Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate OpenStack Barbican Secret Manager #373

Open
wants to merge 20 commits into
base: master
Choose a base branch
from
Open

Integrate OpenStack Barbican Secret Manager #373

wants to merge 20 commits into from

Conversation

artashesbalabekyan
Copy link

The KES doesn't support OpenStack Barbican Secret Manager.

This PR adds the support of Openstack Barbican Secret Manager along with other Key Management providers.

Testing this PR

  1. Setup two KES instance (source and target). Therefore create a new TLS private/public key pair:
kes identity new --ip 127.0.0.1 --dns localhost localhost

address: 0.0.0.0:7373 # Listen on all network interfaces on port 7373

admin:
  identity: 273de8a8d40c110047de8dcbaaa85896704fad73c9b0e093c8bb822e872b41c2

tls:
  key: private.key # The KES server TLS private key
  cert: public.crt # The KES server TLS certificate

policy:
  my-app:
    allow:
      - /v1/key/*/*
    identities:
    - c9aff4f0d135b88f70429ab9b4c11479d94c32301e801449f332b6eef4521bec


keystore:
  openstack:
    barbican:
      auth_url: <auth_url>
      barbican_url: <barbican_url>
      credentials:
        user_domain: "Default"
        username: <user_name>
        password: <password>
        project_domain: "default"
        project_name: <project_name>

Run the test

go test edge/*.go  -test.run ^TestOpenStack$ -openstack.config ./config.yml

@shtripat shtripat requested a review from aead June 30, 2023 04:51
mrhamburg and others added 11 commits July 1, 2023 06:23
@mrhamburg @artashesbalabekyan
Initial commit
8c49666
@mrhamburg @artashesbalabekyan
Added debug info
64ba616
@artashesbalabekyan
fix: barbican: don't decode secret payload
33fd458 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
fix: barbican: use query parameters when get secrets by name
695d35a 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
refactor: barbican: diverse the functions logic
66d52d3 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
fix: Content-Type header
bdefa89 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
refactor: barbican: diversify the code
32d959a 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@mrhamburg @artashesbalabekyan
fix: error messages barbican
aec0a78
@artashesbalabekyan
fix: test: throw error if test should not fail
744ec83 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
refactor: openstack: use barbican-sdk-go package
2f7b039 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
remove launch.json
f7dcad5 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
mod: update barbican sdk package
accae2f 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
mod: update barbican sdk package
35e1150 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
Merge branch 'master' of github.com:minio/kes into integrate_openstac…
40fada2 
…k_barbican

Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
fix: openstack tests
005a125 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
integrate barbican using gophercloud package
1878d8b 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
fix: edge_test shouldfiail case
6393557 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
fix: openstack: don't use service type and name for endpoint options
d30ed6f 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
openstack: remove unused prints
63f7949 
Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@artashesbalabekyan
fix: openstack: throw key already exists error when trying to create …
3390828 
…an existing key

Signed-off-by: Artashes Balabekyan <balabekyanartashes@gmail.com>
@A1ca7raz
Copy link

After Hashicorp Vault changing their license, I was looking for an open-source alternative until I saw this pr. Thank you!

@allanrogerr
Copy link

@artashesbalabekyan Is this still being worked on?

@allanrogerr allanrogerr added the question Further information is requested label Nov 7, 2023
@artashesbalabekyan
Copy link
Author

@artashesbalabekyan Is this still being worked on?

@allanrogerr Yes. It is tested, and it works

@harshavardhana harshavardhana added Do-Not-Merge Waiting for something new-feature This PR implements a new feature community pending discussion labels Jan 9, 2024
@harshavardhana harshavardhana removed the question Further information is requested label Jan 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aead aead Awaiting requested review from aead

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
community Do-Not-Merge Waiting for something new-feature This PR implements a new feature pending discussion
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@artashesbalabekyan @A1ca7raz @allanrogerr @harshavardhana @mrhamburg