scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-03 20:17:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Review Only] Autoseal OSS port (#757)

Browse Source 
* Port awskms autoseal

* Rename files

* WIP autoseal

* Fix protobuf conflict

* Expose some structs to properly allow encrypting stored keys

* Update awskms with the latest changes

* Add KeyGuard implementation to abstract encryption/decryption of keys

* Fully decouple seal.Access implementations from sealwrap structs

* Add extra line to proto files, comment update

* Update seal_access_entry.go

* govendor sync

* Add endpoint info to configureAWSKMSSeal

* Update comment

* Refactor structs

* Update make proto

* Remove remove KeyGuard, move encrypt/decrypt to autoSeal

* Add rest of seals, update VerifyRecoveryKeys, add deps

* Fix some merge conflicts via govendor updates

* Rename SealWrapEntry to EncryptedBlobInfo

* Remove barrier type upgrade check in oss

* Add key to EncryptedBlobInfo proto

* Update barrierTypeUpgradeCheck signature
This commit is contained in:
Calvin Leung Huang
2018-10-19 14:43:57 -07:00
committed by GitHub
parent db2bdbbebd
commit 3d1f0d76c0
65 changed files with 29804 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@@ -147,9 +147,9 @@ proto:
protoc helper/identity/types.proto --go_out=plugins=grpc:../../.. protoc helper/identity/types.proto --go_out=plugins=grpc:../../..
protoc builtin/logical/database/dbplugin/*.proto --go_out=plugins=grpc:../../.. protoc builtin/logical/database/dbplugin/*.proto --go_out=plugins=grpc:../../..
protoc logical/plugin/pb/*.proto --go_out=plugins=grpc:../../.. protoc logical/plugin/pb/*.proto --go_out=plugins=grpc:../../..
sed -i '1s;^;// +build !enterprise\n;' physical/types.pb.go
sed -i '1s;^;// +build !enterprise\n;' helper/identity/mfa/types.pb.go sed -i '1s;^;// +build !enterprise\n;' helper/identity/mfa/types.pb.go
sed -i -e 's/Idp/IDP/' -e 's/Url/URL/' -e 's/Id/ID/' -e 's/IDentity/Identity/' -e 's/EntityId/EntityID/' -e 's/Api/API/' -e 's/Qr/QR/' -e 's/Totp/TOTP/' -e 's/Mfa/MFA/' -e 's/Pingid/PingID/' -e 's/protobuf:"/sentinel:"" protobuf:"/' -e 's/namespaceId/namespaceID/' -e 's/Ttl/TTL/' -e 's/BoundCidrs/BoundCIDRs/' helper/identity/types.pb.go helper/storagepacker/types.pb.go logical/plugin/pb/backend.pb.go logical/identity.pb.go sed -i -e 's/Idp/IDP/' -e 's/Url/URL/' -e 's/Id/ID/' -e 's/IDentity/Identity/' -e 's/EntityId/EntityID/' -e 's/Api/API/' -e 's/Qr/QR/' -e 's/Totp/TOTP/' -e 's/Mfa/MFA/' -e 's/Pingid/PingID/' -e 's/protobuf:"/sentinel:"" protobuf:"/' -e 's/namespaceId/namespaceID/' -e 's/Ttl/TTL/' -e 's/BoundCidrs/BoundCIDRs/' helper/identity/types.pb.go helper/storagepacker/types.pb.go logical/plugin/pb/backend.pb.go logical/identity.pb.go
sed -i -e 's/Iv/IV/' -e 's/Hmac/HMAC/' physical/types.pb.go
fmtcheck: fmtcheck:
@true @true

1
command/server/config.go
View File

@@ -735,6 +735,7 @@ func parseSeal(result *Config, list *ast.ObjectList, blockName string) error {
// Valid parameter for the Seal types // Valid parameter for the Seal types
switch key { switch key {
case "pkcs11": case "pkcs11":
case "alicloudkms":
case "awskms": case "awskms":
case "gcpckms": case "gcpckms":
case "azurekeyvault": case "azurekeyvault":

30
command/server/seal/server_seal.go
View File

@@ -1,6 +1,9 @@
package seal package seal
import ( import (
"fmt"
"os"
log "github.com/hashicorp/go-hclog" log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/command/server" "github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/vault" "github.com/hashicorp/vault/vault"
@@ -11,5 +14,32 @@ var (
) )
func configureSeal(config *server.Config, infoKeys *[]string, info *map[string]string, logger log.Logger, inseal vault.Seal) (seal vault.Seal, err error) { func configureSeal(config *server.Config, infoKeys *[]string, info *map[string]string, logger log.Logger, inseal vault.Seal) (seal vault.Seal, err error) {
if config.Seal != nil || os.Getenv("VAULT_SEAL_TYPE") != "" {
if config.Seal == nil {
config.Seal = &server.Seal{
Type: os.Getenv("VAULT_SEAL_TYPE"),
}
}
switch config.Seal.Type {
case "alicloudkms":
return configureAliCloudKMSSeal(config, infoKeys, info, logger, inseal)
case "awskms":
return configureAWSKMSSeal(config, infoKeys, info, logger, inseal)
case "gcpckms":
return configureGCPCKMSSeal(config, infoKeys, info, logger, inseal)
case "azurekeyvault":
return configureAzureKeyVaultSeal(config, infoKeys, info, logger, inseal)
case "pkcs11":
return nil, fmt.Errorf("Seal type 'pkcs11' requires the Vault Enterprise HSM binary")
default:
return nil, fmt.Errorf("Unknown seal type %q", config.Seal.Type)
}
}
return inseal, nil return inseal, nil
} }

33
command/server/seal/server_seal_alicloudkms.go Normal file
View File

@@ -0,0 +1,33 @@
package seal
import (
"github.com/hashicorp/errwrap"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/vault"
"github.com/hashicorp/vault/vault/seal/alicloudkms"
)
func configureAliCloudKMSSeal(config *server.Config, infoKeys *[]string, info *map[string]string, logger log.Logger, inseal vault.Seal) (vault.Seal, error) {
kms := alicloudkms.NewSeal(logger)
kmsInfo, err := kms.SetConfig(config.Seal.Config)
if err != nil {
// If the error is any other than logical.KeyNotFoundError, return the error
if !errwrap.ContainsType(err, new(logical.KeyNotFoundError)) {
return nil, err
}
}
autoseal := vault.NewAutoSeal(kms)
if kmsInfo != nil {
*infoKeys = append(*infoKeys, "Seal Type", "AliCloud KMS Region", "AliCloud KMS KeyID")
(*info)["Seal Type"] = config.Seal.Type
(*info)["AliCloud KMS Region"] = kmsInfo["region"]
(*info)["AliCloud KMS KeyID"] = kmsInfo["kms_key_id"]
if domain, ok := kmsInfo["domain"]; ok {
*infoKeys = append(*infoKeys, "AliCloud KMS Domain")
(*info)["AliCloud KMS Domain"] = domain
}
}
return autoseal, nil
}

33
command/server/seal/server_seal_awskms.go Normal file
View File

@@ -0,0 +1,33 @@
package seal
import (
"github.com/hashicorp/errwrap"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/vault"
"github.com/hashicorp/vault/vault/seal/awskms"
)
func configureAWSKMSSeal(config *server.Config, infoKeys *[]string, info *map[string]string, logger log.Logger, inseal vault.Seal) (vault.Seal, error) {
kms := awskms.NewSeal(logger)
kmsInfo, err := kms.SetConfig(config.Seal.Config)
if err != nil {
// If the error is any other than logical.KeyNotFoundError, return the error
if !errwrap.ContainsType(err, new(logical.KeyNotFoundError)) {
return nil, err
}
}
autoseal := vault.NewAutoSeal(kms)
if kmsInfo != nil {
*infoKeys = append(*infoKeys, "Seal Type", "AWS KMS Region", "AWS KMS KeyID")
(*info)["Seal Type"] = config.Seal.Type
(*info)["AWS KMS Region"] = kmsInfo["region"]
(*info)["AWS KMS KeyID"] = kmsInfo["kms_key_id"]
if endpoint, ok := kmsInfo["endpoint"]; ok {
*infoKeys = append(*infoKeys, "AWS KMS Endpoint")
(*info)["AWS KMS Endpoint"] = endpoint
}
}
return autoseal, nil
}

30
command/server/seal/server_seal_azurekeyvault.go Normal file
View File

@@ -0,0 +1,30 @@
package seal
import (
"github.com/hashicorp/errwrap"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/vault"
"github.com/hashicorp/vault/vault/seal/azurekeyvault"
)
func configureAzureKeyVaultSeal(config *server.Config, infoKeys *[]string, info *map[string]string, logger log.Logger, inseal vault.Seal) (vault.Seal, error) {
kv := azurekeyvault.NewSeal(logger)
kvInfo, err := kv.SetConfig(config.Seal.Config)
if err != nil {
// If the error is any other than logical.KeyNotFoundError, return the error
if !errwrap.ContainsType(err, new(logical.KeyNotFoundError)) {
return nil, err
}
}
autoseal := vault.NewAutoSeal(kv)
if kvInfo != nil {
*infoKeys = append(*infoKeys, "Seal Type", "Azure Environment", "Azure Vault Name", "Azure Key Name")
(*info)["Seal Type"] = config.Seal.Type
(*info)["Azure Environment"] = kvInfo["environment"]
(*info)["Azure Vault Name"] = kvInfo["vault_name"]
(*info)["Azure Key Name"] = kvInfo["key_name"]
}
return autoseal, nil
}

31
command/server/seal/server_seal_gcpckms.go Normal file
View File

@@ -0,0 +1,31 @@
package seal
import (
"github.com/hashicorp/errwrap"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/vault"
"github.com/hashicorp/vault/vault/seal/gcpckms"
)
func configureGCPCKMSSeal(config *server.Config, infoKeys *[]string, info *map[string]string, logger log.Logger, inseal vault.Seal) (vault.Seal, error) {
kms := gcpckms.NewSeal(logger)
kmsInfo, err := kms.SetConfig(config.Seal.Config)
if err != nil {
// If the error is any other than logical.KeyNotFoundError, return the error
if !errwrap.ContainsType(err, new(logical.KeyNotFoundError)) {
return nil, err
}
}
autoseal := vault.NewAutoSeal(kms)
if kmsInfo != nil {
*infoKeys = append(*infoKeys, "Seal Type", "GCP KMS Project", "GCP KMS Region", "GCP KMS Key Ring", "GCP KMS Crypto Key")
(*info)["Seal Type"] = config.Seal.Type
(*info)["GCP KMS Project"] = kmsInfo["project"]
(*info)["GCP KMS Region"] = kmsInfo["region"]
(*info)["GCP KMS Key Ring"] = kmsInfo["key_ring"]
(*info)["GCP KMS Crypto Key"] = kmsInfo["crypto_key"]
}
return autoseal, nil
}

194
physical/types.pb.go
View File

@@ -1,4 +1,3 @@
// +build !enterprise
// Code generated by protoc-gen-go. DO NOT EDIT. // Code generated by protoc-gen-go. DO NOT EDIT.
// source: physical/types.proto // source: physical/types.proto
@@ -21,69 +20,202 @@ var _ = math.Inf
// proto package needs to be updated. // proto package needs to be updated.
const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
type SealWrapEntry struct { type EncryptedBlobInfo struct {
Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
IV []byte `protobuf:"bytes,2,opt,name=iv,proto3" json:"iv,omitempty"`
HMAC []byte `protobuf:"bytes,3,opt,name=hmac,proto3" json:"hmac,omitempty"`
Wrapped bool `protobuf:"varint,4,opt,name=wrapped,proto3" json:"wrapped,omitempty"` Wrapped bool `protobuf:"varint,4,opt,name=wrapped,proto3" json:"wrapped,omitempty"`
KeyInfo *SealKeyInfo `protobuf:"bytes,5,opt,name=key_info,json=keyInfo,proto3" json:"key_info,omitempty"`
// Key is the Key value for the entry that corresponds to
// physical.Entry.Key's value
Key string `protobuf:"bytes,6,opt,name=key,proto3" json:"key,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"` XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"` XXX_sizecache int32 `json:"-"`
} }
func (m *SealWrapEntry) Reset() { *m = SealWrapEntry{} } func (m *EncryptedBlobInfo) Reset() { *m = EncryptedBlobInfo{} }
func (m *SealWrapEntry) String() string { return proto.CompactTextString(m) } func (m *EncryptedBlobInfo) String() string { return proto.CompactTextString(m) }
func (*SealWrapEntry) ProtoMessage() {} func (*EncryptedBlobInfo) ProtoMessage() {}
func (*SealWrapEntry) Descriptor() ([]byte, []int) { func (*EncryptedBlobInfo) Descriptor() ([]byte, []int) {
return fileDescriptor_deea33bd14ea5328, []int{0} return fileDescriptor_deea33bd14ea5328, []int{0}
} }
func (m *SealWrapEntry) XXX_Unmarshal(b []byte) error { func (m *EncryptedBlobInfo) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_SealWrapEntry.Unmarshal(m, b) return xxx_messageInfo_EncryptedBlobInfo.Unmarshal(m, b)
} }
func (m *SealWrapEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { func (m *EncryptedBlobInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_SealWrapEntry.Marshal(b, m, deterministic) return xxx_messageInfo_EncryptedBlobInfo.Marshal(b, m, deterministic)
} }
func (m *SealWrapEntry) XXX_Merge(src proto.Message) { func (m *EncryptedBlobInfo) XXX_Merge(src proto.Message) {
xxx_messageInfo_SealWrapEntry.Merge(m, src) xxx_messageInfo_EncryptedBlobInfo.Merge(m, src)
} }
func (m *SealWrapEntry) XXX_Size() int { func (m *EncryptedBlobInfo) XXX_Size() int {
return xxx_messageInfo_SealWrapEntry.Size(m) return xxx_messageInfo_EncryptedBlobInfo.Size(m)
} }
func (m *SealWrapEntry) XXX_DiscardUnknown() { func (m *EncryptedBlobInfo) XXX_DiscardUnknown() {
xxx_messageInfo_SealWrapEntry.DiscardUnknown(m) xxx_messageInfo_EncryptedBlobInfo.DiscardUnknown(m)
} }
var xxx_messageInfo_SealWrapEntry proto.InternalMessageInfo var xxx_messageInfo_EncryptedBlobInfo proto.InternalMessageInfo
func (m *SealWrapEntry) GetCiphertext() []byte { func (m *EncryptedBlobInfo) GetCiphertext() []byte {
if m != nil { if m != nil {
return m.Ciphertext return m.Ciphertext
} }
return nil return nil
} }
func (m *SealWrapEntry) GetWrapped() bool { func (m *EncryptedBlobInfo) GetIV() []byte {
if m != nil {
return m.IV
}
return nil
}
func (m *EncryptedBlobInfo) GetHMAC() []byte {
if m != nil {
return m.HMAC
}
return nil
}
func (m *EncryptedBlobInfo) GetWrapped() bool {
if m != nil { if m != nil {
return m.Wrapped return m.Wrapped
} }
return false return false
} }
func (m *EncryptedBlobInfo) GetKeyInfo() *SealKeyInfo {
if m != nil {
return m.KeyInfo
}
return nil
}
func (m *EncryptedBlobInfo) GetKey() string {
if m != nil {
return m.Key
}
return ""
}
// SealKeyInfo contains information regarding the seal used to encrypt the entry.
type SealKeyInfo struct {
// Mechanism is the method used by the seal to encrypt and sign the
// data as defined by the seal.
Mechanism uint64 `protobuf:"varint,1,opt,name=Mechanism,proto3" json:"Mechanism,omitempty"`
HMACMechanism uint64 `protobuf:"varint,2,opt,name=HMACMechanism,proto3" json:"HMACMechanism,omitempty"`
// This is an opaque ID used by the seal to identify the specific
// key to use as defined by the seal. This could be a version, key
// label, or something else.
KeyID string `protobuf:"bytes,3,opt,name=KeyID,proto3" json:"KeyID,omitempty"`
HMACKeyID string `protobuf:"bytes,4,opt,name=HMACKeyID,proto3" json:"HMACKeyID,omitempty"`
// These value are used when generating our own data encryption keys
// and encrypting them using the autoseal
WrappedKey []byte `protobuf:"bytes,5,opt,name=WrappedKey,proto3" json:"WrappedKey,omitempty"`
// Mechanism specific flags
Flags uint64 `protobuf:"varint,6,opt,name=Flags,proto3" json:"Flags,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SealKeyInfo) Reset() { *m = SealKeyInfo{} }
func (m *SealKeyInfo) String() string { return proto.CompactTextString(m) }
func (*SealKeyInfo) ProtoMessage() {}
func (*SealKeyInfo) Descriptor() ([]byte, []int) {
return fileDescriptor_deea33bd14ea5328, []int{1}
}
func (m *SealKeyInfo) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_SealKeyInfo.Unmarshal(m, b)
}
func (m *SealKeyInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_SealKeyInfo.Marshal(b, m, deterministic)
}
func (m *SealKeyInfo) XXX_Merge(src proto.Message) {
xxx_messageInfo_SealKeyInfo.Merge(m, src)
}
func (m *SealKeyInfo) XXX_Size() int {
return xxx_messageInfo_SealKeyInfo.Size(m)
}
func (m *SealKeyInfo) XXX_DiscardUnknown() {
xxx_messageInfo_SealKeyInfo.DiscardUnknown(m)
}
var xxx_messageInfo_SealKeyInfo proto.InternalMessageInfo
func (m *SealKeyInfo) GetMechanism() uint64 {
if m != nil {
return m.Mechanism
}
return 0
}
func (m *SealKeyInfo) GetHMACMechanism() uint64 {
if m != nil {
return m.HMACMechanism
}
return 0
}
func (m *SealKeyInfo) GetKeyID() string {
if m != nil {
return m.KeyID
}
return ""
}
func (m *SealKeyInfo) GetHMACKeyID() string {
if m != nil {
return m.HMACKeyID
}
return ""
}
func (m *SealKeyInfo) GetWrappedKey() []byte {
if m != nil {
return m.WrappedKey
}
return nil
}
func (m *SealKeyInfo) GetFlags() uint64 {
if m != nil {
return m.Flags
}
return 0
}
func init() { func init() {
proto.RegisterType((*SealWrapEntry)(nil), "physical.SealWrapEntry") proto.RegisterType((*EncryptedBlobInfo)(nil), "physical.EncryptedBlobInfo")
proto.RegisterType((*SealKeyInfo)(nil), "physical.SealKeyInfo")
} }
func init() { proto.RegisterFile("physical/types.proto", fileDescriptor_deea33bd14ea5328) } func init() { proto.RegisterFile("physical/types.proto", fileDescriptor_deea33bd14ea5328) }
var fileDescriptor_deea33bd14ea5328 = []byte{ var fileDescriptor_deea33bd14ea5328 = []byte{
// 148 bytes of a gzipped FileDescriptorProto // 312 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x29, 0xc8, 0xa8, 0x2c, 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x54, 0x91, 0x5f, 0x4b, 0xc3, 0x30,
0xce, 0x4c, 0x4e, 0xcc, 0xd1, 0x2f, 0xa9, 0x2c, 0x48, 0x2d, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x14, 0xc5, 0x69, 0xd7, 0xfd, 0xbb, 0x9b, 0xa2, 0x61, 0x42, 0x1e, 0x44, 0xca, 0x54, 0xe8, 0x53,
0x17, 0xe2, 0x80, 0x89, 0x2a, 0x79, 0x72, 0xf1, 0x06, 0xa7, 0x26, 0xe6, 0x84, 0x17, 0x25, 0x16, 0x2b, 0xfa, 0x09, 0x9c, 0x7f, 0x50, 0xc6, 0x5e, 0xe2, 0x83, 0xe0, 0x8b, 0x64, 0x59, 0xb6, 0x84,
0xb8, 0xe6, 0x95, 0x14, 0x55, 0x0a, 0xc9, 0x71, 0x71, 0x25, 0x67, 0x16, 0x64, 0xa4, 0x16, 0x95, 0x75, 0x4d, 0x68, 0xb3, 0x69, 0x3e, 0x98, 0x4f, 0x7e, 0x39, 0x49, 0x4a, 0xd9, 0x7c, 0xbb, 0xf7,
0xa4, 0x56, 0x94, 0x48, 0x30, 0x2a, 0x30, 0x6a, 0xf0, 0x04, 0x21, 0x89, 0x08, 0x49, 0x70, 0xb1, 0x97, 0xc3, 0xe1, 0x9c, 0x1b, 0x18, 0x69, 0x61, 0x2b, 0xc9, 0x68, 0x9e, 0x19, 0xab, 0x79, 0x95,
0x97, 0x17, 0x25, 0x16, 0x14, 0xa4, 0xa6, 0x48, 0xb0, 0x28, 0x30, 0x6a, 0x70, 0x04, 0xc1, 0xb8, 0xea, 0x52, 0x19, 0x85, 0x7a, 0x0d, 0x1d, 0xff, 0x04, 0x70, 0xfa, 0x54, 0xb0, 0xd2, 0x6a, 0xc3,
0x4e, 0xaa, 0x51, 0xca, 0xe9, 0x99, 0x25, 0x19, 0xa5, 0x49, 0x7a, 0xc9, 0xf9, 0xb9, 0xfa, 0x19, 0x17, 0x93, 0x5c, 0xcd, 0x5f, 0x8b, 0xa5, 0x42, 0x17, 0x00, 0x4c, 0x6a, 0xc1, 0x4b, 0xc3, 0xbf,
0x89, 0xc5, 0x19, 0x99, 0xc9, 0xf9, 0x45, 0x05, 0xfa, 0x65, 0x89, 0xa5, 0x39, 0x25, 0xfa, 0x30, 0x0d, 0x0e, 0xe2, 0x20, 0x19, 0x92, 0x03, 0x82, 0x8e, 0x21, 0x94, 0x3b, 0x1c, 0x7a, 0x1e, 0xca,
0x1b, 0x93, 0xd8, 0xc0, 0x4e, 0x30, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x71, 0xf9, 0x7a, 0x09, 0x1d, 0x42, 0x10, 0x89, 0x0d, 0x65, 0xb8, 0xe5, 0x89, 0x9f, 0x11, 0x86, 0xee, 0x57, 0x49, 0xb5,
0x9a, 0x00, 0x00, 0x00, 0xe6, 0x0b, 0x1c, 0xc5, 0x41, 0xd2, 0x23, 0xcd, 0x8a, 0x6e, 0xa0, 0xb7, 0xe6, 0xf6, 0x53, 0x16,
0x4b, 0x85, 0xdb, 0x71, 0x90, 0x0c, 0x6e, 0xcf, 0xd2, 0x26, 0x50, 0xfa, 0xc6, 0x69, 0x3e, 0xe5,
0xd6, 0xc5, 0x20, 0xdd, 0x75, 0x3d, 0xa0, 0x13, 0x68, 0xad, 0xb9, 0xc5, 0x9d, 0x38, 0x48, 0xfa,
0xc4, 0x8d, 0xe3, 0xdf, 0x00, 0x06, 0x07, 0x52, 0x74, 0x0e, 0xfd, 0x19, 0x67, 0x82, 0x16, 0xb2,
0xda, 0xf8, 0xc0, 0x11, 0xd9, 0x03, 0x74, 0x05, 0x47, 0x2f, 0xb3, 0xfb, 0x87, 0xbd, 0x22, 0xf4,
0x8a, 0xff, 0x10, 0x8d, 0xa0, 0xed, 0xec, 0x1e, 0x7d, 0x8d, 0x3e, 0xa9, 0x17, 0xe7, 0xec, 0x64,
0xf5, 0x4b, 0xe4, 0x5f, 0xf6, 0xc0, 0x5d, 0xea, 0xbd, 0xae, 0x35, 0xe5, 0xd6, 0xb7, 0x19, 0x92,
0x03, 0xe2, 0x3c, 0x9f, 0x73, 0xba, 0xaa, 0x7c, 0xf6, 0x88, 0xd4, 0xcb, 0xe4, 0xfa, 0xe3, 0x72,
0x25, 0x8d, 0xd8, 0xce, 0x53, 0xa6, 0x36, 0x99, 0xa0, 0x95, 0x90, 0x4c, 0x95, 0x3a, 0xdb, 0xd1,
0x6d, 0x6e, 0xb2, 0xe6, 0x16, 0xf3, 0x8e, 0xff, 0xad, 0xbb, 0xbf, 0x00, 0x00, 0x00, 0xff, 0xff,
0x01, 0x95, 0xea, 0x9d, 0xc5, 0x01, 0x00, 0x00,
} }

30
physical/types.proto
View File

@@ -4,7 +4,35 @@ option go_package = "github.com/hashicorp/vault/physical";
package physical; package physical;
message SealWrapEntry { message EncryptedBlobInfo {
bytes ciphertext = 1; bytes ciphertext = 1;
bytes iv = 2;
bytes hmac = 3;
bool wrapped = 4; bool wrapped = 4;
SealKeyInfo key_info = 5;
// Key is the Key value for the entry that corresponds to
// physical.Entry.Key's value
string key = 6;
}
// SealKeyInfo contains information regarding the seal used to encrypt the entry.
message SealKeyInfo {
// Mechanism is the method used by the seal to encrypt and sign the
// data as defined by the seal.
uint64 Mechanism = 1;
uint64 HMACMechanism = 2;
// This is an opaque ID used by the seal to identify the specific
// key to use as defined by the seal. This could be a version, key
// label, or something else.
string KeyID = 3;
string HMACKeyID = 4;
// These value are used when generating our own data encryption keys
// and encrypting them using the autoseal
bytes WrappedKey = 5;
// Mechanism specific flags
uint64 Flags = 6;
} }

235
vault/seal/alicloudkms/alicloudkms.go Normal file
View File

@@ -0,0 +1,235 @@
package alicloudkms
import (
"context"
"errors"
"fmt"
"os"
"sync/atomic"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers"
"github.com/aliyun/alibaba-cloud-sdk-go/services/kms"
"github.com/hashicorp/errwrap"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/physical"
"github.com/hashicorp/vault/vault/seal"
)
const (
EnvAliCloudKMSSealKeyID = "VAULT_ALICLOUDKMS_SEAL_KEY_ID"
)
type AliCloudKMSSeal struct {
logger log.Logger
client kmsClient
domain string
keyID string
currentKeyID *atomic.Value
}
// Ensure that we are implementing AutoSealAccess
var _ seal.Access = (*AliCloudKMSSeal)(nil)
func NewSeal(logger log.Logger) *AliCloudKMSSeal {
k := &AliCloudKMSSeal{
logger: logger,
currentKeyID: new(atomic.Value),
}
k.currentKeyID.Store("")
return k
}
// SetConfig sets the fields on the AliCloudKMSSeal object based on
// values from the config parameter.
//
// Order of precedence AliCloud values:
// * Environment variable
// * Value from Vault configuration file
// * Instance metadata role (access key and secret key)
func (k *AliCloudKMSSeal) SetConfig(config map[string]string) (map[string]string, error) {
if config == nil {
config = map[string]string{}
}
// Check and set KeyID
switch {
case os.Getenv(EnvAliCloudKMSSealKeyID) != "":
k.keyID = os.Getenv(EnvAliCloudKMSSealKeyID)
case config["kms_key_id"] != "":
k.keyID = config["kms_key_id"]
default:
return nil, fmt.Errorf("'kms_key_id' not found for AliCloud KMS sealconfiguration")
}
region := ""
if k.client == nil {
// Check and set region.
region = os.Getenv("ALICLOUD_REGION")
if region == "" {
ok := false
if region, ok = config["region"]; !ok {
region = "us-east-1"
}
}
// A domain isn't required, but it can be used to override the endpoint
// returned by the region. An example value for a domain would be:
// "kms.us-east-1.aliyuncs.com".
k.domain = os.Getenv("ALICLOUD_DOMAIN")
if k.domain == "" {
k.domain = config["domain"]
}
// Build the optional, configuration-based piece of the credential chain.
credConfig := &providers.Configuration{}
if accessKey, ok := config["access_key"]; ok {
credConfig.AccessKeyID = accessKey
}
if accessSecret, ok := config["access_secret"]; ok {
credConfig.AccessKeySecret = accessSecret
}
credentialChain := []providers.Provider{
providers.NewEnvCredentialProvider(),
providers.NewConfigurationCredentialProvider(credConfig),
providers.NewInstanceMetadataProvider(),
}
credProvider := providers.NewChainProvider(credentialChain)
creds, err := credProvider.Retrieve()
if err != nil {
return nil, err
}
clientConfig := sdk.NewConfig()
clientConfig.Scheme = "https"
client, err := kms.NewClientWithOptions(region, clientConfig, creds)
if err != nil {
return nil, err
}
k.client = client
}
// Test the client connection using provided key ID
input := kms.CreateDescribeKeyRequest()
input.KeyId = k.keyID
input.Domain = k.domain
keyInfo, err := k.client.DescribeKey(input)
if err != nil {
return nil, errwrap.Wrapf("error fetching AliCloud KMS sealkey information: {{err}}", err)
}
if keyInfo == nil || keyInfo.KeyMetadata.KeyId == "" {
return nil, errors.New("no key information returned")
}
k.currentKeyID.Store(keyInfo.KeyMetadata.KeyId)
// Map that holds non-sensitive configuration info
sealInfo := make(map[string]string)
sealInfo["region"] = region
sealInfo["kms_key_id"] = k.keyID
if k.domain != "" {
sealInfo["domain"] = k.domain
}
return sealInfo, nil
}
// Init is called during core.Initialize. No-op at the moment.
func (k *AliCloudKMSSeal) Init(_ context.Context) error {
return nil
}
// Finalize is called during shutdown. This is a no-op since
// AliCloudKMSSeal doesn't require any cleanup.
func (k *AliCloudKMSSeal) Finalize(_ context.Context) error {
return nil
}
// SealType returns the seal type for this particular seal implementation.
func (k *AliCloudKMSSeal) SealType() string {
return seal.AliCloudKMS
}
// KeyID returns the last known key id.
func (k *AliCloudKMSSeal) KeyID() string {
return k.currentKeyID.Load().(string)
}
// Encrypt is used to encrypt the master key using the the AliCloud CMK.
// This returns the ciphertext, and/or any errors from this
// call. This should be called after the KMS client has been instantiated.
func (k *AliCloudKMSSeal) Encrypt(_ context.Context, plaintext []byte) (*physical.EncryptedBlobInfo, error) {
if plaintext == nil {
return nil, fmt.Errorf("given plaintext for encryption is nil")
}
env, err := seal.NewEnvelope().Encrypt(plaintext)
if err != nil {
return nil, errwrap.Wrapf("error wrapping data: {{err}}", err)
}
input := kms.CreateEncryptRequest()
input.KeyId = k.keyID
input.Plaintext = string(env.Key)
input.Domain = k.domain
output, err := k.client.Encrypt(input)
if err != nil {
return nil, errwrap.Wrapf("error encrypting data: {{err}}", err)
}
// Store the current key id.
keyID := output.KeyId
k.currentKeyID.Store(keyID)
ret := &physical.EncryptedBlobInfo{
Ciphertext: env.Ciphertext,
IV: env.IV,
KeyInfo: &physical.SealKeyInfo{
KeyID: keyID,
WrappedKey: []byte(output.CiphertextBlob),
},
}
return ret, nil
}
// Decrypt is used to decrypt the ciphertext. This should be called after Init.
func (k *AliCloudKMSSeal) Decrypt(_ context.Context, in *physical.EncryptedBlobInfo) ([]byte, error) {
if in == nil {
return nil, fmt.Errorf("given input for decryption is nil")
}
// KeyID is not passed to this call because AWS handles this
// internally based on the metadata stored with the encrypted data
input := kms.CreateDecryptRequest()
input.CiphertextBlob = string(in.KeyInfo.WrappedKey)
input.Domain = k.domain
output, err := k.client.Decrypt(input)
if err != nil {
return nil, errwrap.Wrapf("error decrypting data encryption key: {{err}}", err)
}
envInfo := &seal.EnvelopeInfo{
Key: []byte(output.Plaintext),
IV: in.IV,
Ciphertext: in.Ciphertext,
}
plaintext, err := seal.NewEnvelope().Decrypt(envInfo)
if err != nil {
return nil, errwrap.Wrapf("error decrypting data: {{err}}", err)
}
return plaintext, nil
}
type kmsClient interface {
Decrypt(request *kms.DecryptRequest) (response *kms.DecryptResponse, err error)
DescribeKey(request *kms.DescribeKeyRequest) (response *kms.DescribeKeyResponse, err error)
Encrypt(request *kms.EncryptRequest) (response *kms.EncryptResponse, err error)
}

123
vault/seal/alicloudkms/alicloudkms_test.go Normal file
View File

@@ -0,0 +1,123 @@
package alicloudkms
import (
"context"
"encoding/base64"
"errors"
"os"
"reflect"
"testing"
"github.com/aliyun/alibaba-cloud-sdk-go/services/kms"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/helper/logging"
)
const aliCloudTestKeyID = "foo"
func TestAliCloudKMSSeal(t *testing.T) {
s := NewSeal(logging.NewVaultLogger(log.Trace))
s.client = &mockAliCloudKMSSealClient{
keyID: aliCloudTestKeyID,
}
if _, err := s.SetConfig(nil); err == nil {
t.Fatal("expected error when AliCloudKMSSeal key ID is not provided")
}
// Set the key
if err := os.Setenv(EnvAliCloudKMSSealKeyID, aliCloudTestKeyID); err != nil {
t.Fatal(err)
}
defer func() {
if err := os.Unsetenv(EnvAliCloudKMSSealKeyID); err != nil {
t.Fatal(err)
}
}()
if _, err := s.SetConfig(nil); err != nil {
t.Fatal(err)
}
}
func TestAliCloudKMSSeal_Lifecycle(t *testing.T) {
s := NewSeal(logging.NewVaultLogger(log.Trace))
s.client = &mockAliCloudKMSSealClient{
keyID: aliCloudTestKeyID,
}
if err := os.Setenv(EnvAliCloudKMSSealKeyID, aliCloudTestKeyID); err != nil {
t.Fatal(err)
}
defer func() {
if err := os.Unsetenv(EnvAliCloudKMSSealKeyID); err != nil {
t.Fatal(err)
}
}()
if _, err := s.SetConfig(nil); err != nil {
t.Fatal(err)
}
// Test Encrypt and Decrypt calls
input := []byte("foo")
swi, err := s.Encrypt(context.Background(), input)
if err != nil {
t.Fatalf("err: %s", err.Error())
}
pt, err := s.Decrypt(context.Background(), swi)
if err != nil {
t.Fatalf("err: %s", err.Error())
}
if !reflect.DeepEqual(input, pt) {
t.Fatalf("expected %s, got %s", input, pt)
}
}
type mockAliCloudKMSSealClient struct {
keyID string
}
// Encrypt is a mocked call that returns a base64 encoded string.
func (m *mockAliCloudKMSSealClient) Encrypt(request *kms.EncryptRequest) (response *kms.EncryptResponse, err error) {
m.keyID = request.KeyId
encoded := make([]byte, base64.StdEncoding.EncodedLen(len(request.Plaintext)))
base64.StdEncoding.Encode(encoded, []byte(request.Plaintext))
output := kms.CreateEncryptResponse()
output.CiphertextBlob = string(encoded)
output.KeyId = request.KeyId
return output, nil
}
// Decrypt is a mocked call that returns a decoded base64 string.
func (m *mockAliCloudKMSSealClient) Decrypt(request *kms.DecryptRequest) (response *kms.DecryptResponse, err error) {
decLen := base64.StdEncoding.DecodedLen(len(request.CiphertextBlob))
decoded := make([]byte, decLen)
len, err := base64.StdEncoding.Decode(decoded, []byte(request.CiphertextBlob))
if err != nil {
return nil, err
}
if len < decLen {
decoded = decoded[:len]
}
output := kms.CreateDecryptResponse()
output.KeyId = m.keyID
output.Plaintext = string(decoded)
return output, nil
}
// DescribeKey is a mocked call that returns the keyID.
func (m *mockAliCloudKMSSealClient) DescribeKey(request *kms.DescribeKeyRequest) (response *kms.DescribeKeyResponse, err error) {
if m.keyID == "" {
return nil, errors.New("key not found")
}
output := kms.CreateDescribeKeyResponse()
output.KeyMetadata = kms.KeyMetadata{
KeyId: m.keyID,
}
return output, nil
}

311
vault/seal/awskms/awskms.go Normal file
View File

@@ -0,0 +1,311 @@
package awskms
import (
"context"
"errors"
"fmt"
"os"
"sync/atomic"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/kms"
"github.com/aws/aws-sdk-go/service/kms/kmsiface"
"github.com/hashicorp/errwrap"
cleanhttp "github.com/hashicorp/go-cleanhttp"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/helper/awsutil"
"github.com/hashicorp/vault/physical"
"github.com/hashicorp/vault/vault/seal"
)
const (
// EnvAWSKMSSealKeyID is the AWS KMS key ID to use for encryption and decryption
EnvAWSKMSSealKeyID = "VAULT_AWSKMS_SEAL_KEY_ID"
)
// AWSKMSMechanism is the method used to encrypt/decrypt in the autoseal
type AWSKMSMechanism uint32
const (
// AWSKMSEncrypt is used to directly encrypt the data with KMS
AWSKMSEncrypt = iota
// AWSKMSEnvelopeAESGCMEncrypt is when a data encryption key is generated and
// the data is encrypted with AESGCM and the key is encrypted with KMS
AWSKMSEnvelopeAESGCMEncrypt
)
// AWSKMSSeal represents credentials and Key information for the KMS Key used to
// encryption and decryption
type AWSKMSSeal struct {
accessKey string
secretKey string
region string
keyID string
endpoint string
currentKeyID *atomic.Value
client kmsiface.KMSAPI
logger log.Logger
}
// Ensure that we are implementing AutoSealAccess
var _ seal.Access = (*AWSKMSSeal)(nil)
// NewSeal creates a new AWSKMS seal with the provided logger
func NewSeal(logger log.Logger) *AWSKMSSeal {
k := &AWSKMSSeal{
logger: logger,
currentKeyID: new(atomic.Value),
}
k.currentKeyID.Store("")
return k
}
// SetConfig sets the fields on the AWSKMSSeal object based on
// values from the config parameter.
//
// Order of precedence AWS values:
// * Environment variable
// * Value from Vault configuration file
// * Instance metadata role (access key and secret key)
// * Default values
func (k *AWSKMSSeal) SetConfig(config map[string]string) (map[string]string, error) {
if config == nil {
config = map[string]string{}
}
// Check and set KeyID
switch {
case os.Getenv(EnvAWSKMSSealKeyID) != "":
k.keyID = os.Getenv(EnvAWSKMSSealKeyID)
case config["kms_key_id"] != "":
k.keyID = config["kms_key_id"]
default:
return nil, fmt.Errorf("'kms_key_id' not found for AWS KMS sealconfiguration")
}
// Check and set region
region, regionOk := config["region"]
switch {
case os.Getenv("AWS_REGION") != "":
k.region = os.Getenv("AWS_REGION")
case os.Getenv("AWS_DEFAULT_REGION") != "":
k.region = os.Getenv("AWS_DEFAULT_REGION")
case regionOk && region != "":
k.region = region
default:
k.region = "us-east-1"
}
// Check and set AWS access key and secret key
k.accessKey = os.Getenv("AWS_ACCESS_KEY_ID")
if k.accessKey == "" {
if accessKey, ok := config["access_key"]; ok {
k.accessKey = accessKey
}
}
k.secretKey = os.Getenv("AWS_SECRET_ACCESS_KEY")
if k.secretKey == "" {
if secretKey, ok := config["secret_key"]; ok {
k.secretKey = secretKey
}
}
k.endpoint = os.Getenv("AWS_KMS_ENDPOINT")
if k.endpoint == "" {
if endpoint, ok := config["endpoint"]; ok {
k.endpoint = endpoint
}
}
// Check and set k.client
if k.client == nil {
client, err := k.getAWSKMSClient()
if err != nil {
return nil, errwrap.Wrapf("error initializing AWS KMS sealclient: {{err}}", err)
}
// Test the client connection using provided key ID
keyInfo, err := client.DescribeKey(&kms.DescribeKeyInput{
KeyId: aws.String(k.keyID),
})
if err != nil {
return nil, errwrap.Wrapf("error fetching AWS KMS sealkey information: {{err}}", err)
}
if keyInfo == nil || keyInfo.KeyMetadata == nil || keyInfo.KeyMetadata.KeyId == nil {
return nil, errors.New("no key information returned")
}
k.currentKeyID.Store(aws.StringValue(keyInfo.KeyMetadata.KeyId))
k.client = client
}
// Map that holds non-sensitive configuration info
sealInfo := make(map[string]string)
sealInfo["region"] = k.region
sealInfo["kms_key_id"] = k.keyID
if k.endpoint != "" {
sealInfo["endpoint"] = k.endpoint
}
return sealInfo, nil
}
// Init is called during core.Initialize. No-op at the moment.
func (k *AWSKMSSeal) Init(_ context.Context) error {
return nil
}
// Finalize is called during shutdown. This is a no-op since
// AWSKMSSeal doesn't require any cleanup.
func (k *AWSKMSSeal) Finalize(_ context.Context) error {
return nil
}
// SealType returns the seal type for this particular seal implementation.
func (k *AWSKMSSeal) SealType() string {
return seal.AWSKMS
}
// KeyID returns the last known key id.
func (k *AWSKMSSeal) KeyID() string {
return k.currentKeyID.Load().(string)
}
// Encrypt is used to encrypt the master key using the the AWS CMK.
// This returns the ciphertext, and/or any errors from this
// call. This should be called after the KMS client has been instantiated.
func (k *AWSKMSSeal) Encrypt(_ context.Context, plaintext []byte) (*physical.EncryptedBlobInfo, error) {
if plaintext == nil {
return nil, fmt.Errorf("given plaintext for encryption is nil")
}
env, err := seal.NewEnvelope().Encrypt(plaintext)
if err != nil {
return nil, errwrap.Wrapf("error wrapping data: {{err}}", err)
}
if k.client == nil {
return nil, fmt.Errorf("nil client")
}
input := &kms.EncryptInput{
KeyId: aws.String(k.keyID),
Plaintext: env.Key,
}
output, err := k.client.Encrypt(input)
if err != nil {
return nil, errwrap.Wrapf("error encrypting data: {{err}}", err)
}
// store the current key id
keyID := aws.StringValue(output.KeyId)
k.currentKeyID.Store(keyID)
ret := &physical.EncryptedBlobInfo{
Ciphertext: env.Ciphertext,
IV: env.IV,
KeyInfo: &physical.SealKeyInfo{
Mechanism: AWSKMSEnvelopeAESGCMEncrypt,
// Even though we do not use the key id during decryption, store it
// to know exactly the specific key used in encryption in case we
// want to rewrap older entries
KeyID: keyID,
WrappedKey: output.CiphertextBlob,
},
}
return ret, nil
}
// Decrypt is used to decrypt the ciphertext. This should be called after Init.
func (k *AWSKMSSeal) Decrypt(_ context.Context, in *physical.EncryptedBlobInfo) ([]byte, error) {
if in == nil {
return nil, fmt.Errorf("given input for decryption is nil")
}
// Default to mechanism used before key info was stored
if in.KeyInfo == nil {
in.KeyInfo = &physical.SealKeyInfo{
Mechanism: AWSKMSEncrypt,
}
}
var plaintext []byte
switch in.KeyInfo.Mechanism {
case AWSKMSEncrypt:
input := &kms.DecryptInput{
CiphertextBlob: in.Ciphertext,
}
output, err := k.client.Decrypt(input)
if err != nil {
return nil, errwrap.Wrapf("error decrypting data: {{err}}", err)
}
plaintext = output.Plaintext
case AWSKMSEnvelopeAESGCMEncrypt:
// KeyID is not passed to this call because AWS handles this
// internally based on the metadata stored with the encrypted data
input := &kms.DecryptInput{
CiphertextBlob: in.KeyInfo.WrappedKey,
}
output, err := k.client.Decrypt(input)
if err != nil {
return nil, errwrap.Wrapf("error decrypting data encryption key: {{err}}", err)
}
envInfo := &seal.EnvelopeInfo{
Key: output.Plaintext,
IV: in.IV,
Ciphertext: in.Ciphertext,
}
plaintext, err = seal.NewEnvelope().Decrypt(envInfo)
if err != nil {
return nil, errwrap.Wrapf("error decrypting data: {{err}}", err)
}
default:
return nil, fmt.Errorf("invalid mechanism: %d", in.KeyInfo.Mechanism)
}
return plaintext, nil
}
// getAWSKMSClient returns an instance of the KMS client.
func (k *AWSKMSSeal) getAWSKMSClient() (*kms.KMS, error) {
credsConfig := &awsutil.CredentialsConfig{}
credsConfig.AccessKey = k.accessKey
credsConfig.SecretKey = k.secretKey
credsConfig.Region = k.region
credsConfig.HTTPClient = cleanhttp.DefaultClient()
creds, err := credsConfig.GenerateCredentialChain()
if err != nil {
return nil, err
}
awsConfig := &aws.Config{
Credentials: creds,
Region: aws.String(credsConfig.Region),
HTTPClient: cleanhttp.DefaultClient(),
}
if k.endpoint != "" {
awsConfig.Endpoint = aws.String(k.endpoint)
}
sess, err := session.NewSession(awsConfig)
if err != nil {
return nil, err
}
client := kms.New(sess)
return client, nil
}

159
vault/seal/awskms/awskms_test.go Normal file
View File

@@ -0,0 +1,159 @@
package awskms
import (
"context"
"os"
"reflect"
"testing"
"github.com/aws/aws-sdk-go/aws"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/helper/logging"
)
func TestAWSKMSSeal(t *testing.T) {
s := NewSeal(logging.NewVaultLogger(log.Trace))
s.client = &mockAWSKMSSealClient{
keyID: aws.String(awsTestKeyID),
}
_, err := s.SetConfig(nil)
if err == nil {
t.Fatal("expected error when AWSKMSSeal key ID is not provided")
}
// Set the key
os.Setenv(EnvAWSKMSSealKeyID, awsTestKeyID)
_, err = s.SetConfig(nil)
if err != nil {
t.Fatal(err)
}
}
func TestAWSKMSSeal_Lifecycle(t *testing.T) {
s := NewSeal(logging.NewVaultLogger(log.Trace))
s.client = &mockAWSKMSSealClient{
keyID: aws.String(awsTestKeyID),
}
os.Setenv(EnvAWSKMSSealKeyID, awsTestKeyID)
_, err := s.SetConfig(nil)
if err != nil {
t.Fatal(err)
}
// Test Encrypt and Decrypt calls
input := []byte("foo")
swi, err := s.Encrypt(context.Background(), input)
if err != nil {
t.Fatalf("err: %s", err.Error())
}
pt, err := s.Decrypt(context.Background(), swi)
if err != nil {
t.Fatalf("err: %s", err.Error())
}
if !reflect.DeepEqual(input, pt) {
t.Fatalf("expected %s, got %s", input, pt)
}
}
func TestAWSKMSSeal_custom_endpoint(t *testing.T) {
customEndpoint := "https://custom.endpoint"
customEndpoint2 := "https://custom.endpoint.2"
endpointENV := "AWS_KMS_ENDPOINT"
// unset at end of test
os.Setenv(EnvAWSKMSSealKeyID, awsTestKeyID)
defer func() {
if err := os.Unsetenv(EnvAWSKMSSealKeyID); err != nil {
t.Fatal(err)
}
}()
cfg := make(map[string]string)
cfg["endpoint"] = customEndpoint
testCases := []struct {
Title string
Env string
Config map[string]string
Expected *string
}{
{
// Default will have nil for the config endpoint, and be looked up
// dynamically by the SDK
Title: "Default",
},
{
Title: "Environment",
Env: customEndpoint,
Expected: aws.String(customEndpoint),
},
{
Title: "Config",
Config: cfg,
Expected: aws.String(customEndpoint),
},
{
// Expect environment to take precedence over configuration
Title: "Env-Config",
Env: customEndpoint2,
Config: cfg,
Expected: aws.String(customEndpoint2),
},
}
for _, tc := range testCases {
t.Run(tc.Title, func(t *testing.T) {
s := NewSeal(logging.NewVaultLogger(log.Trace))
s.client = &mockAWSKMSSealClient{
keyID: aws.String(awsTestKeyID),
}
if tc.Env != "" {
if err := os.Setenv(endpointENV, tc.Env); err != nil {
t.Fatal(err)
}
}
// cfg starts as nil, and takes a test case value if given. If not,
// SetConfig is called with nil and creates it's own config
var cfg map[string]string
if tc.Config != nil {
cfg = tc.Config
}
if _, err := s.SetConfig(cfg); err != nil {
t.Fatalf("error setting config: %s", err)
}
// call getAWSKMSClient() to get the configured client and verify it's
// endpoint
k, err := s.getAWSKMSClient()
if err != nil {
t.Fatal(err)
}
if tc.Expected == nil && k.Config.Endpoint != nil {
t.Fatalf("Expected nil endpoint, got: (%s)", *k.Config.Endpoint)
}
if tc.Expected != nil {
if k.Config.Endpoint == nil {
t.Fatal("expected custom endpoint, but config was nil")
}
if *k.Config.Endpoint != *tc.Expected {
t.Fatalf("expected custom endpoint (%s), got: (%s)", *tc.Expected, *k.Config.Endpoint)
}
}
// clear endpoint env after each test
if err := os.Unsetenv(endpointENV); err != nil {
t.Fatal(err)
}
})
}
}

72
vault/seal/awskms/testing.go Normal file
View File

@@ -0,0 +1,72 @@
package awskms
import (
"encoding/base64"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/kms"
"github.com/aws/aws-sdk-go/service/kms/kmsiface"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/helper/logging"
)
const awsTestKeyID = "foo"
func NewAWSKMSTestSeal() *AWSKMSSeal {
s := NewSeal(logging.NewVaultLogger(log.Trace))
s.client = &mockAWSKMSSealClient{
keyID: aws.String(awsTestKeyID),
}
return s
}
type mockAWSKMSSealClient struct {
kmsiface.KMSAPI
keyID *string
}
// Encrypt is a mocked call that returns a base64 encoded string.
func (m *mockAWSKMSSealClient) Encrypt(input *kms.EncryptInput) (*kms.EncryptOutput, error) {
m.keyID = input.KeyId
encoded := make([]byte, base64.StdEncoding.EncodedLen(len(input.Plaintext)))
base64.StdEncoding.Encode(encoded, input.Plaintext)
return &kms.EncryptOutput{
CiphertextBlob: encoded,
KeyId: input.KeyId,
}, nil
}
// Decrypt is a mocked call that returns a decoded base64 string.
func (m *mockAWSKMSSealClient) Decrypt(input *kms.DecryptInput) (*kms.DecryptOutput, error) {
decLen := base64.StdEncoding.DecodedLen(len(input.CiphertextBlob))
decoded := make([]byte, decLen)
len, err := base64.StdEncoding.Decode(decoded, input.CiphertextBlob)
if err != nil {
return nil, err
}
if len < decLen {
decoded = decoded[:len]
}
return &kms.DecryptOutput{
KeyId: m.keyID,
Plaintext: decoded,
}, nil
}
// DescribeKey is a mocked call that returns the keyID.
func (m *mockAWSKMSSealClient) DescribeKey(input *kms.DescribeKeyInput) (*kms.DescribeKeyOutput, error) {
if m.keyID == nil {
return nil, awserr.New(kms.ErrCodeNotFoundException, "key not found", nil)
}
return &kms.DescribeKeyOutput{
KeyMetadata: &kms.KeyMetadata{
KeyId: m.keyID,
},
}, nil
}

267
vault/seal/azurekeyvault/azurekeyvault.go Normal file
View File

@@ -0,0 +1,267 @@
package azurekeyvault
import (
"context"
"encoding/base64"
"errors"
"fmt"
"os"
"strings"
"sync/atomic"
"github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault"
"github.com/Azure/go-autorest/autorest"
"github.com/Azure/go-autorest/autorest/azure"
"github.com/Azure/go-autorest/autorest/azure/auth"
"github.com/Azure/go-autorest/autorest/to"
"github.com/hashicorp/errwrap"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/physical"
"github.com/hashicorp/vault/vault/seal"
)
// AzureKeyVaultSeal is an auto-seal that uses Azure Key Vault
// for crypto operations. Azure Key Vault currently does not support
// keys that can encrypt long data (RSA keys). Due to this fact, we generate
// and AES key and wrap the key using Key Vault and store it with the
// data
type AzureKeyVaultSeal struct {
tenantID string
clientID string
clientSecret string
vaultName string
keyName string
currentKeyID *atomic.Value
environment azure.Environment
client *keyvault.BaseClient
logger log.Logger
}
// Ensure that we are implementing AutoSealAccess
var _ seal.Access = (*AzureKeyVaultSeal)(nil)
func NewSeal(logger log.Logger) *AzureKeyVaultSeal {
v := &AzureKeyVaultSeal{
logger: logger,
currentKeyID: new(atomic.Value),
}
v.currentKeyID.Store("")
return v
}
// SetConfig sets the fields on the AzureKeyVaultSeal object based on
// values from the config parameter.
//
// Order of precedence:
// * Environment variable
// * Value from Vault configuration file
// * Managed Service Identity for instance
func (v *AzureKeyVaultSeal) SetConfig(config map[string]string) (map[string]string, error) {
if config == nil {
config = map[string]string{}
}
switch {
case os.Getenv("AZURE_TENANT_ID") != "":
v.tenantID = os.Getenv("AZURE_TENANT_ID")
case config["tenant_id"] != "":
v.tenantID = config["tenant_id"]
}
switch {
case os.Getenv("AZURE_CLIENT_ID") != "":
v.clientID = os.Getenv("AZURE_CLIENT_ID")
case config["client_id"] != "":
v.clientID = config["client_id"]
}
switch {
case os.Getenv("AZURE_CLIENT_SECRET") != "":
v.clientSecret = os.Getenv("AZURE_CLIENT_SECRET")
case config["client_secret"] != "":
v.clientSecret = config["client_secret"]
}
envName := os.Getenv("AZURE_ENVIRONMENT")
if envName == "" {
envName = config["environment"]
}
if envName == "" {
v.environment = azure.PublicCloud
} else {
var err error
v.environment, err = azure.EnvironmentFromName(envName)
if err != nil {
return nil, err
}
}
switch {
case os.Getenv("VAULT_AZUREKEYVAULT_VAULT_NAME") != "":
v.vaultName = os.Getenv("VAULT_AZUREKEYVAULT_VAULT_NAME")
case config["vault_name"] != "":
v.vaultName = config["vault_name"]
default:
return nil, errors.New("vault name is required")
}
switch {
case os.Getenv("VAULT_AZUREKEYVAULT_KEY_NAME") != "":
v.keyName = os.Getenv("VAULT_AZUREKEYVAULT_KEY_NAME")
case config["key_name"] != "":
v.keyName = config["key_name"]
default:
return nil, errors.New("key name is required")
}
if v.client == nil {
client, err := v.getKeyVaultClient()
if err != nil {
return nil, errwrap.Wrapf("error initializing Azure Key Vault seal client: {{err}}", err)
}
// Test the client connection using provided key ID
_, err = client.GetKey(context.Background(), v.buildBaseURL(), v.keyName, "")
if err != nil {
return nil, errwrap.Wrapf("error fetching Azure Key Vault seal key information: {{err}}", err)
}
v.client = client
}
// Map that holds non-sensitive configuration info
sealInfo := make(map[string]string)
sealInfo["environment"] = v.environment.Name
sealInfo["vault_name"] = v.vaultName
sealInfo["key_name"] = v.keyName
return sealInfo, nil
}
// Init is called during core.Initialize. This is a no-op.
func (v *AzureKeyVaultSeal) Init(context.Context) error {
return nil
}
// Finalize is called during shutdown. This is a no-op.
func (v *AzureKeyVaultSeal) Finalize(context.Context) error {
return nil
}
// SealType returns the seal type for this particular seal implementation.
func (v *AzureKeyVaultSeal) SealType() string {
return seal.AzureKeyVault
}
// KeyID returns the last known key id.
func (v *AzureKeyVaultSeal) KeyID() string {
return v.currentKeyID.Load().(string)
}
// Encrypt is used to encrypt using Azure Key Vault.
// This returns the ciphertext, and/or any errors from this
// call.
func (v *AzureKeyVaultSeal) Encrypt(ctx context.Context, plaintext []byte) (*physical.EncryptedBlobInfo, error) {
if plaintext == nil {
return nil, errors.New("given plaintext for encryption is nil")
}
env, err := seal.NewEnvelope().Encrypt(plaintext)
if err != nil {
return nil, errwrap.Wrapf("error wrapping dat: {{err}}", err)
}
// Encrypt the DEK using Key Vault
params := keyvault.KeyOperationsParameters{
Algorithm: keyvault.RSAOAEP256,
Value: to.StringPtr(base64.URLEncoding.EncodeToString(env.Key)),
}
// Wrap key with the latest version for the key name
resp, err := v.client.WrapKey(ctx, v.buildBaseURL(), v.keyName, "", params)
if err != nil {
return nil, err
}
// Kid gets returned as a full URL, get the last bit which is just
// the version
keyVersionParts := strings.Split(to.String(resp.Kid), "/")
keyVersion := keyVersionParts[len(keyVersionParts)-1]
ret := &physical.EncryptedBlobInfo{
Ciphertext: env.Ciphertext,
IV: env.IV,
KeyInfo: &physical.SealKeyInfo{
KeyID: keyVersion,
WrappedKey: []byte(to.String(resp.Result)),
},
}
return ret, nil
}
// Decrypt is used to decrypt the ciphertext.
func (v *AzureKeyVaultSeal) Decrypt(ctx context.Context, in *physical.EncryptedBlobInfo) ([]byte, error) {
if in == nil {
return nil, errors.New("given input for decryption is nil")
}
if in.KeyInfo == nil {
return nil, errors.New("key info is nil")
}
// Unwrap the key
params := keyvault.KeyOperationsParameters{
Algorithm: keyvault.RSAOAEP256,
Value: to.StringPtr(string(in.KeyInfo.WrappedKey)),
}
resp, err := v.client.UnwrapKey(ctx, v.buildBaseURL(), v.keyName, in.KeyInfo.KeyID, params)
if err != nil {
return nil, err
}
keyBytes, err := base64.URLEncoding.WithPadding(base64.NoPadding).DecodeString(to.String(resp.Result))
if err != nil {
return nil, err
}
envInfo := &seal.EnvelopeInfo{
Key: keyBytes,
IV: in.IV,
Ciphertext: in.Ciphertext,
}
return seal.NewEnvelope().Decrypt(envInfo)
}
func (v *AzureKeyVaultSeal) buildBaseURL() string {
return fmt.Sprintf("https://%s.%s/", v.vaultName, v.environment.KeyVaultDNSSuffix)
}
func (v *AzureKeyVaultSeal) getKeyVaultClient() (*keyvault.BaseClient, error) {
var authorizer autorest.Authorizer
var err error
switch {
case v.clientID != "" && v.clientSecret != "":
config := auth.NewClientCredentialsConfig(v.clientID, v.clientSecret, v.tenantID)
config.AADEndpoint = v.environment.ActiveDirectoryEndpoint
config.Resource = strings.TrimSuffix(v.environment.KeyVaultEndpoint, "/")
authorizer, err = config.Authorizer()
if err != nil {
return nil, err
}
// By default use MSI
default:
config := auth.NewMSIConfig()
config.Resource = strings.TrimSuffix(v.environment.KeyVaultEndpoint, "/")
authorizer, err = config.Authorizer()
if err != nil {
return nil, err
}
}
client := keyvault.New()
client.Authorizer = authorizer
return &client, nil
}

59
vault/seal/azurekeyvault/azurekeyvault_acc_test.go Normal file
View File

@@ -0,0 +1,59 @@
package azurekeyvault
import (
"context"
"os"
"reflect"
"testing"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/helper/logging"
)
func TestAzureKeyVault_SetConfig(t *testing.T) {
if os.Getenv("VAULT_ACC") == "" {
t.SkipNow()
}
seal := NewSeal(logging.NewVaultLogger(log.Trace))
tenantID := os.Getenv("AZURE_TENANT_ID")
os.Unsetenv("AZURE_TENANT_ID")
// Attempt to set config, expect failure due to missing config
_, err := seal.SetConfig(nil)
if err == nil {
t.Fatal("expected error when Azure Key Vault config values are not provided")
}
os.Setenv("AZURE_TENANT_ID", tenantID)
_, err = seal.SetConfig(nil)
if err != nil {
t.Fatal(err)
}
}
func TestAzureKeyVault_Lifecycle(t *testing.T) {
if os.Getenv("VAULT_ACC") == "" {
t.SkipNow()
}
s := NewSeal(logging.NewVaultLogger(log.Trace))
// Test Encrypt and Decrypt calls
input := []byte("foo")
swi, err := s.Encrypt(context.Background(), input)
if err != nil {
t.Fatalf("err: %s", err.Error())
}
pt, err := s.Decrypt(context.Background(), swi)
if err != nil {
t.Fatalf("err: %s", err.Error())
}
if !reflect.DeepEqual(input, pt) {
t.Fatalf("expected %s, got %s", input, pt)
}
}

72
vault/seal/envelope.go Normal file
View File

@@ -0,0 +1,72 @@
package seal
import (
"crypto/aes"
"crypto/cipher"
"errors"
"time"
metrics "github.com/armon/go-metrics"
"github.com/hashicorp/errwrap"
uuid "github.com/hashicorp/go-uuid"
)
type Envelope struct{}
type EnvelopeInfo struct {
Ciphertext []byte
Key []byte
IV []byte
}
func NewEnvelope() *Envelope {
return &Envelope{}
}
func (e *Envelope) Encrypt(plaintext []byte) (*EnvelopeInfo, error) {
defer metrics.MeasureSince([]string{"seal", "envelope", "encrypt"}, time.Now())
// Generate DEK
key, err := uuid.GenerateRandomBytes(32)
if err != nil {
return nil, err
}
iv, err := uuid.GenerateRandomBytes(12)
if err != nil {
return nil, err
}
aead, err := e.aeadEncrypter(key)
if err != nil {
return nil, err
}
return &EnvelopeInfo{
Ciphertext: aead.Seal(nil, iv, plaintext, nil),
Key: key,
IV: iv,
}, nil
}
func (e *Envelope) Decrypt(data *EnvelopeInfo) ([]byte, error) {
defer metrics.MeasureSince([]string{"seal", "envelope", "decrypt"}, time.Now())
aead, err := e.aeadEncrypter(data.Key)
if err != nil {
return nil, err
}
return aead.Open(nil, data.IV, data.Ciphertext, nil)
}
func (e *Envelope) aeadEncrypter(key []byte) (cipher.AEAD, error) {
aesCipher, err := aes.NewCipher(key)
if err != nil {
return nil, errwrap.Wrapf("failed to create cipher: {{err}}", err)
}
// Create the GCM mode AEAD
gcm, err := cipher.NewGCM(aesCipher)
if err != nil {
return nil, errors.New("failed to initialize GCM mode")
}
return gcm, nil
}

23
vault/seal/envelope_test.go Normal file
View File

@@ -0,0 +1,23 @@
package seal
import (
"bytes"
"testing"
)
func TestEnvelope(t *testing.T) {
input := []byte("test")
env, err := NewEnvelope().Encrypt(input)
if err != nil {
t.Fatal(err)
}
output, err := NewEnvelope().Decrypt(env)
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(input, output) {
t.Fatalf("expected the same text: expected %s, got %s", string(input), string(output))
}
}

326
vault/seal/gcpckms/gcpckms.go Normal file
View File

@@ -0,0 +1,326 @@
package gcpckms
import (
"encoding/base64"
"errors"
"fmt"
"io/ioutil"
"net/http"
"os"
"sync/atomic"
"github.com/hashicorp/errwrap"
cleanhttp "github.com/hashicorp/go-cleanhttp"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/physical"
"github.com/hashicorp/vault/vault/seal"
context "golang.org/x/net/context"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
cloudkms "google.golang.org/api/cloudkms/v1"
)
const (
// General GCP values, follows TF naming conventions
EnvGCPCKMSSealCredsPath = "GOOGLE_CREDENTIALS"
EnvGCPCKMSSealProject = "GOOGLE_PROJECT"
EnvGCPCKMSSealLocation = "GOOGLE_REGION"
// CKMS-specific values
EnvGCPCKMSSealKeyRing = "VAULT_GCPCKMS_SEAL_KEY_RING"
EnvGCPCKMSSealCryptoKey = "VAULT_GCPCKMS_SEAL_CRYPTO_KEY"
)
// GCPKMSMechanism is the method used to encrypt/decrypt in the autoseal
type GCPKMSMechanism uint32
const (
// GCPKMSEncrypt is used to directly encrypt the data with KMS
GCPKMSEncrypt = iota
// GCPKMSEnvelopeAESGCMEncrypt is when a data encryption key is generatated and
// the data is encrypted with AESGCM and the key is encrypted with KMS
GCPKMSEnvelopeAESGCMEncrypt
)
type GCPCKMSSeal struct {
// Values specific to IAM
credsPath string // Path to the creds file generated during service account creation
// Values specific to Cloud KMS service
project string
location string
keyRing string
cryptoKey string
parentName string // Parent path built from the above values
currentKeyID *atomic.Value
client *cloudkms.Service
logger log.Logger
}
var _ seal.Access = (*GCPCKMSSeal)(nil)
func NewSeal(logger log.Logger) *GCPCKMSSeal {
s := &GCPCKMSSeal{
logger: logger,
currentKeyID: new(atomic.Value),
}
s.currentKeyID.Store("")
return s
}
// SetConfig sets the fields on the GCPCKMSSeal object based on values from the
// config parameter. Environment variables take precedence over values provided
// in the Vault configuration file (i.e. values in the `seal "gcpckms"` stanza).
//
// Order of precedence for GCP credentials file:
// * GOOGLE_CREDENTIALS environment variable
// * `credentials` value from Value configuration file
// * GOOGLE_APPLICATION_CREDENTIALS (https://developers.google.com/identity/protocols/application-default-credentials)
func (s *GCPCKMSSeal) SetConfig(config map[string]string) (map[string]string, error) {
if config == nil {
config = map[string]string{}
}
// Do not return an error in this case. Let client initialization in
// getClient() attempt to sort out where to get default credentials internally
// within the SDK (e.g. checking for GOOGLE_APPLICATION_CREDENTIALS), and let
// it error out there if none is found. This is here to establish precedence on
// non-default input methods.
switch {
case os.Getenv(EnvGCPCKMSSealCredsPath) != "":
s.credsPath = os.Getenv(EnvGCPCKMSSealCredsPath)
case config["credentials"] != "":
s.credsPath = config["credentials"]
}
switch {
case os.Getenv(EnvGCPCKMSSealProject) != "":
s.project = os.Getenv(EnvGCPCKMSSealProject)
case config["project"] != "":
s.project = config["project"]
default:
return nil, errors.New("'project' not found for GCP CKMS seal configuration")
}
switch {
case os.Getenv(EnvGCPCKMSSealLocation) != "":
s.location = os.Getenv(EnvGCPCKMSSealLocation)
case config["region"] != "":
s.location = config["region"]
default:
return nil, errors.New("'region' not found for GCP CKMS seal configuration")
}
switch {
case os.Getenv(EnvGCPCKMSSealKeyRing) != "":
s.keyRing = os.Getenv(EnvGCPCKMSSealKeyRing)
case config["key_ring"] != "":
s.keyRing = config["key_ring"]
default:
return nil, errors.New("'key_ring' not found for GCP CKMS seal configuration")
}
switch {
case os.Getenv(EnvGCPCKMSSealCryptoKey) != "":
s.cryptoKey = os.Getenv(EnvGCPCKMSSealCryptoKey)
case config["crypto_key"] != "":
s.cryptoKey = config["crypto_key"]
default:
return nil, errors.New("'crypto_key' not found for GCP CKMS seal configuration")
}
// Set the parent name for encrypt/decrypt requests
s.parentName = fmt.Sprintf("projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s", s.project, s.location, s.keyRing, s.cryptoKey)
// Set and check s.client
if s.client == nil {
kmsClient, err := s.getClient()
if err != nil {
return nil, errwrap.Wrapf("error initializing GCP CKMS seal client: {{err}}", err)
}
// Make sure cryto key exists in GCP
keyInfo, err := kmsClient.Projects.Locations.KeyRings.CryptoKeys.Get(s.parentName).Do()
if err != nil {
return nil, errwrap.Wrapf("error fetching GCP CKMS seal key information: {{err}}", err)
}
if keyInfo == nil {
return nil, errors.New("no key information returned")
}
s.currentKeyID.Store(keyInfo.Name)
s.client = kmsClient
}
// Map that holds non-sensitive configuration info to return
sealInfo := make(map[string]string)
sealInfo["project"] = s.project
sealInfo["region"] = s.location
sealInfo["key_ring"] = s.keyRing
sealInfo["crypto_key"] = s.cryptoKey
return sealInfo, nil
}
// Init is called during core.Initialize. No-op at the moment.
func (s *GCPCKMSSeal) Init(_ context.Context) error {
return nil
}
// Finalize is called during shutdown. This is a no-op since
// GCPKMSSeal doesn't require any cleanup.
func (s *GCPCKMSSeal) Finalize(_ context.Context) error {
return nil
}
// SealType returns the seal type for this particular seal implementation.
func (s *GCPCKMSSeal) SealType() string {
return seal.GCPCKMS
}
// KeyID returns the last known key id.
func (s *GCPCKMSSeal) KeyID() string {
return s.currentKeyID.Load().(string)
}
// Encrypt is used to encrypt the master key using the the AWS CMK.
// This returns the ciphertext, and/or any errors from this
// call. This should be called after s.client has been instantiated.
func (s *GCPCKMSSeal) Encrypt(_ context.Context, plaintext []byte) (*physical.EncryptedBlobInfo, error) {
if plaintext == nil {
return nil, errors.New("given plaintext for encryption is nil")
}
env, err := seal.NewEnvelope().Encrypt(plaintext)
if err != nil {
return nil, errwrap.Wrapf("error wrapping data: {{err}}", err)
}
req := &cloudkms.EncryptRequest{
Plaintext: base64.StdEncoding.EncodeToString(env.Key),
}
resp, err := s.client.Projects.Locations.KeyRings.CryptoKeys.Encrypt(s.parentName, req).Do()
if err != nil {
return nil, err
}
ct, err := base64.StdEncoding.DecodeString(resp.Ciphertext)
if err != nil {
return nil, err
}
// Store current key id value
s.currentKeyID.Store(resp.Name)
ret := &physical.EncryptedBlobInfo{
Ciphertext: env.Ciphertext,
IV: env.IV,
KeyInfo: &physical.SealKeyInfo{
Mechanism: GCPKMSEnvelopeAESGCMEncrypt,
// Even though we do not use the key id during decryption, store it
// to know exactly what version was used in encryption in case we
// want to rewrap older entries
KeyID: resp.Name,
WrappedKey: ct,
},
}
return ret, nil
}
// Decrypt is used to decrypt the ciphertext.
func (s *GCPCKMSSeal) Decrypt(_ context.Context, in *physical.EncryptedBlobInfo) ([]byte, error) {
if in.Ciphertext == nil {
return nil, fmt.Errorf("given ciphertext for decryption is nil")
}
// Default to mechanism used before key info was stored
if in.KeyInfo == nil {
in.KeyInfo = &physical.SealKeyInfo{
Mechanism: GCPKMSEncrypt,
}
}
var plaintext []byte
switch in.KeyInfo.Mechanism {
case GCPKMSEncrypt:
req := &cloudkms.DecryptRequest{
Ciphertext: base64.StdEncoding.EncodeToString(in.Ciphertext),
}
resp, err := s.client.Projects.Locations.KeyRings.CryptoKeys.Decrypt(s.parentName, req).Do()
if err != nil {
return nil, err
}
plaintext, err = base64.StdEncoding.DecodeString(resp.Plaintext)
if err != nil {
return nil, errwrap.Wrapf("error decoding decrypt response: {{err}}", err)
}
case GCPKMSEnvelopeAESGCMEncrypt:
req := &cloudkms.DecryptRequest{
Ciphertext: base64.StdEncoding.EncodeToString(in.KeyInfo.WrappedKey),
}
resp, err := s.client.Projects.Locations.KeyRings.CryptoKeys.Decrypt(s.parentName, req).Do()
if err != nil {
return nil, err
}
keyPlaintext, err := base64.StdEncoding.DecodeString(resp.Plaintext)
if err != nil {
return nil, errwrap.Wrapf("error decoding decrypt response: {{err}}", err)
}
envInfo := &seal.EnvelopeInfo{
Key: keyPlaintext,
IV: in.IV,
Ciphertext: in.Ciphertext,
}
plaintext, err = seal.NewEnvelope().Decrypt(envInfo)
if err != nil {
return nil, errwrap.Wrapf("error decrypting data: {{err}}", err)
}
default:
return nil, fmt.Errorf("invalid mechanism: %d", in.KeyInfo.Mechanism)
}
return plaintext, nil
}
func (s *GCPCKMSSeal) getClient() (*cloudkms.Service, error) {
ctx := context.WithValue(context.Background(), oauth2.HTTPClient, cleanhttp.DefaultPooledClient())
var client *http.Client
// If the credentials path was provided explicitly then use that
if s.credsPath != "" {
creds, err := ioutil.ReadFile(s.credsPath)
if err != nil {
return nil, err
}
conf, err := google.JWTConfigFromJSON(creds, cloudkms.CloudPlatformScope)
if err != nil {
return nil, err
}
client = conf.Client(ctx)
} else {
// Otherwise use application default credentials
var err error
client, err = google.DefaultClient(ctx, cloudkms.CloudPlatformScope)
if err != nil {
return nil, err
}
}
kmsClient, err := cloudkms.New(client)
if err != nil {
return nil, err
}
return kmsClient, nil
}

105
vault/seal/gcpckms/gcpckms_acc_test.go Normal file
View File

@@ -0,0 +1,105 @@
package gcpckms
import (
"os"
"reflect"
"testing"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/helper/logging"
context "golang.org/x/net/context"
)
const (
// These values need to match the values from the hc-value-testing project
gcpckmsTestProjectID = "hc-vault-testing"
gcpckmsTestLocationID = "global"
gcpckmsTestKeyRing = "vault-test-keyring"
gcpckmsTestCryptoKey = "vault-test-key"
)
func TestGCPCKMSSeal(t *testing.T) {
// Do an error check before env vars are set
s := NewSeal(logging.NewVaultLogger(log.Trace))
_, err := s.SetConfig(nil)
if err == nil {
t.Fatal("expected error when GCPCKMSSeal required values are not provided")
}
// Now test for cases where CKMS values are provided
checkAndSetEnvVars(t)
configCases := map[string]map[string]string{
"env_var": nil,
"config": map[string]string{
"credentials": os.Getenv("GOOGLE_APPLICATION_CREDENTIALS"),
},
}
for name, config := range configCases {
t.Run(name, func(t *testing.T) {
s := NewSeal(logging.NewVaultLogger(log.Trace))
_, err := s.SetConfig(config)
if err != nil {
t.Fatalf("error setting seal config: %v", err)
}
})
}
}
func TestGCPCKMSSeal_Lifecycle(t *testing.T) {
checkAndSetEnvVars(t)
s := NewSeal(logging.NewVaultLogger(log.Trace))
_, err := s.SetConfig(nil)
if err != nil {
t.Fatalf("error setting seal config: %v", err)
}
// Test Encrypt and Decrypt calls
input := []byte("foo")
swi, err := s.Encrypt(context.Background(), input)
if err != nil {
t.Fatalf("err: %s", err.Error())
}
pt, err := s.Decrypt(context.Background(), swi)
if err != nil {
t.Fatalf("err: %s", err.Error())
}
if !reflect.DeepEqual(input, pt) {
t.Fatalf("expected %s, got %s", input, pt)
}
}
// checkAndSetEnvVars check and sets the required env vars. It will skip tests that are
// not ran as acceptance tests since they require calling to external APIs.
func checkAndSetEnvVars(t *testing.T) {
t.Helper()
// Skip tests if we are not running acceptance tests
if os.Getenv("VAULT_ACC") == "" {
t.SkipNow()
}
if os.Getenv("GOOGLE_APPLICATION_CREDENTIALS") == "" && os.Getenv(EnvGCPCKMSSealCredsPath) == "" {
t.Fatal("unable to get GCP credentials via environment variables")
}
if os.Getenv(EnvGCPCKMSSealProject) == "" {
os.Setenv(EnvGCPCKMSSealProject, gcpckmsTestProjectID)
}
if os.Getenv(EnvGCPCKMSSealLocation) == "" {
os.Setenv(EnvGCPCKMSSealLocation, gcpckmsTestLocationID)
}
if os.Getenv(EnvGCPCKMSSealKeyRing) == "" {
os.Setenv(EnvGCPCKMSSealKeyRing, gcpckmsTestKeyRing)
}
if os.Getenv(EnvGCPCKMSSealCryptoKey) == "" {
os.Setenv(EnvGCPCKMSSealCryptoKey, gcpckmsTestCryptoKey)
}
}

20
vault/seal/seal.go
View File

@@ -1,10 +1,30 @@
package seal package seal
import (
"context"
"github.com/hashicorp/vault/physical"
)
const ( const (
Shamir = "shamir" Shamir = "shamir"
PKCS11 = "pkcs11" PKCS11 = "pkcs11"
AliCloudKMS = "alicloudkms"
AWSKMS = "awskms" AWSKMS = "awskms"
GCPCKMS = "gcpckms" GCPCKMS = "gcpckms"
AzureKeyVault = "azurekeyvault" AzureKeyVault = "azurekeyvault"
Test = "test-auto" Test = "test-auto"
) )
// Access is the embedded implemention of autoSeal that contains logic
// specific to encrypting and decrypting data, or in this case keys.
type Access interface {
SealType() string
KeyID() string
Init(context.Context) error
Finalize(context.Context) error
Encrypt(context.Context, []byte) (*physical.EncryptedBlobInfo, error)
Decrypt(context.Context, *physical.EncryptedBlobInfo) ([]byte, error)
}

47
vault/seal/seal_testing.go Normal file
View File

@@ -0,0 +1,47 @@
package seal
import (
"context"
"github.com/hashicorp/vault/physical"
)
type TestSeal struct{}
var _ Access = (*TestSeal)(nil)
func (s *TestSeal) Init(_ context.Context) error {
return nil
}
func (t *TestSeal) Finalize(_ context.Context) error {
return nil
}
func (t *TestSeal) SealType() string {
return Test
}
func (t *TestSeal) KeyID() string {
return "static-key"
}
func (t *TestSeal) Encrypt(_ context.Context, plaintext []byte) (*physical.EncryptedBlobInfo, error) {
return &physical.EncryptedBlobInfo{
Ciphertext: ReverseBytes(plaintext),
}, nil
}
func (t *TestSeal) Decrypt(_ context.Context, dwi *physical.EncryptedBlobInfo) ([]byte, error) {
return ReverseBytes(dwi.Ciphertext), nil
}
// reverseBytes is a helper to simulate "encryption/decryption"
// on protected values.
func ReverseBytes(in []byte) []byte {
out := make([]byte, len(in))
for i := 0; i < len(in); i++ {
out[i] = in[len(in)-1-i]
}
return out
}

459
vault/seal_autoseal.go Normal file
View File

@@ -0,0 +1,459 @@
package vault
import (
"context"
"crypto/subtle"
"encoding/json"
"fmt"
"sync/atomic"
proto "github.com/golang/protobuf/proto"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/vault/physical"
"github.com/hashicorp/vault/vault/seal"
)
// barrierTypeUpgradeCheck checks for backwards compat on barrier type, not
// applicable in the OSS side
var barrierTypeUpgradeCheck = func(_ string, _ *SealConfig) {}
// autoSeal is a Seal implementation that contains logic for encrypting and
// decrypting stored keys via an underlying AutoSealAccess implementation, as
// well as logic related to recovery keys and barrier config.
type autoSeal struct {
seal.Access
barrierConfig atomic.Value
recoveryConfig atomic.Value
core *Core
}
// Ensure we are implementing the Seal interface
var _ Seal = (*autoSeal)(nil)
func NewAutoSeal(lowLevel seal.Access) Seal {
ret := &autoSeal{
Access: lowLevel,
}
ret.barrierConfig.Store((*SealConfig)(nil))
ret.recoveryConfig.Store((*SealConfig)(nil))
return ret
}
func (d *autoSeal) checkCore() error {
if d.core == nil {
return fmt.Errorf("seal does not have a core set")
}
return nil
}
func (d *autoSeal) SetCore(core *Core) {
d.core = core
}
func (d *autoSeal) Init(ctx context.Context) error {
return d.Access.Init(ctx)
}
func (d *autoSeal) Finalize(ctx context.Context) error {
return d.Access.Finalize(ctx)
}
func (d *autoSeal) BarrierType() string {
return d.SealType()
}
func (d *autoSeal) StoredKeysSupported() bool {
return true
}
func (d *autoSeal) RecoveryKeySupported() bool {
return true
}
// SetStoredKeys uses the autoSeal.Access.Encrypts method to wrap the keys. The stored entry
// does not need to be seal wrapped in this case.
func (d *autoSeal) SetStoredKeys(ctx context.Context, keys [][]byte) error {
if keys == nil {
return fmt.Errorf("keys were nil")
}
if len(keys) == 0 {
return fmt.Errorf("no keys provided")
}
buf, err := json.Marshal(keys)
if err != nil {
return errwrap.Wrapf("failed to encode keys for storage: {{err}}", err)
}
// Encrypt and marshal the keys
blobInfo, err := d.Encrypt(ctx, buf)
if err != nil {
return errwrap.Wrapf("failed to encrypt keys for storage: {{err}}", err)
}
value, err := proto.Marshal(blobInfo)
if err != nil {
return errwrap.Wrapf("failed to marshal value for storage: {{err}}", err)
}
// Store the seal configuration.
pe := &physical.Entry{
Key: storedBarrierKeysPath,
Value: value,
}
if err := d.core.physical.Put(ctx, pe); err != nil {
return errwrap.Wrapf("failed to write keys to storage: {{err}}", err)
}
return nil
}
// GetStoredKeys retrieves the key shares by unwrapping the encrypted key using the
// autoseal.
func (d *autoSeal) GetStoredKeys(ctx context.Context) ([][]byte, error) {
pe, err := d.core.physical.Get(ctx, storedBarrierKeysPath)
if err != nil {
return nil, errwrap.Wrapf("failed to fetch stored keys: {{err}}", err)
}
// This is not strictly an error; we may not have any stored keys, for
// instance, if we're not initialized
if pe == nil {
return nil, nil
}
blobInfo := &physical.EncryptedBlobInfo{}
if err := proto.Unmarshal(pe.Value, blobInfo); err != nil {
return nil, errwrap.Wrapf("failed to proto decode stored keys: {{err}}", err)
}
pt, err := d.Decrypt(ctx, blobInfo)
if err != nil {
return nil, errwrap.Wrapf("failed to decrypt encrypted stored keys: {{err}}", err)
}
// Decode the barrier entry
var keys [][]byte
if err := json.Unmarshal(pt, &keys); err != nil {
return nil, fmt.Errorf("failed to decode stored keys: %v, plaintext was %q", err, pe.Value)
}
return keys, nil
}
func (d *autoSeal) BarrierConfig(ctx context.Context) (*SealConfig, error) {
if d.barrierConfig.Load().(*SealConfig) != nil {
return d.barrierConfig.Load().(*SealConfig).Clone(), nil
}
if err := d.checkCore(); err != nil {
return nil, err
}
sealType := "barrier"
entry, err := d.core.physical.Get(ctx, barrierSealConfigPath)
if err != nil {
d.core.logger.Error("autoseal: failed to read seal configuration", "seal_type", sealType, "error", err)
return nil, errwrap.Wrapf(fmt.Sprintf("failed to read %q seal configuration: {{err}}", sealType), err)
}
// If the seal configuration is missing, we are not initialized
if entry == nil {
if d.core.logger.IsInfo() {
d.core.logger.Info("autoseal: seal configuration missing, not initialized", "seal_type", sealType)
}
return nil, nil
}
conf := &SealConfig{}
err = json.Unmarshal(entry.Value, conf)
if err != nil {
d.core.logger.Error("autoseal: failed to decode seal configuration", "seal_type", sealType, "error", err)
return nil, errwrap.Wrapf(fmt.Sprintf("failed to decode %q seal configuration: {{err}}", sealType), err)
}
// Check for a valid seal configuration
if err := conf.Validate(); err != nil {
d.core.logger.Error("autoseal: invalid seal configuration", "seal_type", sealType, "error", err)
return nil, errwrap.Wrapf(fmt.Sprintf("%q seal validation failed: {{err}}", sealType), err)
}
barrierTypeUpgradeCheck(d.BarrierType(), conf)
if conf.Type != d.BarrierType() {
d.core.logger.Error("autoseal: barrier seal type does not match loaded type", "seal_type", conf.Type, "loaded_type", d.BarrierType())
return nil, fmt.Errorf("barrier seal type of %q does not match loaded type of %q", conf.Type, d.BarrierType())
}
d.barrierConfig.Store(conf)
return conf.Clone(), nil
}
func (d *autoSeal) SetBarrierConfig(ctx context.Context, conf *SealConfig) error {
if err := d.checkCore(); err != nil {
return err
}
if conf == nil {
d.barrierConfig.Store((*SealConfig)(nil))
return nil
}
conf.Type = d.BarrierType()
// Encode the seal configuration
buf, err := json.Marshal(conf)
if err != nil {
return errwrap.Wrapf("failed to encode barrier seal configuration: {{err}}", err)
}
// Store the seal configuration
pe := &physical.Entry{
Key: barrierSealConfigPath,
Value: buf,
}
if err := d.core.physical.Put(ctx, pe); err != nil {
d.core.logger.Error("autoseal: failed to write barrier seal configuration", "error", err)
return errwrap.Wrapf("failed to write barrier seal configuration: {{err}}", err)
}
d.barrierConfig.Store(conf.Clone())
return nil
}
func (d *autoSeal) RecoveryType() string {
return RecoveryTypeShamir
}
// RecoveryConfig returns the recovery config on recoverySealConfigPlaintextPath.
func (d *autoSeal) RecoveryConfig(ctx context.Context) (*SealConfig, error) {
if d.recoveryConfig.Load().(*SealConfig) != nil {
return d.recoveryConfig.Load().(*SealConfig).Clone(), nil
}
if err := d.checkCore(); err != nil {
return nil, err
}
sealType := "recovery"
var entry *physical.Entry
var err error
entry, err = d.core.physical.Get(ctx, recoverySealConfigPlaintextPath)
if err != nil {
d.core.logger.Error("autoseal: failed to read seal configuration", "seal_type", sealType, "error", err)
return nil, errwrap.Wrapf(fmt.Sprintf("failed to read %q seal configuration: {{err}}", sealType), err)
}
if entry == nil {
if d.core.Sealed() {
d.core.logger.Info("autoseal: seal configuration missing, but cannot check old path as core is sealed", "seal_type", sealType)
return nil, nil
}
// Check the old recovery seal config path so an upgraded standby will
// return the correct seal config
be, err := d.core.barrier.Get(ctx, recoverySealConfigPath)
if err != nil {
return nil, errwrap.Wrapf("failed to read old recovery seal configuration: {{err}}", err)
}
// If the seal configuration is missing, then we are not initialized.
if be == nil {
if d.core.logger.IsInfo() {
d.core.logger.Info("autoseal: seal configuration missing, not initialized", "seal_type", sealType)
}
return nil, nil
}
// Reconstruct the physical entry
entry = &physical.Entry{
Key: be.Key,
Value: be.Value,
}
}
conf := &SealConfig{}
if err := json.Unmarshal(entry.Value, conf); err != nil {
d.core.logger.Error("autoseal: failed to decode seal configuration", "seal_type", sealType, "error", err)
return nil, errwrap.Wrapf(fmt.Sprintf("failed to decode %q seal configuration: {{err}}", sealType), err)
}
// Check for a valid seal configuration
if err := conf.Validate(); err != nil {
d.core.logger.Error("autoseal: invalid seal configuration", "seal_type", sealType, "error", err)
return nil, errwrap.Wrapf(fmt.Sprintf("%q seal validation failed: {{err}}", sealType), err)
}
if conf.Type != d.RecoveryType() {
d.core.logger.Error("autoseal: recovery seal type does not match loaded type", "seal_type", conf.Type, "loaded_type", d.RecoveryType())
return nil, fmt.Errorf("recovery seal type of %q does not match loaded type of %q", conf.Type, d.RecoveryType())
}
d.recoveryConfig.Store(conf)
return conf.Clone(), nil
}
// SetRecoveryConfig writes the recovery configuration to the physical storage
// and sets it as the seal's recoveryConfig.
func (d *autoSeal) SetRecoveryConfig(ctx context.Context, conf *SealConfig) error {
if err := d.checkCore(); err != nil {
return err
}
// Perform migration if applicable
if err := d.migrateRecoveryConfig(ctx); err != nil {
return err
}
if conf == nil {
d.recoveryConfig.Store((*SealConfig)(nil))
return nil
}
conf.Type = d.RecoveryType()
// Encode the seal configuration
buf, err := json.Marshal(conf)
if err != nil {
return errwrap.Wrapf("failed to encode recovery seal configuration: {{err}}", err)
}
// Store the seal configuration directly in the physical storage
pe := &physical.Entry{
Key: recoverySealConfigPlaintextPath,
Value: buf,
}
if err := d.core.physical.Put(ctx, pe); err != nil {
d.core.logger.Error("autoseal: failed to write recovery seal configuration", "error", err)
return errwrap.Wrapf("failed to write recovery seal configuration: {{err}}", err)
}
d.recoveryConfig.Store(conf.Clone())
return nil
}
func (d *autoSeal) VerifyRecoveryKey(ctx context.Context, key []byte) error {
if key == nil {
return fmt.Errorf("recovery key to verify is nil")
}
pe, err := d.core.physical.Get(ctx, recoveryKeyPath)
if err != nil {
d.core.logger.Error("autoseal: failed to read recovery key", "error", err)
return errwrap.Wrapf("failed to read recovery key: {{err}}", err)
}
if pe == nil {
d.core.logger.Warn("autoseal: no recovery key found")
return fmt.Errorf("no recovery key found")
}
blobInfo := &physical.EncryptedBlobInfo{}
if err := proto.Unmarshal(pe.Value, blobInfo); err != nil {
return errwrap.Wrapf("failed to proto decode stored keys: {{err}}", err)
}
pt, err := d.Decrypt(ctx, blobInfo)
if err != nil {
return errwrap.Wrapf("failed to decrypt encrypted stored keys: {{err}}", err)
}
// Check if provided key is same as the decrypted key
if subtle.ConstantTimeCompare(key, pt) != 1 {
// We may need to upgrade if the key is barrier-wrapped, so check
barrierDec, err := d.core.BarrierEncryptorAccess().Decrypt(ctx, recoveryKeyPath, pt)
if err == nil {
// If we hit this, it got barrier-wrapped, so we need to re-set the
// recovery key after unwrapping
err := d.SetRecoveryKey(ctx, barrierDec)
if err != nil {
return err
}
}
// Set pt to barrierDec for re-checking
pt = barrierDec
}
if subtle.ConstantTimeCompare(key, pt) != 1 {
return fmt.Errorf("recovery key does not match submitted values")
}
return nil
}
func (d *autoSeal) SetRecoveryKey(ctx context.Context, key []byte) error {
if err := d.checkCore(); err != nil {
return err
}
if key == nil {
return fmt.Errorf("recovery key to store is nil")
}
// Encrypt and marshal the keys
blobInfo, err := d.Encrypt(ctx, key)
if err != nil {
return errwrap.Wrapf("failed to encrypt keys for storage: {{err}}", err)
}
value, err := proto.Marshal(blobInfo)
if err != nil {
return errwrap.Wrapf("failed to marshal value for storage: {{err}}", err)
}
be := &physical.Entry{
Key: recoveryKeyPath,
Value: value,
}
if err := d.core.physical.Put(ctx, be); err != nil {
d.core.logger.Error("autoseal: failed to write recovery key", "error", err)
return errwrap.Wrapf("failed to write recovery key: {{err}}", err)
}
return nil
}
// migrateRecoveryConfig is a helper func to migrate the recovery config to
// live outside the barrier. This is called from SetRecoveryConfig which is
// always called with the stateLock.
func (d *autoSeal) migrateRecoveryConfig(ctx context.Context) error {
// Get config from the old recoverySealConfigPath path
be, err := d.core.barrier.Get(ctx, recoverySealConfigPath)
if err != nil {
return errwrap.Wrapf("failed to read old recovery seal configuration during migration: {{err}}", err)
}
// If this entry is nil, then skip migration
if be == nil {
return nil
}
// Only log if we are performing the migration
d.core.logger.Debug("migrating recovery seal configuration")
defer d.core.logger.Debug("done migrating recovery seal configuration")
// Perform migration
pe := &physical.Entry{
Key: recoverySealConfigPlaintextPath,
Value: be.Value,
}
if err := d.core.physical.Put(ctx, pe); err != nil {
return errwrap.Wrapf("failed to write recovery seal configuration during migration: {{err}}", err)
}
// Perform deletion of the old entry
if err := d.core.barrier.Delete(ctx, recoverySealConfigPath); err != nil {
return errwrap.Wrapf("failed to delete old recovery seal configuration during migration: {{err}}", err)
}
return nil
}

4
vault/sealunwrapper.go
View File

@@ -69,7 +69,7 @@ func (d *sealUnwrapper) Get(ctx context.Context, key string) (*physical.Entry, e
} }
var performUnwrap bool var performUnwrap bool
se := &physical.SealWrapEntry{} se := &physical.EncryptedBlobInfo{}
// If the value ends in our canary value, try to decode the bytes. // If the value ends in our canary value, try to decode the bytes.
eLen := len(entry.Value) eLen := len(entry.Value)
if eLen > 0 && entry.Value[eLen-1] == 's' { if eLen > 0 && entry.Value[eLen-1] == 's' {
@@ -106,7 +106,7 @@ func (d *sealUnwrapper) Get(ctx context.Context, key string) (*physical.Entry, e
} }
performUnwrap = false performUnwrap = false
se = &physical.SealWrapEntry{} se = &physical.EncryptedBlobInfo{}
// If the value ends in our canary value, try to decode the bytes. // If the value ends in our canary value, try to decode the bytes.
eLen = len(entry.Value) eLen = len(entry.Value)
if eLen > 0 && entry.Value[eLen-1] == 's' { if eLen > 0 && entry.Value[eLen-1] == 's' {

5514
vendor/github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault/client.go generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

2631
vendor/github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault/models.go generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

30
vendor/github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault/version.go generated vendored Normal file
View File

@@ -0,0 +1,30 @@
package keyvault
import "github.com/Azure/azure-sdk-for-go/version"
// Copyright (c) Microsoft and contributors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Code generated by Microsoft (R) AutoRest Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
// UserAgent returns the UserAgent string to use when sending http.Requests.
func UserAgent() string {
return "Azure-SDK-For-Go/" + version.Number + " keyvault/2016-10-01"
}
// Version returns the semantic version (see http://semver.org) of the client.
func Version() string {
return version.Number
}

104
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/cancel_key_deletion.go generated vendored Executable file
View File

@@ -0,0 +1,104 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// CancelKeyDeletion invokes the kms.CancelKeyDeletion API synchronously
// api document: https://help.aliyun.com/api/kms/cancelkeydeletion.html
func (client *Client) CancelKeyDeletion(request *CancelKeyDeletionRequest) (response *CancelKeyDeletionResponse, err error) {
response = CreateCancelKeyDeletionResponse()
err = client.DoAction(request, response)
return
}
// CancelKeyDeletionWithChan invokes the kms.CancelKeyDeletion API asynchronously
// api document: https://help.aliyun.com/api/kms/cancelkeydeletion.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) CancelKeyDeletionWithChan(request *CancelKeyDeletionRequest) (<-chan *CancelKeyDeletionResponse, <-chan error) {
responseChan := make(chan *CancelKeyDeletionResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.CancelKeyDeletion(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// CancelKeyDeletionWithCallback invokes the kms.CancelKeyDeletion API asynchronously
// api document: https://help.aliyun.com/api/kms/cancelkeydeletion.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) CancelKeyDeletionWithCallback(request *CancelKeyDeletionRequest, callback func(response *CancelKeyDeletionResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *CancelKeyDeletionResponse
var err error
defer close(result)
response, err = client.CancelKeyDeletion(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// CancelKeyDeletionRequest is the request struct for api CancelKeyDeletion
type CancelKeyDeletionRequest struct {
*requests.RpcRequest
KeyId string `position:"Query" name:"KeyId"`
STSToken string `position:"Query" name:"STSToken"`
}
// CancelKeyDeletionResponse is the response struct for api CancelKeyDeletion
type CancelKeyDeletionResponse struct {
*responses.BaseResponse
RequestId string `json:"RequestId" xml:"RequestId"`
}
// CreateCancelKeyDeletionRequest creates a request to invoke CancelKeyDeletion API
func CreateCancelKeyDeletionRequest() (request *CancelKeyDeletionRequest) {
request = &CancelKeyDeletionRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "CancelKeyDeletion", "kms", "openAPI")
return
}
// CreateCancelKeyDeletionResponse creates a response to parse from CancelKeyDeletion response
func CreateCancelKeyDeletionResponse() (response *CancelKeyDeletionResponse) {
response = &CancelKeyDeletionResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

81
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/client.go generated vendored Executable file
View File

@@ -0,0 +1,81 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth"
)
// Client is the sdk client struct, each func corresponds to an OpenAPI
type Client struct {
sdk.Client
}
// NewClient creates a sdk client with environment variables
func NewClient() (client *Client, err error) {
client = &Client{}
err = client.Init()
return
}
// NewClientWithOptions creates a sdk client with regionId/sdkConfig/credential
// this is the common api to create a sdk client
func NewClientWithOptions(regionId string, config *sdk.Config, credential auth.Credential) (client *Client, err error) {
client = &Client{}
err = client.InitWithOptions(regionId, config, credential)
return
}
// NewClientWithAccessKey is a shortcut to create sdk client with accesskey
// usage: https://help.aliyun.com/document_detail/66217.html
func NewClientWithAccessKey(regionId, accessKeyId, accessKeySecret string) (client *Client, err error) {
client = &Client{}
err = client.InitWithAccessKey(regionId, accessKeyId, accessKeySecret)
return
}
// NewClientWithStsToken is a shortcut to create sdk client with sts token
// usage: https://help.aliyun.com/document_detail/66222.html
func NewClientWithStsToken(regionId, stsAccessKeyId, stsAccessKeySecret, stsToken string) (client *Client, err error) {
client = &Client{}
err = client.InitWithStsToken(regionId, stsAccessKeyId, stsAccessKeySecret, stsToken)
return
}
// NewClientWithRamRoleArn is a shortcut to create sdk client with ram roleArn
// usage: https://help.aliyun.com/document_detail/66222.html
func NewClientWithRamRoleArn(regionId string, accessKeyId, accessKeySecret, roleArn, roleSessionName string) (client *Client, err error) {
client = &Client{}
err = client.InitWithRamRoleArn(regionId, accessKeyId, accessKeySecret, roleArn, roleSessionName)
return
}
// NewClientWithEcsRamRole is a shortcut to create sdk client with ecs ram role
// usage: https://help.aliyun.com/document_detail/66223.html
func NewClientWithEcsRamRole(regionId string, roleName string) (client *Client, err error) {
client = &Client{}
err = client.InitWithEcsRamRole(regionId, roleName)
return
}
// NewClientWithRsaKeyPair is a shortcut to create sdk client with rsa key pair
// attention: rsa key pair auth is only Japan regions available
func NewClientWithRsaKeyPair(regionId string, publicKeyId, privateKey string, sessionExpiration int) (client *Client, err error) {
client = &Client{}
err = client.InitWithRsaKeyPair(regionId, publicKeyId, privateKey, sessionExpiration)
return
}

105
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/create_alias.go generated vendored Executable file
View File

@@ -0,0 +1,105 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// CreateAlias invokes the kms.CreateAlias API synchronously
// api document: https://help.aliyun.com/api/kms/createalias.html
func (client *Client) CreateAlias(request *CreateAliasRequest) (response *CreateAliasResponse, err error) {
response = CreateCreateAliasResponse()
err = client.DoAction(request, response)
return
}
// CreateAliasWithChan invokes the kms.CreateAlias API asynchronously
// api document: https://help.aliyun.com/api/kms/createalias.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) CreateAliasWithChan(request *CreateAliasRequest) (<-chan *CreateAliasResponse, <-chan error) {
responseChan := make(chan *CreateAliasResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.CreateAlias(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// CreateAliasWithCallback invokes the kms.CreateAlias API asynchronously
// api document: https://help.aliyun.com/api/kms/createalias.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) CreateAliasWithCallback(request *CreateAliasRequest, callback func(response *CreateAliasResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *CreateAliasResponse
var err error
defer close(result)
response, err = client.CreateAlias(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// CreateAliasRequest is the request struct for api CreateAlias
type CreateAliasRequest struct {
*requests.RpcRequest
KeyId string `position:"Query" name:"KeyId"`
AliasName string `position:"Query" name:"AliasName"`
STSToken string `position:"Query" name:"STSToken"`
}
// CreateAliasResponse is the response struct for api CreateAlias
type CreateAliasResponse struct {
*responses.BaseResponse
RequestId string `json:"RequestId" xml:"RequestId"`
}
// CreateCreateAliasRequest creates a request to invoke CreateAlias API
func CreateCreateAliasRequest() (request *CreateAliasRequest) {
request = &CreateAliasRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "CreateAlias", "kms", "openAPI")
return
}
// CreateCreateAliasResponse creates a response to parse from CreateAlias response
func CreateCreateAliasResponse() (response *CreateAliasResponse) {
response = &CreateAliasResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

107
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/create_key.go generated vendored Executable file
View File

@@ -0,0 +1,107 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// CreateKey invokes the kms.CreateKey API synchronously
// api document: https://help.aliyun.com/api/kms/createkey.html
func (client *Client) CreateKey(request *CreateKeyRequest) (response *CreateKeyResponse, err error) {
response = CreateCreateKeyResponse()
err = client.DoAction(request, response)
return
}
// CreateKeyWithChan invokes the kms.CreateKey API asynchronously
// api document: https://help.aliyun.com/api/kms/createkey.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) CreateKeyWithChan(request *CreateKeyRequest) (<-chan *CreateKeyResponse, <-chan error) {
responseChan := make(chan *CreateKeyResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.CreateKey(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// CreateKeyWithCallback invokes the kms.CreateKey API asynchronously
// api document: https://help.aliyun.com/api/kms/createkey.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) CreateKeyWithCallback(request *CreateKeyRequest, callback func(response *CreateKeyResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *CreateKeyResponse
var err error
defer close(result)
response, err = client.CreateKey(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// CreateKeyRequest is the request struct for api CreateKey
type CreateKeyRequest struct {
*requests.RpcRequest
Description string `position:"Query" name:"Description"`
KeyUsage string `position:"Query" name:"KeyUsage"`
STSToken string `position:"Query" name:"STSToken"`
Origin string `position:"Query" name:"Origin"`
}
// CreateKeyResponse is the response struct for api CreateKey
type CreateKeyResponse struct {
*responses.BaseResponse
RequestId string `json:"RequestId" xml:"RequestId"`
KeyMetadata KeyMetadata `json:"KeyMetadata" xml:"KeyMetadata"`
}
// CreateCreateKeyRequest creates a request to invoke CreateKey API
func CreateCreateKeyRequest() (request *CreateKeyRequest) {
request = &CreateKeyRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "CreateKey", "kms", "openAPI")
return
}
// CreateCreateKeyResponse creates a response to parse from CreateKey response
func CreateCreateKeyResponse() (response *CreateKeyResponse) {
response = &CreateKeyResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

107
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/decrypt.go generated vendored Executable file
View File

@@ -0,0 +1,107 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// Decrypt invokes the kms.Decrypt API synchronously
// api document: https://help.aliyun.com/api/kms/decrypt.html
func (client *Client) Decrypt(request *DecryptRequest) (response *DecryptResponse, err error) {
response = CreateDecryptResponse()
err = client.DoAction(request, response)
return
}
// DecryptWithChan invokes the kms.Decrypt API asynchronously
// api document: https://help.aliyun.com/api/kms/decrypt.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) DecryptWithChan(request *DecryptRequest) (<-chan *DecryptResponse, <-chan error) {
responseChan := make(chan *DecryptResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.Decrypt(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// DecryptWithCallback invokes the kms.Decrypt API asynchronously
// api document: https://help.aliyun.com/api/kms/decrypt.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) DecryptWithCallback(request *DecryptRequest, callback func(response *DecryptResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *DecryptResponse
var err error
defer close(result)
response, err = client.Decrypt(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// DecryptRequest is the request struct for api Decrypt
type DecryptRequest struct {
*requests.RpcRequest
CiphertextBlob string `position:"Query" name:"CiphertextBlob"`
STSToken string `position:"Query" name:"STSToken"`
EncryptionContext string `position:"Query" name:"EncryptionContext"`
}
// DecryptResponse is the response struct for api Decrypt
type DecryptResponse struct {
*responses.BaseResponse
Plaintext string `json:"Plaintext" xml:"Plaintext"`
KeyId string `json:"KeyId" xml:"KeyId"`
RequestId string `json:"RequestId" xml:"RequestId"`
}
// CreateDecryptRequest creates a request to invoke Decrypt API
func CreateDecryptRequest() (request *DecryptRequest) {
request = &DecryptRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "Decrypt", "kms", "openAPI")
return
}
// CreateDecryptResponse creates a response to parse from Decrypt response
func CreateDecryptResponse() (response *DecryptResponse) {
response = &DecryptResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

104
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/delete_alias.go generated vendored Executable file
View File

@@ -0,0 +1,104 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// DeleteAlias invokes the kms.DeleteAlias API synchronously
// api document: https://help.aliyun.com/api/kms/deletealias.html
func (client *Client) DeleteAlias(request *DeleteAliasRequest) (response *DeleteAliasResponse, err error) {
response = CreateDeleteAliasResponse()
err = client.DoAction(request, response)
return
}
// DeleteAliasWithChan invokes the kms.DeleteAlias API asynchronously
// api document: https://help.aliyun.com/api/kms/deletealias.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) DeleteAliasWithChan(request *DeleteAliasRequest) (<-chan *DeleteAliasResponse, <-chan error) {
responseChan := make(chan *DeleteAliasResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.DeleteAlias(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// DeleteAliasWithCallback invokes the kms.DeleteAlias API asynchronously
// api document: https://help.aliyun.com/api/kms/deletealias.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) DeleteAliasWithCallback(request *DeleteAliasRequest, callback func(response *DeleteAliasResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *DeleteAliasResponse
var err error
defer close(result)
response, err = client.DeleteAlias(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// DeleteAliasRequest is the request struct for api DeleteAlias
type DeleteAliasRequest struct {
*requests.RpcRequest
AliasName string `position:"Query" name:"AliasName"`
STSToken string `position:"Query" name:"STSToken"`
}
// DeleteAliasResponse is the response struct for api DeleteAlias
type DeleteAliasResponse struct {
*responses.BaseResponse
RequestId string `json:"RequestId" xml:"RequestId"`
}
// CreateDeleteAliasRequest creates a request to invoke DeleteAlias API
func CreateDeleteAliasRequest() (request *DeleteAliasRequest) {
request = &DeleteAliasRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "DeleteAlias", "kms", "openAPI")
return
}
// CreateDeleteAliasResponse creates a response to parse from DeleteAlias response
func CreateDeleteAliasResponse() (response *DeleteAliasResponse) {
response = &DeleteAliasResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

104
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/delete_key_material.go generated vendored Executable file
View File

@@ -0,0 +1,104 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// DeleteKeyMaterial invokes the kms.DeleteKeyMaterial API synchronously
// api document: https://help.aliyun.com/api/kms/deletekeymaterial.html
func (client *Client) DeleteKeyMaterial(request *DeleteKeyMaterialRequest) (response *DeleteKeyMaterialResponse, err error) {
response = CreateDeleteKeyMaterialResponse()
err = client.DoAction(request, response)
return
}
// DeleteKeyMaterialWithChan invokes the kms.DeleteKeyMaterial API asynchronously
// api document: https://help.aliyun.com/api/kms/deletekeymaterial.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) DeleteKeyMaterialWithChan(request *DeleteKeyMaterialRequest) (<-chan *DeleteKeyMaterialResponse, <-chan error) {
responseChan := make(chan *DeleteKeyMaterialResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.DeleteKeyMaterial(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// DeleteKeyMaterialWithCallback invokes the kms.DeleteKeyMaterial API asynchronously
// api document: https://help.aliyun.com/api/kms/deletekeymaterial.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) DeleteKeyMaterialWithCallback(request *DeleteKeyMaterialRequest, callback func(response *DeleteKeyMaterialResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *DeleteKeyMaterialResponse
var err error
defer close(result)
response, err = client.DeleteKeyMaterial(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// DeleteKeyMaterialRequest is the request struct for api DeleteKeyMaterial
type DeleteKeyMaterialRequest struct {
*requests.RpcRequest
KeyId string `position:"Query" name:"KeyId"`
STSToken string `position:"Query" name:"STSToken"`
}
// DeleteKeyMaterialResponse is the response struct for api DeleteKeyMaterial
type DeleteKeyMaterialResponse struct {
*responses.BaseResponse
RequestId string `json:"RequestId" xml:"RequestId"`
}
// CreateDeleteKeyMaterialRequest creates a request to invoke DeleteKeyMaterial API
func CreateDeleteKeyMaterialRequest() (request *DeleteKeyMaterialRequest) {
request = &DeleteKeyMaterialRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "DeleteKeyMaterial", "kms", "openAPI")
return
}
// CreateDeleteKeyMaterialResponse creates a response to parse from DeleteKeyMaterial response
func CreateDeleteKeyMaterialResponse() (response *DeleteKeyMaterialResponse) {
response = &DeleteKeyMaterialResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

105
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/describe_key.go generated vendored Executable file
View File

@@ -0,0 +1,105 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// DescribeKey invokes the kms.DescribeKey API synchronously
// api document: https://help.aliyun.com/api/kms/describekey.html
func (client *Client) DescribeKey(request *DescribeKeyRequest) (response *DescribeKeyResponse, err error) {
response = CreateDescribeKeyResponse()
err = client.DoAction(request, response)
return
}
// DescribeKeyWithChan invokes the kms.DescribeKey API asynchronously
// api document: https://help.aliyun.com/api/kms/describekey.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) DescribeKeyWithChan(request *DescribeKeyRequest) (<-chan *DescribeKeyResponse, <-chan error) {
responseChan := make(chan *DescribeKeyResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.DescribeKey(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// DescribeKeyWithCallback invokes the kms.DescribeKey API asynchronously
// api document: https://help.aliyun.com/api/kms/describekey.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) DescribeKeyWithCallback(request *DescribeKeyRequest, callback func(response *DescribeKeyResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *DescribeKeyResponse
var err error
defer close(result)
response, err = client.DescribeKey(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// DescribeKeyRequest is the request struct for api DescribeKey
type DescribeKeyRequest struct {
*requests.RpcRequest
KeyId string `position:"Query" name:"KeyId"`
STSToken string `position:"Query" name:"STSToken"`
}
// DescribeKeyResponse is the response struct for api DescribeKey
type DescribeKeyResponse struct {
*responses.BaseResponse
RequestId string `json:"RequestId" xml:"RequestId"`
KeyMetadata KeyMetadata `json:"KeyMetadata" xml:"KeyMetadata"`
}
// CreateDescribeKeyRequest creates a request to invoke DescribeKey API
func CreateDescribeKeyRequest() (request *DescribeKeyRequest) {
request = &DescribeKeyRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "DescribeKey", "kms", "openAPI")
return
}
// CreateDescribeKeyResponse creates a response to parse from DescribeKey response
func CreateDescribeKeyResponse() (response *DescribeKeyResponse) {
response = &DescribeKeyResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

104
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/describe_regions.go generated vendored Executable file
View File

@@ -0,0 +1,104 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// DescribeRegions invokes the kms.DescribeRegions API synchronously
// api document: https://help.aliyun.com/api/kms/describeregions.html
func (client *Client) DescribeRegions(request *DescribeRegionsRequest) (response *DescribeRegionsResponse, err error) {
response = CreateDescribeRegionsResponse()
err = client.DoAction(request, response)
return
}
// DescribeRegionsWithChan invokes the kms.DescribeRegions API asynchronously
// api document: https://help.aliyun.com/api/kms/describeregions.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) DescribeRegionsWithChan(request *DescribeRegionsRequest) (<-chan *DescribeRegionsResponse, <-chan error) {
responseChan := make(chan *DescribeRegionsResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.DescribeRegions(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// DescribeRegionsWithCallback invokes the kms.DescribeRegions API asynchronously
// api document: https://help.aliyun.com/api/kms/describeregions.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) DescribeRegionsWithCallback(request *DescribeRegionsRequest, callback func(response *DescribeRegionsResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *DescribeRegionsResponse
var err error
defer close(result)
response, err = client.DescribeRegions(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// DescribeRegionsRequest is the request struct for api DescribeRegions
type DescribeRegionsRequest struct {
*requests.RpcRequest
STSToken string `position:"Query" name:"STSToken"`
}
// DescribeRegionsResponse is the response struct for api DescribeRegions
type DescribeRegionsResponse struct {
*responses.BaseResponse
RequestId string `json:"RequestId" xml:"RequestId"`
Regions Regions `json:"Regions" xml:"Regions"`
}
// CreateDescribeRegionsRequest creates a request to invoke DescribeRegions API
func CreateDescribeRegionsRequest() (request *DescribeRegionsRequest) {
request = &DescribeRegionsRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "DescribeRegions", "kms", "openAPI")
return
}
// CreateDescribeRegionsResponse creates a response to parse from DescribeRegions response
func CreateDescribeRegionsResponse() (response *DescribeRegionsResponse) {
response = &DescribeRegionsResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

104
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/disable_key.go generated vendored Executable file
View File

@@ -0,0 +1,104 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// DisableKey invokes the kms.DisableKey API synchronously
// api document: https://help.aliyun.com/api/kms/disablekey.html
func (client *Client) DisableKey(request *DisableKeyRequest) (response *DisableKeyResponse, err error) {
response = CreateDisableKeyResponse()
err = client.DoAction(request, response)
return
}
// DisableKeyWithChan invokes the kms.DisableKey API asynchronously
// api document: https://help.aliyun.com/api/kms/disablekey.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) DisableKeyWithChan(request *DisableKeyRequest) (<-chan *DisableKeyResponse, <-chan error) {
responseChan := make(chan *DisableKeyResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.DisableKey(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// DisableKeyWithCallback invokes the kms.DisableKey API asynchronously
// api document: https://help.aliyun.com/api/kms/disablekey.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) DisableKeyWithCallback(request *DisableKeyRequest, callback func(response *DisableKeyResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *DisableKeyResponse
var err error
defer close(result)
response, err = client.DisableKey(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// DisableKeyRequest is the request struct for api DisableKey
type DisableKeyRequest struct {
*requests.RpcRequest
KeyId string `position:"Query" name:"KeyId"`
STSToken string `position:"Query" name:"STSToken"`
}
// DisableKeyResponse is the response struct for api DisableKey
type DisableKeyResponse struct {
*responses.BaseResponse
RequestId string `json:"RequestId" xml:"RequestId"`
}
// CreateDisableKeyRequest creates a request to invoke DisableKey API
func CreateDisableKeyRequest() (request *DisableKeyRequest) {
request = &DisableKeyRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "DisableKey", "kms", "openAPI")
return
}
// CreateDisableKeyResponse creates a response to parse from DisableKey response
func CreateDisableKeyResponse() (response *DisableKeyResponse) {
response = &DisableKeyResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

104
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/enable_key.go generated vendored Executable file
View File

@@ -0,0 +1,104 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// EnableKey invokes the kms.EnableKey API synchronously
// api document: https://help.aliyun.com/api/kms/enablekey.html
func (client *Client) EnableKey(request *EnableKeyRequest) (response *EnableKeyResponse, err error) {
response = CreateEnableKeyResponse()
err = client.DoAction(request, response)
return
}
// EnableKeyWithChan invokes the kms.EnableKey API asynchronously
// api document: https://help.aliyun.com/api/kms/enablekey.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) EnableKeyWithChan(request *EnableKeyRequest) (<-chan *EnableKeyResponse, <-chan error) {
responseChan := make(chan *EnableKeyResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.EnableKey(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// EnableKeyWithCallback invokes the kms.EnableKey API asynchronously
// api document: https://help.aliyun.com/api/kms/enablekey.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) EnableKeyWithCallback(request *EnableKeyRequest, callback func(response *EnableKeyResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *EnableKeyResponse
var err error
defer close(result)
response, err = client.EnableKey(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// EnableKeyRequest is the request struct for api EnableKey
type EnableKeyRequest struct {
*requests.RpcRequest
KeyId string `position:"Query" name:"KeyId"`
STSToken string `position:"Query" name:"STSToken"`
}
// EnableKeyResponse is the response struct for api EnableKey
type EnableKeyResponse struct {
*responses.BaseResponse
RequestId string `json:"RequestId" xml:"RequestId"`
}
// CreateEnableKeyRequest creates a request to invoke EnableKey API
func CreateEnableKeyRequest() (request *EnableKeyRequest) {
request = &EnableKeyRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "EnableKey", "kms", "openAPI")
return
}
// CreateEnableKeyResponse creates a response to parse from EnableKey response
func CreateEnableKeyResponse() (response *EnableKeyResponse) {
response = &EnableKeyResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

108
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/encrypt.go generated vendored Executable file
View File

@@ -0,0 +1,108 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// Encrypt invokes the kms.Encrypt API synchronously
// api document: https://help.aliyun.com/api/kms/encrypt.html
func (client *Client) Encrypt(request *EncryptRequest) (response *EncryptResponse, err error) {
response = CreateEncryptResponse()
err = client.DoAction(request, response)
return
}
// EncryptWithChan invokes the kms.Encrypt API asynchronously
// api document: https://help.aliyun.com/api/kms/encrypt.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) EncryptWithChan(request *EncryptRequest) (<-chan *EncryptResponse, <-chan error) {
responseChan := make(chan *EncryptResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.Encrypt(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// EncryptWithCallback invokes the kms.Encrypt API asynchronously
// api document: https://help.aliyun.com/api/kms/encrypt.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) EncryptWithCallback(request *EncryptRequest, callback func(response *EncryptResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *EncryptResponse
var err error
defer close(result)
response, err = client.Encrypt(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// EncryptRequest is the request struct for api Encrypt
type EncryptRequest struct {
*requests.RpcRequest
KeyId string `position:"Query" name:"KeyId"`
Plaintext string `position:"Query" name:"Plaintext"`
STSToken string `position:"Query" name:"STSToken"`
EncryptionContext string `position:"Query" name:"EncryptionContext"`
}
// EncryptResponse is the response struct for api Encrypt
type EncryptResponse struct {
*responses.BaseResponse
CiphertextBlob string `json:"CiphertextBlob" xml:"CiphertextBlob"`
KeyId string `json:"KeyId" xml:"KeyId"`
RequestId string `json:"RequestId" xml:"RequestId"`
}
// CreateEncryptRequest creates a request to invoke Encrypt API
func CreateEncryptRequest() (request *EncryptRequest) {
request = &EncryptRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "Encrypt", "kms", "openAPI")
return
}
// CreateEncryptResponse creates a response to parse from Encrypt response
func CreateEncryptResponse() (response *EncryptResponse) {
response = &EncryptResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

110
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/generate_data_key.go generated vendored Executable file
View File

@@ -0,0 +1,110 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// GenerateDataKey invokes the kms.GenerateDataKey API synchronously
// api document: https://help.aliyun.com/api/kms/generatedatakey.html
func (client *Client) GenerateDataKey(request *GenerateDataKeyRequest) (response *GenerateDataKeyResponse, err error) {
response = CreateGenerateDataKeyResponse()
err = client.DoAction(request, response)
return
}
// GenerateDataKeyWithChan invokes the kms.GenerateDataKey API asynchronously
// api document: https://help.aliyun.com/api/kms/generatedatakey.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) GenerateDataKeyWithChan(request *GenerateDataKeyRequest) (<-chan *GenerateDataKeyResponse, <-chan error) {
responseChan := make(chan *GenerateDataKeyResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.GenerateDataKey(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// GenerateDataKeyWithCallback invokes the kms.GenerateDataKey API asynchronously
// api document: https://help.aliyun.com/api/kms/generatedatakey.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) GenerateDataKeyWithCallback(request *GenerateDataKeyRequest, callback func(response *GenerateDataKeyResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *GenerateDataKeyResponse
var err error
defer close(result)
response, err = client.GenerateDataKey(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// GenerateDataKeyRequest is the request struct for api GenerateDataKey
type GenerateDataKeyRequest struct {
*requests.RpcRequest
KeyId string `position:"Query" name:"KeyId"`
KeySpec string `position:"Query" name:"KeySpec"`
NumberOfBytes requests.Integer `position:"Query" name:"NumberOfBytes"`
STSToken string `position:"Query" name:"STSToken"`
EncryptionContext string `position:"Query" name:"EncryptionContext"`
}
// GenerateDataKeyResponse is the response struct for api GenerateDataKey
type GenerateDataKeyResponse struct {
*responses.BaseResponse
CiphertextBlob string `json:"CiphertextBlob" xml:"CiphertextBlob"`
KeyId string `json:"KeyId" xml:"KeyId"`
Plaintext string `json:"Plaintext" xml:"Plaintext"`
RequestId string `json:"RequestId" xml:"RequestId"`
}
// CreateGenerateDataKeyRequest creates a request to invoke GenerateDataKey API
func CreateGenerateDataKeyRequest() (request *GenerateDataKeyRequest) {
request = &GenerateDataKeyRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "GenerateDataKey", "kms", "openAPI")
return
}
// CreateGenerateDataKeyResponse creates a response to parse from GenerateDataKey response
func CreateGenerateDataKeyResponse() (response *GenerateDataKeyResponse) {
response = &GenerateDataKeyResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

110
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/get_parameters_for_import.go generated vendored Executable file
View File

@@ -0,0 +1,110 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// GetParametersForImport invokes the kms.GetParametersForImport API synchronously
// api document: https://help.aliyun.com/api/kms/getparametersforimport.html
func (client *Client) GetParametersForImport(request *GetParametersForImportRequest) (response *GetParametersForImportResponse, err error) {
response = CreateGetParametersForImportResponse()
err = client.DoAction(request, response)
return
}
// GetParametersForImportWithChan invokes the kms.GetParametersForImport API asynchronously
// api document: https://help.aliyun.com/api/kms/getparametersforimport.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) GetParametersForImportWithChan(request *GetParametersForImportRequest) (<-chan *GetParametersForImportResponse, <-chan error) {
responseChan := make(chan *GetParametersForImportResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.GetParametersForImport(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// GetParametersForImportWithCallback invokes the kms.GetParametersForImport API asynchronously
// api document: https://help.aliyun.com/api/kms/getparametersforimport.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) GetParametersForImportWithCallback(request *GetParametersForImportRequest, callback func(response *GetParametersForImportResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *GetParametersForImportResponse
var err error
defer close(result)
response, err = client.GetParametersForImport(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// GetParametersForImportRequest is the request struct for api GetParametersForImport
type GetParametersForImportRequest struct {
*requests.RpcRequest
KeyId string `position:"Query" name:"KeyId"`
STSToken string `position:"Query" name:"STSToken"`
WrappingAlgorithm string `position:"Query" name:"WrappingAlgorithm"`
WrappingKeySpec string `position:"Query" name:"WrappingKeySpec"`
}
// GetParametersForImportResponse is the response struct for api GetParametersForImport
type GetParametersForImportResponse struct {
*responses.BaseResponse
KeyId string `json:"KeyId" xml:"KeyId"`
RequestId string `json:"RequestId" xml:"RequestId"`
ImportToken string `json:"ImportToken" xml:"ImportToken"`
PublicKey string `json:"PublicKey" xml:"PublicKey"`
TokenExpireTime string `json:"TokenExpireTime" xml:"TokenExpireTime"`
}
// CreateGetParametersForImportRequest creates a request to invoke GetParametersForImport API
func CreateGetParametersForImportRequest() (request *GetParametersForImportRequest) {
request = &GetParametersForImportRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "GetParametersForImport", "kms", "openAPI")
return
}
// CreateGetParametersForImportResponse creates a response to parse from GetParametersForImport response
func CreateGetParametersForImportResponse() (response *GetParametersForImportResponse) {
response = &GetParametersForImportResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

107
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/import_key_material.go generated vendored Executable file
View File

@@ -0,0 +1,107 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// ImportKeyMaterial invokes the kms.ImportKeyMaterial API synchronously
// api document: https://help.aliyun.com/api/kms/importkeymaterial.html
func (client *Client) ImportKeyMaterial(request *ImportKeyMaterialRequest) (response *ImportKeyMaterialResponse, err error) {
response = CreateImportKeyMaterialResponse()
err = client.DoAction(request, response)
return
}
// ImportKeyMaterialWithChan invokes the kms.ImportKeyMaterial API asynchronously
// api document: https://help.aliyun.com/api/kms/importkeymaterial.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) ImportKeyMaterialWithChan(request *ImportKeyMaterialRequest) (<-chan *ImportKeyMaterialResponse, <-chan error) {
responseChan := make(chan *ImportKeyMaterialResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.ImportKeyMaterial(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// ImportKeyMaterialWithCallback invokes the kms.ImportKeyMaterial API asynchronously
// api document: https://help.aliyun.com/api/kms/importkeymaterial.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) ImportKeyMaterialWithCallback(request *ImportKeyMaterialRequest, callback func(response *ImportKeyMaterialResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *ImportKeyMaterialResponse
var err error
defer close(result)
response, err = client.ImportKeyMaterial(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// ImportKeyMaterialRequest is the request struct for api ImportKeyMaterial
type ImportKeyMaterialRequest struct {
*requests.RpcRequest
KeyId string `position:"Query" name:"KeyId"`
STSToken string `position:"Query" name:"STSToken"`
EncryptedKeyMaterial string `position:"Query" name:"EncryptedKeyMaterial"`
ImportToken string `position:"Query" name:"ImportToken"`
KeyMaterialExpireUnix requests.Integer `position:"Query" name:"KeyMaterialExpireUnix"`
}
// ImportKeyMaterialResponse is the response struct for api ImportKeyMaterial
type ImportKeyMaterialResponse struct {
*responses.BaseResponse
RequestId string `json:"RequestId" xml:"RequestId"`
}
// CreateImportKeyMaterialRequest creates a request to invoke ImportKeyMaterial API
func CreateImportKeyMaterialRequest() (request *ImportKeyMaterialRequest) {
request = &ImportKeyMaterialRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "ImportKeyMaterial", "kms", "openAPI")
return
}
// CreateImportKeyMaterialResponse creates a response to parse from ImportKeyMaterial response
func CreateImportKeyMaterialResponse() (response *ImportKeyMaterialResponse) {
response = &ImportKeyMaterialResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

109
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/list_aliases.go generated vendored Executable file
View File

@@ -0,0 +1,109 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// ListAliases invokes the kms.ListAliases API synchronously
// api document: https://help.aliyun.com/api/kms/listaliases.html
func (client *Client) ListAliases(request *ListAliasesRequest) (response *ListAliasesResponse, err error) {
response = CreateListAliasesResponse()
err = client.DoAction(request, response)
return
}
// ListAliasesWithChan invokes the kms.ListAliases API asynchronously
// api document: https://help.aliyun.com/api/kms/listaliases.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) ListAliasesWithChan(request *ListAliasesRequest) (<-chan *ListAliasesResponse, <-chan error) {
responseChan := make(chan *ListAliasesResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.ListAliases(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// ListAliasesWithCallback invokes the kms.ListAliases API asynchronously
// api document: https://help.aliyun.com/api/kms/listaliases.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) ListAliasesWithCallback(request *ListAliasesRequest, callback func(response *ListAliasesResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *ListAliasesResponse
var err error
defer close(result)
response, err = client.ListAliases(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// ListAliasesRequest is the request struct for api ListAliases
type ListAliasesRequest struct {
*requests.RpcRequest
PageNumber requests.Integer `position:"Query" name:"PageNumber"`
PageSize requests.Integer `position:"Query" name:"PageSize"`
STSToken string `position:"Query" name:"STSToken"`
}
// ListAliasesResponse is the response struct for api ListAliases
type ListAliasesResponse struct {
*responses.BaseResponse
TotalCount int `json:"TotalCount" xml:"TotalCount"`
PageNumber int `json:"PageNumber" xml:"PageNumber"`
PageSize int `json:"PageSize" xml:"PageSize"`
RequestId string `json:"RequestId" xml:"RequestId"`
Aliases AliasesInListAliases `json:"Aliases" xml:"Aliases"`
}
// CreateListAliasesRequest creates a request to invoke ListAliases API
func CreateListAliasesRequest() (request *ListAliasesRequest) {
request = &ListAliasesRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "ListAliases", "kms", "openAPI")
return
}
// CreateListAliasesResponse creates a response to parse from ListAliases response
func CreateListAliasesResponse() (response *ListAliasesResponse) {
response = &ListAliasesResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

110
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/list_aliases_by_key_id.go generated vendored Executable file
View File

@@ -0,0 +1,110 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// ListAliasesByKeyId invokes the kms.ListAliasesByKeyId API synchronously
// api document: https://help.aliyun.com/api/kms/listaliasesbykeyid.html
func (client *Client) ListAliasesByKeyId(request *ListAliasesByKeyIdRequest) (response *ListAliasesByKeyIdResponse, err error) {
response = CreateListAliasesByKeyIdResponse()
err = client.DoAction(request, response)
return
}
// ListAliasesByKeyIdWithChan invokes the kms.ListAliasesByKeyId API asynchronously
// api document: https://help.aliyun.com/api/kms/listaliasesbykeyid.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) ListAliasesByKeyIdWithChan(request *ListAliasesByKeyIdRequest) (<-chan *ListAliasesByKeyIdResponse, <-chan error) {
responseChan := make(chan *ListAliasesByKeyIdResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.ListAliasesByKeyId(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// ListAliasesByKeyIdWithCallback invokes the kms.ListAliasesByKeyId API asynchronously
// api document: https://help.aliyun.com/api/kms/listaliasesbykeyid.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) ListAliasesByKeyIdWithCallback(request *ListAliasesByKeyIdRequest, callback func(response *ListAliasesByKeyIdResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *ListAliasesByKeyIdResponse
var err error
defer close(result)
response, err = client.ListAliasesByKeyId(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// ListAliasesByKeyIdRequest is the request struct for api ListAliasesByKeyId
type ListAliasesByKeyIdRequest struct {
*requests.RpcRequest
KeyId string `position:"Query" name:"KeyId"`
PageNumber requests.Integer `position:"Query" name:"PageNumber"`
PageSize requests.Integer `position:"Query" name:"PageSize"`
STSToken string `position:"Query" name:"STSToken"`
}
// ListAliasesByKeyIdResponse is the response struct for api ListAliasesByKeyId
type ListAliasesByKeyIdResponse struct {
*responses.BaseResponse
TotalCount int `json:"TotalCount" xml:"TotalCount"`
PageNumber int `json:"PageNumber" xml:"PageNumber"`
PageSize int `json:"PageSize" xml:"PageSize"`
RequestId string `json:"RequestId" xml:"RequestId"`
Aliases AliasesInListAliasesByKeyId `json:"Aliases" xml:"Aliases"`
}
// CreateListAliasesByKeyIdRequest creates a request to invoke ListAliasesByKeyId API
func CreateListAliasesByKeyIdRequest() (request *ListAliasesByKeyIdRequest) {
request = &ListAliasesByKeyIdRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "ListAliasesByKeyId", "kms", "openAPI")
return
}
// CreateListAliasesByKeyIdResponse creates a response to parse from ListAliasesByKeyId response
func CreateListAliasesByKeyIdResponse() (response *ListAliasesByKeyIdResponse) {
response = &ListAliasesByKeyIdResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

109
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/list_keys.go generated vendored Executable file
View File

@@ -0,0 +1,109 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// ListKeys invokes the kms.ListKeys API synchronously
// api document: https://help.aliyun.com/api/kms/listkeys.html
func (client *Client) ListKeys(request *ListKeysRequest) (response *ListKeysResponse, err error) {
response = CreateListKeysResponse()
err = client.DoAction(request, response)
return
}
// ListKeysWithChan invokes the kms.ListKeys API asynchronously
// api document: https://help.aliyun.com/api/kms/listkeys.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) ListKeysWithChan(request *ListKeysRequest) (<-chan *ListKeysResponse, <-chan error) {
responseChan := make(chan *ListKeysResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.ListKeys(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// ListKeysWithCallback invokes the kms.ListKeys API asynchronously
// api document: https://help.aliyun.com/api/kms/listkeys.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) ListKeysWithCallback(request *ListKeysRequest, callback func(response *ListKeysResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *ListKeysResponse
var err error
defer close(result)
response, err = client.ListKeys(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// ListKeysRequest is the request struct for api ListKeys
type ListKeysRequest struct {
*requests.RpcRequest
PageNumber requests.Integer `position:"Query" name:"PageNumber"`
PageSize requests.Integer `position:"Query" name:"PageSize"`
STSToken string `position:"Query" name:"STSToken"`
}
// ListKeysResponse is the response struct for api ListKeys
type ListKeysResponse struct {
*responses.BaseResponse
TotalCount int `json:"TotalCount" xml:"TotalCount"`
PageNumber int `json:"PageNumber" xml:"PageNumber"`
PageSize int `json:"PageSize" xml:"PageSize"`
RequestId string `json:"RequestId" xml:"RequestId"`
Keys Keys `json:"Keys" xml:"Keys"`
}
// CreateListKeysRequest creates a request to invoke ListKeys API
func CreateListKeysRequest() (request *ListKeysRequest) {
request = &ListKeysRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "ListKeys", "kms", "openAPI")
return
}
// CreateListKeysResponse creates a response to parse from ListKeys response
func CreateListKeysResponse() (response *ListKeysResponse) {
response = &ListKeysResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

105
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/schedule_key_deletion.go generated vendored Executable file
View File

@@ -0,0 +1,105 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// ScheduleKeyDeletion invokes the kms.ScheduleKeyDeletion API synchronously
// api document: https://help.aliyun.com/api/kms/schedulekeydeletion.html
func (client *Client) ScheduleKeyDeletion(request *ScheduleKeyDeletionRequest) (response *ScheduleKeyDeletionResponse, err error) {
response = CreateScheduleKeyDeletionResponse()
err = client.DoAction(request, response)
return
}
// ScheduleKeyDeletionWithChan invokes the kms.ScheduleKeyDeletion API asynchronously
// api document: https://help.aliyun.com/api/kms/schedulekeydeletion.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) ScheduleKeyDeletionWithChan(request *ScheduleKeyDeletionRequest) (<-chan *ScheduleKeyDeletionResponse, <-chan error) {
responseChan := make(chan *ScheduleKeyDeletionResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.ScheduleKeyDeletion(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// ScheduleKeyDeletionWithCallback invokes the kms.ScheduleKeyDeletion API asynchronously
// api document: https://help.aliyun.com/api/kms/schedulekeydeletion.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) ScheduleKeyDeletionWithCallback(request *ScheduleKeyDeletionRequest, callback func(response *ScheduleKeyDeletionResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *ScheduleKeyDeletionResponse
var err error
defer close(result)
response, err = client.ScheduleKeyDeletion(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// ScheduleKeyDeletionRequest is the request struct for api ScheduleKeyDeletion
type ScheduleKeyDeletionRequest struct {
*requests.RpcRequest
KeyId string `position:"Query" name:"KeyId"`
PendingWindowInDays requests.Integer `position:"Query" name:"PendingWindowInDays"`
STSToken string `position:"Query" name:"STSToken"`
}
// ScheduleKeyDeletionResponse is the response struct for api ScheduleKeyDeletion
type ScheduleKeyDeletionResponse struct {
*responses.BaseResponse
RequestId string `json:"RequestId" xml:"RequestId"`
}
// CreateScheduleKeyDeletionRequest creates a request to invoke ScheduleKeyDeletion API
func CreateScheduleKeyDeletionRequest() (request *ScheduleKeyDeletionRequest) {
request = &ScheduleKeyDeletionRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "ScheduleKeyDeletion", "kms", "openAPI")
return
}
// CreateScheduleKeyDeletionResponse creates a response to parse from ScheduleKeyDeletion response
func CreateScheduleKeyDeletionResponse() (response *ScheduleKeyDeletionResponse) {
response = &ScheduleKeyDeletionResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

23
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/struct_alias.go generated vendored Executable file
View File

@@ -0,0 +1,23 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
// Alias is a nested struct in kms response
type Alias struct {
AliasArn string `json:"AliasArn" xml:"AliasArn"`
AliasName string `json:"AliasName" xml:"AliasName"`
KeyId string `json:"KeyId" xml:"KeyId"`
}

21
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/struct_aliases_in_list_aliases.go generated vendored Executable file
View File

@@ -0,0 +1,21 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
// AliasesInListAliases is a nested struct in kms response
type AliasesInListAliases struct {
Alias []Alias `json:"Alias" xml:"Alias"`
}

21
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/struct_aliases_in_list_aliases_by_key_id.go generated vendored Executable file
View File

@@ -0,0 +1,21 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
// AliasesInListAliasesByKeyId is a nested struct in kms response
type AliasesInListAliasesByKeyId struct {
Alias []Alias `json:"Alias" xml:"Alias"`
}

22
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/struct_key.go generated vendored Executable file
View File

@@ -0,0 +1,22 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
// Key is a nested struct in kms response
type Key struct {
KeyId string `json:"KeyId" xml:"KeyId"`
KeyArn string `json:"KeyArn" xml:"KeyArn"`
}

30
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/struct_key_metadata.go generated vendored Executable file
View File

@@ -0,0 +1,30 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
// KeyMetadata is a nested struct in kms response
type KeyMetadata struct {
Arn string `json:"Arn" xml:"Arn"`
KeyState string `json:"KeyState" xml:"KeyState"`
CreationDate string `json:"CreationDate" xml:"CreationDate"`
KeyUsage string `json:"KeyUsage" xml:"KeyUsage"`
DeleteDate string `json:"DeleteDate" xml:"DeleteDate"`
Creator string `json:"Creator" xml:"Creator"`
Origin string `json:"Origin" xml:"Origin"`
Description string `json:"Description" xml:"Description"`
KeyId string `json:"KeyId" xml:"KeyId"`
MaterialExpireTime string `json:"MaterialExpireTime" xml:"MaterialExpireTime"`
}

21
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/struct_keys.go generated vendored Executable file
View File

@@ -0,0 +1,21 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
// Keys is a nested struct in kms response
type Keys struct {
Key []Key `json:"Key" xml:"Key"`
}

21
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/struct_region.go generated vendored Executable file
View File

@@ -0,0 +1,21 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
// Region is a nested struct in kms response
type Region struct {
RegionId string `json:"RegionId" xml:"RegionId"`
}

21
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/struct_regions.go generated vendored Executable file
View File

@@ -0,0 +1,21 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
// Regions is a nested struct in kms response
type Regions struct {
Region []Region `json:"Region" xml:"Region"`
}

105
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/kms/update_alias.go generated vendored Executable file
View File

@@ -0,0 +1,105 @@
package kms
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
//
// Code generated by Alibaba Cloud SDK Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
import (
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
)
// UpdateAlias invokes the kms.UpdateAlias API synchronously
// api document: https://help.aliyun.com/api/kms/updatealias.html
func (client *Client) UpdateAlias(request *UpdateAliasRequest) (response *UpdateAliasResponse, err error) {
response = CreateUpdateAliasResponse()
err = client.DoAction(request, response)
return
}
// UpdateAliasWithChan invokes the kms.UpdateAlias API asynchronously
// api document: https://help.aliyun.com/api/kms/updatealias.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) UpdateAliasWithChan(request *UpdateAliasRequest) (<-chan *UpdateAliasResponse, <-chan error) {
responseChan := make(chan *UpdateAliasResponse, 1)
errChan := make(chan error, 1)
err := client.AddAsyncTask(func() {
defer close(responseChan)
defer close(errChan)
response, err := client.UpdateAlias(request)
if err != nil {
errChan <- err
} else {
responseChan <- response
}
})
if err != nil {
errChan <- err
close(responseChan)
close(errChan)
}
return responseChan, errChan
}
// UpdateAliasWithCallback invokes the kms.UpdateAlias API asynchronously
// api document: https://help.aliyun.com/api/kms/updatealias.html
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
func (client *Client) UpdateAliasWithCallback(request *UpdateAliasRequest, callback func(response *UpdateAliasResponse, err error)) <-chan int {
result := make(chan int, 1)
err := client.AddAsyncTask(func() {
var response *UpdateAliasResponse
var err error
defer close(result)
response, err = client.UpdateAlias(request)
callback(response, err)
result <- 1
})
if err != nil {
defer close(result)
callback(nil, err)
result <- 0
}
return result
}
// UpdateAliasRequest is the request struct for api UpdateAlias
type UpdateAliasRequest struct {
*requests.RpcRequest
KeyId string `position:"Query" name:"KeyId"`
AliasName string `position:"Query" name:"AliasName"`
STSToken string `position:"Query" name:"STSToken"`
}
// UpdateAliasResponse is the response struct for api UpdateAlias
type UpdateAliasResponse struct {
*responses.BaseResponse
RequestId string `json:"RequestId" xml:"RequestId"`
}
// CreateUpdateAliasRequest creates a request to invoke UpdateAlias API
func CreateUpdateAliasRequest() (request *UpdateAliasRequest) {
request = &UpdateAliasRequest{
RpcRequest: &requests.RpcRequest{},
}
request.InitWithApiInfo("Kms", "2016-01-20", "UpdateAlias", "kms", "openAPI")
return
}
// CreateUpdateAliasResponse creates a response to parse from UpdateAlias response
func CreateUpdateAliasResponse() (response *UpdateAliasResponse) {
response = &UpdateAliasResponse{
BaseResponse: &responses.BaseResponse{},
}
return
}

8445
vendor/github.com/aws/aws-sdk-go/service/kms/api.go generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

98
vendor/github.com/aws/aws-sdk-go/service/kms/doc.go generated vendored Normal file
View File

@@ -0,0 +1,98 @@
// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
// Package kms provides the client and types for making API
// requests to AWS Key Management Service.
//
// AWS Key Management Service (AWS KMS) is an encryption and key management
// web service. This guide describes the AWS KMS operations that you can call
// programmatically. For general information about AWS KMS, see the AWS Key
// Management Service Developer Guide (http://docs.aws.amazon.com/kms/latest/developerguide/).
//
// AWS provides SDKs that consist of libraries and sample code for various programming
// languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs
// provide a convenient way to create programmatic access to AWS KMS and other
// AWS services. For example, the SDKs take care of tasks such as signing requests
// (see below), managing errors, and retrying requests automatically. For more
// information about the AWS SDKs, including how to download and install them,
// see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
//
// We recommend that you use the AWS SDKs to make programmatic API calls to
// AWS KMS.
//
// Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS
// 1.2. Clients must also support cipher suites with Perfect Forward Secrecy
// (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral
// Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support
// these modes.
//
// Signing Requests
//
// Requests must be signed by using an access key ID and a secret access key.
// We strongly recommend that you do not use your AWS account (root) access
// key ID and secret key for everyday work with AWS KMS. Instead, use the access
// key ID and secret access key for an IAM user. You can also use the AWS Security
// Token Service to generate temporary security credentials that you can use
// to sign requests.
//
// All AWS KMS operations require Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
//
// Logging API Requests
//
// AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related
// events for your AWS account and delivers them to an Amazon S3 bucket that
// you specify. By using the information collected by CloudTrail, you can determine
// what requests were made to AWS KMS, who made the request, when it was made,
// and so on. To learn more about CloudTrail, including how to turn it on and
// find your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/).
//
// Additional Resources
//
// For more information about credentials and request signing, see the following:
//
// * AWS Security Credentials (http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)
// - This topic provides general information about the types of credentials
// used for accessing AWS.
//
// * Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
// - This section of the IAM User Guide describes how to create and use temporary
// security credentials.
//
// * Signature Version 4 Signing Process (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)
// - This set of topics walks you through the process of signing a request
// using an access key ID and a secret access key.
//
// Commonly Used API Operations
//
// Of the API operations discussed in this guide, the following will prove the
// most useful for most applications. You will likely perform operations other
// than these, such as creating keys and assigning policies, by using the console.
//
// * Encrypt
//
// * Decrypt
//
// * GenerateDataKey
//
// * GenerateDataKeyWithoutPlaintext
//
// See https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01 for more information on this service.
//
// See kms package documentation for more information.
// https://docs.aws.amazon.com/sdk-for-go/api/service/kms/
//
// Using the Client
//
// To contact AWS Key Management Service with the SDK use the New function to create
// a new service client. With that client you can make API requests to the service.
// These clients are safe to use concurrently.
//
// See the SDK's documentation for more information on how to use the SDK.
// https://docs.aws.amazon.com/sdk-for-go/api/
//
// See aws.Config documentation for more information on configuring SDK clients.
// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
//
// See the AWS Key Management Service client KMS for more
// information on creating client for this service.
// https://docs.aws.amazon.com/sdk-for-go/api/service/kms/#New
package kms

154
vendor/github.com/aws/aws-sdk-go/service/kms/errors.go generated vendored Normal file
View File

@@ -0,0 +1,154 @@
// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
package kms
const (
// ErrCodeAlreadyExistsException for service response error code
// "AlreadyExistsException".
//
// The request was rejected because it attempted to create a resource that already
// exists.
ErrCodeAlreadyExistsException = "AlreadyExistsException"
// ErrCodeDependencyTimeoutException for service response error code
// "DependencyTimeoutException".
//
// The system timed out while trying to fulfill the request. The request can
// be retried.
ErrCodeDependencyTimeoutException = "DependencyTimeoutException"
// ErrCodeDisabledException for service response error code
// "DisabledException".
//
// The request was rejected because the specified CMK is not enabled.
ErrCodeDisabledException = "DisabledException"
// ErrCodeExpiredImportTokenException for service response error code
// "ExpiredImportTokenException".
//
// The request was rejected because the provided import token is expired. Use
// GetParametersForImport to get a new import token and public key, use the
// new public key to encrypt the key material, and then try the request again.
ErrCodeExpiredImportTokenException = "ExpiredImportTokenException"
// ErrCodeIncorrectKeyMaterialException for service response error code
// "IncorrectKeyMaterialException".
//
// The request was rejected because the provided key material is invalid or
// is not the same key material that was previously imported into this customer
// master key (CMK).
ErrCodeIncorrectKeyMaterialException = "IncorrectKeyMaterialException"
// ErrCodeInternalException for service response error code
// "KMSInternalException".
//
// The request was rejected because an internal exception occurred. The request
// can be retried.
ErrCodeInternalException = "KMSInternalException"
// ErrCodeInvalidAliasNameException for service response error code
// "InvalidAliasNameException".
//
// The request was rejected because the specified alias name is not valid.
ErrCodeInvalidAliasNameException = "InvalidAliasNameException"
// ErrCodeInvalidArnException for service response error code
// "InvalidArnException".
//
// The request was rejected because a specified ARN was not valid.
ErrCodeInvalidArnException = "InvalidArnException"
// ErrCodeInvalidCiphertextException for service response error code
// "InvalidCiphertextException".
//
// The request was rejected because the specified ciphertext, or additional
// authenticated data incorporated into the ciphertext, such as the encryption
// context, is corrupted, missing, or otherwise invalid.
ErrCodeInvalidCiphertextException = "InvalidCiphertextException"
// ErrCodeInvalidGrantIdException for service response error code
// "InvalidGrantIdException".
//
// The request was rejected because the specified GrantId is not valid.
ErrCodeInvalidGrantIdException = "InvalidGrantIdException"
// ErrCodeInvalidGrantTokenException for service response error code
// "InvalidGrantTokenException".
//
// The request was rejected because the specified grant token is not valid.
ErrCodeInvalidGrantTokenException = "InvalidGrantTokenException"
// ErrCodeInvalidImportTokenException for service response error code
// "InvalidImportTokenException".
//
// The request was rejected because the provided import token is invalid or
// is associated with a different customer master key (CMK).
ErrCodeInvalidImportTokenException = "InvalidImportTokenException"
// ErrCodeInvalidKeyUsageException for service response error code
// "InvalidKeyUsageException".
//
// The request was rejected because the specified KeySpec value is not valid.
ErrCodeInvalidKeyUsageException = "InvalidKeyUsageException"
// ErrCodeInvalidMarkerException for service response error code
// "InvalidMarkerException".
//
// The request was rejected because the marker that specifies where pagination
// should next begin is not valid.
ErrCodeInvalidMarkerException = "InvalidMarkerException"
// ErrCodeInvalidStateException for service response error code
// "KMSInvalidStateException".
//
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
ErrCodeInvalidStateException = "KMSInvalidStateException"
// ErrCodeKeyUnavailableException for service response error code
// "KeyUnavailableException".
//
// The request was rejected because the specified CMK was not available. The
// request can be retried.
ErrCodeKeyUnavailableException = "KeyUnavailableException"
// ErrCodeLimitExceededException for service response error code
// "LimitExceededException".
//
// The request was rejected because a limit was exceeded. For more information,
// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
// in the AWS Key Management Service Developer Guide.
ErrCodeLimitExceededException = "LimitExceededException"
// ErrCodeMalformedPolicyDocumentException for service response error code
// "MalformedPolicyDocumentException".
//
// The request was rejected because the specified policy is not syntactically
// or semantically correct.
ErrCodeMalformedPolicyDocumentException = "MalformedPolicyDocumentException"
// ErrCodeNotFoundException for service response error code
// "NotFoundException".
//
// The request was rejected because the specified entity or resource could not
// be found.
ErrCodeNotFoundException = "NotFoundException"
// ErrCodeTagException for service response error code
// "TagException".
//
// The request was rejected because one or more tags are not valid.
ErrCodeTagException = "TagException"
// ErrCodeUnsupportedOperationException for service response error code
// "UnsupportedOperationException".
//
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
ErrCodeUnsupportedOperationException = "UnsupportedOperationException"
)

216
vendor/github.com/aws/aws-sdk-go/service/kms/kmsiface/interface.go generated vendored Normal file
View File

@@ -0,0 +1,216 @@
// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
// Package kmsiface provides an interface to enable mocking the AWS Key Management Service service client
// for testing your code.
//
// It is important to note that this interface will have breaking changes
// when the service model is updated and adds new API operations, paginators,
// and waiters.
package kmsiface
import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/service/kms"
)
// KMSAPI provides an interface to enable mocking the
// kms.KMS service client's API operation,
// paginators, and waiters. This make unit testing your code that calls out
// to the SDK's service client's calls easier.
//
// The best way to use this interface is so the SDK's service client's calls
// can be stubbed out for unit testing your code with the SDK without needing
// to inject custom request handlers into the SDK's request pipeline.
//
// // myFunc uses an SDK service client to make a request to
// // AWS Key Management Service.
// func myFunc(svc kmsiface.KMSAPI) bool {
// // Make svc.CancelKeyDeletion request
// }
//
// func main() {
// sess := session.New()
// svc := kms.New(sess)
//
// myFunc(svc)
// }
//
// In your _test.go file:
//
// // Define a mock struct to be used in your unit tests of myFunc.
// type mockKMSClient struct {
// kmsiface.KMSAPI
// }
// func (m *mockKMSClient) CancelKeyDeletion(input *kms.CancelKeyDeletionInput) (*kms.CancelKeyDeletionOutput, error) {
// // mock response/functionality
// }
//
// func TestMyFunc(t *testing.T) {
// // Setup Test
// mockSvc := &mockKMSClient{}
//
// myfunc(mockSvc)
//
// // Verify myFunc's functionality
// }
//
// It is important to note that this interface will have breaking changes
// when the service model is updated and adds new API operations, paginators,
// and waiters. Its suggested to use the pattern above for testing, or using
// tooling to generate mocks to satisfy the interfaces.
type KMSAPI interface {
CancelKeyDeletion(*kms.CancelKeyDeletionInput) (*kms.CancelKeyDeletionOutput, error)
CancelKeyDeletionWithContext(aws.Context, *kms.CancelKeyDeletionInput, ...request.Option) (*kms.CancelKeyDeletionOutput, error)
CancelKeyDeletionRequest(*kms.CancelKeyDeletionInput) (*request.Request, *kms.CancelKeyDeletionOutput)
CreateAlias(*kms.CreateAliasInput) (*kms.CreateAliasOutput, error)
CreateAliasWithContext(aws.Context, *kms.CreateAliasInput, ...request.Option) (*kms.CreateAliasOutput, error)
CreateAliasRequest(*kms.CreateAliasInput) (*request.Request, *kms.CreateAliasOutput)
CreateGrant(*kms.CreateGrantInput) (*kms.CreateGrantOutput, error)
CreateGrantWithContext(aws.Context, *kms.CreateGrantInput, ...request.Option) (*kms.CreateGrantOutput, error)
CreateGrantRequest(*kms.CreateGrantInput) (*request.Request, *kms.CreateGrantOutput)
CreateKey(*kms.CreateKeyInput) (*kms.CreateKeyOutput, error)
CreateKeyWithContext(aws.Context, *kms.CreateKeyInput, ...request.Option) (*kms.CreateKeyOutput, error)
CreateKeyRequest(*kms.CreateKeyInput) (*request.Request, *kms.CreateKeyOutput)
Decrypt(*kms.DecryptInput) (*kms.DecryptOutput, error)
DecryptWithContext(aws.Context, *kms.DecryptInput, ...request.Option) (*kms.DecryptOutput, error)
DecryptRequest(*kms.DecryptInput) (*request.Request, *kms.DecryptOutput)
DeleteAlias(*kms.DeleteAliasInput) (*kms.DeleteAliasOutput, error)
DeleteAliasWithContext(aws.Context, *kms.DeleteAliasInput, ...request.Option) (*kms.DeleteAliasOutput, error)
DeleteAliasRequest(*kms.DeleteAliasInput) (*request.Request, *kms.DeleteAliasOutput)
DeleteImportedKeyMaterial(*kms.DeleteImportedKeyMaterialInput) (*kms.DeleteImportedKeyMaterialOutput, error)
DeleteImportedKeyMaterialWithContext(aws.Context, *kms.DeleteImportedKeyMaterialInput, ...request.Option) (*kms.DeleteImportedKeyMaterialOutput, error)
DeleteImportedKeyMaterialRequest(*kms.DeleteImportedKeyMaterialInput) (*request.Request, *kms.DeleteImportedKeyMaterialOutput)
DescribeKey(*kms.DescribeKeyInput) (*kms.DescribeKeyOutput, error)
DescribeKeyWithContext(aws.Context, *kms.DescribeKeyInput, ...request.Option) (*kms.DescribeKeyOutput, error)
DescribeKeyRequest(*kms.DescribeKeyInput) (*request.Request, *kms.DescribeKeyOutput)
DisableKey(*kms.DisableKeyInput) (*kms.DisableKeyOutput, error)
DisableKeyWithContext(aws.Context, *kms.DisableKeyInput, ...request.Option) (*kms.DisableKeyOutput, error)
DisableKeyRequest(*kms.DisableKeyInput) (*request.Request, *kms.DisableKeyOutput)
DisableKeyRotation(*kms.DisableKeyRotationInput) (*kms.DisableKeyRotationOutput, error)
DisableKeyRotationWithContext(aws.Context, *kms.DisableKeyRotationInput, ...request.Option) (*kms.DisableKeyRotationOutput, error)
DisableKeyRotationRequest(*kms.DisableKeyRotationInput) (*request.Request, *kms.DisableKeyRotationOutput)
EnableKey(*kms.EnableKeyInput) (*kms.EnableKeyOutput, error)
EnableKeyWithContext(aws.Context, *kms.EnableKeyInput, ...request.Option) (*kms.EnableKeyOutput, error)
EnableKeyRequest(*kms.EnableKeyInput) (*request.Request, *kms.EnableKeyOutput)
EnableKeyRotation(*kms.EnableKeyRotationInput) (*kms.EnableKeyRotationOutput, error)
EnableKeyRotationWithContext(aws.Context, *kms.EnableKeyRotationInput, ...request.Option) (*kms.EnableKeyRotationOutput, error)
EnableKeyRotationRequest(*kms.EnableKeyRotationInput) (*request.Request, *kms.EnableKeyRotationOutput)
Encrypt(*kms.EncryptInput) (*kms.EncryptOutput, error)
EncryptWithContext(aws.Context, *kms.EncryptInput, ...request.Option) (*kms.EncryptOutput, error)
EncryptRequest(*kms.EncryptInput) (*request.Request, *kms.EncryptOutput)
GenerateDataKey(*kms.GenerateDataKeyInput) (*kms.GenerateDataKeyOutput, error)
GenerateDataKeyWithContext(aws.Context, *kms.GenerateDataKeyInput, ...request.Option) (*kms.GenerateDataKeyOutput, error)
GenerateDataKeyRequest(*kms.GenerateDataKeyInput) (*request.Request, *kms.GenerateDataKeyOutput)
GenerateDataKeyWithoutPlaintext(*kms.GenerateDataKeyWithoutPlaintextInput) (*kms.GenerateDataKeyWithoutPlaintextOutput, error)
GenerateDataKeyWithoutPlaintextWithContext(aws.Context, *kms.GenerateDataKeyWithoutPlaintextInput, ...request.Option) (*kms.GenerateDataKeyWithoutPlaintextOutput, error)
GenerateDataKeyWithoutPlaintextRequest(*kms.GenerateDataKeyWithoutPlaintextInput) (*request.Request, *kms.GenerateDataKeyWithoutPlaintextOutput)
GenerateRandom(*kms.GenerateRandomInput) (*kms.GenerateRandomOutput, error)
GenerateRandomWithContext(aws.Context, *kms.GenerateRandomInput, ...request.Option) (*kms.GenerateRandomOutput, error)
GenerateRandomRequest(*kms.GenerateRandomInput) (*request.Request, *kms.GenerateRandomOutput)
GetKeyPolicy(*kms.GetKeyPolicyInput) (*kms.GetKeyPolicyOutput, error)
GetKeyPolicyWithContext(aws.Context, *kms.GetKeyPolicyInput, ...request.Option) (*kms.GetKeyPolicyOutput, error)
GetKeyPolicyRequest(*kms.GetKeyPolicyInput) (*request.Request, *kms.GetKeyPolicyOutput)
GetKeyRotationStatus(*kms.GetKeyRotationStatusInput) (*kms.GetKeyRotationStatusOutput, error)
GetKeyRotationStatusWithContext(aws.Context, *kms.GetKeyRotationStatusInput, ...request.Option) (*kms.GetKeyRotationStatusOutput, error)
GetKeyRotationStatusRequest(*kms.GetKeyRotationStatusInput) (*request.Request, *kms.GetKeyRotationStatusOutput)
GetParametersForImport(*kms.GetParametersForImportInput) (*kms.GetParametersForImportOutput, error)
GetParametersForImportWithContext(aws.Context, *kms.GetParametersForImportInput, ...request.Option) (*kms.GetParametersForImportOutput, error)
GetParametersForImportRequest(*kms.GetParametersForImportInput) (*request.Request, *kms.GetParametersForImportOutput)
ImportKeyMaterial(*kms.ImportKeyMaterialInput) (*kms.ImportKeyMaterialOutput, error)
ImportKeyMaterialWithContext(aws.Context, *kms.ImportKeyMaterialInput, ...request.Option) (*kms.ImportKeyMaterialOutput, error)
ImportKeyMaterialRequest(*kms.ImportKeyMaterialInput) (*request.Request, *kms.ImportKeyMaterialOutput)
ListAliases(*kms.ListAliasesInput) (*kms.ListAliasesOutput, error)
ListAliasesWithContext(aws.Context, *kms.ListAliasesInput, ...request.Option) (*kms.ListAliasesOutput, error)
ListAliasesRequest(*kms.ListAliasesInput) (*request.Request, *kms.ListAliasesOutput)
ListAliasesPages(*kms.ListAliasesInput, func(*kms.ListAliasesOutput, bool) bool) error
ListAliasesPagesWithContext(aws.Context, *kms.ListAliasesInput, func(*kms.ListAliasesOutput, bool) bool, ...request.Option) error
ListGrants(*kms.ListGrantsInput) (*kms.ListGrantsResponse, error)
ListGrantsWithContext(aws.Context, *kms.ListGrantsInput, ...request.Option) (*kms.ListGrantsResponse, error)
ListGrantsRequest(*kms.ListGrantsInput) (*request.Request, *kms.ListGrantsResponse)
ListGrantsPages(*kms.ListGrantsInput, func(*kms.ListGrantsResponse, bool) bool) error
ListGrantsPagesWithContext(aws.Context, *kms.ListGrantsInput, func(*kms.ListGrantsResponse, bool) bool, ...request.Option) error
ListKeyPolicies(*kms.ListKeyPoliciesInput) (*kms.ListKeyPoliciesOutput, error)
ListKeyPoliciesWithContext(aws.Context, *kms.ListKeyPoliciesInput, ...request.Option) (*kms.ListKeyPoliciesOutput, error)
ListKeyPoliciesRequest(*kms.ListKeyPoliciesInput) (*request.Request, *kms.ListKeyPoliciesOutput)
ListKeyPoliciesPages(*kms.ListKeyPoliciesInput, func(*kms.ListKeyPoliciesOutput, bool) bool) error
ListKeyPoliciesPagesWithContext(aws.Context, *kms.ListKeyPoliciesInput, func(*kms.ListKeyPoliciesOutput, bool) bool, ...request.Option) error
ListKeys(*kms.ListKeysInput) (*kms.ListKeysOutput, error)
ListKeysWithContext(aws.Context, *kms.ListKeysInput, ...request.Option) (*kms.ListKeysOutput, error)
ListKeysRequest(*kms.ListKeysInput) (*request.Request, *kms.ListKeysOutput)
ListKeysPages(*kms.ListKeysInput, func(*kms.ListKeysOutput, bool) bool) error
ListKeysPagesWithContext(aws.Context, *kms.ListKeysInput, func(*kms.ListKeysOutput, bool) bool, ...request.Option) error
ListResourceTags(*kms.ListResourceTagsInput) (*kms.ListResourceTagsOutput, error)
ListResourceTagsWithContext(aws.Context, *kms.ListResourceTagsInput, ...request.Option) (*kms.ListResourceTagsOutput, error)
ListResourceTagsRequest(*kms.ListResourceTagsInput) (*request.Request, *kms.ListResourceTagsOutput)
ListRetirableGrants(*kms.ListRetirableGrantsInput) (*kms.ListGrantsResponse, error)
ListRetirableGrantsWithContext(aws.Context, *kms.ListRetirableGrantsInput, ...request.Option) (*kms.ListGrantsResponse, error)
ListRetirableGrantsRequest(*kms.ListRetirableGrantsInput) (*request.Request, *kms.ListGrantsResponse)
PutKeyPolicy(*kms.PutKeyPolicyInput) (*kms.PutKeyPolicyOutput, error)
PutKeyPolicyWithContext(aws.Context, *kms.PutKeyPolicyInput, ...request.Option) (*kms.PutKeyPolicyOutput, error)
PutKeyPolicyRequest(*kms.PutKeyPolicyInput) (*request.Request, *kms.PutKeyPolicyOutput)
ReEncrypt(*kms.ReEncryptInput) (*kms.ReEncryptOutput, error)
ReEncryptWithContext(aws.Context, *kms.ReEncryptInput, ...request.Option) (*kms.ReEncryptOutput, error)
ReEncryptRequest(*kms.ReEncryptInput) (*request.Request, *kms.ReEncryptOutput)
RetireGrant(*kms.RetireGrantInput) (*kms.RetireGrantOutput, error)
RetireGrantWithContext(aws.Context, *kms.RetireGrantInput, ...request.Option) (*kms.RetireGrantOutput, error)
RetireGrantRequest(*kms.RetireGrantInput) (*request.Request, *kms.RetireGrantOutput)
RevokeGrant(*kms.RevokeGrantInput) (*kms.RevokeGrantOutput, error)
RevokeGrantWithContext(aws.Context, *kms.RevokeGrantInput, ...request.Option) (*kms.RevokeGrantOutput, error)
RevokeGrantRequest(*kms.RevokeGrantInput) (*request.Request, *kms.RevokeGrantOutput)
ScheduleKeyDeletion(*kms.ScheduleKeyDeletionInput) (*kms.ScheduleKeyDeletionOutput, error)
ScheduleKeyDeletionWithContext(aws.Context, *kms.ScheduleKeyDeletionInput, ...request.Option) (*kms.ScheduleKeyDeletionOutput, error)
ScheduleKeyDeletionRequest(*kms.ScheduleKeyDeletionInput) (*request.Request, *kms.ScheduleKeyDeletionOutput)
TagResource(*kms.TagResourceInput) (*kms.TagResourceOutput, error)
TagResourceWithContext(aws.Context, *kms.TagResourceInput, ...request.Option) (*kms.TagResourceOutput, error)
TagResourceRequest(*kms.TagResourceInput) (*request.Request, *kms.TagResourceOutput)
UntagResource(*kms.UntagResourceInput) (*kms.UntagResourceOutput, error)
UntagResourceWithContext(aws.Context, *kms.UntagResourceInput, ...request.Option) (*kms.UntagResourceOutput, error)
UntagResourceRequest(*kms.UntagResourceInput) (*request.Request, *kms.UntagResourceOutput)
UpdateAlias(*kms.UpdateAliasInput) (*kms.UpdateAliasOutput, error)
UpdateAliasWithContext(aws.Context, *kms.UpdateAliasInput, ...request.Option) (*kms.UpdateAliasOutput, error)
UpdateAliasRequest(*kms.UpdateAliasInput) (*request.Request, *kms.UpdateAliasOutput)
UpdateKeyDescription(*kms.UpdateKeyDescriptionInput) (*kms.UpdateKeyDescriptionOutput, error)
UpdateKeyDescriptionWithContext(aws.Context, *kms.UpdateKeyDescriptionInput, ...request.Option) (*kms.UpdateKeyDescriptionOutput, error)
UpdateKeyDescriptionRequest(*kms.UpdateKeyDescriptionInput) (*request.Request, *kms.UpdateKeyDescriptionOutput)
}
var _ KMSAPI = (*kms.KMS)(nil)

97
vendor/github.com/aws/aws-sdk-go/service/kms/service.go generated vendored Normal file
View File

@@ -0,0 +1,97 @@
// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
package kms
import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/client"
"github.com/aws/aws-sdk-go/aws/client/metadata"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/aws/signer/v4"
"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
)
// KMS provides the API operation methods for making requests to
// AWS Key Management Service. See this package's package overview docs
// for details on the service.
//
// KMS methods are safe to use concurrently. It is not safe to
// modify mutate any of the struct's properties though.
type KMS struct {
*client.Client
}
// Used for custom client initialization logic
var initClient func(*client.Client)
// Used for custom request initialization logic
var initRequest func(*request.Request)
// Service information constants
const (
ServiceName = "kms" // Name of service.
EndpointsID = ServiceName // ID to lookup a service endpoint with.
ServiceID = "KMS" // ServiceID is a unique identifer of a specific service.
)
// New creates a new instance of the KMS client with a session.
// If additional configuration is needed for the client instance use the optional
// aws.Config parameter to add your extra config.
//
// Example:
// // Create a KMS client from just a session.
// svc := kms.New(mySession)
//
// // Create a KMS client with additional configuration
// svc := kms.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
func New(p client.ConfigProvider, cfgs ...*aws.Config) *KMS {
c := p.ClientConfig(EndpointsID, cfgs...)
return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
}
// newClient creates, initializes and returns a new service client instance.
func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *KMS {
svc := &KMS{
Client: client.New(
cfg,
metadata.ClientInfo{
ServiceName: ServiceName,
ServiceID: ServiceID,
SigningName: signingName,
SigningRegion: signingRegion,
Endpoint: endpoint,
APIVersion: "2014-11-01",
JSONVersion: "1.1",
TargetPrefix: "TrentService",
},
handlers,
),
}
// Handlers
svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler)
svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler)
svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler)
svc.Handlers.UnmarshalError.PushBackNamed(jsonrpc.UnmarshalErrorHandler)
// Run custom client initialization if present
if initClient != nil {
initClient(svc.Client)
}
return svc
}
// newRequest creates a new request for a KMS operation and runs any
// custom request initialization.
func (c *KMS) newRequest(op *request.Operation, params, data interface{}) *request.Request {
req := c.NewRequest(op, params, data)
// Run custom request initialization if present
if initRequest != nil {
initRequest(req)
}
return req
}

2
vendor/github.com/circonus-labs/circonus-gometrics/OPTIONS.md generated vendored
View File

@@ -97,7 +97,7 @@ func main() {
## Notes: ## Notes:
* All options are *strings* with the following exceptions: * All options are *strings* with the following exceptions:
* `cfg.Log` - an instance of [`log.Logger`](https://golang.org/pkg/log/#Logger) or something else (e.g. [logrus](https://github.com/sirupsen/logrus)) which can be used to satisfy the interface requirements. * `cfg.Log` - an instance of [`log.Logger`](https://golang.org/pkg/log/#Logger) or something else (e.g. [logrus](https://github.com/Sirupsen/logrus)) which can be used to satisfy the interface requirements.
* `cfg.Debug` - a boolean true|false. * `cfg.Debug` - a boolean true|false.
* At a minimum, one of either `API.TokenKey` or `Check.SubmissionURL` is **required** for cgm to function. * At a minimum, one of either `API.TokenKey` or `Check.SubmissionURL` is **required** for cgm to function.
* Check management can be disabled by providing a `Check.SubmissionURL` without an `API.TokenKey`. Note: the supplied URL needs to be http or the broker needs to be running with a cert which can be verified. Otherwise, the `API.TokenKey` will be required to retrieve the correct CA certificate to validate the broker's cert for the SSL connection. * Check management can be disabled by providing a `Check.SubmissionURL` without an `API.TokenKey`. Note: the supplied URL needs to be http or the broker needs to be running with a cert which can be verified. Otherwise, the `API.TokenKey` will be required to retrieve the correct CA certificate to validate the broker's cert for the SSL connection.

1726
vendor/google.golang.org/api/cloudkms/v1/cloudkms-api.json generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

5944
vendor/google.golang.org/api/cloudkms/v1/cloudkms-gen.go generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

2
vendor/gopkg.in/ory-am/dockertest.v2/glide.lock generated vendored
View File

@@ -93,7 +93,7 @@ testImports:
version: 8c6a1d79a44d2742da3660540d1fd43f4ddcfc8c version: 8c6a1d79a44d2742da3660540d1fd43f4ddcfc8c
subpackages: subpackages:
- zk - zk
- name: github.com/sirupsen/logrus - name: github.com/Sirupsen/logrus
version: 3ec0642a7fb6488f65b06f9040adc67e3990296a version: 3ec0642a7fb6488f65b06f9040adc67e3990296a
- name: github.com/streadway/amqp - name: github.com/streadway/amqp
version: 2e25825abdbd7752ff08b270d313b93519a0a232 version: 2e25825abdbd7752ff08b270d313b93519a0a232

34
vendor/vendor.json vendored
View File

@@ -102,6 +102,12 @@
"revision": "ef9744da754d0cf00d0cfeae7d1a83f2245a4b1c", "revision": "ef9744da754d0cf00d0cfeae7d1a83f2245a4b1c",
"revisionTime": "2018-10-15T17:46:20Z" "revisionTime": "2018-10-15T17:46:20Z"
}, },
{
"checksumSHA1": "3Dn5zSdAcOuPVXEy5egbIsfFeC4=",
"path": "github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault",
"revision": "fbe7db0e3f9793ba3e5704efbab84f51436c136e",
"revisionTime": "2018-07-03T19:15:42Z"
},
{ {
"checksumSHA1": "E7n1e1+L/fY7TVayjtwOXaMilD4=", "checksumSHA1": "E7n1e1+L/fY7TVayjtwOXaMilD4=",
"path": "github.com/Azure/azure-sdk-for-go/services/preview/authorization/mgmt/2018-01-01-preview/authorization", "path": "github.com/Azure/azure-sdk-for-go/services/preview/authorization/mgmt/2018-01-01-preview/authorization",
@@ -342,6 +348,12 @@
"revision": "c5825d35a94a5a25d936ebe6bed5779255d02cf4", "revision": "c5825d35a94a5a25d936ebe6bed5779255d02cf4",
"revisionTime": "2018-10-12T12:19:43Z" "revisionTime": "2018-10-12T12:19:43Z"
}, },
{
"checksumSHA1": "NY8Yw4CiYHhx1XjUiBhT/8gXDiE=",
"path": "github.com/aliyun/alibaba-cloud-sdk-go/services/kms",
"revision": "9669db6328e053fefc47bfe8ddf2e82625444fab",
"revisionTime": "2018-09-30T08:30:48Z"
},
{ {
"checksumSHA1": "vT5hncrHvGakCmawRJI3JgtTf4s=", "checksumSHA1": "vT5hncrHvGakCmawRJI3JgtTf4s=",
"path": "github.com/aliyun/alibaba-cloud-sdk-go/services/ram", "path": "github.com/aliyun/alibaba-cloud-sdk-go/services/ram",
@@ -655,7 +667,19 @@
"revisionTime": "2018-10-15T21:27:28Z" "revisionTime": "2018-10-15T21:27:28Z"
}, },
{ {
"checksumSHA1": "yDbIw+lVcsmjyom0xI+8khZNy6o=", "checksumSHA1": "ac/mCyWnYF9Br3WPYQcAOYGxCFc=",
"path": "github.com/aws/aws-sdk-go/service/kms",
"revision": "6e42625fcba9345ab67b42b6744284e8f7e3e79d",
"revisionTime": "2018-10-15T21:27:28Z"
},
{
"checksumSHA1": "OjnnN9JobHmJLZvIBM0du3bNLmk=",
"path": "github.com/aws/aws-sdk-go/service/kms/kmsiface",
"revision": "23e3775971f2213a1969886eb9931ffd834f438c",
"revisionTime": "2018-07-06T22:54:19Z"
},
{
"checksumSHA1": "JgKzClDzo4V5Wh9cEk7h2dHtAZE=",
"path": "github.com/aws/aws-sdk-go/service/s3", "path": "github.com/aws/aws-sdk-go/service/s3",
"revision": "6e42625fcba9345ab67b42b6744284e8f7e3e79d", "revision": "6e42625fcba9345ab67b42b6744284e8f7e3e79d",
"revisionTime": "2018-10-15T21:27:28Z" "revisionTime": "2018-10-15T21:27:28Z"
@@ -2743,7 +2767,13 @@
"revisionTime": "2018-04-12T16:56:04Z" "revisionTime": "2018-04-12T16:56:04Z"
}, },
{ {
"checksumSHA1": "gmT0tI5vdUnvc9Nase6RV0q+lMM=", "checksumSHA1": "T7gPI6SPao+8FJ5NGL6EgNFK9iw=",
"path": "google.golang.org/api/cloudkms/v1",
"revision": "cc9bd73d51b4c5610e35bcb01f15368185cfaab3",
"revisionTime": "2018-10-16T15:55:58Z"
},
{
"checksumSHA1": "QkzppExyctFz029dvXzKzh6UHgU=",
"path": "google.golang.org/api/compute/v1", "path": "google.golang.org/api/compute/v1",
"revision": "625cd1887957946515db468ce519bb71fa31fc7f", "revision": "625cd1887957946515db468ce519bb71fa31fc7f",
"revisionTime": "2018-10-12T22:54:34Z" "revisionTime": "2018-10-12T22:54:34Z"