kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
fbcdb125dac8a8a37c0def411f8b85fd99357dfe
nomad/api/keyring.go
James Rasell 270ab1011e lint: Enable and fix SA9004 constant type lint errors. (#26678) 
When creating constants with a custom type, each definition should
include the type definition. If only the first constant defines
this, it will have a different type to the other constants.

This change fixes occurances of this and enables SA9004 within CI
linting to catch future problems while the change is in review.
2025-09-03 07:45:29 +01:00

102 lines
2.7 KiB
Go
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
"fmt"
"net/url"
"strconv"
)
// Keyring is used to access the Variables keyring.
type Keyring struct {
client *Client
}
// Keyring returns a handle to the Keyring endpoint
func (c *Client) Keyring() *Keyring {
return &Keyring{client: c}
}
// EncryptionAlgorithm chooses which algorithm is used for
// encrypting / decrypting entries with this key
type EncryptionAlgorithm string
const (
EncryptionAlgorithmAES256GCM EncryptionAlgorithm = "aes256-gcm"
)
// RootKeyMeta is the metadata used to refer to a RootKey.
type RootKeyMeta struct {
KeyID string // UUID
Algorithm EncryptionAlgorithm
CreateTime int64
CreateIndex uint64
ModifyIndex uint64
State RootKeyState
PublishTime int64
}
// RootKeyState enum describes the lifecycle of a root key.
type RootKeyState string
const (
RootKeyStateInactive RootKeyState = "inactive"
RootKeyStateActive RootKeyState = "active"
RootKeyStateRekeying RootKeyState = "rekeying"
RootKeyStateDeprecated RootKeyState = "deprecated"
RootKeyStatePrepublished RootKeyState = "prepublished"
)
// List lists all the keyring metadata
func (k *Keyring) List(q *QueryOptions) ([]*RootKeyMeta, *QueryMeta, error) {
var resp []*RootKeyMeta
qm, err := k.client.query("/v1/operator/keyring/keys", &resp, q)
if err != nil {
return nil, nil, err
}
return resp, qm, nil
}
// Delete deletes a specific inactive key from the keyring
func (k *Keyring) Delete(opts *KeyringDeleteOptions, w *WriteOptions) (*WriteMeta, error) {
wm, err := k.client.delete(fmt.Sprintf("/v1/operator/keyring/key/%v?force=%v",
url.PathEscape(opts.KeyID), strconv.FormatBool(opts.Force)), nil, nil, w)
return wm, err
}
// KeyringDeleteOptions are parameters for the Delete API
type KeyringDeleteOptions struct {
KeyID string // UUID
// Force can be used to force deletion of a root keyring that was used to encrypt
// an existing variable or to sign a workload identity
Force bool
}
// Rotate requests a key rotation
func (k *Keyring) Rotate(opts *KeyringRotateOptions, w *WriteOptions) (*RootKeyMeta, *WriteMeta, error) {
qp := url.Values{}
if opts != nil {
if opts.Algorithm != "" {
qp.Set("algo", string(opts.Algorithm))
}
if opts.Full {
qp.Set("full", "true")
}
if opts.PublishTime > 0 {
qp.Set("publish_time", fmt.Sprintf("%d", opts.PublishTime))
}
}
resp := &struct{ Key *RootKeyMeta }{}
wm, err := k.client.put("/v1/operator/keyring/rotate?"+qp.Encode(), nil, resp, w)
return resp.Key, wm, err
}
// KeyringRotateOptions are parameters for the Rotate API
type KeyringRotateOptions struct {
Full bool
Algorithm EncryptionAlgorithm
PublishTime int64
}
Reference in New Issue View Git Blame Copy Permalink