Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sops for openSUSE:Factory checked in at 2025-01-27 20:53:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sops (Old) and /work/SRC/openSUSE:Factory/.sops.new.2316 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sops" Mon Jan 27 20:53:42 2025 rev:11 rq:1240342 version:3.9.4 Changes: -------- --- /work/SRC/openSUSE:Factory/sops/sops.changes 2025-01-01 23:09:07.807471729 +0100 +++ /work/SRC/openSUSE:Factory/.sops.new.2316/sops.changes 2025-01-27 20:54:01.239583464 +0100 @@ -1,0 +2,26 @@ +Sun Jan 26 08:46:36 UTC 2025 - [email protected] + +- Update to version 3.9.4: + * build(deps): Bump the go group with 5 updates by @dependabot in + #1727 + * build(deps): Bump tempfile from 3.14.0 to 3.15.0 in + /functional-tests in the rust group by @dependabot in #1728 + * build(deps): Bump the go group with 16 updates by @dependabot + in #1732 + * build(deps): Bump the ci group with 3 updates by @dependabot in + #1730 + * build(deps): Bump serde_json from 1.0.134 to 1.0.135 in + /functional-tests in the rust group by @dependabot in #1731 + * build(deps): Bump the go group with 12 updates by @dependabot + in #1734 + * build(deps): Bump serde_json from 1.0.135 to 1.0.137 in + /functional-tests in the rust group by @dependabot in #1735 + * Fix ToString for AWS KMS to include role, context, and profile + by @felixfontein in #1733 + * build(deps): Bump the ci group with 3 updates by @dependabot in + #1738 + * build(deps): Bump the go group with 6 updates by @dependabot in + #1739 + * Release 3.9.4 by @felixfontein in #1740 + +------------------------------------------------------------------- Old: ---- sops-3.9.3.obscpio New: ---- sops-3.9.4.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sops.spec ++++++ --- /var/tmp/diff_new_pack.HyjKJV/_old 2025-01-27 20:54:02.439632925 +0100 +++ /var/tmp/diff_new_pack.HyjKJV/_new 2025-01-27 20:54:02.443633090 +0100 @@ -20,7 +20,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: sops -Version: 3.9.3 +Version: 3.9.4 Release: 0 Summary: Simple and flexible tool for managing secrets License: MPL-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.HyjKJV/_old 2025-01-27 20:54:02.471634244 +0100 +++ /var/tmp/diff_new_pack.HyjKJV/_new 2025-01-27 20:54:02.475634409 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/mozilla/sops</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v3.9.3</param> + <param name="revision">v3.9.4</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.HyjKJV/_old 2025-01-27 20:54:02.495635234 +0100 +++ /var/tmp/diff_new_pack.HyjKJV/_new 2025-01-27 20:54:02.499635398 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/mozilla/sops</param> - <param name="changesrevision">3721355cbdb77d80e0686b151d8d4a60f4a56c15</param></service></servicedata> + <param name="changesrevision">e794c79e2fda8b4932cf74aded946868295e291b</param></service></servicedata> (No newline at EOF) ++++++ sops-3.9.3.obscpio -> sops-3.9.4.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sops-3.9.3/.github/workflows/cli.yml new/sops-3.9.4/.github/workflows/cli.yml --- old/sops-3.9.3/.github/workflows/cli.yml 2024-12-31 13:27:00.000000000 +0100 +++ new/sops-3.9.4/.github/workflows/cli.yml 2025-01-25 19:16:58.000000000 +0100 @@ -29,7 +29,7 @@ VAULT_ADDR: "http://127.0.0.1:8200"; steps: - name: Set up Go ${{ matrix.go-version }} - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ matrix.go-version }} id: go @@ -71,14 +71,14 @@ - name: Upload artifact for ${{ matrix.os }} if: matrix.os != 'windows' - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: sops-${{ matrix.go-version }}-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }} path: sops-${{ matrix.go-version }}-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }} - name: Upload artifact for ${{ matrix.os }} if: matrix.os == 'windows' - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: sops-${{ matrix.go-version }}-${{ matrix.os }}-${{ github.sha }} path: sops-${{ matrix.go-version }}-${{ matrix.os }}-${{ github.sha }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sops-3.9.3/.github/workflows/codeql.yml new/sops-3.9.4/.github/workflows/codeql.yml --- old/sops-3.9.3/.github/workflows/codeql.yml 2024-12-31 13:27:00.000000000 +0100 +++ new/sops-3.9.4/.github/workflows/codeql.yml 2025-01-25 19:16:58.000000000 +0100 @@ -35,7 +35,7 @@ # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/init@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: languages: go # xref: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs @@ -52,6 +52,6 @@ make install - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/analyze@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: category: "/language:go" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sops-3.9.3/.github/workflows/release.yml new/sops-3.9.4/.github/workflows/release.yml --- old/sops-3.9.3/.github/workflows/release.yml 2024-12-31 13:27:00.000000000 +0100 +++ new/sops-3.9.4/.github/workflows/release.yml 2025-01-25 19:16:58.000000000 +0100 @@ -31,19 +31,19 @@ persist-credentials: false - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v4.0.1 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v4.0.1 with: go-version-file: go.mod cache: false - name: Setup Syft - uses: anchore/sbom-action/download-syft@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9 + uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 - name: Setup Cosign uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - name: Setup QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Setup Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sops-3.9.3/CHANGELOG.rst new/sops-3.9.4/CHANGELOG.rst --- old/sops-3.9.3/CHANGELOG.rst 2024-12-31 13:27:00.000000000 +0100 +++ new/sops-3.9.4/CHANGELOG.rst 2025-01-25 19:16:58.000000000 +0100 @@ -1,6 +1,24 @@ Changelog ========= +3.9.4 +----- + +Improvements: + +* Dependency updates (#1727, #1732, #1734, #1739). + +Bugfixes: + +* Prevent key deduplication to identify different AWS KMS keys that only differ by role, context, or profile (#1733). +* Update part of Azure SDK which prevented decryption in some cases (#1695, #1734). + +Project changes: + +* CI dependency updates (#1730, #1738). +* Rust dependency updates (#1728, #1731, #1735). + + 3.9.3 ----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sops-3.9.3/config/config_test.go new/sops-3.9.4/config/config_test.go --- old/sops-3.9.3/config/config_test.go 2024-12-31 13:27:00.000000000 +0100 +++ new/sops-3.9.4/config/config_test.go 2025-01-25 19:16:58.000000000 +0100 @@ -1,10 +1,12 @@ package config import ( + "fmt" "os" "path" "testing" + "github.com/getsops/sops/v3/keys" "github.com/stretchr/testify/assert" ) @@ -94,6 +96,20 @@ - kms: - arn: foo aws_profile: bar + - arn: foo + context: + baz: bam + - arn: foo + aws_profile: bar + context: + baz: bam + - arn: foo + role: '123' + - arn: foo + aws_profile: bar + context: + baz: bam + role: '123' pgp: - bar gcp_kms: @@ -129,113 +145,124 @@ - 'https://foo.vault:8200/v1/foo/keys/foo-key' - merge: - merge: - - kms: + - pgp: # key01 + - foo + kms: + # key02 - arn: foo aws_profile: foo - pgp: - # key02 - - foo - gcp_kms: # key03 + - arn: foo + aws_profile: bar + context: + baz: bam + role: '123' + gcp_kms: + # key04 - resource_id: foo azure_keyvault: - # key04 + # key05 - vaultUrl: https://foo.vault.azure.net key: foo-key version: fooversion hc_vault: - # key05 - - 'https://bar.vault:8200/v1/bar/keys/bar-key' - - kms: # key06 - - arn: bar - aws_profile: bar - pgp: + - 'https://bar.vault:8200/v1/bar/keys/bar-key' + - pgp: # key07 - bar - gcp_kms: + kms: # key08 - - resource_id: bar + - arn: bar + aws_profile: bar + gcp_kms: # key09 + - resource_id: bar + # key10 - resource_id: baz azure_keyvault: - # key10 + # key11 - vaultUrl: https://bar.vault.azure.net key: bar-key version: barversion hc_vault: - # key01 - duplicate#1 + # key12 - 'https://baz.vault:8200/v1/baz/keys/baz-key' + pgp: + # key13 + - baz kms: - # key11 + # key14 - arn: baz aws_profile: baz - pgp: - # key12 - - baz gcp_kms: - # key03 - duplicate#2 - # --> should be removed when loading config + # duplicate of key09 - resource_id: bar azure_keyvault: - # key04 - duplicate#3 + # duplicate of key05 - vaultUrl: https://foo.vault.azure.net key: foo-key version: fooversion hc_vault: - # key13 - duplicate#4 - but from different key_group - # --> should stay + # key15 (duplicate of key00, but that's in a different key_group) - 'https://foo.vault:8200/v1/foo/keys/foo-key' - - kms: - # key14 + - pgp: + # key16 + - qux + kms: + # key17 - arn: qux aws_profile: qux - # key14 - duplicate#5 + # key18 - arn: baz aws_profile: bar - pgp: - # key15 - - qux + # key19 + - arn: baz + role: '123' gcp_kms: - # key16 + # key20 - resource_id: qux - # key17 + # key21 - resource_id: fnord azure_keyvault: - # key18 + # key22 - vaultUrl: https://baz.vault.azure.net key: baz-key version: bazversion hc_vault: - # key19 + # key23 - 'https://qux.vault:8200/v1/qux/keys/qux-key' - # everything below this should be loaded, - # since it is not in a merge block + pgp: + # duplicate of key07 + - bar kms: - # duplicated key06 + # duplicate of key08 - arn: bar aws_profile: bar - # key20 + # key24 - arn: fnord aws_profile: fnord - pgp: - # duplicated key07 - - bar + # duplicate of key03 + - arn: foo + aws_profile: bar + context: + baz: bam + role: '123' gcp_kms: - # duplicated key08 + # duplicate of key09 - resource_id: bar - # key21 + # duplicate of key21 - resource_id: fnord azure_keyvault: - # duplicated key10 + # duplicate of key11 - vaultUrl: https://bar.vault.azure.net key: bar-key version: barversion hc_vault: - # duplicated 'key01 - duplicate#2' + # duplicate of key12 - 'https://baz.vault:8200/v1/baz/keys/baz-key' - # key22 + # key25 - 'https://fnord.vault:8200/v1/fnord/keys/fnord-key' `) @@ -421,6 +448,7 @@ } func TestLoadConfigFileWithGroups(t *testing.T) { + bam := "bam" expected := configFile{ CreationRules: []creationRule{ { @@ -432,7 +460,37 @@ PathRegex: "", KeyGroups: []keyGroup{ { - KMS: []kmsKey{{Arn: "foo", AwsProfile: "bar"}}, + KMS: []kmsKey{ + { + Arn: "foo", + AwsProfile: "bar", + }, + { + Arn: "foo", + Context: map[string]*string{ + "baz": &bam, + }, + }, + { + Arn: "foo", + AwsProfile: "bar", + Context: map[string]*string{ + "baz": &bam, + }, + }, + { + Arn: "foo", + Role: "123", + }, + { + Arn: "foo", + AwsProfile: "bar", + Context: map[string]*string{ + "baz": &bam, + }, + Role: "123", + }, + }, PGP: []string{"bar"}, GCPKMS: []gcpKmsKey{{ResourceID: "foo"}}, AzureKV: []azureKVKey{{VaultURL: "https://foo.vault.azure.net";, Key: "foo-key", Version: "fooversion"}}, @@ -459,12 +517,52 @@ assert.Equal(t, expected, conf) } +func id(key keys.MasterKey) string { + return fmt.Sprintf("%s: %s", key.TypeToIdentifier(), key.ToString()) +} + +func ids(keys []keys.MasterKey) []string { + result := make([]string, 0, len(keys)) + for _, key := range keys { + result = append(result, id(key)) + } + return result +} + func TestLoadConfigFileWithMerge(t *testing.T) { conf, err := parseCreationRuleForFile(parseConfigFile(sampleConfigWithMergeType, t), "/conf/path", "whatever", nil) assert.Nil(t, err) assert.Equal(t, 2, len(conf.KeyGroups)) - assert.Equal(t, 1, len(conf.KeyGroups[0])) - assert.Equal(t, 22, len(conf.KeyGroups[1])) + assert.Equal(t, []string{ + "hc_vault: https://foo.vault:8200/v1/foo/keys/foo-key";, + }, ids(conf.KeyGroups[0])) + assert.Equal(t, []string{ + "pgp: foo", // key01 + "kms: foo||foo", //key02 + "kms: foo+123|baz:bam|bar", //key03 + "gcp_kms: foo", //key04 + "azure_kv: https://foo.vault.azure.net/keys/foo-key/fooversion";, //key05 + "hc_vault: https://bar.vault:8200/v1/bar/keys/bar-key";, //key06 + "pgp: bar", //key07 + "kms: bar||bar", //key08 + "gcp_kms: bar", //key09 + "gcp_kms: baz", //key10 + "azure_kv: https://bar.vault.azure.net/keys/bar-key/barversion";, //key11 + "hc_vault: https://baz.vault:8200/v1/baz/keys/baz-key";, //key12 + "pgp: baz", //key13 + "kms: baz||baz", //key14 + "hc_vault: https://foo.vault:8200/v1/foo/keys/foo-key";, //key15 + "pgp: qux", //key16 + "kms: qux||qux", //key17 + "kms: baz||bar", //key18 + "kms: baz+123", //key19 + "gcp_kms: qux", //key20 + "gcp_kms: fnord", //key21 + "azure_kv: https://baz.vault.azure.net/keys/baz-key/bazversion";, //key22 + "hc_vault: https://qux.vault:8200/v1/qux/keys/qux-key";, //key23 + "kms: fnord||fnord", //key24 + "hc_vault: https://fnord.vault:8200/v1/fnord/keys/fnord-key";, //key25 + }, ids(conf.KeyGroups[1])) } func TestLoadConfigFileWithNoMatchingRules(t *testing.T) { @@ -538,9 +636,13 @@ conf, err := parseCreationRuleForFile(parseConfigFile(sampleConfigWithGroups, t), "/conf/path", "whatever", nil) assert.Nil(t, err) assert.Equal(t, "bar", conf.KeyGroups[0][0].ToString()) - assert.Equal(t, "foo", conf.KeyGroups[0][1].ToString()) + assert.Equal(t, "foo||bar", conf.KeyGroups[0][1].ToString()) + assert.Equal(t, "foo|baz:bam", conf.KeyGroups[0][2].ToString()) + assert.Equal(t, "foo|baz:bam|bar", conf.KeyGroups[0][3].ToString()) + assert.Equal(t, "foo+123", conf.KeyGroups[0][4].ToString()) + assert.Equal(t, "foo+123|baz:bam|bar", conf.KeyGroups[0][5].ToString()) assert.Equal(t, "qux", conf.KeyGroups[1][0].ToString()) - assert.Equal(t, "baz", conf.KeyGroups[1][1].ToString()) + assert.Equal(t, "baz||foo", conf.KeyGroups[1][1].ToString()) } func TestLoadConfigFileWithUnencryptedSuffix(t *testing.T) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sops-3.9.3/functional-tests/Cargo.lock new/sops-3.9.4/functional-tests/Cargo.lock --- old/sops-3.9.3/functional-tests/Cargo.lock 2024-12-31 13:27:00.000000000 +0100 +++ new/sops-3.9.4/functional-tests/Cargo.lock 2025-01-25 19:16:58.000000000 +0100 @@ -49,6 +49,17 @@ ] [[package]] +name = "getrandom" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] name = "hashbrown" version = "0.14.3" source = "registry+https://github.com/rust-lang/crates.io-index"; @@ -159,9 +170,9 @@ [[package]] name = "serde_json" -version = "1.0.134" +version = "1.0.137" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "d00f4175c42ee48b15416f6193a959ba3a0d67fc699a0db9ad12df9f83991c7d" +checksum = "930cfb6e6abf99298aaad7d29abbef7a9999a9a8806a40088f55f0dcec03146b" dependencies = [ "itoa", "memchr", @@ -195,12 +206,13 @@ [[package]] name = "tempfile" -version = "3.14.0" +version = "3.15.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "28cce251fcbc87fac86a866eeb0d6c2d536fc16d06f184bb61aeae11aa4cee0c" +checksum = "9a8a559c81686f576e8cd0290cd2a24a2a9ad80c98b3478856500fcbd7acd704" dependencies = [ "cfg-if", "fastrand", + "getrandom", "once_cell", "rustix", "windows-sys", @@ -219,6 +231,12 @@ checksum = "673aac59facbab8a9007c7f6108d11f63b603f7cabff99fabf650fea5c32b861" [[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + +[[package]] name = "windows-sys" version = "0.59.0" source = "registry+https://github.com/rust-lang/crates.io-index"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sops-3.9.3/functional-tests/Cargo.toml new/sops-3.9.4/functional-tests/Cargo.toml --- old/sops-3.9.3/functional-tests/Cargo.toml 2024-12-31 13:27:00.000000000 +0100 +++ new/sops-3.9.4/functional-tests/Cargo.toml 2025-01-25 19:16:58.000000000 +0100 @@ -5,9 +5,9 @@ authors = ["Adrian Utrilla <[email protected]>"] [dependencies] -tempfile = "3.12.0" +tempfile = "3.15.0" serde = "1.0" -serde_json = "1.0.134" +serde_json = "1.0.137" serde_yaml = "0.9.34" serde_derive = "1.0" lazy_static = "1.5.0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sops-3.9.3/go.mod new/sops-3.9.4/go.mod --- old/sops-3.9.3/go.mod 2024-12-31 13:27:00.000000000 +0100 +++ new/sops-3.9.4/go.mod 2025-01-25 19:16:58.000000000 +0100 @@ -1,24 +1,23 @@ module github.com/getsops/sops/v3 go 1.22 - toolchain go1.22.9 require ( - cloud.google.com/go/kms v1.20.3 - cloud.google.com/go/storage v1.49.0 + cloud.google.com/go/kms v1.20.5 + cloud.google.com/go/storage v1.50.0 filippo.io/age v1.2.1 - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 - github.com/ProtonMail/go-crypto v1.1.3 - github.com/aws/aws-sdk-go-v2 v1.32.7 - github.com/aws/aws-sdk-go-v2/config v1.28.7 - github.com/aws/aws-sdk-go-v2/credentials v1.17.48 - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.44 - github.com/aws/aws-sdk-go-v2/service/kms v1.37.8 - github.com/aws/aws-sdk-go-v2/service/s3 v1.71.1 - github.com/aws/aws-sdk-go-v2/service/sts v1.33.3 + github.com/ProtonMail/go-crypto v1.1.5 + github.com/aws/aws-sdk-go-v2 v1.33.0 + github.com/aws/aws-sdk-go-v2/config v1.29.1 + github.com/aws/aws-sdk-go-v2/credentials v1.17.54 + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.53 + github.com/aws/aws-sdk-go-v2/service/kms v1.37.13 + github.com/aws/aws-sdk-go-v2/service/s3 v1.74.0 + github.com/aws/aws-sdk-go-v2/service/sts v1.33.9 github.com/blang/semver v3.5.1+incompatible github.com/fatih/color v1.18.0 github.com/getsops/gopgagent v0.0.0-20241224165529-7044f28e491e @@ -35,13 +34,13 @@ github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.10.0 github.com/urfave/cli v1.22.16 - golang.org/x/net v0.33.0 - golang.org/x/sys v0.28.0 - golang.org/x/term v0.27.0 - google.golang.org/api v0.214.0 - google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 - google.golang.org/grpc v1.69.2 - google.golang.org/protobuf v1.36.1 + golang.org/x/net v0.34.0 + golang.org/x/sys v0.29.0 + golang.org/x/term v0.28.0 + google.golang.org/api v0.218.0 + google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f + google.golang.org/grpc v1.70.0 + google.golang.org/protobuf v1.36.4 gopkg.in/ini.v1 v1.67.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -49,8 +48,8 @@ require ( cel.dev/expr v0.19.1 // indirect cloud.google.com/go v0.117.0 // indirect - cloud.google.com/go/auth v0.13.0 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect + cloud.google.com/go/auth v0.14.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect cloud.google.com/go/compute/metadata v0.6.0 // indirect cloud.google.com/go/iam v1.3.0 // indirect cloud.google.com/go/longrunning v0.6.3 // indirect @@ -66,17 +65,17 @@ github.com/Microsoft/go-winio v0.6.2 // indirect github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.26 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.28 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.7 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.7 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.7 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.24.8 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.7 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.5.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.9 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.11 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 // indirect github.com/aws/smithy-go v1.22.1 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect @@ -100,7 +99,7 @@ github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect - github.com/google/s2a-go v0.1.8 // indirect + github.com/google/s2a-go v0.1.9 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/googleapis/gax-go/v2 v2.14.1 // indirect @@ -139,11 +138,11 @@ go.opentelemetry.io/otel/sdk v1.33.0 // indirect go.opentelemetry.io/otel/sdk/metric v1.33.0 // indirect go.opentelemetry.io/otel/trace v1.33.0 // indirect - golang.org/x/crypto v0.31.0 // indirect - golang.org/x/oauth2 v0.24.0 // indirect + golang.org/x/crypto v0.32.0 // indirect + golang.org/x/oauth2 v0.25.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/time v0.8.0 // indirect + golang.org/x/time v0.9.0 // indirect google.golang.org/genproto v0.0.0-20241223144023-3abc09e42ca8 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20241223144023-3abc09e42ca8 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sops-3.9.3/go.sum new/sops-3.9.4/go.sum --- old/sops-3.9.3/go.sum 2024-12-31 13:27:00.000000000 +0100 +++ new/sops-3.9.4/go.sum 2025-01-25 19:16:58.000000000 +0100 @@ -4,24 +4,24 @@ cel.dev/expr v0.19.1/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= cloud.google.com/go v0.117.0 h1:Z5TNFfQxj7WG2FgOGX1ekC5RiXrYgms6QscOm32M/4s= cloud.google.com/go v0.117.0/go.mod h1:ZbwhVTb1DBGt2Iwb3tNO6SEK4q+cplHZmLWH+DelYYc= -cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs= -cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q= -cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= -cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= +cloud.google.com/go/auth v0.14.0 h1:A5C4dKV/Spdvxcl0ggWwWEzzP7AZMJSEIgrkngwhGYM= +cloud.google.com/go/auth v0.14.0/go.mod h1:CYsoRL1PdiDuqeQpZE0bP2pnPrGqFcOkI0nldEQis+A= +cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M= +cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc= cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= cloud.google.com/go/iam v1.3.0 h1:4Wo2qTaGKFtajbLpF6I4mywg900u3TLlHDb6mriLDPU= cloud.google.com/go/iam v1.3.0/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= -cloud.google.com/go/kms v1.20.3 h1:a61yIN5LN8ozWxOC6tjUx5V5SEzfkS+b69kYMQfzGzE= -cloud.google.com/go/kms v1.20.3/go.mod h1:YvX+xhp2E2Sc3vol5IcRlBhH14Ecl3kegUY/DtH7EWQ= +cloud.google.com/go/kms v1.20.5 h1:aQQ8esAIVZ1atdJRxihhdxGQ64/zEbJoJnCz/ydSmKg= +cloud.google.com/go/kms v1.20.5/go.mod h1:C5A8M1sv2YWYy1AE6iSrnddSG9lRGdJq5XEdBy28Lmw= cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk= cloud.google.com/go/logging v1.12.0/go.mod h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM= cloud.google.com/go/longrunning v0.6.3 h1:A2q2vuyXysRcwzqDpMMLSI6mb6o39miS52UEG/Rd2ng= cloud.google.com/go/longrunning v0.6.3/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI= cloud.google.com/go/monitoring v1.22.0 h1:mQ0040B7dpuRq1+4YiQD43M2vW9HgoVxY98xhqGT+YI= cloud.google.com/go/monitoring v1.22.0/go.mod h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU= -cloud.google.com/go/storage v1.49.0 h1:zenOPBOWHCnojRd9aJZAyQXBYqkJkdQS42dxL55CIMw= -cloud.google.com/go/storage v1.49.0/go.mod h1:k1eHhhpLvrPjVGfo0mOUPEJ4Y2+a/Hv5PiwehZI9qGU= +cloud.google.com/go/storage v1.50.0 h1:3TbVkzTooBvnZsk7WaAQfOsNrdoM8QHusXA1cpk6QJs= +cloud.google.com/go/storage v1.50.0/go.mod h1:l7XeiD//vx5lfqE3RavfmU9yvk5Pp0Zhcv482poyafY= cloud.google.com/go/trace v1.11.2 h1:4ZmaBdL8Ng/ajrgKqY5jfvzqMXbrDcBsUGXOT9aqTtI= cloud.google.com/go/trace v1.11.2/go.mod h1:bn7OwXd4pd5rFuAnTrzBuoZ4ax2XQeG3qNgYmfCy0Io= dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= @@ -30,12 +30,12 @@ filippo.io/age v1.2.1/go.mod h1:JL9ew2lTN+Pyft4RiNGguFfOpewKwSHm5ayKD/A4004= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI= -github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw= -github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 h1:g0EZJwz7xkXQiZAI5xi9f3WWFYBlX1CPTrR+NDToRkQ= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0/go.mod h1:XCW7KnZet0Opnr7HccfUw1PLc4CjHqpcaxW8DHklNkQ= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1 h1:1mvYtZfWQAnwNah/C+Z+Jb9rQH95LPE2vlmMuWAHJk8= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1/go.mod h1:75I/mXtme1JyWFtz8GocPHVFyH421IBoZErnO16dd0k= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.1 h1:Bk5uOhSAenHyR5P61D/NzeQCv+4fEVV8mOkJ82NqpWw= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.1/go.mod h1:QZ4pw3or1WPmRBxf0cHd1tknzrT54WPBOQoGutCPvSU= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 h1:7rKG7UmnrxX4N53TFhkYqjc+kVUZuw0fL8I3Fh+Ld9E= @@ -61,46 +61,46 @@ github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw= github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= -github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk= -github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= -github.com/aws/aws-sdk-go-v2 v1.32.7 h1:ky5o35oENWi0JYWUZkB7WYvVPP+bcRF5/Iq7JWSb5Rw= -github.com/aws/aws-sdk-go-v2 v1.32.7/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/ProtonMail/go-crypto v1.1.5 h1:eoAQfK2dwL+tFSFpr7TbOaPNUbPiJj4fLYwwGE1FQO4= +github.com/ProtonMail/go-crypto v1.1.5/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/aws/aws-sdk-go-v2 v1.33.0 h1:Evgm4DI9imD81V0WwD+TN4DCwjUMdc94TrduMLbgZJs= +github.com/aws/aws-sdk-go-v2 v1.33.0/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 h1:lL7IfaFzngfx0ZwUGOZdsFFnQ5uLvR0hWqqhyE7Q9M8= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7/go.mod h1:QraP0UcVlQJsmHfioCrveWOC1nbiWUl3ej08h4mXWoc= -github.com/aws/aws-sdk-go-v2/config v1.28.7 h1:GduUnoTXlhkgnxTD93g1nv4tVPILbdNQOzav+Wpg7AE= -github.com/aws/aws-sdk-go-v2/config v1.28.7/go.mod h1:vZGX6GVkIE8uECSUHB6MWAUsd4ZcG2Yq/dMa4refR3M= -github.com/aws/aws-sdk-go-v2/credentials v1.17.48 h1:IYdLD1qTJ0zanRavulofmqut4afs45mOWEI+MzZtTfQ= -github.com/aws/aws-sdk-go-v2/credentials v1.17.48/go.mod h1:tOscxHN3CGmuX9idQ3+qbkzrjVIx32lqDSU1/0d/qXs= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22 h1:kqOrpojG71DxJm/KDPO+Z/y1phm1JlC8/iT+5XRmAn8= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22/go.mod h1:NtSFajXVVL8TA2QNngagVZmUtXciyrHOt7xgz4faS/M= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.44 h1:2zxMLXLedpB4K1ilbJFxtMKsVKaexOqDttOhc0QGm3Q= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.44/go.mod h1:VuLHdqwjSvgftNC7yqPWyGVhEwPmJpeRi07gOgOfHF8= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26 h1:I/5wmGMffY4happ8NOCuIUEWGUvvFp5NSeQcXl9RHcI= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26/go.mod h1:FR8f4turZtNy6baO0KJ5FJUmXH/cSkI9fOngs0yl6mA= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26 h1:zXFLuEuMMUOvEARXFUVJdfqZ4bvvSgdGRq/ATcrQxzM= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26/go.mod h1:3o2Wpy0bogG1kyOPrgkXA8pgIfEEv0+m19O9D5+W8y8= +github.com/aws/aws-sdk-go-v2/config v1.29.1 h1:JZhGawAyZ/EuJeBtbQYnaoftczcb2drR2Iq36Wgz4sQ= +github.com/aws/aws-sdk-go-v2/config v1.29.1/go.mod h1:7bR2YD5euaxBhzt2y/oDkt3uNRb6tjFp98GlTFueRwk= +github.com/aws/aws-sdk-go-v2/credentials v1.17.54 h1:4UmqeOqJPvdvASZWrKlhzpRahAulBfyTJQUaYy4+hEI= +github.com/aws/aws-sdk-go-v2/credentials v1.17.54/go.mod h1:RTdfo0P0hbbTxIhmQrOsC/PquBZGabEPnCaxxKRPSnI= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 h1:5grmdTdMsovn9kPZPI23Hhvp0ZyNm5cRO+IZFIYiAfw= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24/go.mod h1:zqi7TVKTswH3Ozq28PkmBmgzG1tona7mo9G2IJg4Cis= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.53 h1:3jYpOndmkKtmlPOhMNIV7Q92GD61x/KNjmxUcB95btw= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.53/go.mod h1:+s7tPUl4uy7FMpT5qnjkY5YJNuKU2HZL6trkYxQNtb4= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28 h1:igORFSiH3bfq4lxKFkTSYDhJEUCYo6C8VKiWJjYwQuQ= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28/go.mod h1:3So8EA/aAYm36L7XIvCVwLa0s5N0P7o2b1oqnx/2R4g= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28 h1:1mOW9zAUMhTSrMDssEHS/ajx8JcAj/IcftzcmNlmVLI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28/go.mod h1:kGlXVIWDfvt2Ox5zEaNglmq0hXPHgQFNMix33Tw22jA= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.26 h1:GeNJsIFHB+WW5ap2Tec4K6dzcVTsRbsT1Lra46Hv9ME= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.26/go.mod h1:zfgMpwHDXX2WGoG84xG2H+ZlPTkJUU4YUvx2svLQYWo= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.28 h1:7kpeALOUeThs2kEjlAxlADAVfxKmkYAedlpZ3kdoSJ4= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.28/go.mod h1:pyaOYEdp1MJWgtXLy6q80r3DhsVdOIOZNB9hdTcJIvI= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.7 h1:tB4tNw83KcajNAzaIMhkhVI2Nt8fAZd5A5ro113FEMY= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.7/go.mod h1:lvpyBGkZ3tZ9iSsUIcC2EWp+0ywa7aK3BLT+FwZi+mQ= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.7 h1:8eUsivBQzZHqe/3FE+cqwfH+0p5Jo8PFM/QYQSmeZ+M= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.7/go.mod h1:kLPQvGUmxn/fqiCrDeohwG33bq2pQpGeY62yRO6Nrh0= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.7 h1:Hi0KGbrnr57bEHWM0bJ1QcBzxLrL/k2DHvGYhb8+W1w= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.7/go.mod h1:wKNgWgExdjjrm4qvfbTorkvocEstaoDl4WCvGfeCy9c= -github.com/aws/aws-sdk-go-v2/service/kms v1.37.8 h1:KbLZjYqhQ9hyB4HwXiheiflTlYQa0+Fz0Ms/rh5f3mk= -github.com/aws/aws-sdk-go-v2/service/kms v1.37.8/go.mod h1:ANs9kBhK4Ghj9z1W+bsr3WsNaPF71qkgd6eE6Ekol/Y= -github.com/aws/aws-sdk-go-v2/service/s3 v1.71.1 h1:aOVVZJgWbaH+EJYPvEgkNhCEbXXvH7+oML36oaPK3zE= -github.com/aws/aws-sdk-go-v2/service/s3 v1.71.1/go.mod h1:r+xl5yzMk9083rMR+sJ5TYj9Tihvf/l1oxzZXDgGj2Q= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.8 h1:CvuUmnXI7ebaUAhbJcDy9YQx8wHR69eZ9I7q5hszt/g= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.8/go.mod h1:XDeGv1opzwm8ubxddF0cgqkZWsyOtw4lr6dxwmb6YQg= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.7 h1:F2rBfNAL5UyswqoeWv9zs74N/NanhK16ydHW1pahX6E= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.7/go.mod h1:JfyQ0g2JG8+Krq0EuZNnRwX0mU0HrwY/tG6JNfcqh4k= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.3 h1:Xgv/hyNgvLda/M9l9qxXc4UFSgppnRczLxlMs5Ae/QY= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.3/go.mod h1:5Gn+d+VaaRgsjewpMvGazt0WfcFO+Md4wLOuBfGR9Bc= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.5.2 h1:e6um6+DWYQP1XCa+E9YVtG/9v1qk5lyAOelMOVwSyO8= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.5.2/go.mod h1:dIW8puxSbYLSPv/ju0d9A3CpwXdtqvJtYKDMVmPLOWE= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 h1:TQmKDyETFGiXVhZfQ/I0cCFziqqX58pi4tKJGYGFSz0= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9/go.mod h1:HVLPK2iHQBUx7HfZeOQSEu3v2ubZaAY2YPbAm5/WUyY= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.9 h1:2aInXbh02XsbO0KobPGMNXyv2QP73VDKsWPNJARj/+4= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.9/go.mod h1:dgXS1i+HgWnYkPXqNoPIPKeUsUUYHaUbThC90aDnNiE= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.13 h1:JJHYuosiaMHr9V8m+v6UPmM7ZWHP+l8cv/xEG9OQTuE= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.13/go.mod h1:TTGECZ6vGfx8k/pmzQKokSJy7ux2PJID4r96QCh5L0A= +github.com/aws/aws-sdk-go-v2/service/s3 v1.74.0 h1:ncCHiFU9Eq4qnKCNlzMZXfFmvb9R8OVNfU8SFOskxdI= +github.com/aws/aws-sdk-go-v2/service/s3 v1.74.0/go.mod h1:jGJ/v7FIi7Ys9t54tmEFnrxuaWeJLpwNgKp2DXAVhOU= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.11 h1:kuIyu4fTT38Kj7YCC7ouNbVZSSpqkZ+LzIfhCr6Dg+I= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.11/go.mod h1:Ro744S4fKiCCuZECXgOi760TiYylUM8ZBf6OGiZzJtY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10 h1:l+dgv/64iVlQ3WsBbnn+JSbkj01jIi+SM0wYsj3y/hY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.10/go.mod h1:Fzsj6lZEb8AkTE5S68OhcbBqeWPsR8RnGuKPr8Todl8= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.9 h1:BRVDbewN6VZcwr+FBOszDKvYeXY1kJ+GGMCcpghlw0U= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.9/go.mod h1:f6vjfZER1M17Fokn0IzssOTMT2N8ZSq+7jnNF0tArvw= github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= @@ -170,8 +170,8 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc= github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0= -github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= -github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= +github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= +github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -250,8 +250,8 @@ github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= -github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA= +github.com/redis/go-redis/v9 v9.7.0 h1:HhLSs+B6O021gwzl+locl0zEDnyNkxMtf/Z3NNBMa9E= +github.com/redis/go-redis/v9 v9.7.0/go.mod h1:f6zhXITC7JUJIlPEiBOTXxJgPLdZcA93GewI7inzyWw= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= @@ -308,18 +308,18 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= -golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= -golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= +golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70= +golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -333,16 +333,16 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= +golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= -golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= +golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -351,18 +351,18 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.214.0 h1:h2Gkq07OYi6kusGOaT/9rnNljuXmqPnaig7WGPmKbwA= -google.golang.org/api v0.214.0/go.mod h1:bYPpLG8AyeMWwDU6NXoB00xC0DFkikVvd5MfwoxjLqE= +google.golang.org/api v0.218.0 h1:x6JCjEWeZ9PFCRe9z0FBrNwj7pB7DOAqT35N+IPnAUA= +google.golang.org/api v0.218.0/go.mod h1:5VGHBAkxrA/8EFjLVEYmMUJ8/8+gWWQ3s4cFH0FxG2M= google.golang.org/genproto v0.0.0-20241223144023-3abc09e42ca8 h1:e26eS1K69yxjjNNHYqjN49y95kcaQLJ3TL5h68dcA1E= google.golang.org/genproto v0.0.0-20241223144023-3abc09e42ca8/go.mod h1:i5btTErZyoKCCubju3HS5LVho4nZd3yFnEp6moqeUjE= google.golang.org/genproto/googleapis/api v0.0.0-20241223144023-3abc09e42ca8 h1:st3LcW/BPi75W4q1jJTEor/QWwbNlPlDG0JTn6XhZu0= google.golang.org/genproto/googleapis/api v0.0.0-20241223144023-3abc09e42ca8/go.mod h1:klhJGKFyG8Tn50enBn7gizg4nXGXJ+jqEREdCWaPcV4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 h1:TqExAhdPaB60Ux47Cn0oLV07rGnxZzIsaRhQaqS666A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= -google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= -google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= -google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f h1:OxYkA3wjPsZyBylwymxSHa7ViiW1Sml4ToBrncvFehI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50= +google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= +google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= +google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM= +google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sops-3.9.3/kms/keysource.go new/sops-3.9.4/kms/keysource.go --- old/sops-3.9.3/kms/keysource.go 2024-12-31 13:27:00.000000000 +0100 +++ new/sops-3.9.4/kms/keysource.go 2025-01-25 19:16:58.000000000 +0100 @@ -11,6 +11,7 @@ "fmt" "os" "regexp" + "sort" "strings" "time" @@ -181,6 +182,38 @@ return out } +// kmsContextToString converts a dictionary into a string that can be parsed +// again with ParseKMSContext(). +func kmsContextToString(in map[string]*string) string { + if len(in) == 0 { + return "" + } + + // Collect the keys in a slice and compute the expected length + keys := make([]string, 0, len(in)) + length := 0 + for key := range in { + keys = append(keys, key) + length += len(key) + len(*in[key]) + 2 + } + + // Sort the keys + sort.Strings(keys) + + // Compose a comma-separated string of key-vale pairs + var builder strings.Builder + builder.Grow(length) + for index, key := range keys { + if index > 0 { + builder.WriteString(",") + } + builder.WriteString(key) + builder.WriteByte(':') + builder.WriteString(*in[key]) + } + return builder.String() +} + // CredentialsProvider is a wrapper around aws.CredentialsProvider used for // authentication towards AWS KMS. type CredentialsProvider struct { @@ -278,7 +311,18 @@ // ToString converts the key to a string representation. func (key *MasterKey) ToString() string { - return key.Arn + arnRole := key.Arn + if key.Role != "" { + arnRole = fmt.Sprintf("%s+%s", key.Arn, key.Role) + } + context := kmsContextToString(key.EncryptionContext) + if key.AwsProfile != "" { + return fmt.Sprintf("%s|%s|%s", arnRole, context, key.AwsProfile) + } + if context != "" { + return fmt.Sprintf("%s|%s", arnRole, context) + } + return arnRole } // ToMap converts the MasterKey to a map for serialization purposes. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sops-3.9.3/kms/keysource_test.go new/sops-3.9.4/kms/keysource_test.go --- old/sops-3.9.3/kms/keysource_test.go 2024-12-31 13:27:00.000000000 +0100 +++ new/sops-3.9.4/kms/keysource_test.go 2025-01-25 19:16:58.000000000 +0100 @@ -367,8 +367,38 @@ } func TestMasterKey_ToString(t *testing.T) { + dummyARNWithRole := fmt.Sprintf("%s+arn:aws:iam::my-role", dummyARN) + + bar := "bar" + bam := "bam" + context := map[string]*string{ + "foo": &bar, + "baz": &bam, + } + key := NewMasterKeyFromArn(dummyARN, nil, "") assert.Equal(t, dummyARN, key.ToString()) + + key = NewMasterKeyFromArn(dummyARNWithRole, nil, "") + assert.Equal(t, dummyARNWithRole, key.ToString()) + + key = NewMasterKeyFromArn(dummyARN, nil, "profile") + assert.Equal(t, fmt.Sprintf("%s||profile", dummyARN), key.ToString()) + + key = NewMasterKeyFromArn(dummyARNWithRole, nil, "profile") + assert.Equal(t, fmt.Sprintf("%s||profile", dummyARNWithRole), key.ToString()) + + key = NewMasterKeyFromArn(dummyARN, context, "") + assert.Equal(t, fmt.Sprintf("%s|baz:bam,foo:bar", dummyARN), key.ToString()) + + key = NewMasterKeyFromArn(dummyARNWithRole, context, "") + assert.Equal(t, fmt.Sprintf("%s|baz:bam,foo:bar", dummyARNWithRole), key.ToString()) + + key = NewMasterKeyFromArn(dummyARN, context, "profile") + assert.Equal(t, fmt.Sprintf("%s|baz:bam,foo:bar|profile", dummyARN), key.ToString()) + + key = NewMasterKeyFromArn(dummyARNWithRole, context, "profile") + assert.Equal(t, fmt.Sprintf("%s|baz:bam,foo:bar|profile", dummyARNWithRole), key.ToString()) } func TestMasterKey_ToMap(t *testing.T) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sops-3.9.3/version/version.go new/sops-3.9.4/version/version.go --- old/sops-3.9.3/version/version.go 2024-12-31 13:27:00.000000000 +0100 +++ new/sops-3.9.4/version/version.go 2025-01-25 19:16:58.000000000 +0100 @@ -12,7 +12,7 @@ ) // Version represents the value of the current semantic version. -var Version = "3.9.3" +var Version = "3.9.4" // PrintVersion prints the current version of sops. If the flag // `--disable-version-check` is set, the function will not attempt ++++++ sops.obsinfo ++++++ --- /var/tmp/diff_new_pack.HyjKJV/_old 2025-01-27 20:54:02.675642653 +0100 +++ /var/tmp/diff_new_pack.HyjKJV/_new 2025-01-27 20:54:02.679642817 +0100 @@ -1,5 +1,5 @@ name: sops -version: 3.9.3 -mtime: 1735648020 -commit: 3721355cbdb77d80e0686b151d8d4a60f4a56c15 +version: 3.9.4 +mtime: 1737829018 +commit: e794c79e2fda8b4932cf74aded946868295e291b ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/sops/vendor.tar.gz /work/SRC/openSUSE:Factory/.sops.new.2316/vendor.tar.gz differ: char 5, line 1
