Skip to content

/ sops

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for OpenStack Barbican #683

Open
wants to merge 1 commit into
base: develop
from
Open

Add support for OpenStack Barbican #683

wants to merge 1 commit into from
+642 −99

Conversation

@rochaporto
Copy link

@rochaporto rochaporto commented Jun 22, 2020

Adds a new keysource storing master keys under OpenStack Barbican:
https://wiki.openstack.org/wiki/Barbican

As described in the commit message, the logic is different from the other keysources as Barbican does not directly offer encrypt/decrypt logic, but works instead as a secret storage service. In this keysource we rely on Barbican to store and retrieve the master keys.

The PR is built on top of the Vault one, i'm happy to rebase if necessary against current master.
@codecov-commenter
Copy link

@codecov-commenter codecov-commenter commented Jun 22, 2020

Codecov Report

Merging #683 into master will increase coverage by 0.16%.
The diff coverage is 32.40%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #683      +/-   ##
==========================================
+ Coverage   37.11%   37.28%   +0.16%     
==========================================
  Files          21       23       +2     
  Lines        2891     3420     +529     
==========================================
+ Hits         1073     1275     +202     
- Misses       1724     2014     +290     
- Partials       94      131      +37
Impacted Files Coverage Δ
keyservice/keyservice.go 0.00% <0.00%> (ø)
keyservice/server.go 4.60% <0.00%> (-1.69%) ⬇️
stores/stores.go 0.00% <0.00%> (ø)
keyservice/keyservice.pb.go 4.38% <2.34%> (+0.08%) ⬆️
config/config.go 69.33% <47.36%> (-2.10%) ⬇️
hcvault/keysource.go 48.12% <48.12%> (ø)
stores/json/store.go 53.19% <60.00%> (+0.18%) ⬆️
stores/dotenv/parser.go 83.33% <83.33%> (ø)
stores/dotenv/store.go 25.00% <100.00%> (-6.86%) ⬇️
... and 1 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4bc27f6...c747492. Read the comment docs.
@jvehent
Copy link
Contributor

@jvehent jvehent commented Jun 22, 2020

Please submit your patch against the develop branch and not the master branch.
@rochaporto
Add support for OpenStack Barbican
Loading status checks…
e8d541d 
Add a new KMS backend for OpenStack Barbican. The logic is slightly
different from the other KMSs as Barbican is used to store/retrieve the
master keys, with the encryption of the data keys being done by sops.
@rochaporto rochaporto force-pushed the rochaporto:barbican branch from c747492 to e8d541d Jun 22, 2020
@rochaporto rochaporto changed the base branch from master to develop Jun 22, 2020
@rochaporto
Copy link
Author

@rochaporto rochaporto commented Jun 22, 2020

@jvehent done
@ajvb
Copy link
Member

@ajvb ajvb commented Jul 15, 2020

@rochaporto Thank you for the PR.

I must say, I am currently against merging this unless:

  1. There is a sizeable enough portion of our user base that would like this
  2. We can work out a detailed testing guide within this PR
  3. There is full coverage integration tests that can be ran locally and in CI within this PR
@rochaporto
Copy link
Author

@rochaporto rochaporto commented Aug 4, 2020

Hi @ajvb .

Thanks for the feedback.

I'll work on the testing guide and integration tests, and in parallel inquire about interest by other people within openstack.

Thanks for checking this out.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
@rochaporto @codecov-commenter @jvehent @ajvb
You can’t perform that action at this time.