From c2b62168652712a87921827cd121f0ce93c1b747 Mon Sep 17 00:00:00 2001 From: Eriks Zelenka Date: Fri, 21 Jun 2019 12:04:03 +0100 Subject: [PATCH] feat: add GCP KMS key suppport Signed-off-by: Eriks Zelenka --- README.md | 13 ++++++++++-- pkg/apis/isindir/v1alpha1/sopssecret_types.go | 17 ++++++++++----- .../isindir/v1alpha1/zz_generated.deepcopy.go | 21 +++++++++++++++++++ version/version.go | 2 +- 4 files changed, 45 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index f80306e2..1c56be6f 100644 --- a/README.md +++ b/README.md @@ -62,11 +62,20 @@ sops --encrypt \ > jenkins-secrets.enc.yaml ``` +* Encrypt file using `sops` and GCP KMS key: + +```bash +sops --encrypt \ + --gcp-kms 'projects//locations//keyRings//cryptoKeys/' \ + --encrypted-suffix='_templates' jenkins-secrets.yaml \ + > jenkins-secrets.enc.yaml +``` + * Encrypt file using `sops` and Azure Keyvault key: ```bash sops --encrypt \ - --azure-kv "https:///keys//" \ + --azure-kv 'https:///keys//' \ --encrypted-suffix='_templates' jenkins-secrets.yaml \ > jenkins-secrets.enc.yaml ``` @@ -75,7 +84,7 @@ sops --encrypt \ ```bash sops --encrypt \ - --pgp "" \ + --pgp '' \ --encrypted-suffix='_templates' jenkins-secrets.yaml \ > jenkins-secrets.enc.yaml ``` diff --git a/pkg/apis/isindir/v1alpha1/sopssecret_types.go b/pkg/apis/isindir/v1alpha1/sopssecret_types.go index d55f9d15..2fbfa96a 100644 --- a/pkg/apis/isindir/v1alpha1/sopssecret_types.go +++ b/pkg/apis/isindir/v1alpha1/sopssecret_types.go @@ -51,14 +51,21 @@ type AzureKmsItem struct { CreationDate string `json:"created_at,omitempty"` } +// GcpKmsDataItem defines GCP KMS Key specific encryption details +// +k8s:openapi-gen=true +type GcpKmsDataItem struct { + VaultURL string `json:"resource_id,omitempty"` + EncryptedKey string `json:"enc,omitempty"` + CreationDate string `json:"created_at,omitempty"` +} + // SopsMetadata defines the encryption details // +k8s:openapi-gen=true type SopsMetadata struct { - AwsKms []KmsDataItem `json:"kms,omitempty"` - Pgp []PgpDataItem `json:"pgp,omitempty"` - AzureKms []AzureKmsItem `json:"azure_kv,omitempty"` - //TODO: add following - //GcpKms []GcpKmsDataItem `json:"gcp_kms,omitempty"` + AwsKms []KmsDataItem `json:"kms,omitempty"` + Pgp []PgpDataItem `json:"pgp,omitempty"` + AzureKms []AzureKmsItem `json:"azure_kv,omitempty"` + GcpKms []GcpKmsDataItem `json:"gcp_kms,omitempty"` Mac string `json:"mac,omitempty"` LastModified string `json:"lastmodified,omitempty"` diff --git a/pkg/apis/isindir/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/isindir/v1alpha1/zz_generated.deepcopy.go index 43f00c20..0a0181c9 100644 --- a/pkg/apis/isindir/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/isindir/v1alpha1/zz_generated.deepcopy.go @@ -24,6 +24,22 @@ func (in *AzureKmsItem) DeepCopy() *AzureKmsItem { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GcpKmsDataItem) DeepCopyInto(out *GcpKmsDataItem) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GcpKmsDataItem. +func (in *GcpKmsDataItem) DeepCopy() *GcpKmsDataItem { + if in == nil { + return nil + } + out := new(GcpKmsDataItem) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KmsDataItem) DeepCopyInto(out *KmsDataItem) { *out = *in @@ -74,6 +90,11 @@ func (in *SopsMetadata) DeepCopyInto(out *SopsMetadata) { *out = make([]AzureKmsItem, len(*in)) copy(*out, *in) } + if in.GcpKms != nil { + in, out := &in.GcpKms, &out.GcpKms + *out = make([]GcpKmsDataItem, len(*in)) + copy(*out, *in) + } return } diff --git a/version/version.go b/version/version.go index 6a419bdd..1299f37a 100644 --- a/version/version.go +++ b/version/version.go @@ -2,5 +2,5 @@ package version var ( // Version of the operator - Version = "0.0.5" + Version = "0.0.6" )