mirror of
https://github.com/drakkan/sftpgo.git
synced 2024-11-21 15:10:23 +00:00
kms: add support for Oracle Key Vault
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
parent
2ec6aecc5d
commit
424999dacd
8 changed files with 38 additions and 33 deletions
2
go.mod
2
go.mod
|
|
@ -52,7 +52,7 @@ require (
|
|||
github.com/rs/cors v1.11.1
|
||||
github.com/rs/xid v1.6.0
|
||||
github.com/rs/zerolog v1.33.0
|
||||
github.com/sftpgo/sdk v0.1.9-0.20240815080450-426add0ab063
|
||||
github.com/sftpgo/sdk v0.1.9-0.20241002160417-3a2e25af00c1
|
||||
github.com/shirou/gopsutil/v3 v3.24.5
|
||||
github.com/spf13/afero v1.11.0
|
||||
github.com/spf13/cobra v1.8.1
|
||||
|
|
|
|||
4
go.sum
4
go.sum
|
|
@ -345,8 +345,8 @@ github.com/secsy/goftp v0.0.0-20200609142545-aa2de14babf4 h1:PT+ElG/UUFMfqy5HrxJ
|
|||
github.com/secsy/goftp v0.0.0-20200609142545-aa2de14babf4/go.mod h1:MnkX001NG75g3p8bhFycnyIjeQoOjGL6CEIsdE/nKSY=
|
||||
github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
|
||||
github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
|
||||
github.com/sftpgo/sdk v0.1.9-0.20240815080450-426add0ab063 h1:r+XUT9mg/W97xiS6ZJ1BczLwTYiGKCRQ+Z69QZBnAZ8=
|
||||
github.com/sftpgo/sdk v0.1.9-0.20240815080450-426add0ab063/go.mod h1:Isl0IEzS/Muvh8Fr4X+NWFsOS/fZQHRD4oPQpoY7C4g=
|
||||
github.com/sftpgo/sdk v0.1.9-0.20241002160417-3a2e25af00c1 h1:UR1rI03lk+rLbt/FmUszQoY+hE3XxVCEGSumjbMZx/I=
|
||||
github.com/sftpgo/sdk v0.1.9-0.20241002160417-3a2e25af00c1/go.mod h1:Isl0IEzS/Muvh8Fr4X+NWFsOS/fZQHRD4oPQpoY7C4g=
|
||||
github.com/shirou/gopsutil/v3 v3.24.5 h1:i0t8kL+kQTvpAYToeuiVk3TgDeKOFioZO3Ztz/iZ9pI=
|
||||
github.com/shirou/gopsutil/v3 v3.24.5/go.mod h1:bsoOS1aStSs9ErQ1WWfxllSeS1K5D+U30r2NfcubMVk=
|
||||
github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
|
||||
|
|
|
|||
|
|
@ -90,6 +90,10 @@ Command-line flags should be specified in the Subsystem declaration.
|
|||
logger.Error(logSender, connectionID, "unable to initialize KMS: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
if err := plugin.Initialize(config.GetPluginsConfig(), logLevel); err != nil {
|
||||
logger.Error(logSender, connectionID, "unable to initialize plugin system: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
mfaConfig := config.GetMFAConfig()
|
||||
err = mfaConfig.Initialize()
|
||||
if err != nil {
|
||||
|
|
@ -109,10 +113,6 @@ Command-line flags should be specified in the Subsystem declaration.
|
|||
logger.Error(logSender, connectionID, "unable to initialize the data provider: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
if err := plugin.Initialize(config.GetPluginsConfig(), logLevel); err != nil {
|
||||
logger.Error(logSender, connectionID, "unable to initialize plugin system: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
smtpConfig := config.GetSMTPConfig()
|
||||
err = smtpConfig.Initialize(configDir, false)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -370,6 +370,24 @@ func TestMain(m *testing.M) {
|
|||
os.Exit(1)
|
||||
}
|
||||
|
||||
kmsConfig := config.GetKMSConfig()
|
||||
err = kmsConfig.Initialize()
|
||||
if err != nil {
|
||||
logger.ErrorToConsole("error initializing kms: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
err = plugin.Initialize(pluginsConfig, "debug")
|
||||
if err != nil {
|
||||
logger.ErrorToConsole("error initializing plugin: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
mfaConfig := config.GetMFAConfig()
|
||||
err = mfaConfig.Initialize()
|
||||
if err != nil {
|
||||
logger.ErrorToConsole("error initializing MFA: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
err = dataprovider.Initialize(providerConf, configDir, true)
|
||||
if err != nil {
|
||||
logger.WarnToConsole("error initializing data provider: %v", err)
|
||||
|
|
@ -389,23 +407,6 @@ func TestMain(m *testing.M) {
|
|||
httpConfig.RetryMax = 1
|
||||
httpConfig.Timeout = 5
|
||||
httpConfig.Initialize(configDir) //nolint:errcheck
|
||||
kmsConfig := config.GetKMSConfig()
|
||||
err = kmsConfig.Initialize()
|
||||
if err != nil {
|
||||
logger.ErrorToConsole("error initializing kms: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
mfaConfig := config.GetMFAConfig()
|
||||
err = mfaConfig.Initialize()
|
||||
if err != nil {
|
||||
logger.ErrorToConsole("error initializing MFA: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
err = plugin.Initialize(pluginsConfig, "debug")
|
||||
if err != nil {
|
||||
logger.ErrorToConsole("error initializing plugin: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
httpdConf := config.GetHTTPDConfig()
|
||||
|
||||
|
|
|
|||
|
|
@ -73,7 +73,8 @@ var (
|
|||
// ErrInvalidSecret defines the error to return if a secret is not valid
|
||||
ErrInvalidSecret = errors.New("invalid secret")
|
||||
validSecretStatuses = []string{sdkkms.SecretStatusPlain, sdkkms.SecretStatusAES256GCM, sdkkms.SecretStatusSecretBox,
|
||||
sdkkms.SecretStatusVaultTransit, sdkkms.SecretStatusAWS, sdkkms.SecretStatusGCP, sdkkms.SecretStatusRedacted}
|
||||
sdkkms.SecretStatusVaultTransit, sdkkms.SecretStatusAWS, sdkkms.SecretStatusGCP, sdkkms.SecretStatusAzureKeyVault,
|
||||
sdkkms.SecretStatusOracleKeyVault, sdkkms.SecretStatusRedacted}
|
||||
config Configuration
|
||||
secretProviders = make(map[string]registeredSecretProvider)
|
||||
)
|
||||
|
|
|
|||
|
|
@ -29,9 +29,10 @@ import (
|
|||
)
|
||||
|
||||
var (
|
||||
validKMSSchemes = []string{sdkkms.SchemeAWS, sdkkms.SchemeGCP, sdkkms.SchemeVaultTransit, sdkkms.SchemeAzureKeyVault}
|
||||
validKMSSchemes = []string{sdkkms.SchemeAWS, sdkkms.SchemeGCP, sdkkms.SchemeVaultTransit,
|
||||
sdkkms.SchemeAzureKeyVault, sdkkms.SchemeOracleKeyVault}
|
||||
validKMSEncryptedStatuses = []string{sdkkms.SecretStatusVaultTransit, sdkkms.SecretStatusAWS, sdkkms.SecretStatusGCP,
|
||||
sdkkms.SecretStatusAzureKeyVault}
|
||||
sdkkms.SecretStatusAzureKeyVault, sdkkms.SecretStatusOracleKeyVault}
|
||||
)
|
||||
|
||||
// KMSConfig defines configuration parameters for kms plugins
|
||||
|
|
|
|||
|
|
@ -228,7 +228,7 @@ func initializePlugins() error {
|
|||
kmsID++
|
||||
kms.RegisterSecretProvider(config.KMSOptions.Scheme, config.KMSOptions.EncryptedStatus,
|
||||
Handler.Configs[idx].newKMSPluginSecretProvider)
|
||||
logger.Info(logSender, "", "registered secret provider for scheme: %v, encrypted status: %v",
|
||||
logger.Info(logSender, "", "registered secret provider for scheme %q, encrypted status %q",
|
||||
config.KMSOptions.Scheme, config.KMSOptions.EncryptedStatus)
|
||||
case auth.PluginName:
|
||||
plugin, err := newAuthPlugin(config)
|
||||
|
|
|
|||
|
|
@ -129,6 +129,13 @@ func (s *Service) initializeServices(disableAWSInstallationCode bool) error {
|
|||
logger.ErrorToConsole("unable to initialize KMS: %v", err)
|
||||
return err
|
||||
}
|
||||
// We may have KMS plugins and their schema needs to be registered before
|
||||
// initializing the data provider which may contain KMS secrets.
|
||||
if err := plugin.Initialize(config.GetPluginsConfig(), s.LogLevel); err != nil {
|
||||
logger.Error(logSender, "", "unable to initialize plugin system: %v", err)
|
||||
logger.ErrorToConsole("unable to initialize plugin system: %v", err)
|
||||
return err
|
||||
}
|
||||
mfaConfig := config.GetMFAConfig()
|
||||
err = mfaConfig.Initialize()
|
||||
if err != nil {
|
||||
|
|
@ -142,11 +149,6 @@ func (s *Service) initializeServices(disableAWSInstallationCode bool) error {
|
|||
logger.ErrorToConsole("error initializing data provider: %v", err)
|
||||
return err
|
||||
}
|
||||
if err := plugin.Initialize(config.GetPluginsConfig(), s.LogLevel); err != nil {
|
||||
logger.Error(logSender, "", "unable to initialize plugin system: %v", err)
|
||||
logger.ErrorToConsole("unable to initialize plugin system: %v", err)
|
||||
return err
|
||||
}
|
||||
smtpConfig := config.GetSMTPConfig()
|
||||
err = smtpConfig.Initialize(s.ConfigDir, s.PortableMode != 1)
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Reference in a new issue