As patch has been merged upstream, and `keyservice.LocalClient` does
now accept the `KeyServiceServer` interface.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This checks the base64 decoded bytes from a Secret field for any of the
marker bytes, thereby allowing data to be encrypted into any format.
Instead of the previous behavior which assumed it to either be YAML or
JSON.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This ensures the Secret field gets formatted back into JSON, instead of
it being detected as binary output.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Rather than inspecting the source file name supplied to kustomize's
Secret generator to determine the format of the SOPS-encrypted file
content, instead inspect the Secret key (when supplied separately from
the source file name) as a more reliable heuristic.
Doing so allows kustomization authors to name their SOPS-encrypted
output files with a ".json" extension accurately reflecting the format
in which SOPS writes its encrypted output, even if the encrypted
content itself is not in JSON format.
Signed-off-by: Steven E. Harris <seh@panix.com>
- Refactored recursion while iterating over Kustomization files.
References of files that have been visited are cached, and not
visited again. In addition, symlinks are confirmed to not traverse
outside the working directory.
- Optimized various bits around (un)marshalling (encrypted) data, and
YAML -> JSON -> YAML roundtrips are prevented where not required.
- Added support for decrypting INI Kustomize EnvSource references using
the dedicated SOPS store for the format.
- Introduced support for decrypting Kustomize FileSources:
https://pkg.go.dev/sigs.k8s.io/kustomize@v1.0.2/pkg/types#DataSources
Signed-off-by: Hidde Beydals <hello@hidde.co>
This adds a new Token type which can be used to configure an
azcore.TokenCredential on a master key. Due to this introduction, the
server only has to go through the AADConfig once.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This adds a new ParsedIdentities type which can be used to parse a set
of age identities just once, instead of parsing them for every Decrypt
request.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This adds a new GnuPGHome type which can be used to create a new
contained GnuPG home directory. The type is self-validating, ensuring
it adheres to e.g. permission rules set out by GnuPG, and allows for
importing keys from armored bytes and files.
Because of this introduction, the decryptor service no longer has to
write data from a Secret to a temporary file, but is instead able to
directly import them into the keyring from the Secret entry's bytes.
Signed-off-by: Hidde Beydals <hello@hidde.co>
The original keyservice implementation was forked from SOPS, keeping
the prompt capabilities intact. However, since the implementations have
started to grow, it is better to remove this capability and resort to
a hardcoded `false` default for the fallback server. As the controller
is never expected to have an interactive TTY/shell.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This solves a regression bug introduced in `v0.22.0`, which caused the
keyservice to not properly fall back to the default for Azure Key Vault
decryption requests.
A couple of nitpicks that I ran into while inspecting the code have
been adressed as well.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This includes a refactor of the other entries, to start moving guides
to the website while containing minimal technical (instructions)
in-spec.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This updates to the `github.com/Azure/azure-sdk-for-go` SDK, which is
the (apparent) successor of the previous SDK, and allows for easier
configuration of credentials through the `azidentity` package.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- Ensure key source follows upstream SOPS contracts as closely as
possible (e.g. `MasterKey` interface).
- Prevent unnecesary FS operations by allowing token creation and
and authorizer configuration to be factored from file bytes.
- Ensure a limited number of configuration option is taken into
account, excluding e.g. file path references.
- Ensure server maintains backwards compatibility with previously
supported "global" Azure configuration, _without_ relying on file
assumptions and/or inspections (but rather, server configurations).
Signed-off-by: Hidde Beydals <hello@hidde.co>
If implemented, the kustomize controller will be able to retrieve a
secret containing a VAULT TOKEN and use it to decrypt the sops encrypted
master key. It will then use it to decrypt the data key and finally use the data
key to decrypt the final data.
Signed-off-by: Soule BA <bah.soule@gmail.com>
If decryption is not enabled, SOPS encrypted secrets will fail to apply with a validation error that doesn't give any hints. It's better to exit early and throw an error that tells users to enable decryption.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Reconciler behaviour:
- Creates an inventory of objects to be applied (persisted in-cluster under `.status.inventory`).
- Applies first custom resource definitions (CRDs) and namespaces, waits for them to register and only then applies the custom resources.
- Validates all resources with server-side dry-run apply (namespaced objects must contain `metadata.namespace`, defaulting to the `default` namespace is no longer supported).
- Reconciles only the resources that drifted.
- Prunes the objects that were previously applied but are missing from the current inventory.
- Emits events for only the resources that where created, configured or deleted.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
The previous `.txt` is very generic and could have resulted in
collisions when a new encryption format would be introduced in the
future.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit ensures that relative (user configurable) paths never
traverse outside their working directory.
It does _not_ provide protection against path traversal within
`kustomization.yaml` files.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Hidde Beydals
Steven E. Harris
David Quagebeur
Soule BA
Stefan Prodan
Rishabh Bohra
Somtochi Onyekwere
Gorka Maiztegi
bob.rohan
David J. M. Karlsen
Nicolas Lamirault