Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Jun 19, 2025. It is now read-only.

Integrate OpenStack Barbican Secret Manager #373

Open
artashesbalabekyan wants to merge 20 commits into
base: master
Choose a base branch
from
Open

Integrate OpenStack Barbican Secret Manager #373

artashesbalabekyan wants to merge 20 commits into from

Conversation

@artashesbalabekyan
Copy link

@artashesbalabekyan artashesbalabekyan commented Jun 29, 2023

The KES doesn't support OpenStack Barbican Secret Manager.

This PR adds the support of Openstack Barbican Secret Manager along with other Key Management providers.

Testing this PR

  1. Setup two KES instance (source and target). Therefore create a new TLS private/public key pair:
kes identity new --ip 127.0.0.1 --dns localhost localhost

address: 0.0.0.0:7373 # Listen on all network interfaces on port 7373

admin:
  identity: 273de8a8d40c110047de8dcbaaa85896704fad73c9b0e093c8bb822e872b41c2

tls:
  key: private.key # The KES server TLS private key
  cert: public.crt # The KES server TLS certificate

policy:
  my-app:
    allow:
      - /v1/key/*/*
    identities:
    - c9aff4f0d135b88f70429ab9b4c11479d94c32301e801449f332b6eef4521bec


keystore:
  openstack:
    barbican:
      auth_url: <auth_url>
      barbican_url: <barbican_url>
      credentials:
        user_domain: "Default"
        username: <user_name>
        password: <password>
        project_domain: "default"
        project_name: <project_name>

Run the test

go test edge/*.go  -test.run ^TestOpenStack$ -openstack.config ./config.yml

@shtripat shtripat requested a review from aead June 30, 2023 04:51
mrhamburg and others added 11 commits July 1, 2023 06:23
@mrhamburg @artashesbalabekyan
Initial commit
8c49666
@mrhamburg @artashesbalabekyan
Added debug info
64ba616
@artashesbalabekyan
fix: barbican: don't decode secret payload
33fd458 
Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan
fix: barbican: use query parameters when get secrets by name
695d35a 
Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan
refactor: barbican: diverse the functions logic
66d52d3 
Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan
fix: Content-Type header
bdefa89 
Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan
refactor: barbican: diversify the code
32d959a 
Signed-off-by: Artashes Balabekyan <[email protected]>
@mrhamburg @artashesbalabekyan
fix: error messages barbican
aec0a78
@artashesbalabekyan
fix: test: throw error if test should not fail
744ec83 
Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan
refactor: openstack: use barbican-sdk-go package
2f7b039 
Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan
remove launch.json
f7dcad5 
Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan artashesbalabekyan force-pushed the integrate_openstack_barbican branch from ccff003 to f7dcad5 Compare July 1, 2023 06:24
@artashesbalabekyan
mod: update barbican sdk package
accae2f 
Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan
mod: update barbican sdk package
35e1150 
Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan
Merge branch 'master' of github.com:minio/kes into integrate_openstac…
40fada2 
…k_barbican

Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan
fix: openstack tests
005a125 
Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan
integrate barbican using gophercloud package
1878d8b 
Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan
fix: edge_test shouldfiail case
6393557 
Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan
fix: openstack: don't use service type and name for endpoint options
d30ed6f 
Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan
openstack: remove unused prints
63f7949 
Signed-off-by: Artashes Balabekyan <[email protected]>
@artashesbalabekyan
fix: openstack: throw key already exists error when trying to create …
3390828 
…an existing key

Signed-off-by: Artashes Balabekyan <[email protected]>
@A1ca7raz
Copy link

A1ca7raz commented Aug 26, 2023

After Hashicorp Vault changing their license, I was looking for an open-source alternative until I saw this pr. Thank you!

@allanrogerr
Copy link

allanrogerr commented Nov 7, 2023

@artashesbalabekyan Is this still being worked on?

@allanrogerr allanrogerr added the question Further information is requested label Nov 7, 2023
@artashesbalabekyan
Copy link
Author

artashesbalabekyan commented Nov 8, 2023

@artashesbalabekyan Is this still being worked on?

@allanrogerr Yes. It is tested, and it works

@harshavardhana harshavardhana added Do-Not-Merge Waiting for something new-feature This PR implements a new feature community pending discussion labels Jan 9, 2024
@harshavardhana harshavardhana removed the question Further information is requested label Jan 9, 2024
@harshavardhana
Copy link
Member

harshavardhana commented Aug 17, 2024

Please rebase the PR with the latest master, sorry for the delay.

@harshavardhana harshavardhana force-pushed the master branch 3 times, most recently from f832434 to 63649d0 Compare May 27, 2025 18:49
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@aead aead Awaiting requested review from aead

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

community Do-Not-Merge Waiting for something new-feature This PR implements a new feature pending discussion

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@artashesbalabekyan @A1ca7raz @allanrogerr @harshavardhana @mrhamburg