зеркало из https://github.com/getsops/sops.git
return lists of pointers to avoid repackaging
This commit is contained in:
Jeremiah Orem
Родитель
d5b5ae2315
Коммит
76f4ae8db0
|
|
@ -307,14 +307,12 @@ func getKeysources(c *cli.Context, file string) ([]sops.KeySource, error) {
|
|||
|
||||
if c.String("kms") != "" {
|
||||
for _, k := range kms.MasterKeysFromArnString(c.String("kms")) {
|
||||
v := k
|
||||
kmsKeys = append(kmsKeys, &v)
|
||||
kmsKeys = append(kmsKeys, k)
|
||||
}
|
||||
}
|
||||
if c.String("pgp") != "" {
|
||||
for _, k := range pgp.MasterKeysFromFingerprintString(c.String("pgp")) {
|
||||
v := k
|
||||
pgpKeys = append(pgpKeys, &v)
|
||||
pgpKeys = append(pgpKeys, k)
|
||||
}
|
||||
}
|
||||
var err error
|
||||
|
|
@ -329,12 +327,10 @@ func getKeysources(c *cli.Context, file string) ([]sops.KeySource, error) {
|
|||
kmsString, pgpString, err := yaml.MasterKeyStringsForFile(file, confBytes)
|
||||
if err == nil {
|
||||
for _, k := range pgp.MasterKeysFromFingerprintString(pgpString) {
|
||||
v := k
|
||||
pgpKeys = append(pgpKeys, &v)
|
||||
pgpKeys = append(pgpKeys, k)
|
||||
}
|
||||
for _, k := range kms.MasterKeysFromArnString(kmsString) {
|
||||
v := k
|
||||
kmsKeys = append(kmsKeys, &v)
|
||||
kmsKeys = append(kmsKeys, k)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,16 +3,17 @@ package kms //import "go.mozilla.org/sops/kms"
|
|||
import (
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"os"
|
||||
"regexp"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/credentials"
|
||||
"github.com/aws/aws-sdk-go/aws/session"
|
||||
"github.com/aws/aws-sdk-go/service/kms"
|
||||
"github.com/aws/aws-sdk-go/service/kms/kmsiface"
|
||||
"github.com/aws/aws-sdk-go/service/sts"
|
||||
"os"
|
||||
"regexp"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
var kmsSvc kmsiface.KMSAPI
|
||||
|
|
@ -82,8 +83,8 @@ func (key *MasterKey) ToString() string {
|
|||
}
|
||||
|
||||
// NewMasterKeyFromArn takes an ARN string and returns a new MasterKey for that ARN
|
||||
func NewMasterKeyFromArn(arn string) MasterKey {
|
||||
k := MasterKey{}
|
||||
func NewMasterKeyFromArn(arn string) *MasterKey {
|
||||
k := &MasterKey{}
|
||||
arn = strings.Replace(arn, " ", "", -1)
|
||||
roleIndex := strings.Index(arn, "+arn:aws:iam::")
|
||||
if roleIndex > 0 {
|
||||
|
|
@ -97,8 +98,8 @@ func NewMasterKeyFromArn(arn string) MasterKey {
|
|||
}
|
||||
|
||||
// MasterKeysFromArnString takes a comma separated list of AWS KMS ARNs and returns a slice of new MasterKeys for those ARNs
|
||||
func MasterKeysFromArnString(arn string) []MasterKey {
|
||||
var keys []MasterKey
|
||||
func MasterKeysFromArnString(arn string) []*MasterKey {
|
||||
var keys []*MasterKey
|
||||
if arn == "" {
|
||||
return keys
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,16 +4,17 @@ import (
|
|||
"bytes"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"github.com/howeyc/gopass"
|
||||
gpgagent "go.mozilla.org/gopgagent"
|
||||
"golang.org/x/crypto/openpgp"
|
||||
"golang.org/x/crypto/openpgp/armor"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"os/user"
|
||||
"path"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/howeyc/gopass"
|
||||
gpgagent "go.mozilla.org/gopgagent"
|
||||
"golang.org/x/crypto/openpgp"
|
||||
"golang.org/x/crypto/openpgp/armor"
|
||||
)
|
||||
|
||||
// MasterKey is a PGP key used to securely store sops' data key by encrypting it and decrypting it
|
||||
|
|
@ -114,16 +115,16 @@ func (key *MasterKey) gpgHome() string {
|
|||
}
|
||||
|
||||
// NewMasterKeyFromFingerprint takes a PGP fingerprint and returns a new MasterKey with that fingerprint
|
||||
func NewMasterKeyFromFingerprint(fingerprint string) MasterKey {
|
||||
return MasterKey{
|
||||
func NewMasterKeyFromFingerprint(fingerprint string) *MasterKey {
|
||||
return &MasterKey{
|
||||
Fingerprint: strings.Replace(fingerprint, " ", "", -1),
|
||||
CreationDate: time.Now().UTC(),
|
||||
}
|
||||
}
|
||||
|
||||
// MasterKeysFromFingerprintString takes a comma separated list of PGP fingerprints and returns a slice of new MasterKeys with those fingerprints
|
||||
func MasterKeysFromFingerprintString(fingerprint string) []MasterKey {
|
||||
var keys []MasterKey
|
||||
func MasterKeysFromFingerprintString(fingerprint string) []*MasterKey {
|
||||
var keys []*MasterKey
|
||||
if fingerprint == "" {
|
||||
return keys
|
||||
}
|
||||
|
|
|
|||
12
sops.go
12
sops.go
|
|
@ -298,8 +298,7 @@ func (m *Metadata) AddPGPMasterKeys(pgpFps string) {
|
|||
if ks.Name == "pgp" {
|
||||
var keys []MasterKey
|
||||
for _, k := range pgp.MasterKeysFromFingerprintString(pgpFps) {
|
||||
v := k
|
||||
keys = append(keys, &v)
|
||||
keys = append(keys, k)
|
||||
fmt.Println("Keys to add:", keys)
|
||||
}
|
||||
ks.Keys = append(ks.Keys, keys...)
|
||||
|
|
@ -314,8 +313,7 @@ func (m *Metadata) AddKMSMasterKeys(kmsArns string) {
|
|||
if ks.Name == "kms" {
|
||||
var keys []MasterKey
|
||||
for _, k := range kms.MasterKeysFromArnString(kmsArns) {
|
||||
v := k
|
||||
keys = append(keys, &v)
|
||||
keys = append(keys, k)
|
||||
}
|
||||
ks.Keys = append(ks.Keys, keys...)
|
||||
m.KeySources[i] = ks
|
||||
|
|
@ -327,8 +325,7 @@ func (m *Metadata) AddKMSMasterKeys(kmsArns string) {
|
|||
func (m *Metadata) RemovePGPMasterKeys(pgpFps string) {
|
||||
var keys []MasterKey
|
||||
for _, k := range pgp.MasterKeysFromFingerprintString(pgpFps) {
|
||||
v := k
|
||||
keys = append(keys, &v)
|
||||
keys = append(keys, k)
|
||||
}
|
||||
m.RemoveMasterKeys(keys)
|
||||
}
|
||||
|
|
@ -337,8 +334,7 @@ func (m *Metadata) RemovePGPMasterKeys(pgpFps string) {
|
|||
func (m *Metadata) RemoveKMSMasterKeys(arns string) {
|
||||
var keys []MasterKey
|
||||
for _, k := range kms.MasterKeysFromArnString(arns) {
|
||||
v := k
|
||||
keys = append(keys, &v)
|
||||
keys = append(keys, k)
|
||||
}
|
||||
m.RemoveMasterKeys(keys)
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче