Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Share secrets by username #61

Merged
merged 10 commits into from
May 19, 2021
Merged

Share secrets by username #61

merged 10 commits into from
May 19, 2021

Conversation

carrala
Copy link
Contributor

@carrala carrala commented May 17, 2021

Share secrets with identities by username, with a test.

DecryptTextSecret was updated to use the group eak, so that it can decrypt secrets that are owned or shared with the identity.

@coveralls
Copy link

coveralls commented May 17, 2021
edited
Loading

Coverage Status

Coverage increased (+2.4%) to 43.763% when pulling 41a441b on share-secrets into a5e4cf2 on master.

rosasck
rosasck approved these changes May 17, 2021
View reviewed changes
Copy link
Contributor

@rosasck rosasck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pending test

client.go Outdated Show resolved Hide resolved
secrets_test.go Show resolved Hide resolved
efabens
efabens reviewed May 17, 2021
View reviewed changes
client.go Show resolved Hide resolved
efabens
efabens reviewed May 17, 2021
View reviewed changes
client.go Outdated Show resolved Hide resolved
efabens
efabens reviewed May 17, 2021
View reviewed changes
client.go Outdated Show resolved Hide resolved
efabens
efabens reviewed May 17, 2021
View reviewed changes
client.go Outdated Show resolved Hide resolved
galxy25
galxy25 reviewed May 18, 2021
View reviewed changes
client.go Outdated Show resolved Hide resolved
@carrala
Copy link
Contributor Author

carrala commented May 18, 2021

Changes:

  • CreateSecrets and ShareSecretByUsername allow the calling client to pick which permissions each group member will have.
  • GetOrCreateNamespace requires that you identify every member to add to the namespace. This means that if the calling client isn't in this list, it won't have access to the group.
  • ListSecrets returns a list of processing errors. These are issues with specific secrets that prevented them from being added to the list -- it means that you will still get a list of secrets, even if one secret couldn't be decrypted or wasn't available to the calling client.

@carrala carrala requested review from efabens and galxy25 May 18, 2021 19:00
galxy25
galxy25 reviewed May 18, 2021
View reviewed changes
client.go Outdated
if err != nil {
return nil, err
}
ownerClientID, err := uuid.Parse(c.StorageClient.ClientID)
if err != nil {
return nil, err
Copy link
Contributor

@galxy25 galxy25 May 18, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remember that a key reason for this change is to return an informative error message, suggest

return nil, errors.New(fmt.Sprintf("CreateSecret: Client ID must be a valid UUID, got %s", c.StorageClient.ClientID))

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

got it! will update these error messages throughout.

@carrala carrala merged commit 45bf096 into master May 19, 2021
@carrala carrala deleted the share-secrets branch May 19, 2021 19:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efabens efabens efabens approved these changes

@galxy25 galxy25 galxy25 approved these changes

@rosasck rosasck rosasck approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@carrala @coveralls @efabens @galxy25 @rosasck