Enable key manager in CLI (#3867)

mmrqs · Mélanie Marques · Codelax · web-flow · commit cc6af461e2a9 · 2024-06-13T08:27:42.000Z
Co-authored-by: Mélanie Marques &lt;mmarques@scaleway.com&gt;
Co-authored-by: Jules Casteran &lt;jcasteran@scaleway.com&gt;
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-key-create-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-key-create-usage.golden
@@ -0,0 +1,26 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Create a key in a given region specified by the `region` parameter. Keys only support symmetric encryption. You can use keys to encrypt or decrypt arbitrary payloads, or to generate data encryption keys that can be used without being stored in Key Manager.
+
+USAGE:
+  scw keymanager key create [arg=value ...]
+
+ARGS:
+  [project-id]                         Project ID to use. If none is passed the default project ID will be used
+  [name]                               (Optional) Name of the key
+  [usage.symmetric-encryption]          (unknown_symmetric_encryption | aes_256_gcm)
+  [description]                        (Optional) Description of the key
+  [tags.{index}]                       (Optional) List of the key's tags
+  [rotation-policy.rotation-period]    Rotation period
+  [rotation-policy.next-rotation-at]   Key next rotation date
+  [unprotected]                        (Optional) Defines whether key protection is applied to a key. Protected keys can be used but not deleted
+  [region=fr-par]                      Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for create
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-key-decrypt-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-key-decrypt-usage.golden
@@ -0,0 +1,21 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Decrypt data using an existing key, specified by the `key_id` parameter. The maximum payload size that can be decrypted is the result of the encryption of 64KB of data (around 131KB).
+
+USAGE:
+  scw keymanager key decrypt [arg=value ...]
+
+ARGS:
+  key-id              ID of the key to decrypt
+  [ciphertext]        Ciphertext data to decrypt
+  [associated-data]   (Optional) Additional authenticated data
+  [region=fr-par]     Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for decrypt
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-key-delete-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-key-delete-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Delete an existing key specified by the `region` and `key_id` parameters. Deleting a key is permanent and cannot be undone. All data encrypted using this key, including data encryption keys, will become unusable.
+
+USAGE:
+  scw keymanager key delete [arg=value ...]
+
+ARGS:
+  key-id            ID of the key to delete
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for delete
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-key-disable-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-key-disable-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Disable a given key to be used for cryptographic operations. Disabling a key renders it unusable. You must specify the `region` and `key_id` parameters.
+
+USAGE:
+  scw keymanager key disable [arg=value ...]
+
+ARGS:
+  key-id            ID of the key to disable
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for disable
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-key-enable-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-key-enable-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Enable a given key to be used for cryptographic operations. Enabling a key allows you to make a disabled key usable again. You must specify the `region` and `key_id` parameters.
+
+USAGE:
+  scw keymanager key enable [arg=value ...]
+
+ARGS:
+  key-id            ID of the key to enable
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for enable
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-key-encrypt-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-key-encrypt-usage.golden
@@ -0,0 +1,21 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Encrypt data using an existing key, specified by the `key_id` parameter. Only keys with a usage set to **symmetric_encryption** are supported by this method. The maximum payload size that can be encrypted is 64KB of plaintext.
+
+USAGE:
+  scw keymanager key encrypt [arg=value ...]
+
+ARGS:
+  key-id              ID of the key to encrypt
+  [plaintext]         Plaintext data to encrypt
+  [associated-data]   (Optional) Additional authenticated data
+  [region=fr-par]     Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for encrypt
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-key-generate-data-key-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-key-generate-data-key-usage.golden
@@ -0,0 +1,23 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Generate a new data encryption key to use for cryptographic operations outside of Key Manager. Note that Key Manager does not store your data encryption key. The data encryption key is encrypted and must be decrypted using the key you have created in Key Manager. The data encryption key's plaintext is returned in the response object, for immediate usage.
+
+Always store the data encryption key's ciphertext, rather than its plaintext, which must not be stored. To retrieve your key's plaintext, call the Decrypt endpoint with your key's ID and ciphertext.
+
+USAGE:
+  scw keymanager key generate-data-key [arg=value ...]
+
+ARGS:
+  key-id                ID of the key
+  [algorithm]           Symmetric encryption algorithm of the data encryption key (unknown_symmetric_encryption | aes_256_gcm)
+  [without-plaintext]   (Optional) Defines whether to return the data encryption key's plaintext in the response object
+  [region=fr-par]       Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for generate-data-key
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-key-get-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-key-get-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Retrieve the metadata of a key specified by the `region` and `key_id` parameters.
+
+USAGE:
+  scw keymanager key get [arg=value ...]
+
+ARGS:
+  key-id            ID of the key to target
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for get
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-key-list-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-key-list-usage.golden
@@ -0,0 +1,23 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Retrieve the list of keys created within all Projects of an Organization or in a given Project. You must specify the `region`, and either the `organization_id` or the `project_id`.
+
+USAGE:
+  scw keymanager key list [arg=value ...]
+
+ARGS:
+  [project-id]        (Optional) Filter by Project ID
+  [order-by]           (name_asc | name_desc | created_at_asc | created_at_desc | updated_at_asc | updated_at_desc)
+  [tags.{index}]      (Optional) List of tags to filter on
+  [name]              (Optional) Filter by key name
+  [organization-id]   (Optional) Filter by Organization ID
+  [region=fr-par]     Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw | all)
+
+FLAGS:
+  -h, --help   help for list
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-key-protect-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-key-protect-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Apply key protection to a given key specified by the `key_id` parameter. Applying key protection means that your key can be used and modified, but it cannot be deleted.
+
+USAGE:
+  scw keymanager key protect [arg=value ...]
+
+ARGS:
+  key-id            ID of the key to apply key protection to
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for protect
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-key-rotate-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-key-rotate-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Generate a new version of an existing key with randomly generated key material. Rotated keys can still be used to decrypt previously encrypted data. The key's new material will be used for subsequent encryption operations and data key generation.
+
+USAGE:
+  scw keymanager key rotate [arg=value ...]
+
+ARGS:
+  key-id            ID of the key to rotate
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for rotate
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-key-unprotect-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-key-unprotect-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Remove key protection from a given key specified by the `key_id` parameter. Removing key protection means that your key can be deleted anytime.
+
+USAGE:
+  scw keymanager key unprotect [arg=value ...]
+
+ARGS:
+  key-id            ID of the key to remove key protection from
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for unprotect
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-key-update-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-key-update-usage.golden
@@ -0,0 +1,24 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Update a key's metadata (name, description and tags), specified by the `key_id` and `region` parameters.
+
+USAGE:
+  scw keymanager key update [arg=value ...]
+
+ARGS:
+  key-id                               ID of the key to update
+  [name]                               (Optional) Updated name of the key
+  [description]                        (Optional) Updated description of the key
+  [tags.{index}]                       (Optional) Updated list of the key's tags
+  [rotation-policy.rotation-period]    Rotation period
+  [rotation-policy.next-rotation-at]   Key next rotation date
+  [region=fr-par]                      Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for update
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-key-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-key-usage.golden
@@ -0,0 +1,32 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Keys are logical containers which store cryptographic keys.
+
+USAGE:
+  scw keymanager key <command>
+
+AVAILABLE COMMANDS:
+  create            Create a key
+  decrypt           Decrypt data
+  delete            Delete a key
+  disable           Disable key
+  enable            Enable key
+  encrypt           Encrypt data
+  generate-data-key Generate a data encryption key
+  get               Get key metadata
+  list              List keys
+  protect           Apply key protection
+  rotate            Rotate a key
+  unprotect         Remove key protection
+  update            Update a key
+
+FLAGS:
+  -h, --help   help for key
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
+
+Use "scw keymanager key [command] --help" for more information about a command.
diff --git a/cmd/scw/testdata/test-all-usage-keymanager-usage.golden b/cmd/scw/testdata/test-all-usage-keymanager-usage.golden
@@ -0,0 +1,20 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+This API allows you to conveniently store and use cryptographic keys.
+
+USAGE:
+  scw keymanager <command>
+
+AVAILABLE COMMANDS:
+  key         Key management commands
+
+FLAGS:
+  -h, --help   help for keymanager
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
+
+Use "scw keymanager [command] --help" for more information about a command.
diff --git a/cmd/scw/testdata/test-main-usage-usage.golden b/cmd/scw/testdata/test-main-usage-usage.golden
@@ -23,6 +23,7 @@ AVAILABLE COMMANDS:
   ipam          This API allows you to manage your Scaleway IP addresses with our IP Address Management tool
   jobs          This API allows you to manage your Serverless Jobs
   k8s           This API allows you to manage Kubernetes Kapsule and Kosmos clusters
+  keymanager    Key Manager API
   lb            This API allows you to manage your Scaleway Load Balancer services
   llm-inference This API allows you to manage your Inference services
   marketplace   This API allows you to find available images for use when launching a Scaleway Instance
diff --git a/docs/commands/keymanager.md b/docs/commands/keymanager.md
diff --git a/internal/namespaces/get_commands.go b/internal/namespaces/get_commands.go
diff --git a/internal/namespaces/key_manager/v1alpha1/custom.go b/internal/namespaces/key_manager/v1alpha1/custom.go
