From 78013f953b67849250b10c77b34322cdf6c9f496 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Thu, 25 Jul 2024 09:15:05 +0200 Subject: [PATCH 01/15] Alibaba SSM --- command/secrets/generate/params.go | 2 +- command/secrets/generate/secrets_generate.go | 1 + go.mod | 16 +- go.sum | 67 +++++- secrets/alibaba/alibaba_ssm.go | 221 +++++++++++++++++++ secrets/helper/helper.go | 20 ++ secrets/secrets.go | 5 +- secrets/secrets_test.go | 5 + server/builtin.go | 2 + 9 files changed, 335 insertions(+), 4 deletions(-) create mode 100644 secrets/alibaba/alibaba_ssm.go diff --git a/command/secrets/generate/params.go b/command/secrets/generate/params.go index 7087e00fb1..013d5ecc69 100644 --- a/command/secrets/generate/params.go +++ b/command/secrets/generate/params.go @@ -31,7 +31,7 @@ const ( var ( errUnsupportedType = fmt.Errorf( "unsupported service manager type; only %s, %s, %s and %s are supported for now", - secrets.Local, secrets.HashicorpVault, secrets.AWSSSM, secrets.GCPSSM) + secrets.Local, secrets.HashicorpVault, secrets.AWSSSM, secrets.GCPSSM, secrets.AlibabaSSM) ) type generateParams struct { diff --git a/command/secrets/generate/secrets_generate.go b/command/secrets/generate/secrets_generate.go index 82f3e8d38b..a5f10b8bf0 100644 --- a/command/secrets/generate/secrets_generate.go +++ b/command/secrets/generate/secrets_generate.go @@ -54,6 +54,7 @@ func setFlags(cmd *cobra.Command) { secrets.HashicorpVault, secrets.AWSSSM, secrets.GCPSSM, + secrets.AlibabaSSM, ), ) diff --git a/go.mod b/go.mod index 1cab50c9ad..feb1d4cd9b 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,10 @@ require ( github.com/Ethernal-Tech/blockchain-event-tracker v0.0.0-20240628125004-67308570b6e2 github.com/Ethernal-Tech/ethgo v0.0.0-20240628122946-b6b88f4f501d github.com/Ethernal-Tech/merkle-tree v0.0.0-20231213143318-4db9da419e04 + github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8 + github.com/alibabacloud-go/oos-20190601/v4 v4.1.2 + github.com/alibabacloud-go/tea v1.2.2 + github.com/alibabacloud-go/tea-utils/v2 v2.0.6 github.com/armon/go-metrics v0.4.1 github.com/aws/aws-sdk-go v1.54.12 github.com/btcsuite/btcd/btcec/v2 v2.3.3 @@ -59,7 +63,17 @@ require ( require ( github.com/DataDog/go-libddwaf/v3 v3.2.1 // indirect + github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect + github.com/alibabacloud-go/debug v1.0.0 // indirect + github.com/alibabacloud-go/endpoint-util v1.1.0 // indirect + github.com/alibabacloud-go/openapi-util v0.1.0 // indirect + github.com/alibabacloud-go/tea-utils v1.3.1 // indirect + github.com/alibabacloud-go/tea-xml v1.1.3 // indirect + github.com/aliyun/credentials-go v1.3.1 // indirect + github.com/clbanning/mxj/v2 v2.5.5 // indirect github.com/ianlancetaylor/cgosymbolizer v0.0.0-20240503222823-736c933a666d // indirect + github.com/tjfoc/gmsm v1.3.2 // indirect + gopkg.in/ini.v1 v1.67.0 // indirect ) require ( @@ -179,7 +193,7 @@ require ( github.com/opencontainers/image-spec v1.1.0 // indirect github.com/opencontainers/runc v1.1.13 // indirect github.com/opencontainers/runtime-spec v1.2.0 // indirect - github.com/opentracing/opentracing-go v1.2.0 // indirect + github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect github.com/ory/dockertest v3.3.5+incompatible // indirect github.com/outcaste-io/ristretto v0.2.3 // indirect github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect diff --git a/go.sum b/go.sum index d66b0c3a46..11f1f62901 100644 --- a/go.sum +++ b/go.sum @@ -58,6 +58,36 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 h1:iC9YFYKDGEy3n/FtqJnOkZsene9olVspKmkX5A2YBEo= +github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= +github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8 h1:benoD0QHDrylMzEQVpX/6uKtrN8LohT66ZlKXVJh7pM= +github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= +github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68/go.mod h1:6pb/Qy8c+lqua8cFpEy7g39NRRqOWc3rOwAy8m5Y2BY= +github.com/alibabacloud-go/debug v1.0.0 h1:3eIEQWfay1fB24PQIEzXAswlVJtdQok8f3EVN5VrBnA= +github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc= +github.com/alibabacloud-go/endpoint-util v1.1.0 h1:r/4D3VSw888XGaeNpP994zDUaxdgTSHBbVfZlzf6b5Q= +github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= +github.com/alibabacloud-go/oos-20190601/v4 v4.1.2 h1:aWaxcGDYdDd4pWbHzx9rwijYHb2HQIVBGlRY8eJZs08= +github.com/alibabacloud-go/oos-20190601/v4 v4.1.2/go.mod h1:pid1vXgITVg6BwUziAM1vPZtu9lT64SLbFCWk8J2kzQ= +github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE/r5Pb3312/eAY= +github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= +github.com/alibabacloud-go/tea v1.1.0/go.mod h1:IkGyUSX4Ba1V+k4pCtJUc6jDpZLFph9QMy2VUPTwukg= +github.com/alibabacloud-go/tea v1.1.7/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= +github.com/alibabacloud-go/tea v1.1.8/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= +github.com/alibabacloud-go/tea v1.1.17/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A= +github.com/alibabacloud-go/tea v1.2.1/go.mod h1:qbzof29bM/IFhLMtJPrgTGK3eauV5J2wSyEUo4OEmnA= +github.com/alibabacloud-go/tea v1.2.2 h1:aTsR6Rl3ANWPfqeQugPglfurloyBJY85eFy7Gc1+8oU= +github.com/alibabacloud-go/tea v1.2.2/go.mod h1:CF3vOzEMAG+bR4WOql8gc2G9H3EkH3ZLAQdpmpXMgwk= +github.com/alibabacloud-go/tea-utils v1.3.1 h1:iWQeRzRheqCMuiF3+XkfybB3kTgUXkXX+JMrqfLeB2I= +github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE= +github.com/alibabacloud-go/tea-utils/v2 v2.0.5/go.mod h1:dL6vbUT35E4F4bFTHL845eUloqaerYBYPsdWR2/jhe4= +github.com/alibabacloud-go/tea-utils/v2 v2.0.6 h1:ZkmUlhlQbaDC+Eba/GARMPy6hKdCLiSke5RsN5LcyQ0= +github.com/alibabacloud-go/tea-utils/v2 v2.0.6/go.mod h1:qxn986l+q33J5VkialKMqT/TTs3E+U9MJpd001iWQ9I= +github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0= +github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8= +github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= +github.com/aliyun/credentials-go v1.3.1 h1:uq/0v7kWrxmoLGpqjx7vtQ/s03f0zR//0br/xWDTE28= +github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= @@ -119,6 +149,8 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= +github.com/clbanning/mxj/v2 v2.5.5 h1:oT81vUeEiQQ/DcHbzSytRngP6Ky9O+L+0Bw0zSJag9E= +github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/containerd/cgroups v0.0.0-20201119153540-4cbc285b3327/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE= @@ -295,6 +327,7 @@ github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE0 github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA= github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -378,9 +411,11 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfC github.com/jrick/logrotate v1.0.0/go.mod h1:LNinyqDIJnpAur+b8yyulnQw/wDuN1+BYKlTRt3OuAQ= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213/go.mod h1:vNUNkEQ1e29fT/6vq2aBdFsgNPmy8qMdSay1npru+Sw= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= @@ -517,6 +552,7 @@ github.com/multiformats/go-varint v0.0.7/go.mod h1:r8PUYw/fD/SjBCiKOoDlGF6QawOEL github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= @@ -550,8 +586,9 @@ github.com/opencontainers/runc v1.1.13/go.mod h1:R016aXacfp/gwQBYw2FDGa9m+n6atbL github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= +github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= +github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA= github.com/ory/dockertest v3.3.5+incompatible/go.mod h1:1vX4m9wsvi00u5bseYwXaSnhNrne+V0E6LAcBILJdPs= @@ -705,6 +742,9 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo= +github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= @@ -716,6 +756,7 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= @@ -740,6 +781,8 @@ github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d/go.mod h1:RRCYJ github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0= github.com/tinylib/msgp v1.1.8/go.mod h1:qkpG+2ldGg4xRFmx+jfTvZPxfGFhi64BcnL9vkCm/Tw= +github.com/tjfoc/gmsm v1.3.2 h1:7JVkAn5bvUJ7HtU08iW6UiD+UTmJTIToHCfeFzkcCxM= +github.com/tjfoc/gmsm v1.3.2/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w= github.com/trailofbits/go-fuzz-utils v0.0.0-20210901195358-9657fcfd256c h1:4WU+p200eLYtBsx3M5CKXvkjVdf5SC3W9nMg37y0TFI= github.com/trailofbits/go-fuzz-utils v0.0.0-20210901195358-9657fcfd256c/go.mod h1:f3jBhpWvuZmue0HZK52GzRHJOYHYSILs/c8+K2S/J+o= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= @@ -759,6 +802,7 @@ github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLr github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.30/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= @@ -818,13 +862,17 @@ golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200602180216-279210d13fed/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= +golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= @@ -867,6 +915,7 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= @@ -880,10 +929,13 @@ golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= @@ -902,6 +954,7 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -929,6 +982,7 @@ golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200509044756-6aff5f38e54f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -960,6 +1014,7 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= @@ -972,8 +1027,10 @@ golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= @@ -989,8 +1046,10 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= @@ -1005,6 +1064,7 @@ golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= @@ -1012,6 +1072,7 @@ golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -1081,11 +1142,15 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= +gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce h1:+JknDZhAj8YMt7GC73Ei8pv4MzjDUNPHgQWJdtMAaDU= gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce/go.mod h1:5AcXVHNjg+BDxry382+8OKon8SEWiKktQR07RKPsv1c= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= diff --git a/secrets/alibaba/alibaba_ssm.go b/secrets/alibaba/alibaba_ssm.go new file mode 100644 index 0000000000..6d93589daf --- /dev/null +++ b/secrets/alibaba/alibaba_ssm.go @@ -0,0 +1,221 @@ +package alibabassm + +import ( + "encoding/json" + "errors" + "fmt" + "os" + "strings" + + "github.com/0xPolygon/polygon-edge/secrets" + openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client" + oos20190601 "github.com/alibabacloud-go/oos-20190601/v4/client" + util "github.com/alibabacloud-go/tea-utils/v2/service" + "github.com/alibabacloud-go/tea/tea" + "github.com/hashicorp/go-hclog" +) + +type AlibabaSsmManager struct { + // Local logger object + logger hclog.Logger + + // The AWS region + region string + + // Custom AWS endpoint, e.g. localstack + endpoint string + + // The Alibaba SDK client + client *oos20190601.Client + + // The base path to store the secrets in SSM Parameter Store + basePath string +} + +func SecretsManagerFactory( + config *secrets.SecretsManagerConfig, + params *secrets.SecretsManagerParams) (secrets.SecretsManager, error) { //nolint + + // Check if the node name is present + if config.Name == "" { + return nil, errors.New("no node name specified for Alibaba SSM secrets manager") + } + + // Check if the extra map is present + if config.Extra == nil || config.Extra["region"] == nil || config.Extra["ssm-parameter-path"] == nil { + return nil, errors.New("required extra map containing 'region' and 'ssm-parameter-path' not found for aws-ssm") + } + + // / Set up the base object + alibabaSsmManager := &AlibabaSsmManager{ + logger: params.Logger.Named(string(secrets.AlibabaSSM)), + region: fmt.Sprintf("%v", config.Extra["region"]), + endpoint: config.ServerURL, + } + + // Set the base path to store the secrets in SSM + alibabaSsmManager.basePath = fmt.Sprintf("%s/%s", config.Extra["ssm-parameter-path"], config.Name) + + // Run the initial setup + if err := alibabaSsmManager.Setup(); err != nil { + return nil, err + } + + return alibabaSsmManager, nil +} + +// Setup sets up the Alibaba SSM secrets manager +func (a *AlibabaSsmManager) Setup() error { + config := &openapi.Config{ + // Required, please ensure that the environment variables ALIBABA_CLOUD_ACCESS_KEY_ID is set. + AccessKeyId: tea.String(os.Getenv("ALIBABA_CLOUD_ACCESS_KEY_ID")), + // Required, please ensure that the environment variables ALIBABA_CLOUD_ACCESS_KEY_SECRET is set. + AccessKeySecret: tea.String(os.Getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")), + //config.Endpoint = tea.String("oos.eu-central-1.aliyuncs.com") + Endpoint: tea.String(a.endpoint), + } + + client, err := oos20190601.NewClient(config) + if err != nil { + return err + } + + a.client = client + + return nil +} + +// constructSecretPath is a helper method for constructing a path to the secret +func (a *AlibabaSsmManager) constructSecretPath(name string) string { + return fmt.Sprintf("%s/%s", a.basePath, name) +} + +// GetSecret fetches a secret from Alibaba SSM +func (a *AlibabaSsmManager) GetSecret(name string) ([]byte, error) { + getSecretParameterRequest := &oos20190601.GetSecretParameterRequest{ + RegionId: tea.String(a.region), //eu-central-1 + Name: tea.String(a.constructSecretPath(name)), + } + runtime := &util.RuntimeOptions{} + retVal, tryErr := func() (_b []byte, _e error) { + defer func() { + if r := tea.Recover(recover()); r != nil { + _b = nil + _e = r + } + }() + + response, err := a.client.GetSecretParameterWithOptions(getSecretParameterRequest, runtime) + if err != nil { + return nil, err + } + + return []byte(tea.StringValue(response.Body.Parameter.Value)), nil + }() + + if tryErr != nil { + a.logError(tryErr) + } + + return retVal, tryErr +} + +// SetSecret saves a secret to Alibaba SSM +func (a *AlibabaSsmManager) SetSecret(name string, value []byte) error { + createSecretParameterRequest := &oos20190601.CreateSecretParameterRequest{ + RegionId: tea.String(a.region), //eu-central-1 + Name: tea.String(a.constructSecretPath(name)), + Value: tea.String(string(value)), + } + runtime := &util.RuntimeOptions{} + tryErr := func() (_e error) { + defer func() { + if r := tea.Recover(recover()); r != nil { + _e = r + } + }() + + _, err := a.client.CreateSecretParameterWithOptions(createSecretParameterRequest, runtime) + if err != nil { + return err + } + + return nil + }() + + if tryErr != nil { + a.logError(tryErr) + } + + return tryErr +} + +// HasSecret checks if the secret is present on Alibabab SSM ParameterStore +func (a *AlibabaSsmManager) HasSecret(name string) bool { + _, err := a.GetSecret(name) + + return err == nil +} + +// RemoveSecret removes a secret from Alibaba SSM ParameterStore +func (a *AlibabaSsmManager) RemoveSecret(name string) error { + deleteSecretParameterRequest := &oos20190601.DeleteSecretParameterRequest{ + RegionId: tea.String(a.region), + Name: tea.String(a.constructSecretPath(name)), + } + runtime := &util.RuntimeOptions{} + tryErr := func() (_e error) { + defer func() { + if r := tea.Recover(recover()); r != nil { + _e = r + } + }() + + _, err := a.client.DeleteSecretParameterWithOptions(deleteSecretParameterRequest, runtime) + if err != nil { + return err + } + + return nil + }() + + if tryErr != nil { + a.logError(tryErr) + } + + return tryErr +} + +func (a *AlibabaSsmManager) logError(err error) { + var e = &tea.SDKError{} + if _t, ok := err.(*tea.SDKError); ok { //nolint:errorlint + e = _t + } else { + e.Message = tea.String(err.Error()) + } + + _, err = util.AssertAsString(e.Message) + if err != nil { + a.logger.Error("unable to log error message") + + return + } + + a.logger.Error(tea.StringValue(e.Message)) + + var data interface{} + + d := json.NewDecoder(strings.NewReader(tea.StringValue(e.Data))) + + err = d.Decode(&data) + if err != nil { + a.logger.Error("unable to decode recommendation", err) + + return + } + + if m, ok := data.(map[string]interface{}); ok { + recommend, _ := m["Recommend"] + a.logger.Info("recommend", recommend) + } +} diff --git a/secrets/helper/helper.go b/secrets/helper/helper.go index 677a50ef7e..464d78ec9c 100644 --- a/secrets/helper/helper.go +++ b/secrets/helper/helper.go @@ -21,6 +21,7 @@ import ( "github.com/0xPolygon/polygon-edge/helper/hex" "github.com/0xPolygon/polygon-edge/network" "github.com/0xPolygon/polygon-edge/secrets" + alibabassm "github.com/0xPolygon/polygon-edge/secrets/alibaba" "github.com/0xPolygon/polygon-edge/secrets/awsssm" "github.com/0xPolygon/polygon-edge/secrets/gcpssm" "github.com/0xPolygon/polygon-edge/secrets/hashicorpvault" @@ -77,6 +78,18 @@ func setupGCPSSM( ) } +// setupAlibabaSSM is a helper method for boilerplate Alibaba Cloud Computing secrets manager setup +func setupAlibabaSSM( + secretsConfig *secrets.SecretsManagerConfig, +) (secrets.SecretsManager, error) { + return alibabassm.SecretsManagerFactory( + secretsConfig, + &secrets.SecretsManagerParams{ + Logger: hclog.NewNullLogger(), + }, + ) +} + // InitECDSAValidatorKey creates new ECDSA key and set as a validator key func InitECDSAValidatorKey(secretsManager secrets.SecretsManager) (types.Address, error) { if secretsManager.HasSecret(secrets.ValidatorKey) { @@ -282,6 +295,13 @@ func InitCloudSecretsManager(secretsConfig *secrets.SecretsManagerConfig) (secre } secretsManager = GCPSSM + case secrets.AlibabaSSM: + alibabaSSM, err := setupAlibabaSSM(secretsConfig) + if err != nil { + return secretsManager, err + } + + secretsManager = alibabaSSM default: return secretsManager, errors.New("unsupported secrets manager") } diff --git a/secrets/secrets.go b/secrets/secrets.go index aad1998fcc..f0b3dc59ce 100644 --- a/secrets/secrets.go +++ b/secrets/secrets.go @@ -74,6 +74,9 @@ const ( // GCPSSM pertains to the Google Cloud Computing secret store manager GCPSSM SecretsManagerType = "gcp-ssm" + + // AlibabaSSM pertains to the Alibaba Cloud Computing secret store manager + AlibabaSSM SecretsManagerType = "alibaba-ssm" ) // SecretsManager defines the base public interface that all @@ -119,5 +122,5 @@ type SecretsManagerFactory func( // SupportedServiceManager checks if the passed in service manager type is supported func SupportedServiceManager(service SecretsManagerType) bool { return service == HashicorpVault || service == AWSSSM || - service == Local || service == GCPSSM + service == Local || service == GCPSSM || service == AlibabaSSM } diff --git a/secrets/secrets_test.go b/secrets/secrets_test.go index 70f9d29256..4e9115fd94 100644 --- a/secrets/secrets_test.go +++ b/secrets/secrets_test.go @@ -32,6 +32,11 @@ func TestSupportedServiceManager(t *testing.T) { GCPSSM, true, }, + { + "Valid Alibaba secrets manager", + AlibabaSSM, + true, + }, { "Invalid secrets manager", "MarsSecretsManager", diff --git a/server/builtin.go b/server/builtin.go index 411d4b35df..fe8ae7b449 100644 --- a/server/builtin.go +++ b/server/builtin.go @@ -8,6 +8,7 @@ import ( consensusPolyBFT "github.com/0xPolygon/polygon-edge/consensus/polybft" "github.com/0xPolygon/polygon-edge/forkmanager" "github.com/0xPolygon/polygon-edge/secrets" + alibabassm "github.com/0xPolygon/polygon-edge/secrets/alibaba" "github.com/0xPolygon/polygon-edge/secrets/awsssm" "github.com/0xPolygon/polygon-edge/secrets/gcpssm" "github.com/0xPolygon/polygon-edge/secrets/hashicorpvault" @@ -44,6 +45,7 @@ var secretsManagerBackends = map[secrets.SecretsManagerType]secrets.SecretsManag secrets.HashicorpVault: hashicorpvault.SecretsManagerFactory, secrets.AWSSSM: awsssm.SecretsManagerFactory, secrets.GCPSSM: gcpssm.SecretsManagerFactory, + secrets.ALIBABASSM: alibabassm.SecretsManagerFactory, } var genesisCreationFactory = map[ConsensusType]GenesisFactoryHook{ From b06efb4947e6ae767110dc5d04975d1ff0bd7637 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Thu, 25 Jul 2024 09:15:37 +0200 Subject: [PATCH 02/15] Alibaba SSM --- server/builtin.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/builtin.go b/server/builtin.go index fe8ae7b449..d08c96a3a5 100644 --- a/server/builtin.go +++ b/server/builtin.go @@ -45,7 +45,7 @@ var secretsManagerBackends = map[secrets.SecretsManagerType]secrets.SecretsManag secrets.HashicorpVault: hashicorpvault.SecretsManagerFactory, secrets.AWSSSM: awsssm.SecretsManagerFactory, secrets.GCPSSM: gcpssm.SecretsManagerFactory, - secrets.ALIBABASSM: alibabassm.SecretsManagerFactory, + secrets.AlibabaSSM: alibabassm.SecretsManagerFactory, } var genesisCreationFactory = map[ConsensusType]GenesisFactoryHook{ From 83c8a05714ce029e5f58628c985ea06e6ed4c363 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Thu, 25 Jul 2024 11:09:17 +0200 Subject: [PATCH 03/15] Fixed SetSecret --- secrets/alibaba/alibaba_ssm.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/secrets/alibaba/alibaba_ssm.go b/secrets/alibaba/alibaba_ssm.go index 6d93589daf..073dac93d5 100644 --- a/secrets/alibaba/alibaba_ssm.go +++ b/secrets/alibaba/alibaba_ssm.go @@ -73,6 +73,8 @@ func (a *AlibabaSsmManager) Setup() error { AccessKeySecret: tea.String(os.Getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")), //config.Endpoint = tea.String("oos.eu-central-1.aliyuncs.com") Endpoint: tea.String(a.endpoint), + //eu-central-1 + RegionId: tea.String(a.region), } client, err := oos20190601.NewClient(config) From 144706c71303c6074f3d9971a4046617f657094d Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Thu, 25 Jul 2024 11:26:02 +0200 Subject: [PATCH 04/15] GetSecret needs decryption --- secrets/alibaba/alibaba_ssm.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/secrets/alibaba/alibaba_ssm.go b/secrets/alibaba/alibaba_ssm.go index 073dac93d5..2af2c6299d 100644 --- a/secrets/alibaba/alibaba_ssm.go +++ b/secrets/alibaba/alibaba_ssm.go @@ -95,8 +95,9 @@ func (a *AlibabaSsmManager) constructSecretPath(name string) string { // GetSecret fetches a secret from Alibaba SSM func (a *AlibabaSsmManager) GetSecret(name string) ([]byte, error) { getSecretParameterRequest := &oos20190601.GetSecretParameterRequest{ - RegionId: tea.String(a.region), //eu-central-1 - Name: tea.String(a.constructSecretPath(name)), + RegionId: tea.String(a.region), //eu-central-1 + Name: tea.String(a.constructSecretPath(name)), + WithDecryption: tea.Bool(true), } runtime := &util.RuntimeOptions{} retVal, tryErr := func() (_b []byte, _e error) { From 17554a3aa4dea1c5e5e20865c701ee640b776323 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20Negovanovi=C4=87?= Date: Thu, 25 Jul 2024 11:37:59 +0200 Subject: [PATCH 05/15] Static analysis fix --- command/secrets/generate/params.go | 2 +- command/secrets/generate/secrets_generate.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/command/secrets/generate/params.go b/command/secrets/generate/params.go index 013d5ecc69..4c63c17de4 100644 --- a/command/secrets/generate/params.go +++ b/command/secrets/generate/params.go @@ -30,7 +30,7 @@ const ( var ( errUnsupportedType = fmt.Errorf( - "unsupported service manager type; only %s, %s, %s and %s are supported for now", + "unsupported service manager type; only %s, %s, %s, %s and %s are supported for now", secrets.Local, secrets.HashicorpVault, secrets.AWSSSM, secrets.GCPSSM, secrets.AlibabaSSM) ) diff --git a/command/secrets/generate/secrets_generate.go b/command/secrets/generate/secrets_generate.go index a5f10b8bf0..5dd32508f4 100644 --- a/command/secrets/generate/secrets_generate.go +++ b/command/secrets/generate/secrets_generate.go @@ -50,7 +50,7 @@ func setFlags(cmd *cobra.Command) { typeFlag, string(secrets.HashicorpVault), fmt.Sprintf( - "the type of the secrets manager. Available types: %s, %s and %s", + "the type of the secrets manager. Available types: %s, %s, %s and %s", secrets.HashicorpVault, secrets.AWSSSM, secrets.GCPSSM, From b0456c32d2a34545e14460d626183e9c6cdc738b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20Negovanovi=C4=87?= Date: Thu, 25 Jul 2024 11:46:25 +0200 Subject: [PATCH 06/15] Linter fixes --- secrets/alibaba/alibaba_ssm.go | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/secrets/alibaba/alibaba_ssm.go b/secrets/alibaba/alibaba_ssm.go index 2af2c6299d..5a78fa37a5 100644 --- a/secrets/alibaba/alibaba_ssm.go +++ b/secrets/alibaba/alibaba_ssm.go @@ -71,9 +71,9 @@ func (a *AlibabaSsmManager) Setup() error { AccessKeyId: tea.String(os.Getenv("ALIBABA_CLOUD_ACCESS_KEY_ID")), // Required, please ensure that the environment variables ALIBABA_CLOUD_ACCESS_KEY_SECRET is set. AccessKeySecret: tea.String(os.Getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")), - //config.Endpoint = tea.String("oos.eu-central-1.aliyuncs.com") + // config.Endpoint = tea.String("oos.eu-central-1.aliyuncs.com") Endpoint: tea.String(a.endpoint), - //eu-central-1 + // eu-central-1 RegionId: tea.String(a.region), } @@ -95,7 +95,7 @@ func (a *AlibabaSsmManager) constructSecretPath(name string) string { // GetSecret fetches a secret from Alibaba SSM func (a *AlibabaSsmManager) GetSecret(name string) ([]byte, error) { getSecretParameterRequest := &oos20190601.GetSecretParameterRequest{ - RegionId: tea.String(a.region), //eu-central-1 + RegionId: tea.String(a.region), // eu-central-1 Name: tea.String(a.constructSecretPath(name)), WithDecryption: tea.Bool(true), } @@ -126,7 +126,7 @@ func (a *AlibabaSsmManager) GetSecret(name string) ([]byte, error) { // SetSecret saves a secret to Alibaba SSM func (a *AlibabaSsmManager) SetSecret(name string, value []byte) error { createSecretParameterRequest := &oos20190601.CreateSecretParameterRequest{ - RegionId: tea.String(a.region), //eu-central-1 + RegionId: tea.String(a.region), // eu-central-1 Name: tea.String(a.constructSecretPath(name)), Value: tea.String(string(value)), } @@ -190,11 +190,9 @@ func (a *AlibabaSsmManager) RemoveSecret(name string) error { } func (a *AlibabaSsmManager) logError(err error) { - var e = &tea.SDKError{} - if _t, ok := err.(*tea.SDKError); ok { //nolint:errorlint - e = _t - } else { - e.Message = tea.String(err.Error()) + var e *tea.SDKError + if ok := errors.As(err, &e); !ok { + e = &tea.SDKError{Message: tea.String(err.Error())} } _, err = util.AssertAsString(e.Message) From 535680055b571953861f0f51f65273ebf6669412 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Thu, 25 Jul 2024 12:10:33 +0200 Subject: [PATCH 07/15] PR comments fixed --- secrets/alibaba/alibaba_ssm.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/secrets/alibaba/alibaba_ssm.go b/secrets/alibaba/alibaba_ssm.go index 5a78fa37a5..d7677fda1a 100644 --- a/secrets/alibaba/alibaba_ssm.go +++ b/secrets/alibaba/alibaba_ssm.go @@ -19,10 +19,10 @@ type AlibabaSsmManager struct { // Local logger object logger hclog.Logger - // The AWS region + // The Alibaba region region string - // Custom AWS endpoint, e.g. localstack + // Custom Alibaba endpoint, e.g. localstack endpoint string // The Alibaba SDK client @@ -216,7 +216,7 @@ func (a *AlibabaSsmManager) logError(err error) { } if m, ok := data.(map[string]interface{}); ok { - recommend, _ := m["Recommend"] + recommend := m["Recommend"] a.logger.Info("recommend", recommend) } } From 2c023e761143a23a3c624f7bf15424259d6d478c Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Thu, 25 Jul 2024 13:17:43 +0200 Subject: [PATCH 08/15] Fixes aws copy paste typo --- secrets/alibaba/alibaba_ssm.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/secrets/alibaba/alibaba_ssm.go b/secrets/alibaba/alibaba_ssm.go index d7677fda1a..958dce80d9 100644 --- a/secrets/alibaba/alibaba_ssm.go +++ b/secrets/alibaba/alibaba_ssm.go @@ -43,7 +43,7 @@ func SecretsManagerFactory( // Check if the extra map is present if config.Extra == nil || config.Extra["region"] == nil || config.Extra["ssm-parameter-path"] == nil { - return nil, errors.New("required extra map containing 'region' and 'ssm-parameter-path' not found for aws-ssm") + return nil, errors.New("required extra map containing 'region' and 'ssm-parameter-path' not found for alibaba-ssm") } // / Set up the base object From 2961fac2a1b59a8cecdbe1a477deffeba0c441ff Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Thu, 25 Jul 2024 15:04:07 +0200 Subject: [PATCH 09/15] Comments fixed --- secrets/alibaba/alibaba_ssm.go | 16 ++++++++-------- secrets/secrets.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/secrets/alibaba/alibaba_ssm.go b/secrets/alibaba/alibaba_ssm.go index 958dce80d9..ae96c2fea4 100644 --- a/secrets/alibaba/alibaba_ssm.go +++ b/secrets/alibaba/alibaba_ssm.go @@ -28,7 +28,7 @@ type AlibabaSsmManager struct { // The Alibaba SDK client client *oos20190601.Client - // The base path to store the secrets in SSM Parameter Store + // The base path to store the secrets in OOS Parameter Store basePath string } @@ -38,7 +38,7 @@ func SecretsManagerFactory( // Check if the node name is present if config.Name == "" { - return nil, errors.New("no node name specified for Alibaba SSM secrets manager") + return nil, errors.New("no node name specified for Alibaba secrets manager") } // Check if the extra map is present @@ -53,7 +53,7 @@ func SecretsManagerFactory( endpoint: config.ServerURL, } - // Set the base path to store the secrets in SSM + // Set the base path to store the secrets in OOS parameter store alibabaSsmManager.basePath = fmt.Sprintf("%s/%s", config.Extra["ssm-parameter-path"], config.Name) // Run the initial setup @@ -64,7 +64,7 @@ func SecretsManagerFactory( return alibabaSsmManager, nil } -// Setup sets up the Alibaba SSM secrets manager +// Setup sets up the Alibaba secrets manager func (a *AlibabaSsmManager) Setup() error { config := &openapi.Config{ // Required, please ensure that the environment variables ALIBABA_CLOUD_ACCESS_KEY_ID is set. @@ -92,7 +92,7 @@ func (a *AlibabaSsmManager) constructSecretPath(name string) string { return fmt.Sprintf("%s/%s", a.basePath, name) } -// GetSecret fetches a secret from Alibaba SSM +// GetSecret fetches a secret from Alibaba OOS parameter store func (a *AlibabaSsmManager) GetSecret(name string) ([]byte, error) { getSecretParameterRequest := &oos20190601.GetSecretParameterRequest{ RegionId: tea.String(a.region), // eu-central-1 @@ -123,7 +123,7 @@ func (a *AlibabaSsmManager) GetSecret(name string) ([]byte, error) { return retVal, tryErr } -// SetSecret saves a secret to Alibaba SSM +// SetSecret saves a secret to Alibaba OOS oaarmeter store func (a *AlibabaSsmManager) SetSecret(name string, value []byte) error { createSecretParameterRequest := &oos20190601.CreateSecretParameterRequest{ RegionId: tea.String(a.region), // eu-central-1 @@ -153,14 +153,14 @@ func (a *AlibabaSsmManager) SetSecret(name string, value []byte) error { return tryErr } -// HasSecret checks if the secret is present on Alibabab SSM ParameterStore +// HasSecret checks if the secret is present on Alibabab OOS parameter store func (a *AlibabaSsmManager) HasSecret(name string) bool { _, err := a.GetSecret(name) return err == nil } -// RemoveSecret removes a secret from Alibaba SSM ParameterStore +// RemoveSecret removes a secret from Alibaba OOS parameter store func (a *AlibabaSsmManager) RemoveSecret(name string) error { deleteSecretParameterRequest := &oos20190601.DeleteSecretParameterRequest{ RegionId: tea.String(a.region), diff --git a/secrets/secrets.go b/secrets/secrets.go index f0b3dc59ce..b3d00e67c3 100644 --- a/secrets/secrets.go +++ b/secrets/secrets.go @@ -75,7 +75,7 @@ const ( // GCPSSM pertains to the Google Cloud Computing secret store manager GCPSSM SecretsManagerType = "gcp-ssm" - // AlibabaSSM pertains to the Alibaba Cloud Computing secret store manager + // AlibabaSSM pertains to the Alibaba OOS parameter store AlibabaSSM SecretsManagerType = "alibaba-ssm" ) From 7bd264ae6c1f384c0172d6e7ec9a3c0f9c0da825 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Fri, 26 Jul 2024 13:26:17 +0200 Subject: [PATCH 10/15] Optional credentials --- go.mod | 2 +- go.sum | 3 ++- secrets/alibaba/alibaba_ssm.go | 24 ++++++++++++++++++++++++ 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index feb1d4cd9b..e5b0f04e63 100644 --- a/go.mod +++ b/go.mod @@ -69,7 +69,7 @@ require ( github.com/alibabacloud-go/openapi-util v0.1.0 // indirect github.com/alibabacloud-go/tea-utils v1.3.1 // indirect github.com/alibabacloud-go/tea-xml v1.1.3 // indirect - github.com/aliyun/credentials-go v1.3.1 // indirect + github.com/aliyun/credentials-go v1.3.6 // indirect github.com/clbanning/mxj/v2 v2.5.5 // indirect github.com/ianlancetaylor/cgosymbolizer v0.0.0-20240503222823-736c933a666d // indirect github.com/tjfoc/gmsm v1.3.2 // indirect diff --git a/go.sum b/go.sum index 11f1f62901..b222e94579 100644 --- a/go.sum +++ b/go.sum @@ -86,8 +86,9 @@ github.com/alibabacloud-go/tea-utils/v2 v2.0.6/go.mod h1:qxn986l+q33J5VkialKMqT/ github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0= github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8= github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= -github.com/aliyun/credentials-go v1.3.1 h1:uq/0v7kWrxmoLGpqjx7vtQ/s03f0zR//0br/xWDTE28= github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= +github.com/aliyun/credentials-go v1.3.6 h1:K5STbhaWjoj5Ht0juOj9mWE2lGelShHLzu5QR3cQ5X8= +github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= diff --git a/secrets/alibaba/alibaba_ssm.go b/secrets/alibaba/alibaba_ssm.go index ae96c2fea4..787bd19f9a 100644 --- a/secrets/alibaba/alibaba_ssm.go +++ b/secrets/alibaba/alibaba_ssm.go @@ -12,6 +12,7 @@ import ( oos20190601 "github.com/alibabacloud-go/oos-20190601/v4/client" util "github.com/alibabacloud-go/tea-utils/v2/service" "github.com/alibabacloud-go/tea/tea" + aliyun "github.com/aliyun/credentials-go/credentials" "github.com/hashicorp/go-hclog" ) @@ -66,10 +67,16 @@ func SecretsManagerFactory( // Setup sets up the Alibaba secrets manager func (a *AlibabaSsmManager) Setup() error { + // creds, err := getCredentials() + // if err != nil { + // return err + // } config := &openapi.Config{ // Required, please ensure that the environment variables ALIBABA_CLOUD_ACCESS_KEY_ID is set. + // AccessKeyId: creds.AccessKeyId, AccessKeyId: tea.String(os.Getenv("ALIBABA_CLOUD_ACCESS_KEY_ID")), // Required, please ensure that the environment variables ALIBABA_CLOUD_ACCESS_KEY_SECRET is set. + // AccessKeySecret: creds.AccessKeySecret, AccessKeySecret: tea.String(os.Getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")), // config.Endpoint = tea.String("oos.eu-central-1.aliyuncs.com") Endpoint: tea.String(a.endpoint), @@ -220,3 +227,20 @@ func (a *AlibabaSsmManager) logError(err error) { a.logger.Info("recommend", recommend) } } + +func getCredentials() (*aliyun.CredentialModel, error) { + config := new(aliyun.Config). + // Which type of credential you want + SetType("access_key"). + // AccessKeyId of your account + SetAccessKeyId("AccessKeyId"). + // AccessKeySecret of your account + SetAccessKeySecret("AccessKeySecret") + + creds, err := aliyun.NewCredential(config) + if err != nil { + return nil, err + } + + return creds.GetCredential() +} From 04fdc7f108401f84c60a40dbaf40258110847bb4 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Fri, 26 Jul 2024 15:52:49 +0200 Subject: [PATCH 11/15] RoleName --- secrets/alibaba/alibaba_ssm.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/secrets/alibaba/alibaba_ssm.go b/secrets/alibaba/alibaba_ssm.go index 787bd19f9a..7a155597f4 100644 --- a/secrets/alibaba/alibaba_ssm.go +++ b/secrets/alibaba/alibaba_ssm.go @@ -231,11 +231,13 @@ func (a *AlibabaSsmManager) logError(err error) { func getCredentials() (*aliyun.CredentialModel, error) { config := new(aliyun.Config). // Which type of credential you want - SetType("access_key"). - // AccessKeyId of your account - SetAccessKeyId("AccessKeyId"). - // AccessKeySecret of your account - SetAccessKeySecret("AccessKeySecret") + SetType("ecs_ram_role"). + // `roleName` is optional. It will be retrieved automatically if not set. + // It is highly recommended to set it up to reduce requests + SetRoleName("RoleName"). + // `EnableIMDSv2` is optional and is recommended to be turned on. + // It can be replaced by setting environment variable: ALIBABA_CLOUD_ECS_IMDSV2_ENABLE + SetEnableIMDSv2(true) creds, err := aliyun.NewCredential(config) if err != nil { From 7776825a8db905ac0c66f4c8f0fce372f5eee868 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Mon, 12 Aug 2024 10:48:04 +0200 Subject: [PATCH 12/15] Alibaba role name --- secrets/alibaba/alibaba_ssm.go | 36 ++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/secrets/alibaba/alibaba_ssm.go b/secrets/alibaba/alibaba_ssm.go index 7a155597f4..620c39cad9 100644 --- a/secrets/alibaba/alibaba_ssm.go +++ b/secrets/alibaba/alibaba_ssm.go @@ -4,7 +4,6 @@ import ( "encoding/json" "errors" "fmt" - "os" "strings" "github.com/0xPolygon/polygon-edge/secrets" @@ -31,6 +30,9 @@ type AlibabaSsmManager struct { // The base path to store the secrets in OOS Parameter Store basePath string + + // The role name assigned to OOS service + role string } func SecretsManagerFactory( @@ -43,14 +45,19 @@ func SecretsManagerFactory( } // Check if the extra map is present - if config.Extra == nil || config.Extra["region"] == nil || config.Extra["ssm-parameter-path"] == nil { - return nil, errors.New("required extra map containing 'region' and 'ssm-parameter-path' not found for alibaba-ssm") + if config.Extra == nil || + config.Extra["region"] == nil || + config.Extra["ssm-parameter-path"] == nil || + config.Extra["role"] == nil { + return nil, errors.New("required extra map containing 'region' and 'ssm-parameter-path' " + + "and 'role' not found for alibaba-ssm") } // / Set up the base object alibabaSsmManager := &AlibabaSsmManager{ logger: params.Logger.Named(string(secrets.AlibabaSSM)), region: fmt.Sprintf("%v", config.Extra["region"]), + role: fmt.Sprintf("%v", config.Extra["role"]), endpoint: config.ServerURL, } @@ -67,17 +74,16 @@ func SecretsManagerFactory( // Setup sets up the Alibaba secrets manager func (a *AlibabaSsmManager) Setup() error { - // creds, err := getCredentials() - // if err != nil { - // return err - // } + creds, err := getCredentials(a.role) + if err != nil { + return err + } + config := &openapi.Config{ - // Required, please ensure that the environment variables ALIBABA_CLOUD_ACCESS_KEY_ID is set. - // AccessKeyId: creds.AccessKeyId, - AccessKeyId: tea.String(os.Getenv("ALIBABA_CLOUD_ACCESS_KEY_ID")), - // Required, please ensure that the environment variables ALIBABA_CLOUD_ACCESS_KEY_SECRET is set. - // AccessKeySecret: creds.AccessKeySecret, - AccessKeySecret: tea.String(os.Getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")), + // Required + AccessKeyId: creds.AccessKeyId, + // Required + AccessKeySecret: creds.AccessKeySecret, // config.Endpoint = tea.String("oos.eu-central-1.aliyuncs.com") Endpoint: tea.String(a.endpoint), // eu-central-1 @@ -228,13 +234,13 @@ func (a *AlibabaSsmManager) logError(err error) { } } -func getCredentials() (*aliyun.CredentialModel, error) { +func getCredentials(role string) (*aliyun.CredentialModel, error) { config := new(aliyun.Config). // Which type of credential you want SetType("ecs_ram_role"). // `roleName` is optional. It will be retrieved automatically if not set. // It is highly recommended to set it up to reduce requests - SetRoleName("RoleName"). + SetRoleName(role). // `EnableIMDSv2` is optional and is recommended to be turned on. // It can be replaced by setting environment variable: ALIBABA_CLOUD_ECS_IMDSV2_ENABLE SetEnableIMDSv2(true) From b7603d494d2362f4cb5937e9db4194a933f5c323 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Mon, 12 Aug 2024 12:55:02 +0200 Subject: [PATCH 13/15] Added Aliyun security token --- secrets/alibaba/alibaba_ssm.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/secrets/alibaba/alibaba_ssm.go b/secrets/alibaba/alibaba_ssm.go index 620c39cad9..da53bde725 100644 --- a/secrets/alibaba/alibaba_ssm.go +++ b/secrets/alibaba/alibaba_ssm.go @@ -84,6 +84,8 @@ func (a *AlibabaSsmManager) Setup() error { AccessKeyId: creds.AccessKeyId, // Required AccessKeySecret: creds.AccessKeySecret, + // Required + SecurityToken: creds.SecurityToken, // config.Endpoint = tea.String("oos.eu-central-1.aliyuncs.com") Endpoint: tea.String(a.endpoint), // eu-central-1 From 1b752f54a1eebcaf1bf2930f57a842fe2f1e8f7b Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Mon, 12 Aug 2024 13:20:18 +0200 Subject: [PATCH 14/15] creds logging --- secrets/alibaba/alibaba_ssm.go | 1 + 1 file changed, 1 insertion(+) diff --git a/secrets/alibaba/alibaba_ssm.go b/secrets/alibaba/alibaba_ssm.go index da53bde725..4775bdb234 100644 --- a/secrets/alibaba/alibaba_ssm.go +++ b/secrets/alibaba/alibaba_ssm.go @@ -79,6 +79,7 @@ func (a *AlibabaSsmManager) Setup() error { return err } + fmt.Println(creds.AccessKeyId, creds.AccessKeySecret, creds.SecurityToken, creds.Type) config := &openapi.Config{ // Required AccessKeyId: creds.AccessKeyId, From 8f77471bfa02bd1b3a0c58bbc40eca99645023a2 Mon Sep 17 00:00:00 2001 From: Oliver Bundalo Date: Mon, 12 Aug 2024 13:36:50 +0200 Subject: [PATCH 15/15] Removed Aliyun creds logging --- secrets/alibaba/alibaba_ssm.go | 1 - 1 file changed, 1 deletion(-) diff --git a/secrets/alibaba/alibaba_ssm.go b/secrets/alibaba/alibaba_ssm.go index 4775bdb234..da53bde725 100644 --- a/secrets/alibaba/alibaba_ssm.go +++ b/secrets/alibaba/alibaba_ssm.go @@ -79,7 +79,6 @@ func (a *AlibabaSsmManager) Setup() error { return err } - fmt.Println(creds.AccessKeyId, creds.AccessKeySecret, creds.SecurityToken, creds.Type) config := &openapi.Config{ // Required AccessKeyId: creds.AccessKeyId,