From 473d3c26b31a3b8abce6a380a334766394bddedc Mon Sep 17 00:00:00 2001 From: Scott Miller Date: Wed, 19 Oct 2022 15:42:56 -0500 Subject: [PATCH] Intercept key_id from generic configmap and turn it into a wrapperv2 option (#17612) * Intercept key_id from generic configmap and turn it into a wrapperv2 option * changelog * Doubled append * Only convert key_id to an opt in OCI --- changelog/17612.txt | 3 +++ internalshared/configutil/kms.go | 18 ++++++++++-------- 2 files changed, 13 insertions(+), 8 deletions(-) create mode 100644 changelog/17612.txt diff --git a/changelog/17612.txt b/changelog/17612.txt new file mode 100644 index 000000000..3005d0bf7 --- /dev/null +++ b/changelog/17612.txt @@ -0,0 +1,3 @@ +```release-note:bug +core/seal: Fix regression handling of the key_id parameter in seal configuration HCL. +``` \ No newline at end of file diff --git a/internalshared/configutil/kms.go b/internalshared/configutil/kms.go index 78da77662..614a6ec8e 100644 --- a/internalshared/configutil/kms.go +++ b/internalshared/configutil/kms.go @@ -185,8 +185,10 @@ func configureWrapper(configKMS *KMS, infoKeys *[]string, info *map[string]strin wrapper, kmsInfo, err = GetGCPCKMSKMSFunc(configKMS, opts...) case wrapping.WrapperTypeOciKms: + if keyId, ok := configKMS.Config["key_id"]; ok { + opts = append(opts, wrapping.WithKeyId(keyId)) + } wrapper, kmsInfo, err = GetOCIKMSKMSFunc(configKMS, opts...) - case wrapping.WrapperTypeTransit: wrapper, kmsInfo, err = GetTransitKMSFunc(configKMS, opts...) @@ -213,7 +215,7 @@ func configureWrapper(configKMS *KMS, infoKeys *[]string, info *map[string]strin func GetAEADKMSFunc(kms *KMS, opts ...wrapping.Option) (wrapping.Wrapper, map[string]string, error) { wrapper := aeadwrapper.NewWrapper() - wrapperInfo, err := wrapper.SetConfig(context.Background(), opts...) + wrapperInfo, err := wrapper.SetConfig(context.Background(), append(opts, wrapping.WithConfigMap(kms.Config))...) if err != nil { return nil, nil, err } @@ -230,7 +232,7 @@ func GetAEADKMSFunc(kms *KMS, opts ...wrapping.Option) (wrapping.Wrapper, map[st func GetAliCloudKMSFunc(kms *KMS, opts ...wrapping.Option) (wrapping.Wrapper, map[string]string, error) { wrapper := alicloudkms.NewWrapper() - wrapperInfo, err := wrapper.SetConfig(context.Background(), wrapping.WithConfigMap(kms.Config)) + wrapperInfo, err := wrapper.SetConfig(context.Background(), append(opts, wrapping.WithConfigMap(kms.Config))...) if err != nil { // If the error is any other than logical.KeyNotFoundError, return the error if !errwrap.ContainsType(err, new(logical.KeyNotFoundError)) { @@ -250,7 +252,7 @@ func GetAliCloudKMSFunc(kms *KMS, opts ...wrapping.Option) (wrapping.Wrapper, ma var GetAWSKMSFunc = func(kms *KMS, opts ...wrapping.Option) (wrapping.Wrapper, map[string]string, error) { wrapper := awskms.NewWrapper() - wrapperInfo, err := wrapper.SetConfig(context.Background(), wrapping.WithConfigMap(kms.Config)) + wrapperInfo, err := wrapper.SetConfig(context.Background(), append(opts, wrapping.WithConfigMap(kms.Config))...) if err != nil { // If the error is any other than logical.KeyNotFoundError, return the error if !errwrap.ContainsType(err, new(logical.KeyNotFoundError)) { @@ -270,7 +272,7 @@ var GetAWSKMSFunc = func(kms *KMS, opts ...wrapping.Option) (wrapping.Wrapper, m func GetAzureKeyVaultKMSFunc(kms *KMS, opts ...wrapping.Option) (wrapping.Wrapper, map[string]string, error) { wrapper := azurekeyvault.NewWrapper() - wrapperInfo, err := wrapper.SetConfig(context.Background(), wrapping.WithConfigMap(kms.Config)) + wrapperInfo, err := wrapper.SetConfig(context.Background(), append(opts, wrapping.WithConfigMap(kms.Config))...) if err != nil { // If the error is any other than logical.KeyNotFoundError, return the error if !errwrap.ContainsType(err, new(logical.KeyNotFoundError)) { @@ -288,7 +290,7 @@ func GetAzureKeyVaultKMSFunc(kms *KMS, opts ...wrapping.Option) (wrapping.Wrappe func GetGCPCKMSKMSFunc(kms *KMS, opts ...wrapping.Option) (wrapping.Wrapper, map[string]string, error) { wrapper := gcpckms.NewWrapper() - wrapperInfo, err := wrapper.SetConfig(context.Background(), wrapping.WithConfigMap(kms.Config)) + wrapperInfo, err := wrapper.SetConfig(context.Background(), append(opts, wrapping.WithConfigMap(kms.Config))...) if err != nil { // If the error is any other than logical.KeyNotFoundError, return the error if !errwrap.ContainsType(err, new(logical.KeyNotFoundError)) { @@ -307,7 +309,7 @@ func GetGCPCKMSKMSFunc(kms *KMS, opts ...wrapping.Option) (wrapping.Wrapper, map func GetOCIKMSKMSFunc(kms *KMS, opts ...wrapping.Option) (wrapping.Wrapper, map[string]string, error) { wrapper := ocikms.NewWrapper() - wrapperInfo, err := wrapper.SetConfig(context.Background(), wrapping.WithConfigMap(kms.Config)) + wrapperInfo, err := wrapper.SetConfig(context.Background(), append(opts, wrapping.WithConfigMap(kms.Config))...) if err != nil { return nil, nil, err } @@ -323,7 +325,7 @@ func GetOCIKMSKMSFunc(kms *KMS, opts ...wrapping.Option) (wrapping.Wrapper, map[ var GetTransitKMSFunc = func(kms *KMS, opts ...wrapping.Option) (wrapping.Wrapper, map[string]string, error) { wrapper := transit.NewWrapper() - wrapperInfo, err := wrapper.SetConfig(context.Background(), wrapping.WithConfigMap(kms.Config)) + wrapperInfo, err := wrapper.SetConfig(context.Background(), append(opts, wrapping.WithConfigMap(kms.Config))...) if err != nil { // If the error is any other than logical.KeyNotFoundError, return the error if !errwrap.ContainsType(err, new(logical.KeyNotFoundError)) {