This updates the Azure SDK to latest[1], while dropping the custom
authentication flow in favor of the SDK default[2]. It includes
integration tests, which require the `integration` Go build tag and
a set of environmental variables to be configured to be run:
```
PASS
coverage: 81.2% of statements
ok go.mozilla.org/sops/v3/azkv 5.376s coverage: 81.2% of statements
```
The improvements are based on a fork of the key source in the Flux
project's kustomize-controller, built due to SOPS' limitation around
credential managment without relying on runtime environment variables.
- Azure SDK has been updated to latest, including integration test
coverage.
- Custom authentication flow has been dropped in favor of the SDK
default[2]. This should work well on almost any system and is
generally the go-to way of setting this up, including on cloud
environments, etc.
- It introduces a `TokenCredential` type which holds an
`azcore.TokenCredential`, and can be applied to a `MasterKey`.
When applied, the token is used instead of the SDK default. This is
most useful when working with SOPS as an SDK, in combination with
e.g. a local key service server implementation.
- Extensive test coverage.
The forked version of this has compatibility tests to ensure it works
with current SOPS:
- 327a3560b3/internal/sops/azkv/keysource_integration_test.go (L89)
- 327a3560b3/internal/sops/azkv/keysource_integration_test.go (L117)
[1]: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/keyvault/azkeys
[2]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential
Signed-off-by: Hidde Beydals <hello@hidde.co>
Vasily Marnopolsky
Hidde Beydals
Adriano
Calle Pettersson