kapitan
kapitan copied to clipboard
kapicorp
add azure KMS as another option in refs
Fixes issue # Add azure kms as another backend as described here https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/keyvault/azure-keyvault-keys#cryptographic-operations
this requires a key vault with a key and a service principal with - GET, ENCRYPT and DECRYPT added to it
Proposed Changes
add another module azkms update cli with --vault option add in azure pip dependencies
TODO: add a test module for azkms
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
:memo: Please visit https://cla.developers.google.com/ to sign.
Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.
What to do if you already signed the CLA
Individual signers
- It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.
Corporate signers
- Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
- The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
- The email used to register you as an authorized contributor must also be attached to your GitHub account.
ℹ️ Googlers: Go here for more info.
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.
In order to pass this check, please resolve this problem and then comment @googlebot I fixed it.. If the bot doesn't comment, it means it doesn't think anything has changed.
ℹ️ Googlers: Go here for more info.
----------------------------------------------------------------------
ImportError: Failed to import test module: tests.test_binary
Traceback (most recent call last):
File "/opt/python/3.7.1/lib/python3.7/unittest/loader.py", line 434, in _find_test_path
module = self._get_module_from_name(name)
File "/opt/python/3.7.1/lib/python3.7/unittest/loader.py", line 375, in _get_module_from_name
__import__(name)
File "/home/travis/build/deepmind/kapitan/tests/test_binary.py", line 29, in <module>
from kapitan.cli import main
File "/home/travis/build/deepmind/kapitan/kapitan/cli.py", line 37, in <module>
from kapitan.refs.secrets.azkms import AzureKMSSecret
File "/home/travis/build/deepmind/kapitan/kapitan/refs/secrets/azkms.py", line 29, in <module>
from azure.keyvault.keys import KeyClient
ModuleNotFoundError: No module named 'azure.keyvault.keys'
Travis is failing because No module named 'azure.keyvault.keys'
Is there a pip dependency missing from requirements.txt?
I might be wrong but https://docs.microsoft.com/en-us/python/api/overview/azure/key-vault?view=azure-python mentions using from azure.keyvault import KeyVaultClient instead?
Would be interested in seeing this merged. Is forking and doing a PR good practice?
