From b2d7f1054a806bbd5ca5bd2652f2eb03be557df7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Nov 2023 22:25:43 +0000 Subject: [PATCH 1/6] chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md) - [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v3 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b117b242..057b5432 100644 --- a/go.mod +++ b/go.mod @@ -103,7 +103,7 @@ require ( github.com/gammazero/deque v0.2.1 // indirect github.com/gammazero/workerpool v1.1.3 // indirect github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 // indirect - github.com/go-jose/go-jose/v3 v3.0.0 // indirect + github.com/go-jose/go-jose/v3 v3.0.1 // indirect github.com/go-logr/logr v1.2.4 // indirect github.com/go-ole/go-ole v1.2.6 // indirect github.com/go-openapi/analysis v0.20.0 // indirect diff --git a/go.sum b/go.sum index f408afe2..4d1ad331 100644 --- a/go.sum +++ b/go.sum @@ -418,8 +418,8 @@ github.com/go-errors/errors v1.5.0/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3Bop github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo= -github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= +github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= +github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= From 20ef50bd363e2e96dfbb7d3413f4490a9d3a9657 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 06:32:09 +0000 Subject: [PATCH 2/6] chore(deps): bump actions/setup-go from 4 to 5 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/pipeline.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 63e23353..45f5eb8d 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -40,7 +40,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.21 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 85ab0a66..d440a935 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.21 From 50c17b0b4aa9662bf64e88cbd17a0cfbdc9a19fa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Dec 2023 23:30:13 +0000 Subject: [PATCH 3/6] chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 057b5432..7b8d85b6 100644 --- a/go.mod +++ b/go.mod @@ -280,14 +280,14 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.9.0 // indirect - golang.org/x/crypto v0.14.0 // indirect + golang.org/x/crypto v0.17.0 // indirect golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect golang.org/x/mod v0.12.0 // indirect golang.org/x/oauth2 v0.12.0 // indirect golang.org/x/sync v0.3.0 // indirect - golang.org/x/sys v0.13.0 // indirect - golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/term v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.13.0 // indirect google.golang.org/api v0.143.0 // indirect diff --git a/go.sum b/go.sum index 4d1ad331..ca2ced35 100644 --- a/go.sum +++ b/go.sum @@ -1615,8 +1615,8 @@ golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= -golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1831,8 +1831,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1840,8 +1840,8 @@ golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1856,8 +1856,8 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From d3aa6476b5fd82dd5b9cf287dc0584aca2c80b19 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jan 2024 01:23:15 +0000 Subject: [PATCH 4/6] chore(deps): bump github/codeql-action from 2 to 3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2695981f..19a993e5 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -24,9 +24,9 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 From 64935dacdc14107a94f6fca54415b9667b81fc0e Mon Sep 17 00:00:00 2001 From: Yves Galante Date: Thu, 31 Aug 2023 16:55:03 +0200 Subject: [PATCH 5/6] feat(azure): Support Azure Workload Identity #421 Signed-off-by: Yves Galante --- go.mod | 11 +- go.sum | 5 + pkg/backends/azurekeyvault.go | 96 +++--- pkg/backends/azurekeyvault_test.go | 462 +++++++++++++---------------- pkg/config/config.go | 10 +- pkg/config/config_test.go | 8 - 6 files changed, 287 insertions(+), 305 deletions(-) diff --git a/go.mod b/go.mod index 7b8d85b6..4eff12f9 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,9 @@ go 1.21 require ( cloud.google.com/go/secretmanager v1.11.2 github.com/1Password/connect-sdk-go v1.5.3 - github.com/Azure/azure-sdk-for-go v68.0.0+incompatible + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1 + github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.0.1 github.com/DelineaXPM/tss-sdk-go/v2 v2.0.0 github.com/IBM/go-sdk-core/v5 v5.14.1 github.com/IBM/secrets-manager-go-sdk v1.2.0 @@ -41,6 +43,9 @@ require ( cloud.google.com/go/kms v1.15.2 // indirect cloud.google.com/go/monitoring v1.16.0 // indirect filippo.io/age v1.0.0 // indirect + github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.29 // indirect github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect @@ -51,6 +56,7 @@ require ( github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect github.com/BurntSushi/toml v1.3.2 // indirect github.com/DataDog/datadog-go v3.2.0+incompatible // indirect github.com/Jeffail/gabs v1.1.1 // indirect @@ -124,6 +130,7 @@ require ( github.com/go-test/deep v1.1.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect + github.com/golang-jwt/jwt/v5 v5.0.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/golang/snappy v0.0.4 // indirect @@ -204,6 +211,7 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/kelseyhightower/envconfig v1.4.0 // indirect github.com/klauspost/compress v1.17.0 // indirect + github.com/kylelemons/godebug v1.1.0 // indirect github.com/leodido/go-urn v1.2.3 // indirect github.com/lib/pq v1.10.9 // indirect github.com/linode/linodego v0.7.1 // indirect @@ -239,6 +247,7 @@ require ( github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 // indirect github.com/pierrec/lz4 v2.6.1+incompatible // indirect github.com/pires/go-proxyproto v0.6.1 // indirect + github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/posener/complete v1.2.3 // indirect github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect diff --git a/go.sum b/go.sum index ca2ced35..9ef6f199 100644 --- a/go.sum +++ b/go.sum @@ -76,6 +76,10 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi v1.1.0 h1:Q707j github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi v1.1.0/go.mod h1:vjoxsjVnPwhjHZw4PuuhpgYlcxWl5tyNedLHUl0ulFA= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1 h1:7CBQ+Ei8SP2c6ydQTGCCrS35bDxgTMfoP2miAwK++OU= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1/go.mod h1:c/wcGeGx5FUPbM/JltUYHZcKmigwyVLJlDq+4HdtXaw= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.0.1 h1:8TkzQBrN9PWIwo7ekdd696KpC6IfTltV2/F8qKKBWik= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.0.1/go.mod h1:aprFpXPQiTyG5Rkz6Ot5pvU6y6YKg/AKYOcLCoxN0bk= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI= github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0 h1:u/LLAOFgsMv7HmNL4Qufg58y+qElGOt5qv0z1mURkRY= github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0/go.mod h1:2e8rMJtl2+2j+HXbTBwnyGpm5Nou7KhvSfxOq8JpTag= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= @@ -1814,6 +1818,7 @@ golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/pkg/backends/azurekeyvault.go b/pkg/backends/azurekeyvault.go index be88305a..ec68ad29 100644 --- a/pkg/backends/azurekeyvault.go +++ b/pkg/backends/azurekeyvault.go @@ -3,22 +3,31 @@ package backends import ( "context" "fmt" - "github.com/Azure/azure-sdk-for-go/profiles/latest/keyvault/keyvault" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets" "github.com/argoproj-labs/argocd-vault-plugin/pkg/utils" - "path" - "strings" "time" ) // AzureKeyVault is a struct for working with an Azure Key Vault backend type AzureKeyVault struct { - Client keyvault.BaseClient + Credential azcore.TokenCredential + ClientBuilder func(vaultURL string, credential azcore.TokenCredential, options *azsecrets.ClientOptions) (AzSecretsClient, error) +} + +type AzSecretsClient interface { + GetSecret(ctx context.Context, name string, version string, options *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error) + NewListSecretPropertiesPager(options *azsecrets.ListSecretPropertiesOptions) *runtime.Pager[azsecrets.ListSecretPropertiesResponse] } // NewAzureKeyVaultBackend initializes a new Azure Key Vault backend -func NewAzureKeyVaultBackend(client keyvault.BaseClient) *AzureKeyVault { +func NewAzureKeyVaultBackend(credential azcore.TokenCredential, clientBuilder func(vaultURL string, credential azcore.TokenCredential, options *azsecrets.ClientOptions) (*azsecrets.Client, error)) *AzureKeyVault { return &AzureKeyVault{ - Client: client, + Credential: credential, + ClientBuilder: func(vaultURL string, credential azcore.TokenCredential, options *azsecrets.ClientOptions) (AzSecretsClient, error) { + return clientBuilder(vaultURL, credential, options) + }, } } @@ -29,59 +38,55 @@ func (a *AzureKeyVault) Login() error { // GetSecrets gets secrets from Azure Key Vault and returns the formatted data // For Azure Key Vault, `kvpath` is the unique name of your vault +// For Azure use the version here not make really sens as each secret have a different version but let support it func (a *AzureKeyVault) GetSecrets(kvpath string, version string, _ map[string]string) (map[string]interface{}, error) { kvpath = fmt.Sprintf("https://%s.vault.azure.net", kvpath) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - data := make(map[string]interface{}) + verboseOptionalVersion("Azure Key Vault list all secrets from vault %s", version, kvpath) - utils.VerboseToStdErr("Azure Key Vault listing secrets in vault %v", kvpath) - secretList, err := a.Client.GetSecretsComplete(ctx, kvpath, nil) + client, err := a.ClientBuilder(kvpath, a.Credential, nil) if err != nil { return nil, err } - utils.VerboseToStdErr("Azure Key Vault list secrets response %v", secretList) - // Gather all secrets in Key Vault - - for ; secretList.NotDone(); secretList.NextWithContext(ctx) { - secret := path.Base(*secretList.Value().ID) - if version == "" { - utils.VerboseToStdErr("Azure Key Vault getting secret %s from vault %s", secret, kvpath) - secretResp, err := a.Client.GetSecret(ctx, kvpath, secret, "") - if err != nil { - return nil, err - } + data := make(map[string]interface{}) - utils.VerboseToStdErr("Azure Key Vault get unversioned secret response %v", secretResp) - data[secret] = *secretResp.Value - continue + pager := client.NewListSecretPropertiesPager(nil) + for pager.More() { + page, err := pager.NextPage(ctx) + if err != nil { + return nil, err } - // In Azure Key Vault the versions of a secret is first shown after running GetSecretVersions. So we need - // to loop through the versions for each secret in order to find the secret that has the specific version. - secretVersions, _ := a.Client.GetSecretVersionsComplete(ctx, kvpath, secret, nil) - for ; secretVersions.NotDone(); secretVersions.NextWithContext(ctx) { - secretVersion := secretVersions.Value() + for _, secretVersion := range page.Value { // Azure Key Vault has ability to enable/disable a secret, so lets honour that if !*secretVersion.Attributes.Enabled { continue } - // Secret version matched given version - if strings.Contains(*secretVersion.ID, version) { - utils.VerboseToStdErr("Azure Key Vault getting secret %s from vault %s at version %s", secret, kvpath, version) - secretResp, err := a.Client.GetSecret(ctx, kvpath, secret, version) + name := secretVersion.ID.Name() + // Secret version matched given version ? + if version == "" || secretVersion.ID.Version() == version { + verboseOptionalVersion("Azure Key Vault getting secret %s from vault %s", version, name, kvpath) + secret, err := client.GetSecret(ctx, name, version, nil) if err != nil { return nil, err } - - utils.VerboseToStdErr("Azure Key Vault get versioned secret response %v", secretResp) - data[secret] = *secretResp.Value + utils.VerboseToStdErr("Azure Key Vault get secret response %v", secret) + data[name] = *secret.Value + } else { + verboseOptionalVersion("Azure Key Vault getting secret %s from vault %s", version, name, kvpath) + secret, err := client.GetSecret(ctx, name, version, nil) + if err != nil || !*secretVersion.Attributes.Enabled { + utils.VerboseToStdErr("Azure Key Vault get versioned secret not found %s", err) + continue + } + utils.VerboseToStdErr("Azure Key Vault get versioned secret response %v", secret) + data[name] = *secret.Value } } } - return data, nil } @@ -92,15 +97,28 @@ func (a *AzureKeyVault) GetIndividualSecret(kvpath, secret, version string, anno ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - utils.VerboseToStdErr("Azure Key Vault getting secret %s from vault %s at version %s", secret, kvpath, version) + verboseOptionalVersion("Azure Key Vault getting individual secret %s from vault %s", version, secret, kvpath) kvpath = fmt.Sprintf("https://%s.vault.azure.net", kvpath) - data, err := a.Client.GetSecret(ctx, kvpath, secret, version) + client, err := a.ClientBuilder(kvpath, a.Credential, nil) + if err != nil { + return nil, err + } + + data, err := client.GetSecret(ctx, secret, version, nil) if err != nil { return nil, err } - utils.VerboseToStdErr("Azure Key Vault get versioned secret response %v", data) + utils.VerboseToStdErr("Azure Key Vault get individual secret response %v", data) return *data.Value, nil } + +func verboseOptionalVersion(format string, version string, message ...interface{}) { + if version == "" { + utils.VerboseToStdErr(format, message...) + } else { + utils.VerboseToStdErr(format+" at version %s", append(message, version)...) + } +} diff --git a/pkg/backends/azurekeyvault_test.go b/pkg/backends/azurekeyvault_test.go index 30e8da3a..b3b0fcf2 100644 --- a/pkg/backends/azurekeyvault_test.go +++ b/pkg/backends/azurekeyvault_test.go @@ -1,286 +1,246 @@ package backends_test import ( - "fmt" - "github.com/Azure/azure-sdk-for-go/profiles/latest/keyvault/keyvault" + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets" "github.com/argoproj-labs/argocd-vault-plugin/pkg/backends" - "io" - "net/http" - "net/url" "reflect" - "strings" "testing" ) -type mockSender struct { - DoFunc func(r *http.Request) (*http.Response, error) -} +const secretNamePrefix = "https://myvaultname.vault.azure.net/keys/" -func (m mockSender) Do(r *http.Request) (*http.Response, error) { - return m.DoFunc(r) +type mockClientProxy struct { + simulateError string } -func TestAzureKeyVault_GetSecrets(t *testing.T) { - // secrets: list of key vault secrets (where foo and bar is present) - // foo: is a secret with a secret value - // bar: is a secret with a secret value - tt := map[string]struct { - Body string - StatusCode int - }{ - "secrets": { - Body: ` - { - "value": [ - { - "contentType": "foobar", - "id": "https://test.vault.azure.net/secrets/foo", - "attributes": { - "enabled": true, - "created": 1629833926, - "updated": 1629833926, - "recoveryLevel": "Recoverable+Purgeable" - }, - "tags": {} - }, - { - "id": "https://test.vault.azure.net/secrets/bar", - "attributes": { - "enabled": true, - "created": 1629813653, - "updated": 1629813653, - "recoveryLevel": "Recoverable+Purgeable" - }, - "tags": { - "file-encoding": "utf-8" - } - } - ], - "nextLink": null - }`, - StatusCode: 200, - }, - "foo": { - Body: ` - { - "value": "bar", - "contentType": "foobar", - "id": "https://test.vault.azure.net.test/secrets/foo/8f8da2e06c8240808ee439ff093803b5", - "attributes": { - "enabled": true, - "created": 1629833926, - "updated": 1629833926, - "recoveryLevel": "Recoverable+Purgeable" - }, - "tags": {} - }`, - StatusCode: 200, - }, - "bar": { - Body: ` - { - "value": "baz", - "id": "https://test.vault.azure.net.test/secrets/bar/33740fc26214497f8904d93f20f7db6d", - "attributes": { - "enabled": true, - "created": 1629813653, - "updated": 1629813653, - "recoveryLevel": "Recoverable+Purgeable" - }, - "tags": { - "file-encoding": "utf-8" - } - }`, - StatusCode: 200, - }, - "bar_version": { - Body: ` - { - "value": "baz-version", - "id": "https://test.vault.azure.net.test/secrets/bar/33740fc26214497f8904d93f20f7db6c", - "attributes": { - "enabled": true, - "created": 1629813653, - "updated": 1629813653, - "recoveryLevel": "Recoverable+Purgeable" - }, - "tags": { - "file-encoding": "utf-8" - } - }`, - StatusCode: 200, - }, - "bar_disabled": { - Body: ` - { - "value": "baz-disabled", - "id": "https://test.vault.azure.net.test/secrets/bar/33740fc26214497f8904d93f20f7db6b", - "attributes": { - "enabled": false, - "created": 1629813653, - "updated": 1629813653, - "recoveryLevel": "Recoverable+Purgeable" - }, - "tags": { - "file-encoding": "utf-8" - } - }`, - StatusCode: 200, - }, - "foobar": { - Body: ` - { - "value": [ - { - "value": "bar", - "id": "https://test.vault.azure.net.test/secrets/bar/33740fc26214497f8904d93f20f7db6d", - "attributes": { - "enabled": true, - "created": 1629813653, - "updated": 1629813653, - "recoveryLevel": "Recoverable+Purgeable" - }, - "tags": { - "file-encoding": "utf-8" - } - }, - { - "value": "bar", - "id": "https://test.vault.azure.net.test/secrets/bar/33740fc26214497f8904d93f20f7db6c", - "attributes": { - "enabled": true, - "created": 1629813653, - "updated": 1629813653, - "recoveryLevel": "Recoverable+Purgeable" - }, - "tags": { - "file-encoding": "utf-8" - } - }, - { - "value": "bar", - "id": "https://test.vault.azure.net.test/secrets/bar/33740fc26214497f8904d93f20f7db6b", - "attributes": { - "enabled": false, - "created": 1629813653, - "updated": 1629813653, - "recoveryLevel": "Recoverable+Purgeable" - }, - "tags": { - "file-encoding": "utf-8" - } - } - ], - "nextLink": null - }`, - StatusCode: 200, +func makeSecretProperties(id azsecrets.ID, enable bool) *azsecrets.SecretProperties { + return &azsecrets.SecretProperties{ + ID: &id, + Attributes: &azsecrets.SecretAttributes{ + Enabled: &enable, }, } +} - // Setup client and mock Sender - sender := &mockSender{} - basicClient := keyvault.New() - basicClient.Sender = sender +func makeResponse(id azsecrets.ID, value string, err error) (azsecrets.GetSecretResponse, error) { + return azsecrets.GetSecretResponse{ + Secret: azsecrets.Secret{ + ID: &id, + Value: &value, + }, + }, err +} - // DoFunc returns our mocked data when Do is called - sender.DoFunc = func(r *http.Request) (*http.Response, error) { - u, err := url.Parse(fmt.Sprintf("%s", r.URL)) - if err != nil { - t.Fatalf("expected 0 errors but got: %s", err) - } - if fmt.Sprintf("%s", u.Path) == "/secrets" { - return &http.Response{ - StatusCode: tt["secrets"].StatusCode, - Body: io.NopCloser(strings.NewReader(tt["secrets"].Body)), +func newAzureKeyVaultBackendMock(simulateError string) *backends.AzureKeyVault { + return &backends.AzureKeyVault{ + Credential: nil, + ClientBuilder: func(vaultURL string, credential azcore.TokenCredential, options *azsecrets.ClientOptions) (backends.AzSecretsClient, error) { + return &mockClientProxy{ + simulateError: simulateError, }, nil - } else if fmt.Sprintf("%s", u.Path) == "/secrets/bar/versions" { - return &http.Response{ - StatusCode: tt["foobar"].StatusCode, - Body: io.NopCloser(strings.NewReader(tt["foobar"].Body)), - }, nil - } else if fmt.Sprintf("%s", u.Path) == "/secrets/bar/33740fc26214497f8904d93f20f7db6c" { - return &http.Response{ - StatusCode: tt["bar_version"].StatusCode, - Body: io.NopCloser(strings.NewReader(tt["bar_version"].Body)), - }, nil - } else if fmt.Sprintf("%s", u.Path) == "/secrets/bar/33740fc26214497f8904d93f20f7db6b" { - return &http.Response{ - StatusCode: tt["bar_disabled"].StatusCode, - Body: io.NopCloser(strings.NewReader(tt["bar_disabled"].Body)), - }, nil - } else { - s := strings.Split(u.Path, "/")[2] - return &http.Response{ - StatusCode: tt[s].StatusCode, - Body: io.NopCloser(strings.NewReader(tt[s].Body)), - }, nil - } + }, } +} - kv := backends.NewAzureKeyVaultBackend(basicClient) - - t.Run("Azure retrieve secrets no version", func(t *testing.T) { - - secretList, err := kv.GetSecrets("test", "", map[string]string{}) - if err != nil { - t.Fatalf("expected 0 errors but got: %s", err) - } +func (c *mockClientProxy) NewListSecretPropertiesPager(options *azsecrets.ListSecretPropertiesOptions) *runtime.Pager[azsecrets.ListSecretPropertiesResponse] { + var pageCount = 0 + pager := runtime.NewPager(runtime.PagingHandler[azsecrets.ListSecretPropertiesResponse]{ + More: func(current azsecrets.ListSecretPropertiesResponse) bool { + return pageCount == 0 + }, + Fetcher: func(ctx context.Context, current *azsecrets.ListSecretPropertiesResponse) (azsecrets.ListSecretPropertiesResponse, error) { + pageCount++ + var a []*azsecrets.SecretProperties + if c.simulateError == "fetch_error" { + return azsecrets.ListSecretPropertiesResponse{}, errors.New("fetch error") + } else if c.simulateError == "get_secret_error" { + a = append(a, makeSecretProperties(secretNamePrefix+"invalid/v2", true)) + } + a = append(a, makeSecretProperties(secretNamePrefix+"simple/v2", true)) + a = append(a, makeSecretProperties(secretNamePrefix+"second/v2", true)) + a = append(a, makeSecretProperties(secretNamePrefix+"disabled/v2", false)) + return azsecrets.ListSecretPropertiesResponse{ + SecretPropertiesListResult: azsecrets.SecretPropertiesListResult{ + Value: a, + }, + }, nil + }, + }) + return pager +} - expected := map[string]interface{}{ - "foo": "bar", - "bar": "baz", - } +func (c *mockClientProxy) GetSecret(ctx context.Context, name string, version string, options *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error) { + if name == "simple" && (version == "" || version == "v1") { + return makeResponse(secretNamePrefix+"simple/v1", "a_value_v1", nil) + } else if name == "simple" && version == "v2" { + return makeResponse(secretNamePrefix+"simple/v2", "a_value_v2", nil) + } else if name == "second" && (version == "" || version == "v2") { + return makeResponse(secretNamePrefix+"second/v2", "a_second_value_v2", nil) + } + return makeResponse("", "", errors.New("secret not found")) +} - if !reflect.DeepEqual(expected, secretList) { - t.Errorf("expected: %s, got: %s.", expected, secretList) - } +func TestAzLogin(t *testing.T) { + var keyVault = newAzureKeyVaultBackendMock("") + var err = keyVault.Login() + if err != nil { + t.Fatalf("expected 0 errors but got: %s", err) + } +} - }) +func TestAzGetSecret(t *testing.T) { + var keyVault = newAzureKeyVaultBackendMock("") + var data, err = keyVault.GetIndividualSecret("keyvault", "simple", "", nil) + if err != nil { + t.Fatalf("expected 0 errors but got: %s", err) + } + expected := "a_value_v1" + if !reflect.DeepEqual(expected, data) { + t.Errorf("expected: %s, got: %s.", expected, data) + } +} - t.Run("Azure retrieve secrets with version", func(t *testing.T) { +func TestAzGetSecretWithVersion(t *testing.T) { + var keyVault = newAzureKeyVaultBackendMock("") + var data, err = keyVault.GetIndividualSecret("keyvault", "simple", "v2", nil) + if err != nil { + t.Fatalf("expected 0 errors but got: %s", err) + } + expected := "a_value_v2" + if !reflect.DeepEqual(expected, data) { + t.Errorf("expected: %s, got: %s.", expected, data) + } +} - // test version - secretList, err := kv.GetSecrets("test", "33740fc26214497f8904d93f20f7db6c", map[string]string{}) - if err != nil { - t.Fatalf("expected 0 errors but got: %s", err) - } +func TestAzGetSecretWithWrongVersion(t *testing.T) { + var keyVault = newAzureKeyVaultBackendMock("") + var _, err = keyVault.GetIndividualSecret("keyvault", "simple", "v3", nil) + if err == nil { + t.Fatalf("expected 1 errors but got nil") + } + expected := errors.New("secret not found") + if !reflect.DeepEqual(err, expected) { + t.Errorf("expected err: %s, got: %s.", expected, err) + } +} - expected := map[string]interface{}{ - "bar": "baz-version", - } +func TestAzGetSecretNotExist(t *testing.T) { + var keyVault = newAzureKeyVaultBackendMock("") + var _, err = keyVault.GetIndividualSecret("keyvault", "not_existing", "", nil) + if err == nil { + t.Fatalf("expected 1 errors but got nil") + } + expected := errors.New("secret not found") + if !reflect.DeepEqual(err, expected) { + t.Errorf("expected err: %s, got: %s.", expected, err) + } +} - if !reflect.DeepEqual(expected, secretList) { - t.Errorf("expected: %s, got: %s.", expected, secretList) - } +func TestAzGetSecretBuilderError(t *testing.T) { + var keyVault = &backends.AzureKeyVault{ + Credential: nil, + ClientBuilder: func(vaultURL string, credential azcore.TokenCredential, options *azsecrets.ClientOptions) (backends.AzSecretsClient, error) { + return nil, errors.New("boom") + }, + } + var _, err = keyVault.GetIndividualSecret("keyvault", "not_existing", "", nil) + if err == nil { + t.Fatalf("expected 1 errors but got nil") + } + expected := errors.New("boom") + if !reflect.DeepEqual(err, expected) { + t.Errorf("expected err: %s, got: %s.", expected, err) + } +} - }) +func TestAzGetSecrets(t *testing.T) { + var keyVault = newAzureKeyVaultBackendMock("") + var res, err = keyVault.GetSecrets("keyvault", "", nil) - t.Run("Azure GetIndividualSecret", func(t *testing.T) { - secret, err := kv.GetIndividualSecret("test", "bar", "33740fc26214497f8904d93f20f7db6c", map[string]string{}) - if err != nil { - t.Fatalf("expected 0 errors but got: %s", err) - } + if err != nil { + t.Fatalf("expected 0 errors but got: %s", err) + } + expected := map[string]interface{}{ + "simple": "a_value_v1", + "second": "a_second_value_v2", + } + if !reflect.DeepEqual(res, expected) { + t.Errorf("expected: %s, got: %s.", expected, res) + } +} - expected := "baz-version" +func TestAzGetSecretsWithError(t *testing.T) { + var keyVault = newAzureKeyVaultBackendMock("fetch_error") + var _, err = keyVault.GetSecrets("keyvault", "", nil) + if err == nil { + t.Fatalf("expected 1 errors but got nil") + } + expected := errors.New("fetch error") + if !reflect.DeepEqual(err, expected) { + t.Errorf("expected err: %s, got: %s.", expected, err) + } +} - if !reflect.DeepEqual(expected, secret) { - t.Errorf("expected: %s, got: %s.", expected, secret) - } - }) +func TestAzGetSecretsWithErrorOnGetSecret(t *testing.T) { + var keyVault = newAzureKeyVaultBackendMock("get_secret_error") + var _, err = keyVault.GetSecrets("keyvault", "", nil) + if err == nil { + t.Fatalf("expected 1 errors but got nil") + } + expected := errors.New("secret not found") + if !reflect.DeepEqual(err, expected) { + t.Errorf("expected err: %s, got: %s.", expected, err) + } +} - t.Run("Azure retrieve secrets with version disabled", func(t *testing.T) { +func TestAzGetSecretsBuilderError(t *testing.T) { + var keyVault = &backends.AzureKeyVault{ + Credential: nil, + ClientBuilder: func(vaultURL string, credential azcore.TokenCredential, options *azsecrets.ClientOptions) (backends.AzSecretsClient, error) { + return nil, errors.New("boom") + }, + } + var _, err = keyVault.GetSecrets("keyvault", "", nil) + if err == nil { + t.Fatalf("expected 1 errors but got nil") + } + expected := errors.New("boom") + if !reflect.DeepEqual(err, expected) { + t.Errorf("expected err: %s, got: %s.", expected, err) + } +} - // test disabled secret - secretList, err := kv.GetSecrets("test", "33740fc26214497f8904d93f20f7db6b", map[string]string{}) - if err != nil { - t.Fatalf("expected 0 errors but got: %s", err) - } +func TestAzGetSecretsVersionV1(t *testing.T) { + var keyVault = newAzureKeyVaultBackendMock("") + var res, err = keyVault.GetSecrets("keyvault", "v1", nil) - expected := map[string]interface{}{} + if err != nil { + t.Fatalf("expected 0 errors but got: %s", err) + } + expected := map[string]interface{}{ + "simple": "a_value_v1", + } + if !reflect.DeepEqual(res, expected) { + t.Errorf("expected: %s, got: %s.", expected, res) + } +} - if !reflect.DeepEqual(expected, secretList) { - t.Errorf("expected: %s, got: %s.", expected, secretList) - } +func TestAzGetSecretsVersionV2(t *testing.T) { + var keyVault = newAzureKeyVaultBackendMock("") + var res, err = keyVault.GetSecrets("keyvault", "v2", nil) - }) + if err != nil { + t.Fatalf("expected 0 errors but got: %s", err) + } + expected := map[string]interface{}{ + "simple": "a_value_v2", + "second": "a_second_value_v2", + } + if !reflect.DeepEqual(res, expected) { + t.Errorf("expected: %s, got: %s.", expected, res) + } } diff --git a/pkg/config/config.go b/pkg/config/config.go index fc07ffb8..bc896701 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -4,6 +4,7 @@ import ( "bytes" "context" "fmt" + "github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets" "os" "strconv" "strings" @@ -11,8 +12,7 @@ import ( gcpsm "cloud.google.com/go/secretmanager/apiv1" "github.com/1Password/connect-sdk-go/connect" - "github.com/Azure/azure-sdk-for-go/profiles/latest/keyvault/keyvault" - kvauth "github.com/Azure/azure-sdk-for-go/services/keyvault/auth" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" delineasecretserver "github.com/DelineaXPM/tss-sdk-go/v2/server" "github.com/IBM/go-sdk-core/v5/core" ibmsm "github.com/IBM/secrets-manager-go-sdk/secretsmanagerv2" @@ -190,14 +190,12 @@ func New(v *viper.Viper, co *Options) (*Config, error) { } case types.AzureKeyVaultbackend: { - authorizer, err := kvauth.NewAuthorizerFromEnvironment() + cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { return nil, err } - basicClient := keyvault.New() - basicClient.Authorizer = authorizer - backend = backends.NewAzureKeyVaultBackend(basicClient) + backend = backends.NewAzureKeyVaultBackend(cred, azsecrets.NewClient) } case types.Sopsbackend: { diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index 5fa49dad..c7925b9d 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -417,14 +417,6 @@ func TestNewConfigMissingParameter(t *testing.T) { }, "*backends.AWSSecretsManager", }, - { - map[string]interface{}{ - "AVP_TYPE": "azurekeyvault", - "AZURE_TENANT_ID": "test", - "AZURE_CLIENT_ID": "test", - }, - "*backends.AzureKeyVault", - }, { map[string]interface{}{ "AVP_TYPE": "yandexcloudlockbox", From 42a43f024eefd6253d3570f5e8c1197942558ff0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Jan 2024 03:09:50 +0000 Subject: [PATCH 6/6] chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.3 to 1.3.7. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: indirect ... Signed-off-by: dependabot[bot] --- go.mod | 3 +-- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 4eff12f9..a151b55c 100644 --- a/go.mod +++ b/go.mod @@ -90,13 +90,12 @@ require ( github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect github.com/circonus-labs/circonusllhist v0.1.3 // indirect - github.com/cloudflare/circl v1.3.3 // indirect + github.com/cloudflare/circl v1.3.7 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba // indirect github.com/dgryski/go-metro v0.0.0-20180109044635-280f6062b5bc // indirect github.com/digitalocean/godo v1.7.5 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/dnaeon/go-vcr v1.2.0 // indirect github.com/docker/distribution v2.8.2+incompatible // indirect github.com/docker/docker v24.0.7+incompatible // indirect github.com/docker/go-connections v0.4.0 // indirect diff --git a/go.sum b/go.sum index 9ef6f199..26a62593 100644 --- a/go.sum +++ b/go.sum @@ -296,8 +296,9 @@ github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp github.com/cjlapao/common-go v0.0.39 h1:bAAUrj2B9v0kMzbAOhzjSmiyDy+rd56r2sy7oEiQLlA= github.com/cjlapao/common-go v0.0.39/go.mod h1:M3dzazLjTjEtZJbbxoA5ZDiGCiHmpwqW9l4UWaddwOA= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cloudfoundry-community/go-cfclient v0.0.0-20220930021109-9c4e6c59ccf1 h1:ef0OsiQjSQggHrLFAMDRiu6DfkVSElA5jfG1/Nkyu6c= github.com/cloudfoundry-community/go-cfclient v0.0.0-20220930021109-9c4e6c59ccf1/go.mod h1:sgaEj3tRn0hwe7GPdEUwxrdOqjBzyjyvyOCGf1OQyZY= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -1232,7 +1233,6 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8= github.com/mongodb-forks/digest v1.0.5 h1:EJu3wtLZcA0HCvsZpX5yuD193/sW9tHiNvrEM5apXMk= github.com/mongodb-forks/digest v1.0.5/go.mod h1:rb+EX8zotClD5Dj4NdgxnJXG9nwrlx3NWKJ8xttz1Dg= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=