Skip to content

Commit

Permalink
chore: add make-gen-delta action
Browse files Browse the repository at this point in the history
  • Loading branch information
jimlambrt committed Oct 2, 2023
1 parent 6adb2e4 commit 2854b81
Show file tree
Hide file tree
Showing 7 changed files with 101 additions and 56 deletions.
46 changes: 46 additions & 0 deletions .github/workflows/make-gen-delta.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: "make-gen-delta"
on:
- workflow_dispatch
- push
- workflow_call

permissions:
contents: read

jobs:
make-gen-delta:
name: "Check for uncommitted changes from make gen in extras/kms"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
fetch-depth: '0'
- name: Determine Go version
id: get-go-version
# We use .go-version as our source of truth for current Go
# version, because "goenv" can react to it automatically.
run: |
echo "Building with Go $(cat .go-version)"
echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: "${{ steps.get-go-version.outputs.go-version }}"
- name: Running go mod tidy
run: |
cd ./extras/kms
go mod tidy
- name: Install Dependencies
run: |
cd ./extras/kms
make tools
- name: Running make fmt
run: |
cd ./extras/kms
make fmt
- name: Check for changes
run: |
cd ./extras/kms
git diff --exit-code
git status --porcelain
test -z "$(git status --porcelain)"
2 changes: 1 addition & 1 deletion extras/kms/Makefile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
PHONY: tools
.PHONY: tools
tools:
go generate -tags tools tools/tools.go

Expand Down
103 changes: 51 additions & 52 deletions extras/kms/docs.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,35 +7,35 @@
// The following domain terms are key to understanding the system and how to use
// it:
//
// - wrapper: all keys within the system are a Wrapper from go-kms-wrapping.
// - wrapper: all keys within the system are a Wrapper from go-kms-wrapping.
//
// - root external wrapper: the external wrapper that will serve as the root of
// trust for the kms system. Typically you'd get this root wrapper via
// go-kms-wrapper from a KMS provider. See the go-kms-wrapper docs for further
// details.
// - root external wrapper: the external wrapper that will serve as the root of
// trust for the kms system. Typically you'd get this root wrapper via
// go-kms-wrapper from a KMS provider. See the go-kms-wrapper docs for further
// details.
//
// - scope: a scope defines a rotational boundary for a set of keys. The system
// tracks only the scope identifier and which is used to find keys with a
// specific scope.
// - scope: a scope defines a rotational boundary for a set of keys. The system
// tracks only the scope identifier and which is used to find keys with a
// specific scope.
//
// **IMPORTANT**: You should define a FK from kms_root_key.scope_id with
// cascading deletes and updates to the PK of the table within your domain that
// tracks scopes. This FK will prevent orphaned kms keys.
// **IMPORTANT**: You should define a FK from kms_root_key.scope_id with
// cascading deletes and updates to the PK of the table within your domain that
// tracks scopes. This FK will prevent orphaned kms keys.
//
// For example, you could assign organizations and projects
// scope IDs and then associate a set of keys with each org and project within
// your domain.
// For example, you could assign organizations and projects
// scope IDs and then associate a set of keys with each org and project within
// your domain.
//
// - root key: the KEKs (keys to encrypt keys) of the system.
// - root key: the KEKs (keys to encrypt keys) of the system.
//
// - data key: the DEKs (keys to encrypt data) of the system and must have a
// parent root key and a purpose.
// - data key: the DEKs (keys to encrypt data) of the system and must have a
// parent root key and a purpose.
//
// - purpose: Each data key (DEK) must have a one purpose. For
// example, you could define a purpose of client-secrets for a DEK that will be
// used encrypt/decrypt wrapper operations on `client-secrets`
// - purpose: Each data key (DEK) must have a one purpose. For
// example, you could define a purpose of client-secrets for a DEK that will be
// used encrypt/decrypt wrapper operations on `client-secrets`
//
// Database Schema
// # Database Schema
//
// You'll find the database schema within the migrations directory.
// Currently postgres and sqlite are supported. The implementation does make some
Expand All @@ -47,36 +47,35 @@
// `kms_version` table which is used to ensure that the schema and module are
// compatible.
//
// High-level ERD
// # High-level ERD
//
//
// ┌───────────────────────────────┐
// │ ○
// ┼ ┼
// ┌────────────────────────┐ ┌────────────────────────┐
// │ kms_root_key │ │ kms_data_key │
// ├────────────────────────┤ ├────────────────────────┤
// │private_id │ │private_id │
// │scope_id │ │root_key_id │
// │ │ │purpose │
// └────────────────────────┘ │ │
// ┼ └────────────────────────┘
// │ ┼
// │ │
// │ │
// │ │
// ┼ ┼
// ╱│╲ ╱│╲
// ┌────────────────────────┐ ┌────────────────────────┐
// │ kms_root_key_version │ │ kms_data_key_version │
// ├────────────────────────┤ ├────────────────────────┤
// │private_id │ │private_id │
// │root_key_id │ │data_key_id │
// │key │ │root_key_id │
// │version │ │key │
// │ │ │version │
// └────────────────────────┘ └────────────────────────┘
// ┼ ┼
// │ ○
// └───────────────────────────────┘
// ┌───────────────────────────────┐
// │ ○
// ┼ ┼
// ┌────────────────────────┐ ┌────────────────────────┐
// │ kms_root_key │ │ kms_data_key │
// ├────────────────────────┤ ├────────────────────────┤
// │private_id │ │private_id │
// │scope_id │ │root_key_id │
// │ │ │purpose │
// └────────────────────────┘ │ │
// ┼ └────────────────────────┘
// │ ┼
// │ │
// │ │
// │ │
// ┼ ┼
// ╱│╲ ╱│╲
// ┌────────────────────────┐ ┌────────────────────────┐
// │ kms_root_key_version │ │ kms_data_key_version │
// ├────────────────────────┤ ├────────────────────────┤
// │private_id │ │private_id │
// │root_key_id │ │data_key_id │
// │key │ │root_key_id │
// │version │ │key │
// │ │ │version │
// └────────────────────────┘ └────────────────────────┘
// ┼ ┼
// │ ○
// └───────────────────────────────┘
package kms
1 change: 1 addition & 0 deletions extras/kms/examples/fs.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,6 @@ import "embed"

// LocalSqliteFS contains the sql for creating additional sqlite tables for
// examples.
//
//go:embed sqlite-migrations
var LocalSqliteFS embed.FS
2 changes: 0 additions & 2 deletions extras/kms/key.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ const (

// KeyVersion is a key's version (the construct containing the key material)
type KeyVersion struct {

// Id is the key version's id
Id string `json:"id"`

Expand All @@ -30,7 +29,6 @@ type KeyVersion struct {

// Key is the permanent construct representing ephemeral key versions
type Key struct {

// Id is the key's id
Id string `json:"id"`

Expand Down
2 changes: 2 additions & 0 deletions extras/kms/migrations/fs.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,11 @@ import "embed"
const Version = "v0.0.2"

// PostgresFS contains the sql for creating the postgres tables
//
//go:embed postgres
var PostgresFS embed.FS

// SqliteFS contains the sql for creating the sqlite tables
//
//go:embed sqlite
var SqliteFS embed.FS
1 change: 0 additions & 1 deletion extras/kms/testing.go
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,5 @@ func testDeleteWhere(t *testing.T, conn *dbw.DB, i interface{}, whereClause stri
switch i.(type) {
case *rootKey, *rootKeyVersion, *dataKey, *dataKeyVersion:
require.NoError(err, updateKeyCollectionVersion(ctx, dbw.New(conn), DefaultTableNamePrefix))

}
}

0 comments on commit 2854b81

Please sign in to comment.