mozilla
/
sops
зеркало из https://github.com/getsops/sops.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Renamed GPGMasterKey and KMSMasterKey to MasterKey

This commit is contained in:
Adrian Utrilla 2016-08-23 13:28:56 -07:00
Родитель 3e6d0cd128
Коммит 9ffe1c4908
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 6BA64E6212CDEBE9
8 изменённых файлов: 46 добавлений и 46 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
json/store.go
Просмотреть файл

@ -80,7 +80,7 @@ func (store JSONStore) kmsEntries(in []interface{}) (sops.KeySource, error) {
keysource := sops.KeySource{Name: "kms", Keys: keys}
for _, v := range in {
entry := v.(map[interface{}]interface{})
key := &kms.KMSMasterKey{}
key := &kms.MasterKey{}
key.Arn = entry["arn"].(string)
key.EncryptedKey = entry["enc"].(string)
role, ok := entry["role"].(string)
@ -102,7 +102,7 @@ func (store JSONStore) pgpEntries(in []interface{}) (sops.KeySource, error) {
keysource := sops.KeySource{Name: "pgp", Keys: keys}
for _, v := range in {
entry := v.(map[interface{}]interface{})
key := &pgp.GPGMasterKey{}
key := &pgp.MasterKey{}
key.Fingerprint = entry["fp"].(string)
key.EncryptedKey = entry["enc"].(string)
creationDate, err := time.Parse(sops.DateFormat, entry["created_at"].(string))

28
kms/keysource.go
Просмотреть файл

@ -14,14 +14,14 @@ import (
"time"
)
type KMSMasterKey struct {
type MasterKey struct {
Arn string
Role string
EncryptedKey string
CreationDate time.Time
}
func (key *KMSMasterKey) Encrypt(dataKey []byte) error {
func (key *MasterKey) Encrypt(dataKey []byte) error {
sess, err := key.createSession()
if err != nil {
return err
@ -35,14 +35,14 @@ func (key *KMSMasterKey) Encrypt(dataKey []byte) error {
return nil
}
func (key *KMSMasterKey) EncryptIfNeeded(dataKey []byte) error {
func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error {
if key.EncryptedKey == "" {
return key.Encrypt(dataKey)
}
return nil
}
func (key *KMSMasterKey) Decrypt() ([]byte, error) {
func (key *MasterKey) Decrypt() ([]byte, error) {
k, err := base64.StdEncoding.DecodeString(key.EncryptedKey)
if err != nil {
return nil, fmt.Errorf("Error base64-decoding encrypted data key: %s", err)
@ -60,16 +60,16 @@ func (key *KMSMasterKey) Decrypt() ([]byte, error) {
return decrypted.Plaintext, nil
}
func (key *KMSMasterKey) NeedsRotation() bool {
func (key *MasterKey) NeedsRotation() bool {
return time.Since(key.CreationDate) > (time.Hour * 24 * 30 * 6)
}
func (key *KMSMasterKey) ToString() string {
func (key *MasterKey) ToString() string {
return key.Arn
}
func NewKMSMasterKeyFromArn(arn string) KMSMasterKey {
k := KMSMasterKey{}
func NewMasterKeyFromArn(arn string) MasterKey {
k := MasterKey{}
arn = strings.Replace(arn, " ", "", -1)
roleIndex := strings.Index(arn, "+arn:aws:iam::")
if roleIndex > 0 {
@ -82,18 +82,18 @@ func NewKMSMasterKeyFromArn(arn string) KMSMasterKey {
return k
}
func KMSMasterKeysFromArnString(arn string) []KMSMasterKey {
var keys []KMSMasterKey
func MasterKeysFromArnString(arn string) []MasterKey {
var keys []MasterKey
if arn == "" {
return keys
}
for _, s := range strings.Split(arn, ",") {
keys = append(keys, NewKMSMasterKeyFromArn(s))
keys = append(keys, NewMasterKeyFromArn(s))
}
return keys
}
func (k KMSMasterKey) createStsSession(config aws.Config, sess *session.Session) (*session.Session, error) {
func (k MasterKey) createStsSession(config aws.Config, sess *session.Session) (*session.Session, error) {
hostname, err := os.Hostname()
if err != nil {
return nil, err
@ -114,7 +114,7 @@ func (k KMSMasterKey) createStsSession(config aws.Config, sess *session.Session)
return sess, nil
}
func (k KMSMasterKey) createSession() (*session.Session, error) {
func (k MasterKey) createSession() (*session.Session, error) {
re := regexp.MustCompile(`^arn:aws:kms:(.+):([0-9]+):key/(.+)$`)
matches := re.FindStringSubmatch(k.Arn)
if matches == nil {
@ -131,7 +131,7 @@ func (k KMSMasterKey) createSession() (*session.Session, error) {
return sess, nil
}
func (k KMSMasterKey) ToMap() map[string]string {
func (k MasterKey) ToMap() map[string]string {
out := make(map[string]string)
out["arn"] = k.Arn
if k.Role != "" {

4
kms/keysource_test.go
Просмотреть файл

@ -8,7 +8,7 @@ import (
func TestKMS(t *testing.T) {
// TODO: make this not terrible and mock KMS with a reverseable operation on the key, or something. Good luck running the tests on a machine that's not mine!
k := KMSMasterKey{Arn: "arn:aws:kms:us-east-1:927034868273:key/e9fc75db-05e9-44c1-9c35-633922bac347", Role: "", EncryptedKey: ""}
k := MasterKey{Arn: "arn:aws:kms:us-east-1:927034868273:key/e9fc75db-05e9-44c1-9c35-633922bac347", Role: "", EncryptedKey: ""}
f := func(x string) bool {
err := k.Encrypt(x)
if err != nil {
@ -34,7 +34,7 @@ func TestKMS(t *testing.T) {
func TestKMSKeySourceFromString(t *testing.T) {
s := "arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e+arn:aws:iam::927034868273:role/sops-dev, arn:aws:kms:ap-southeast-1:656532927350:key/9006a8aa-0fa6-4c14-930e-a2dfb916de1d"
ks := KMSMasterKeysFromArnString(s)
ks := MasterKeysFromArnString(s)
k1 := ks[0]
k2 := ks[1]
expectedArn1 := "arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e"

4
main/main.go
Просмотреть файл

@ -221,7 +221,7 @@ func encrypt(c *cli.Context, file string, fileBytes []byte, output io.Writer) er
metadata.Version = "2.0.0"
var kmsKeys []sops.MasterKey
if c.String("kms") != "" {
for _, k := range kms.KMSMasterKeysFromArnString(c.String("kms")) {
for _, k := range kms.MasterKeysFromArnString(c.String("kms")) {
kmsKeys = append(kmsKeys, &k)
}
}
@ -229,7 +229,7 @@ func encrypt(c *cli.Context, file string, fileBytes []byte, output io.Writer) er
var pgpKeys []sops.MasterKey
if c.String("pgp") != "" {
for _, k := range pgp.GPGMasterKeysFromFingerprintString(c.String("pgp")) {
for _, k := range pgp.MasterKeysFromFingerprintString(c.String("pgp")) {
pgpKeys = append(pgpKeys, &k)
}
}

36
pgp/keysource.go
Просмотреть файл

@ -16,13 +16,13 @@ import (
"time"
)
type GPGMasterKey struct {
type MasterKey struct {
Fingerprint string
EncryptedKey string
CreationDate time.Time
}
func (key *GPGMasterKey) Encrypt(dataKey []byte) error {
func (key *MasterKey) Encrypt(dataKey []byte) error {
ring, err := key.pubRing()
if err != nil {
return err
@ -61,14 +61,14 @@ func (key *GPGMasterKey) Encrypt(dataKey []byte) error {
return nil
}
func (key *GPGMasterKey) EncryptIfNeeded(dataKey []byte) error {
func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error {
if key.EncryptedKey == "" {
return key.Encrypt(dataKey)
}
return nil
}
func (key *GPGMasterKey) Decrypt() ([]byte, error) {
func (key *MasterKey) Decrypt() ([]byte, error) {
ring, err := key.secRing()
if err != nil {
return nil, fmt.Errorf("Could not load secring: %s", err)
@ -87,15 +87,15 @@ func (key *GPGMasterKey) Decrypt() ([]byte, error) {
return nil, fmt.Errorf("The key could not be decrypted with any of the GPG entries")
}
func (key *GPGMasterKey) NeedsRotation() bool {
func (key *MasterKey) NeedsRotation() bool {
return time.Since(key.CreationDate).Hours() > 24*30*6
}
func (key *GPGMasterKey) ToString() string {
func (key *MasterKey) ToString() string {
return key.Fingerprint
}
func (key *GPGMasterKey) gpgHome() string {
func (key *MasterKey) gpgHome() string {
dir := os.Getenv("GNUPGHOME")
if dir == "" {
usr, err := user.Current()
@ -107,25 +107,25 @@ func (key *GPGMasterKey) gpgHome() string {
return dir
}
func NewGPGMasterKeyFromFingerprint(fingerprint string) GPGMasterKey {
return GPGMasterKey{
func NewMasterKeyFromFingerprint(fingerprint string) MasterKey {
return MasterKey{
Fingerprint: strings.Replace(fingerprint, " ", "", -1),
CreationDate: time.Now().UTC(),
}
}
func GPGMasterKeysFromFingerprintString(fingerprint string) []GPGMasterKey {
var keys []GPGMasterKey
func MasterKeysFromFingerprintString(fingerprint string) []MasterKey {
var keys []MasterKey
if fingerprint == "" {
return keys
}
for _, s := range strings.Split(fingerprint, ",") {
keys = append(keys, NewGPGMasterKeyFromFingerprint(s))
keys = append(keys, NewMasterKeyFromFingerprint(s))
}
return keys
}
func (key *GPGMasterKey) loadRing(path string) (openpgp.EntityList, error) {
func (key *MasterKey) loadRing(path string) (openpgp.EntityList, error) {
f, err := os.Open(path)
if err != nil {
return openpgp.EntityList{}, err
@ -138,15 +138,15 @@ func (key *GPGMasterKey) loadRing(path string) (openpgp.EntityList, error) {
return keyring, nil
}
func (key *GPGMasterKey) secRing() (openpgp.EntityList, error) {
func (key *MasterKey) secRing() (openpgp.EntityList, error) {
return key.loadRing(key.gpgHome() + "/secring.gpg")
}
func (key *GPGMasterKey) pubRing() (openpgp.EntityList, error) {
func (key *MasterKey) pubRing() (openpgp.EntityList, error) {
return key.loadRing(key.gpgHome() + "/pubring.gpg")
}
func (key *GPGMasterKey) fingerprintMap(ring openpgp.EntityList) map[string]openpgp.Entity {
func (key *MasterKey) fingerprintMap(ring openpgp.EntityList) map[string]openpgp.Entity {
fps := make(map[string]openpgp.Entity)
for _, entity := range ring {
fp := strings.ToUpper(hex.EncodeToString(entity.PrimaryKey.Fingerprint[:]))
@ -157,7 +157,7 @@ func (key *GPGMasterKey) fingerprintMap(ring openpgp.EntityList) map[string]open
return fps
}
func (key *GPGMasterKey) passphrasePrompt(keys []openpgp.Key, symmetric bool) ([]byte, error) {
func (key *MasterKey) passphrasePrompt(keys []openpgp.Key, symmetric bool) ([]byte, error) {
conn, err := gpgagent.NewConn()
if err == gpgagent.ErrNoAgent {
fmt.Println("gpg-agent not found, continuing with manual passphrase input...")
@ -191,7 +191,7 @@ func (key *GPGMasterKey) passphrasePrompt(keys []openpgp.Key, symmetric bool) ([
return nil, fmt.Errorf("No key to unlock")
}
func (key GPGMasterKey) ToMap() map[string]string {
func (key MasterKey) ToMap() map[string]string {
out := make(map[string]string)
out["fp"] = key.Fingerprint
out["created_at"] = key.CreationDate.UTC().Format(time.RFC3339)

4
pgp/keysource_test.go
Просмотреть файл

@ -6,7 +6,7 @@ import (
)
func TestGPG(t *testing.T) {
key := NewGPGMasterKeyFromFingerprint("64FEF099B0544CF975BCD408A014A073E0848B51")
key := NewMasterKeyFromFingerprint("64FEF099B0544CF975BCD408A014A073E0848B51")
f := func(x string) bool {
key.Encrypt(x)
k, _ := key.Decrypt()
@ -19,7 +19,7 @@ func TestGPG(t *testing.T) {
func TestGPGKeySourceFromString(t *testing.T) {
s := "C8C5 2C0A B2A4 8174 01E8 12C8 F3CC 3233 3FAD 9F1E, C8C5 2C0A B2A4 8174 01E8 12C8 F3CC 3233 3FAD 9F1E"
ks := GPGMasterKeysFromFingerprintString(s)
ks := MasterKeysFromFingerprintString(s)
expected := "C8C52C0AB2A4817401E812C8F3CC32333FAD9F1E"
if ks[0].Fingerprint != expected {
t.Errorf("Fingerprint does not match. Got %s, expected %s", ks[0].Fingerprint, expected)

8
sops.go
Просмотреть файл

@ -184,7 +184,7 @@ func (metadata *Metadata) AddPGPMasterKeys(pgpFps string) {
for i, ks := range metadata.KeySources {
if ks.Name == "pgp" {
var keys []MasterKey
for _, k := range pgp.GPGMasterKeysFromFingerprintString(pgpFps) {
for _, k := range pgp.MasterKeysFromFingerprintString(pgpFps) {
keys = append(keys, &k)
fmt.Println("Keys to add:", keys)
}
@ -198,7 +198,7 @@ func (metadata *Metadata) AddKMSMasterKeys(kmsArns string) {
for i, ks := range metadata.KeySources {
if ks.Name == "kms" {
var keys []MasterKey
for _, k := range kms.KMSMasterKeysFromArnString(kmsArns) {
for _, k := range kms.MasterKeysFromArnString(kmsArns) {
keys = append(keys, &k)
}
ks.Keys = append(ks.Keys, keys...)
@ -209,7 +209,7 @@ func (metadata *Metadata) AddKMSMasterKeys(kmsArns string) {
func (metadata *Metadata) RemovePGPMasterKeys(pgpFps string) {
var keys []MasterKey
for _, k := range pgp.GPGMasterKeysFromFingerprintString(pgpFps) {
for _, k := range pgp.MasterKeysFromFingerprintString(pgpFps) {
keys = append(keys, &k)
}
metadata.RemoveMasterKeys(keys)
@ -217,7 +217,7 @@ func (metadata *Metadata) RemovePGPMasterKeys(pgpFps string) {
func (metadata *Metadata) RemoveKMSMasterKeys(arns string) {
var keys []MasterKey
for _, k := range kms.KMSMasterKeysFromArnString(arns) {
for _, k := range kms.MasterKeysFromArnString(arns) {
keys = append(keys, &k)
}
metadata.RemoveMasterKeys(keys)

4
yaml/store.go
Просмотреть файл

@ -144,7 +144,7 @@ func (store *Store) kmsEntries(in []interface{}) (sops.KeySource, error) {
keysource := sops.KeySource{Name: "kms", Keys: keys}
for _, v := range in {
entry := v.(map[interface{}]interface{})
key := &kms.KMSMasterKey{}
key := &kms.MasterKey{}
key.Arn = entry["arn"].(string)
key.EncryptedKey = entry["enc"].(string)
role, ok := entry["role"].(string)
@ -166,7 +166,7 @@ func (store *Store) pgpEntries(in []interface{}) (sops.KeySource, error) {
keysource := sops.KeySource{Name: "pgp", Keys: keys}
for _, v := range in {
entry := v.(map[interface{}]interface{})
key := &pgp.GPGMasterKey{}
key := &pgp.MasterKey{}
key.Fingerprint = entry["fp"].(string)
key.EncryptedKey = entry["enc"].(string)
creationDate, err := time.Parse(time.RFC3339, entry["created_at"].(string))