From c28355b2dba36256678c18131d951013b49976a2 Mon Sep 17 00:00:00 2001 From: Sheen Capadngan Date: Tue, 29 Oct 2024 15:54:06 +0800 Subject: [PATCH 1/2] feat: add kms operations --- client.go | 6 ++++ kms.go | 49 ++++++++++++++++++++++++++++++++ packages/api/kms/decrypt_data.go | 29 +++++++++++++++++++ packages/api/kms/encrypt_data.go | 29 +++++++++++++++++++ packages/api/kms/models.go | 19 +++++++++++++ 5 files changed, 132 insertions(+) create mode 100644 kms.go create mode 100644 packages/api/kms/decrypt_data.go create mode 100644 packages/api/kms/encrypt_data.go create mode 100644 packages/api/kms/models.go diff --git a/client.go b/client.go index da07838..d6403f0 100644 --- a/client.go +++ b/client.go @@ -33,6 +33,7 @@ type InfisicalClient struct { folders FoldersInterface auth AuthInterface dynamicSecrets DynamicSecretsInterface + kms KmsInterface } type InfisicalClientInterface interface { @@ -41,6 +42,7 @@ type InfisicalClientInterface interface { Folders() FoldersInterface Auth() AuthInterface DynamicSecrets() DynamicSecretsInterface + Kms() KmsInterface } type Config struct { @@ -178,6 +180,10 @@ func (c *InfisicalClient) DynamicSecrets() DynamicSecretsInterface { return c.dynamicSecrets } +func (c *InfisicalClient) Kms() KmsInterface { + return c.kms +} + func (c *InfisicalClient) handleTokenLifeCycle(context context.Context) { var warningPrinted = false authStrategies := map[util.AuthMethod]func(cred interface{}) (credential MachineIdentityCredential, err error){ diff --git a/kms.go b/kms.go new file mode 100644 index 0000000..5673e20 --- /dev/null +++ b/kms.go @@ -0,0 +1,49 @@ +package infisical + +import ( + "encoding/base64" + + api "github.com/infisical/go-sdk/packages/api/kms" +) + +type KmsEncryptDataOptions = api.KmsEncryptDataV1Request +type KmsDecryptDataOptions = api.KmsDecryptDataV1Request + +type KmsInterface interface { + EncryptData(options KmsEncryptDataOptions) (string, error) + DecryptData(options KmsDecryptDataOptions) (string, error) +} + +type Kms struct { + client *InfisicalClient +} + +func (f *Kms) EncryptData(options KmsEncryptDataOptions) (string, error) { + options.Plaintext = base64.StdEncoding.EncodeToString([]byte(options.Plaintext)) + res, err := api.CallKmsEncryptDataV1(f.client.httpClient, options) + + if err != nil { + return "", err + } + + return res.Ciphertext, nil +} + +func (f *Kms) DecryptData(options KmsDecryptDataOptions) (string, error) { + res, err := api.CallKmsDecryptDataV1(f.client.httpClient, options) + + if err != nil { + return "", err + } + + decodedPlaintext, err := base64.StdEncoding.DecodeString(res.Plaintext) + if err != nil { + return "", err + } + + return string(decodedPlaintext), nil +} + +func NewKms(client *InfisicalClient) KmsInterface { + return &Kms{client: client} +} diff --git a/packages/api/kms/decrypt_data.go b/packages/api/kms/decrypt_data.go new file mode 100644 index 0000000..d7949fa --- /dev/null +++ b/packages/api/kms/decrypt_data.go @@ -0,0 +1,29 @@ +package api + +import ( + "fmt" + + "github.com/go-resty/resty/v2" + "github.com/infisical/go-sdk/packages/errors" +) + +const callKmsDecryptDataOperationV1 = "CallKmsDecryptDataV1" + +func CallKmsDecryptDataV1(httpClient *resty.Client, request KmsDecryptDataV1Request) (KmsDecryptDataV1Response, error) { + kmsDecryptDataResponse := KmsDecryptDataV1Response{} + + res, err := httpClient.R(). + SetResult(&kmsDecryptDataResponse). + SetBody(request). + Post(fmt.Sprintf("/v1/kms/keys/%s/decrypt", request.KeyId)) + + if err != nil { + return KmsDecryptDataV1Response{}, errors.NewRequestError(callKmsDecryptDataOperationV1, err) + } + + if res.IsError() { + return KmsDecryptDataV1Response{}, errors.NewAPIErrorWithResponse(callKmsDecryptDataOperationV1, res) + } + + return kmsDecryptDataResponse, nil +} diff --git a/packages/api/kms/encrypt_data.go b/packages/api/kms/encrypt_data.go new file mode 100644 index 0000000..e089ee1 --- /dev/null +++ b/packages/api/kms/encrypt_data.go @@ -0,0 +1,29 @@ +package api + +import ( + "fmt" + + "github.com/go-resty/resty/v2" + "github.com/infisical/go-sdk/packages/errors" +) + +const callKmsEncryptDataOperationV1 = "CallKmsEncryptDataV1" + +func CallKmsEncryptDataV1(httpClient *resty.Client, request KmsEncryptDataV1Request) (KmsEncryptDataV1Response, error) { + kmsEncryptDataResponse := KmsEncryptDataV1Response{} + + res, err := httpClient.R(). + SetResult(&kmsEncryptDataResponse). + SetBody(request). + Post(fmt.Sprintf("/v1/kms/keys/%s/encrypt", request.KeyId)) + + if err != nil { + return KmsEncryptDataV1Response{}, errors.NewRequestError(callKmsEncryptDataOperationV1, err) + } + + if res.IsError() { + return KmsEncryptDataV1Response{}, errors.NewAPIErrorWithResponse(callKmsEncryptDataOperationV1, res) + } + + return kmsEncryptDataResponse, nil +} diff --git a/packages/api/kms/models.go b/packages/api/kms/models.go new file mode 100644 index 0000000..df05886 --- /dev/null +++ b/packages/api/kms/models.go @@ -0,0 +1,19 @@ +package api + +type KmsEncryptDataV1Request struct { + KeyId string + Plaintext string `json:"plaintext"` +} + +type KmsEncryptDataV1Response struct { + Ciphertext string `json:"ciphertext"` +} + +type KmsDecryptDataV1Request struct { + KeyId string + Ciphertext string `json:"ciphertext"` +} + +type KmsDecryptDataV1Response struct { + Plaintext string `json:"plaintext"` +} From d2463becffaa5c2a74247a1382bfd4e6928383ee Mon Sep 17 00:00:00 2001 From: Sheen Capadngan Date: Tue, 29 Oct 2024 21:34:30 +0800 Subject: [PATCH 2/2] misc: add missing kms definition --- client.go | 1 + 1 file changed, 1 insertion(+) diff --git a/client.go b/client.go index d6403f0..81586a8 100644 --- a/client.go +++ b/client.go @@ -119,6 +119,7 @@ func NewInfisicalClient(context context.Context, config Config) InfisicalClientI client.folders = NewFolders(client) client.auth = NewAuth(client) client.dynamicSecrets = NewDynamicSecrets(client) + client.kms = NewKms(client) if config.AutoTokenRefresh { go client.handleTokenLifeCycle(context)