feat: Add OpenStack Barbican support as a Key Source#2030
Open
devx wants to merge 2 commits intogetsops:mainfrom
Open
feat: Add OpenStack Barbican support as a Key Source#2030devx wants to merge 2 commits intogetsops:mainfrom
devx wants to merge 2 commits intogetsops:mainfrom
Conversation
devx
force-pushed
the
barbican-support
branch
2 times, most recently
from
ddff0ba to
19cc77f
Compare
cloudnull
approved these changes
Feb 26, 2026
Contributor
|
Thanks for your work! Unfortunately I think this is quite out of scope for the SOPS codebase, since it contains a complete Barbican client implementation. This is nothing we want to maintain here. I think the best way forward for this is #2016 (which unfortunately isn't anywhere near realization). |
- Implement Barbican key source with authentication and client functionality - Add comprehensive test suite including unit, integration, and property-based tests - Update configuration system to support Barbican endpoints and authentication - Integrate Barbican support into keyservice and stores - Add documentation and usage examples for Barbican configuration - Ensure backward compatibility and proper error handling Signed-off-by: Victor Palma <palma.victor@gmail.com>
- doRequestWithRetry now checks ctx.Err() before wrapping the final error, so callers see a context cancellation instead of a generic 'maximum retry attempts' API error. - TestEncryptMultiRegion guards shared secretStores/secretCounters maps with a sync.Mutex to eliminate the data race detected by -race. Signed-off-by: Victor Palma <palma.victor@gmail.com>
Author
|
Thank you for the feedback. I'll look at #2016 and see how I can help with that issue. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR integrates OpenStack Barbican as a supported backend for key management. It allows the
keyserviceto authenticate with and retrieve secrets directly from a Barbican instance, expanding our integration capabilities beyond the current stores.Key Changes
BarbicanKeySourcewith full authentication (Keystone) and client logic.keyserviceand store interfaces.Testing I have added a comprehensive test suite to ensure reliability:
This also resolves issue #1651