is deleted.\nDate format, see: https://developer.hashicorp.com/vault/docs/concepts/duration-format")
 	cmd.Flags().StringToStringVar(&customMetadata, "custom-metadata", map[string]string{}, "Specifies arbitrary version-agnostic key=value metadata meant to describe a secret.\nThis can be specified multiple times to add multiple pieces of metadata.")
 	return cmd
@@ -168,7 +156,7 @@ func kvPutMetadataCommand() *cobra.Command {
 func kvPatchMetadataCommand() *cobra.Command {
 	var (
 		casRequired        bool
-		maxVersions        int32
+		maxVersions        uint32
 		deleteVersionAfter string
 		customMetadata     map[string]string
 	)
@@ -188,34 +176,24 @@ func kvPatchMetadataCommand() *cobra.Command {
 				d = &deleteVersionAfter
 			}
 
-			var m *int32
+			var m *uint32
 			if cmd.Flag("max-versions").Changed {
 				m = &maxVersions
 			}
 
-			var cm *map[string]interface{}
-			if len(customMetadata) > 0 {
-				tmp := make(map[string]interface{})
-				cm = &tmp
-				for k, v := range customMetadata {
-					(*cm)[k] = v
-				}
-			}
-
 			body := types.SecretUpdatableMetadata{
 				CasRequired:        c,
 				DeleteVersionAfter: d,
 				MaxVersions:        m,
-				CustomMetadata:     new(any),
+				CustomMetadata:     &customMetadata,
 			}
-			*body.CustomMetadata = cm
 
 			exit.OnErr(common.Client().PatchSecretMetadata(cmd.Context(), args[0], body))
 		},
 	}
 
 	cmd.Flags().BoolVar(&casRequired, "cas-required", false, "If true all keys will require the cas parameter to be set on all write requests.")
-	cmd.Flags().Int32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ")
+	cmd.Flags().Uint32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ")
 	cmd.Flags().StringVar(&deleteVersionAfter, "delete-after", "0s", "If set, specifies the length of time before a version is deleted.\nDate format, see: https://developer.hashicorp.com/vault/docs/concepts/duration-format")
 	cmd.Flags().StringToStringVar(&customMetadata, "custom-metadata", map[string]string{}, "Specifies arbitrary version-agnostic key=value metadata meant to describe a secret.\nThis can be specified multiple times to add multiple pieces of metadata.")
 	return cmd

@@ -1,5 +1,3 @@
-//go:build unstable
-
 package secrets
 
 import (

@@ -1,5 +1,3 @@
-//go:build unstable
-
 package secrets
 
 import (
@@ -21,15 +19,15 @@ import (
 
 func kvGetCmd() *cobra.Command {
 	var (
-		version int32
+		version uint32
 	)
 
 	cmd := &cobra.Command{
 		Use:   "get PATH",
 		Short: "Retrieves the value from KMS's key-value store at the given key name",
 		Args:  cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
-			var v *int32
+			var v *uint32
 			if version != 0 {
 				v = &version
 			}
@@ -56,7 +54,7 @@ func kvGetCmd() *cobra.Command {
 		},
 	}
 
-	cmd.Flags().Int32Var(&version, "version", 0, "If passed, the value at the version number will be returned")
+	cmd.Flags().Uint32Var(&version, "version", 0, "If passed, the value at the version number will be returned")
 	return cmd
 }
 
@@ -78,14 +76,14 @@ func kvPutCmd() *cobra.Command {
 				os.Exit(1)
 			}
 
-			var c *int32
+			var c uint32
 			if cas != -1 {
-				c = &cas
+				c = utils.ToUint32(c)
 			}
 			body := types.PostSecretRequest{
 				Data: new(any),
 				Options: &types.PostSecretOptions{
-					Cas: c,
+					Cas: &c,
 				},
 			}
 
@@ -122,14 +120,14 @@ func kvPatchCmd() *cobra.Command {
 				os.Exit(1)
 			}
 
-			var c *int32
+			var c uint32
 			if cas != -1 {
-				c = &cas
+				c = utils.ToUint32(cas)
 			}
 			body := types.PostSecretRequest{
 				Data: new(any),
 				Options: &types.PostSecretOptions{
-					Cas: c,
+					Cas: &c,
 				},
 			}
 
@@ -150,7 +148,7 @@ func kvPatchCmd() *cobra.Command {
 
 func kvDeleteCmd() *cobra.Command {
 	var (
-		versions []int32
+		versions []uint
 	)
 
 	cmd := &cobra.Command{
@@ -161,70 +159,70 @@ func kvDeleteCmd() *cobra.Command {
 			if len(versions) == 0 {
 				exit.OnErr(common.Client().DeleteSecretRequest(cmd.Context(), args[0]))
 			} else {
-				exit.OnErr(common.Client().DeleteSecretVersions(cmd.Context(), args[0], versions))
+				exit.OnErr(common.Client().DeleteSecretVersions(cmd.Context(), args[0], utils.ToUint32Array(versions)))
 			}
 		},
 	}
 
-	cmd.Flags().Int32SliceVar(&versions, "versions", []int32{}, "Specifies the version numbers to delete. (Comma separated list of versions)")
+	cmd.Flags().UintSliceVar(&versions, "versions", []uint{}, "Specifies the version numbers to delete. (Comma separated list of versions)")
 	return cmd
 }
 
 func kvUndeleteCmd() *cobra.Command {
 	var (
-		versions []int32
+		versions []uint
 	)
 
 	cmd := &cobra.Command{
 		Use:   "undelete PATH",
 		Short: "Undeletes the data for the provided version and path in the key-value store.",
 		Args:  cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
-			exit.OnErr(common.Client().PostSecretUndelete(cmd.Context(), args[0], versions))
+			exit.OnErr(common.Client().PostSecretUndelete(cmd.Context(), args[0], utils.ToUint32Array(versions)))
 		},
 	}
 
-	cmd.Flags().Int32SliceVar(&versions, "versions", []int32{}, "Specifies the version numbers to delete. (Comma separated list of versions)")
+	cmd.Flags().UintSliceVar(&versions, "versions", []uint{}, "Specifies the version numbers to delete. (Comma separated list of versions)")
 	_ = cmd.MarkFlagRequired("versions")
 	return cmd
 }
 
 func kvDestroyCmd() *cobra.Command {
 	var (
-		versions []int32
+		versions []uint
 	)
 
 	cmd := &cobra.Command{
 		Use:   "destroy PATH",
 		Short: "Permanently removes the specified versions' data from the key-value store.",
 		Args:  cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
-			exit.OnErr(common.Client().PostSecretDestroy(cmd.Context(), args[0], versions))
+			exit.OnErr(common.Client().PutSecretDestroy(cmd.Context(), args[0], utils.ToUint32Array(versions)))
 		},
 	}
 
-	cmd.Flags().Int32SliceVar(&versions, "versions", []int32{}, "Specifies the version numbers to delete. (Comma separated list of versions)")
+	cmd.Flags().UintSliceVar(&versions, "versions", []uint{}, "Specifies the version numbers to delete. (Comma separated list of versions)")
 	_ = cmd.MarkFlagRequired("versions")
 	return cmd
 }
 
 func kvSubkeysCmd() *cobra.Command {
 	var (
-		version int32
-		depth   int32
+		version uint32
+		depth   uint32
 	)
 
 	cmd := &cobra.Command{
 		Use:   "subkeys PATH",
 		Short: "Provides the subkeys within a secret entry that exists at the requested path.",
 		Args:  cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
-			var v *int32
+			var v *uint32
 			if cmd.Flag("version").Changed {
 				v = &version
 			}
 
-			var d *int32
+			var d *uint32
 			if cmd.Flag("depth").Changed {
 				d = &depth
 			}
@@ -251,8 +249,8 @@ func kvSubkeysCmd() *cobra.Command {
 		},
 	}
 
-	cmd.Flags().Int32Var(&version, "version", 0, "The version to return")
-	cmd.Flags().Int32Var(&depth, "depth", 0, "Deepest nesting level to provide in the output")
+	cmd.Flags().Uint32Var(&version, "version", 0, "The version to return")
+	cmd.Flags().Uint32Var(&depth, "depth", 0, "Deepest nesting level to provide in the output")
 	return cmd
 }
 

@@ -28,16 +28,17 @@ func ToUint64[N Integer](n N) uint64 {
 	return uint64(n)
 }
 
-// func ToUint32[N Integer](n N) uint32 {
-// 	if n < 0 || uint64(n) > math.MaxUint32 {
-// 		panic("Integer overflow")
-// 	}
-// 	return uint32(n)
-// }
+func ToUint32[N Integer](n N) uint32 {
+	if n < 0 || uint64(n) > math.MaxUint32 {
+		panic("Integer overflow")
+	}
+	return uint32(n)
+}
 
-// func ToUint16[N Integer](n N) uint16 {
-// 	if n < 0 || uint64(n) > math.MaxUint16 {
-// 		panic("Integer overflow")
-// 	}
-// 	return uint16(n)
-// }
+func ToUint32Array[N Integer](l []N) []uint32 {
+	var v []uint32
+	for _, val := range l {
+		v = append(v, ToUint32(val))
+	}
+	return v
+}
@@ -11,7 +11,7 @@ require (
 	github.com/knadh/koanf/v2 v2.1.2
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/ovh/kmip-go v0.3.3
-	github.com/ovh/okms-sdk-go v0.4.3-0.20250312132334-73bb8f020781
+	github.com/ovh/okms-sdk-go v0.4.3-0.20250326103329-2a75059822d8
 	github.com/pterm/pterm v0.12.80
 	github.com/schollz/progressbar/v3 v3.18.0
 	github.com/spf13/cobra v1.9.1

@@ -107,6 +107,10 @@ github.com/ovh/okms-sdk-go v0.4.2 h1:Vr1HQA0tWoREq5b94Ze2BnG+M1/J87ekWB2/9Cm9wAA
 github.com/ovh/okms-sdk-go v0.4.2/go.mod h1:qHignKksvZNNywbHvwJCmy5C6Ro1ZZgNKu2PZO7XTJs=
 github.com/ovh/okms-sdk-go v0.4.3-0.20250312132334-73bb8f020781 h1:6zYOcxm6Zqs0rgpNLtN6a1OnJlwWXmOr4NF+okj5oDM=
 github.com/ovh/okms-sdk-go v0.4.3-0.20250312132334-73bb8f020781/go.mod h1:qHignKksvZNNywbHvwJCmy5C6Ro1ZZgNKu2PZO7XTJs=
+github.com/ovh/okms-sdk-go v0.4.3-0.20250325141909-a44a71a4b427 h1:oUJrxf2kcO/Y/I8wGFMIiP35Of9WHemWKF0uhlSBazY=
+github.com/ovh/okms-sdk-go v0.4.3-0.20250325141909-a44a71a4b427/go.mod h1:qHignKksvZNNywbHvwJCmy5C6Ro1ZZgNKu2PZO7XTJs=
+github.com/ovh/okms-sdk-go v0.4.3-0.20250326103329-2a75059822d8 h1:Xj2clTOAYD2dQSmHVBoT0SDXK+FHoZqgfx/5aloH7wQ=
+github.com/ovh/okms-sdk-go v0.4.3-0.20250326103329-2a75059822d8/go.mod h1:qHignKksvZNNywbHvwJCmy5C6Ro1ZZgNKu2PZO7XTJs=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=