From 08563bc973423ea8ce4086c6f043ba47aac9a2f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jesu=CC=81s=20Pe=CC=81rez?= Date: Wed, 14 Jan 2026 03:33:05 +0000 Subject: [PATCH] chore: remove bak files --- nulib/clusters/create.nu.bak2 | 81 ----- nulib/clusters/generate.nu.bak2 | 81 ----- nulib/lib_provisioning/plugins/kms.nu.bak2 | 376 --------------------- nulib/lib_provisioning/plugins/kms.nu.bak3 | 376 --------------------- 4 files changed, 914 deletions(-) delete mode 100644 nulib/clusters/create.nu.bak2 delete mode 100644 nulib/clusters/generate.nu.bak2 delete mode 100644 nulib/lib_provisioning/plugins/kms.nu.bak2 delete mode 100644 nulib/lib_provisioning/plugins/kms.nu.bak3 diff --git a/nulib/clusters/create.nu.bak2 b/nulib/clusters/create.nu.bak2 deleted file mode 100644 index cf9357e..0000000 --- a/nulib/clusters/create.nu.bak2 +++ /dev/null @@ -1,81 +0,0 @@ -use lib_provisioning * -#use ../lib_provisioning/utils/generate.nu * -use utils.nu * -# Provider middleware now available through lib_provisioning - -# > Clusters services -export def "main create" [ - name?: string # Server hostname in settings - ...args # Args for create command - --infra (-i): string # infra directory - --settings (-s): string # Settings path - --outfile (-o): string # Output file - --cluster_pos (-p): int # Server position in settings - --check (-c) # Only check mode no clusters will be created - --wait (-w) # Wait clusters to be created - --select: string # Select with task as option - --debug (-x) # Use Debug mode - --xm # Debug with PROVISIONING_METADATA - --xc # Debuc for task and services locally PROVISIONING_DEBUG_CHECK - --xr # Debug for remote clusters PROVISIONING_DEBUG_REMOTE - --xld # Log level with DEBUG PROVISIONING_LOG_LEVEL=debug - --metadata # Error with metadata (-xm) - --notitles # not tittles - --helpinfo (-h) # For more details use options "help" (no dashes) - --out: string # Print Output format: json, yaml, text (default) -]: nothing -> nothing { - if ($out | is-not-empty) { - $env.PROVISIONING_OUT = $out - $env.PROVISIONING_NO_TERMINAL = true - } - provisioning_init $helpinfo "cluster create" $args - #parse_help_command "cluster create" $name --ismod --end - # print "on cluster main create" - if $debug { $env.PROVISIONING_DEBUG = true } - if $metadata { $env.PROVISIONING_METADATA = true } - if $name != null and $name != "h" and $name != "help" { - let curr_settings = (find_get_settings --infra $infra --settings $settings) - if ($curr_settings.data.clusters | find $name| length) == 0 { - _print $"🛑 invalid name ($name)" - exit 1 - } - } - let task = if ($args | length) > 0 { - ($args| get 0) - } else { - let str_task = (($env.PROVISIONING_ARGS? | default "") | str replace "create " " " ) - let str_task = if $name != null { - ($str_task | str replace $name "") - } else { - $str_task - } - ( | str trim | split row " " | first | default "" | split row "-" | first | default "" | str trim) - } - let other = if ($args | length) > 0 { ($args| skip 1) } else { "" } - let ops = $"($env.PROVISIONING_ARGS? | default "") " | str replace $"($task) " "" | str trim - let run_create = { - let curr_settings = (find_get_settings --infra $infra --settings $settings) - $env.WK_CNPROV = $curr_settings.wk_path - let match_name = if $name == null or $name == "" { "" } else { $name} - on_clusters $curr_settings $check $wait $outfile $match_name $cluster_pos - } - match $task { - "" if $name == "h" => { - ^$"($env.PROVISIONING_NAME)" -mod cluster create help --notitles - }, - "" if $name == "help" => { - ^$"($env.PROVISIONING_NAME)" -mod cluster create --help - print (provisioning_options "create") - }, - "" => { - let result = desktop_run_notify $"($env.PROVISIONING_NAME) clusters create" "-> " $run_create --timeout 11sec - #do $run_create - }, - _ => { - if $task != "" { print $"🛑 invalid_option ($task)" } - print $"\nUse (_ansi blue_bold)($env.PROVISIONING_NAME) -h(_ansi reset) for help on commands and options" - } - } - # "" | "create" - if not $env.PROVISIONING_DEBUG { end_run "" } -} diff --git a/nulib/clusters/generate.nu.bak2 b/nulib/clusters/generate.nu.bak2 deleted file mode 100644 index cf83a36..0000000 --- a/nulib/clusters/generate.nu.bak2 +++ /dev/null @@ -1,81 +0,0 @@ -use lib_provisioning * -#use ../lib_provisioning/utils/generate.nu * -use utils.nu * -# Provider middleware now available through lib_provisioning - -# > Clusters services -export def "main generate" [ - name?: string # Server hostname in settings - ...args # Args for generate command - --infra (-i): string # Infra directory - --settings (-s): string # Settings path - --outfile (-o): string # Output file - --cluster_pos (-p): int # Server position in settings - --check (-c) # Only check mode no clusters will be generated - --wait (-w) # Wait clusters to be generated - --select: string # Select with task as option - --debug (-x) # Use Debug mode - --xm # Debug with PROVISIONING_METADATA - --xc # Debuc for task and services locally PROVISIONING_DEBUG_CHECK - --xr # Debug for remote clusters PROVISIONING_DEBUG_REMOTE - --xld # Log level with DEBUG PROVISIONING_LOG_LEVEL=debug - --metadata # Error with metadata (-xm) - --notitles # not tittles - --helpinfo (-h) # For more details use options "help" (no dashes) - --out: string # Print Output format: json, yaml, text (default) -]: nothing -> nothing { - if ($out | is-not-empty) { - $env.PROVISIONING_OUT = $out - $env.PROVISIONING_NO_TERMINAL = true - } - provisioning_init $helpinfo "cluster generate" $args - #parse_help_command "cluster generate" $name --ismod --end - # print "on cluster main generate" - if $debug { $env.PROVISIONING_DEBUG = true } - if $metadata { $env.PROVISIONING_METADATA = true } - # if $name != null and $name != "h" and $name != "help" { - # let curr_settings = (find_get_settings --infra $infra --settings $settings) - # if ($curr_settings.data.clusters | find $name| length) == 0 { - # _print $"🛑 invalid name ($name)" - # exit 1 - # } - # } - let task = if ($args | length) > 0 { - ($args| get 0) - } else { - let str_task = (($env.PROVISIONING_ARGS? | default "") | str replace "generate " " " ) - let str_task = if $name != null { - ($str_task | str replace $name "") - } else { - $str_task - } - ( | str trim | split row " " | first | default "" | split row "-" | first | default "" | str trim) - } - let other = if ($args | length) > 0 { ($args| skip 1) } else { "" } - let ops = $"($env.PROVISIONING_ARGS? | default "") " | str replace $"($task) " "" | str trim - let run_generate = { - let curr_settings = (find_get_settings --infra $infra --settings $settings) - $env.WK_CNPROV = $curr_settings.wk_path - let match_name = if $name == null or $name == "" { "" } else { $name} - # on_clusters $curr_settings $check $wait $outfile $match_name $cluster_pos - } - match $task { - "" if $name == "h" => { - ^$"($env.PROVISIONING_NAME)" -mod cluster generate help --notitles - }, - "" if $name == "help" => { - ^$"($env.PROVISIONING_NAME)" -mod cluster generate --help - print (provisioning_options "generate") - }, - "" => { - let result = desktop_run_notify $"($env.PROVISIONING_NAME) clusters generate" "-> " $run_generate --timeout 11sec - #do $run_generate - }, - _ => { - if $task != "" { print $"🛑 invalid_option ($task)" } - print $"\nUse (_ansi blue_bold)($env.PROVISIONING_NAME) -h(_ansi reset) for help on commands and options" - } - } - # "" | "generate" - if not $env.PROVISIONING_DEBUG { end_run "" } -} diff --git a/nulib/lib_provisioning/plugins/kms.nu.bak2 b/nulib/lib_provisioning/plugins/kms.nu.bak2 deleted file mode 100644 index 749205a..0000000 --- a/nulib/lib_provisioning/plugins/kms.nu.bak2 +++ /dev/null @@ -1,376 +0,0 @@ -# KMS Plugin Wrapper with HTTP Fallback -# Provides graceful degradation to HTTP/CLI when nu_plugin_kms is unavailable - -use ../config/accessor.nu * - -# Check if KMS plugin is available -def is-plugin-available []: nothing -> bool { - (which kms | length) > 0 -} - -# Check if KMS plugin is enabled in config -def is-plugin-enabled []: nothing -> bool { - config-get "plugins.kms_enabled" true -} - -# Get KMS service base URL -def get-kms-url []: nothing -> string { - config-get "platform.kms_service.url" "http://localhost:8090" -} - -# Get default KMS backend -def get-default-backend []: nothing -> string { - config-get "security.kms.backend" "rustyvault" -} - -# Helper to safely execute a closure and return null on error -def try-plugin [callback: closure]: nothing -> any { - do -i $callback -} - -# Encrypt data using KMS -export def plugin-kms-encrypt [ - data: string - --backend: string = "" # rustyvault, age, vault, cosmian, aws-kms - --context: string = "" # Additional authenticated data - --key-id: string = "" # Specific key ID -]: nothing -> record { - let enabled = is-plugin-enabled - let available = is-plugin-available - let backend_name = if ($backend | is-empty) { get-default-backend } else { $backend } - - if $enabled and $available { - let plugin_result = (try-plugin { - let args = if ($context | is-empty) and ($key_id | is-empty) { - [encrypt $data --backend $backend_name] - } else if ($context | is-empty) { - [encrypt $data --backend $backend_name --key-id $key_id] - } else if ($key_id | is-empty) { - [encrypt $data --backend $backend_name --context $context] - } else { - [encrypt $data --backend $backend_name --context $context --key-id $key_id] - } - - kms ...$args - }) - - if $plugin_result != null { - return $plugin_result - } - - print "⚠️ Plugin KMS encrypt failed, falling back to HTTP/CLI" - } - - # HTTP fallback - call KMS service directly - print "⚠️ Using HTTP fallback (plugin not available)" - - let kms_url = (get-kms-url) - let url = $"($kms_url)/api/encrypt" - - let result = (do -i { - let body = {data: $data, backend: $backend_name} - http post $url $body - }) - - if $result != null { - return $result - } - - error make { - msg: "KMS encryption failed" - label: { - text: $"Failed to encrypt data with backend ($backend_name)" - span: (metadata $data).span - } - } -} - -# Decrypt data using KMS -export def plugin-kms-decrypt [ - ciphertext: string - --backend: string = "" # rustyvault, age, vault, cosmian, aws-kms - --context: string = "" # Additional authenticated data - --key-id: string = "" # Specific key ID -]: nothing -> string { - let enabled = is-plugin-enabled - let available = is-plugin-available - let backend_name = if ($backend | is-empty) { get-default-backend } else { $backend } - - if $enabled and $available { - let plugin_result = (try-plugin { - let args = if ($context | is-empty) and ($key_id | is-empty) { - [decrypt $ciphertext --backend $backend_name] - } else if ($context | is-empty) { - [decrypt $ciphertext --backend $backend_name --key-id $key_id] - } else if ($key_id | is-empty) { - [decrypt $ciphertext --backend $backend_name --context $context] - } else { - [decrypt $ciphertext --backend $backend_name --context $context --key-id $key_id] - } - - kms ...$args - }) - - if $plugin_result != null { - return $plugin_result - } - - print "⚠️ Plugin KMS decrypt failed, falling back to HTTP/CLI" - } - - # HTTP fallback - call KMS service directly - print "⚠️ Using HTTP fallback (plugin not available)" - - let kms_url = (get-kms-url) - let url = $"($kms_url)/api/decrypt" - - let result = (do -i { - let body = {ciphertext: $ciphertext, backend: $backend_name} - http post $url $body - }) - - if $result != null { - return $result - } - - error make { - msg: "KMS decryption failed" - label: { - text: $"Failed to decrypt data with backend ($backend_name)" - span: (metadata $ciphertext).span - } - } -} - -# Generate new encryption key -export def plugin-kms-generate-key [ - --backend: string = "" # rustyvault, age, vault, cosmian, aws-kms - --key-type: string = "aes256" # aes256, rsa2048, rsa4096, ed25519 - --name: string = "" # Key name/alias -]: nothing -> record { - let enabled = is-plugin-enabled - let available = is-plugin-available - let backend_name = if ($backend | is-empty) { get-default-backend } else { $backend } - - if $enabled and $available { - let plugin_result = (try-plugin { - let args = if ($name | is-empty) { - [generate-key --backend $backend_name --key-type $key_type] - } else { - [generate-key --backend $backend_name --key-type $key_type --name $name] - } - - kms ...$args - }) - - if $plugin_result != null { - return $plugin_result - } - - print "⚠️ Plugin KMS generate-key failed, falling back to HTTP" - } - - # HTTP fallback - print "⚠️ Using HTTP fallback (plugin not available)" - - let kms_url = (get-kms-url) - let url = $"($kms_url)/api/keys/generate" - - let body = if ($name | is-empty) { - {backend: $backend_name, key_type: $key_type} - } else { - {backend: $backend_name, key_type: $key_type, name: $name} - } - - let result = (do -i { - http post $url $body - }) - - if $result != null { - return $result - } - - error make { - msg: "KMS key generation failed" - label: { - text: $"Failed to generate key with backend ($backend_name)" - } - } -} - -# Get KMS service status -export def plugin-kms-status []: nothing -> record { - let enabled = is-plugin-enabled - let available = is-plugin-available - - if $enabled and $available { - let plugin_result = (try-plugin { - kms status - }) - - if $plugin_result != null { - return $plugin_result - } - - print "⚠️ Plugin KMS status failed, falling back to HTTP" - } - - # HTTP fallback - print "⚠️ Using HTTP fallback (plugin not available)" - - let kms_url = (get-kms-url) - let url = $"($kms_url)/health" - - let result = (do -i { - http get $url - }) - - if $result != null { - return $result - } - - { - status: "unavailable" - message: "KMS service unreachable" - } -} - -# List available KMS backends -export def plugin-kms-backends []: nothing -> table { - let enabled = is-plugin-enabled - let available = is-plugin-available - - if $enabled and $available { - let plugin_result = (try-plugin { - kms backends - }) - - if $plugin_result != null { - return $plugin_result - } - - print "⚠️ Plugin KMS backends failed, falling back to HTTP" - } - - # HTTP fallback - print "⚠️ Using HTTP fallback (plugin not available)" - - let kms_url = (get-kms-url) - let url = $"($kms_url)/api/backends" - - let result = (do -i { - let response = (http get $url) - $response.backends? | default [] - }) - - if $result != null { - return $result - } - - # Return known backends as fallback - [ - {name: "rustyvault", available: true, description: "RustyVault KMS (primary)"} - {name: "age", available: true, description: "Age encryption"} - {name: "vault", available: false, description: "HashiCorp Vault"} - {name: "cosmian", available: false, description: "Cosmian KMS"} - {name: "aws-kms", available: false, description: "AWS Key Management Service"} - ] -} - -# Rotate encryption key -export def plugin-kms-rotate-key [ - key_id: string - --backend: string = "" # rustyvault, age, vault, cosmian, aws-kms -]: nothing -> record { - let enabled = is-plugin-enabled - let available = is-plugin-available - let backend_name = if ($backend | is-empty) { get-default-backend } else { $backend } - - if $enabled and $available { - let plugin_result = (try-plugin { - kms rotate-key $key_id --backend $backend_name - }) - - if $plugin_result != null { - return $plugin_result - } - - print "⚠️ Plugin KMS rotate-key failed, falling back to HTTP" - } - - # HTTP fallback - print "⚠️ Using HTTP fallback (plugin not available)" - - let kms_url = (get-kms-url) - let url = $"($kms_url)/api/keys/rotate" - - let result = (do -i { - http post $url {backend: $backend_name, key_id: $key_id} - }) - - if $result != null { - return $result - } - - error make { - msg: "KMS key rotation failed" - label: { - text: $"Failed to rotate key ($key_id) with backend ($backend_name)" - span: (metadata $key_id).span - } - } -} - -# List encryption keys -export def plugin-kms-list-keys [ - --backend: string = "" # rustyvault, age, vault, cosmian, aws-kms -]: nothing -> table { - let enabled = is-plugin-enabled - let available = is-plugin-available - let backend_name = if ($backend | is-empty) { get-default-backend } else { $backend } - - if $enabled and $available { - let plugin_result = (try-plugin { - kms list-keys --backend $backend_name - }) - - if $plugin_result != null { - return $plugin_result - } - - print "⚠️ Plugin KMS list-keys failed, falling back to HTTP" - } - - # HTTP fallback - print "⚠️ Using HTTP fallback (plugin not available)" - - let kms_url = (get-kms-url) - let url = $"($kms_url)/api/keys?backend=($backend_name)" - - let result = (do -i { - let response = (http get $url) - $response.keys? | default [] - }) - - if $result != null { - return $result - } - - [] -} - -# Get KMS plugin status and configuration -export def plugin-kms-info []: nothing -> record { - let plugin_available = is-plugin-available - let plugin_enabled = is-plugin-enabled - let default_backend = get-default-backend - let kms_url = get-kms-url - - { - plugin_available: $plugin_available - plugin_enabled: $plugin_enabled - default_backend: $default_backend - kms_service_url: $kms_url - mode: (if ($plugin_enabled and $plugin_available) { "plugin" } else { "http" }) - } -} diff --git a/nulib/lib_provisioning/plugins/kms.nu.bak3 b/nulib/lib_provisioning/plugins/kms.nu.bak3 deleted file mode 100644 index ae3d75e..0000000 --- a/nulib/lib_provisioning/plugins/kms.nu.bak3 +++ /dev/null @@ -1,376 +0,0 @@ -# KMS Plugin Wrapper with HTTP Fallback -# Provides graceful degradation to HTTP/CLI when nu_plugin_kms is unavailable - -use ../config/accessor.nu * - -# Check if KMS plugin is available -def is-plugin-available []: nothing -> bool { - (which kms | length) > 0 -} - -# Check if KMS plugin is enabled in config -def is-plugin-enabled []: nothing -> bool { - config-get "plugins.kms_enabled" true -} - -# Get KMS service base URL -def get-kms-url []: nothing -> string { - config-get "platform.kms_service.url" "http://localhost:8090" -} - -# Get default KMS backend -def get-default-backend []: nothing -> string { - config-get "security.kms.backend" "rustyvault" -} - -# Helper to safely execute a closure and return null on error -def try-plugin [callback: closure]: nothing -> any { - do -i $callback -} - -# Encrypt data using KMS -export def plugin-kms-encrypt [ - data: string - --backend: string = "" # rustyvault, age, vault, cosmian, aws-kms - --context: string = "" # Additional authenticated data - --key-id: string = "" # Specific key ID -]: nothing -> record { - let enabled = is-plugin-enabled - let available = is-plugin-available - let backend_name = if ($backend | is-empty) { get-default-backend } else { $backend } - - if $enabled and $available { - let plugin_result = (try-plugin { - let args = if ($context | is-empty) and ($key_id | is-empty) { - [encrypt $data --backend $backend_name] - } else if ($context | is-empty) { - [encrypt $data --backend $backend_name --key-id $key_id] - } else if ($key_id | is-empty) { - [encrypt $data --backend $backend_name --context $context] - } else { - [encrypt $data --backend $backend_name --context $context --key-id $key_id] - } - - kms ...$args - }) - - if $plugin_result != null { - return $plugin_result - } - - print "⚠️ Plugin KMS encrypt failed, falling back to HTTP/CLI" - } - - # HTTP fallback - call KMS service directly - print "⚠️ Using HTTP fallback (plugin not available)" - - let kms_url = (get-kms-url) - let url = $"($kms_url)/api/encrypt" - - let result = (do -i { - let body = {data: $data, backend: $backend_name} - http post $url $body - }) - - if $result != null { - return $result - } - - return (error make { - msg: "KMS encryption failed" - label: { - text: $"Failed to encrypt data with backend ($backend_name)" - span: (metadata $data).span - } - } -} - -# Decrypt data using KMS -export def plugin-kms-decrypt [ - ciphertext: string - --backend: string = "" # rustyvault, age, vault, cosmian, aws-kms - --context: string = "" # Additional authenticated data - --key-id: string = "" # Specific key ID -]: nothing -> string { - let enabled = is-plugin-enabled - let available = is-plugin-available - let backend_name = if ($backend | is-empty) { get-default-backend } else { $backend } - - if $enabled and $available { - let plugin_result = (try-plugin { - let args = if ($context | is-empty) and ($key_id | is-empty) { - [decrypt $ciphertext --backend $backend_name] - } else if ($context | is-empty) { - [decrypt $ciphertext --backend $backend_name --key-id $key_id] - } else if ($key_id | is-empty) { - [decrypt $ciphertext --backend $backend_name --context $context] - } else { - [decrypt $ciphertext --backend $backend_name --context $context --key-id $key_id] - } - - kms ...$args - }) - - if $plugin_result != null { - return $plugin_result - } - - print "⚠️ Plugin KMS decrypt failed, falling back to HTTP/CLI" - } - - # HTTP fallback - call KMS service directly - print "⚠️ Using HTTP fallback (plugin not available)" - - let kms_url = (get-kms-url) - let url = $"($kms_url)/api/decrypt" - - let result = (do -i { - let body = {ciphertext: $ciphertext, backend: $backend_name} - http post $url $body - }) - - if $result != null { - return $result - } - - return (error make { - msg: "KMS decryption failed" - label: { - text: $"Failed to decrypt data with backend ($backend_name)" - span: (metadata $ciphertext).span - } - } -} - -# Generate new encryption key -export def plugin-kms-generate-key [ - --backend: string = "" # rustyvault, age, vault, cosmian, aws-kms - --key-type: string = "aes256" # aes256, rsa2048, rsa4096, ed25519 - --name: string = "" # Key name/alias -]: nothing -> record { - let enabled = is-plugin-enabled - let available = is-plugin-available - let backend_name = if ($backend | is-empty) { get-default-backend } else { $backend } - - if $enabled and $available { - let plugin_result = (try-plugin { - let args = if ($name | is-empty) { - [generate-key --backend $backend_name --key-type $key_type] - } else { - [generate-key --backend $backend_name --key-type $key_type --name $name] - } - - kms ...$args - }) - - if $plugin_result != null { - return $plugin_result - } - - print "⚠️ Plugin KMS generate-key failed, falling back to HTTP" - } - - # HTTP fallback - print "⚠️ Using HTTP fallback (plugin not available)" - - let kms_url = (get-kms-url) - let url = $"($kms_url)/api/keys/generate" - - let body = if ($name | is-empty) { - {backend: $backend_name, key_type: $key_type} - } else { - {backend: $backend_name, key_type: $key_type, name: $name} - } - - let result = (do -i { - http post $url $body - }) - - if $result != null { - return $result - } - - return (error make { - msg: "KMS key generation failed" - label: { - text: $"Failed to generate key with backend ($backend_name)" - } - } -} - -# Get KMS service status -export def plugin-kms-status []: nothing -> record { - let enabled = is-plugin-enabled - let available = is-plugin-available - - if $enabled and $available { - let plugin_result = (try-plugin { - kms status - }) - - if $plugin_result != null { - return $plugin_result - } - - print "⚠️ Plugin KMS status failed, falling back to HTTP" - } - - # HTTP fallback - print "⚠️ Using HTTP fallback (plugin not available)" - - let kms_url = (get-kms-url) - let url = $"($kms_url)/health" - - let result = (do -i { - http get $url - }) - - if $result != null { - return $result - } - - { - status: "unavailable" - message: "KMS service unreachable" - } -} - -# List available KMS backends -export def plugin-kms-backends []: nothing -> table { - let enabled = is-plugin-enabled - let available = is-plugin-available - - if $enabled and $available { - let plugin_result = (try-plugin { - kms backends - }) - - if $plugin_result != null { - return $plugin_result - } - - print "⚠️ Plugin KMS backends failed, falling back to HTTP" - } - - # HTTP fallback - print "⚠️ Using HTTP fallback (plugin not available)" - - let kms_url = (get-kms-url) - let url = $"($kms_url)/api/backends" - - let result = (do -i { - let response = (http get $url) - $response.backends? | default [] - }) - - if $result != null { - return $result - } - - # Return known backends as fallback - [ - {name: "rustyvault", available: true, description: "RustyVault KMS (primary)"} - {name: "age", available: true, description: "Age encryption"} - {name: "vault", available: false, description: "HashiCorp Vault"} - {name: "cosmian", available: false, description: "Cosmian KMS"} - {name: "aws-kms", available: false, description: "AWS Key Management Service"} - ] -} - -# Rotate encryption key -export def plugin-kms-rotate-key [ - key_id: string - --backend: string = "" # rustyvault, age, vault, cosmian, aws-kms -]: nothing -> record { - let enabled = is-plugin-enabled - let available = is-plugin-available - let backend_name = if ($backend | is-empty) { get-default-backend } else { $backend } - - if $enabled and $available { - let plugin_result = (try-plugin { - kms rotate-key $key_id --backend $backend_name - }) - - if $plugin_result != null { - return $plugin_result - } - - print "⚠️ Plugin KMS rotate-key failed, falling back to HTTP" - } - - # HTTP fallback - print "⚠️ Using HTTP fallback (plugin not available)" - - let kms_url = (get-kms-url) - let url = $"($kms_url)/api/keys/rotate" - - let result = (do -i { - http post $url {backend: $backend_name, key_id: $key_id} - }) - - if $result != null { - return $result - } - - return (error make { - msg: "KMS key rotation failed" - label: { - text: $"Failed to rotate key ($key_id) with backend ($backend_name)" - span: (metadata $key_id).span - } - } -} - -# List encryption keys -export def plugin-kms-list-keys [ - --backend: string = "" # rustyvault, age, vault, cosmian, aws-kms -]: nothing -> table { - let enabled = is-plugin-enabled - let available = is-plugin-available - let backend_name = if ($backend | is-empty) { get-default-backend } else { $backend } - - if $enabled and $available { - let plugin_result = (try-plugin { - kms list-keys --backend $backend_name - }) - - if $plugin_result != null { - return $plugin_result - } - - print "⚠️ Plugin KMS list-keys failed, falling back to HTTP" - } - - # HTTP fallback - print "⚠️ Using HTTP fallback (plugin not available)" - - let kms_url = (get-kms-url) - let url = $"($kms_url)/api/keys?backend=($backend_name)" - - let result = (do -i { - let response = (http get $url) - $response.keys? | default [] - }) - - if $result != null { - return $result - } - - [] -} - -# Get KMS plugin status and configuration -export def plugin-kms-info []: nothing -> record { - let plugin_available = is-plugin-available - let plugin_enabled = is-plugin-enabled - let default_backend = get-default-backend - let kms_url = get-kms-url - - { - plugin_available: $plugin_available - plugin_enabled: $plugin_enabled - default_backend: $default_backend - kms_service_url: $kms_url - mode: (if ($plugin_enabled and $plugin_available) { "plugin" } else { "http" }) - } -}