| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This allows to easily use end-to-end encrypted requests and replies
to fetch secrets.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the term secret and not key to refer to .. well .. secrets.
Store the last response instead of returning it to the caller, this
way there is a consistent way to get access to it and only as needed.
Change the name to CustodiaSimpleClient in preparaion for extending the
support to other Secret types.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
| |
This plugin takes a nother store to use and ecnrypts all content.
note: it does not encrypt key names nor the containers
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
| |
Use custom configuration and databases, do not rely on in-tree data.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The server can be now configured using a new parameter called
"server_url".
Setting server_url to "http://0.0.0.0:80/" will make the server listen
on TCP port 80, while setting it to "http+unix://%2fsocket" will make
the server listen on the unix socket named "/socket".
The backwards compatible "server_socket" is retained and used if no
server_url is provided.
The request dict has a new field "client_id" that contains either a
PID or a peer name. In the future the field can be augmented with a
TLS client cert DN or other similar identifier.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
| |
This pugin allows to mangle and forward requests to another custodia
server, locally or on the network.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The test suite leaves child processes behind. The teardown class method
now call Popen.kill() and Popen.wait() to kill and wait for its child
process.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #5
|
|
|
|
|
|
|
|
|
| |
The patch fixes to typos in the tear down function of two test suites.
The tests now cleanup and remove temporary files like Unix socket and
test databases.
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes: #3
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
A missing query would not lead to the default 'simple' type being selected.
Add tests for PUT/GET/DELETE of a simple key.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The new 'kem' type allows the backend to authorize access to keys based on
a signed request where the key mus be whitelisted in advance in a kemkeys
database.
The reply is encrypted with the client public key.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
Create a message module to deal with message types and validation.
Signed-off-by: Simo Sorce <simo@redhat.com>
|