keyservice: move kms code to internal/kms

Recovery (disk-mapper) and init (bootstrapper)
will have to work with multiple external KMSes
in the future.

bootstrapper/internal/initserver/initserver.go

@@ -22,6 +22,8 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/file"
 	"github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials"
 	"github.com/edgelesssys/constellation/v2/internal/grpc/grpclog"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms"
+	kmsSetup "github.com/edgelesssys/constellation/v2/internal/kms/setup"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/internal/nodestate"
 	"github.com/edgelesssys/constellation/v2/internal/role"

cli/internal/cmd/init.go

@@ -30,10 +30,10 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/file"
 	"github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
 	grpcRetry "github.com/edgelesssys/constellation/v2/internal/grpc/retry"
+	keyservice "github.com/edgelesssys/constellation/v2/internal/kms/setup"
 	"github.com/edgelesssys/constellation/v2/internal/license"
 	"github.com/edgelesssys/constellation/v2/internal/retry"
 	"github.com/edgelesssys/constellation/v2/internal/versions"
-	keyservice "github.com/edgelesssys/constellation/v2/keyservice/setup"
 	"github.com/spf13/afero"
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc"

internal/kms/kms/aws/aws.go

@@ -17,10 +17,10 @@ import (
 	awsconfig "github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/service/kms"
 	"github.com/aws/aws-sdk-go-v2/service/kms/types"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/config"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/storage"
-	kmsInterface "github.com/edgelesssys/constellation/v2/keyservice/kms"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms/util"
+	"github.com/edgelesssys/constellation/v2/internal/kms/config"
+	kmsInterface "github.com/edgelesssys/constellation/v2/internal/kms/kms"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms/util"
+	"github.com/edgelesssys/constellation/v2/internal/kms/storage"
 )
 
 const (

internal/kms/kms/aws/aws_test.go

@@ -22,9 +22,9 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/kms"
 	"github.com/aws/aws-sdk-go-v2/service/kms/types"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/config"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/storage"
-	kmsInterface "github.com/edgelesssys/constellation/v2/keyservice/kms"
+	"github.com/edgelesssys/constellation/v2/internal/kms/config"
+	kmsInterface "github.com/edgelesssys/constellation/v2/internal/kms/kms"
+	"github.com/edgelesssys/constellation/v2/internal/kms/storage"
 	"github.com/stretchr/testify/assert"
 	"go.uber.org/goleak"
 )

internal/kms/kms/azure/azure.go

@@ -17,10 +17,10 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys"
 	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/config"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/storage"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms/util"
+	"github.com/edgelesssys/constellation/v2/internal/kms/config"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms/util"
+	"github.com/edgelesssys/constellation/v2/internal/kms/storage"
 )
 
 const (

internal/kms/kms/azure/azure_test.go

@@ -14,8 +14,8 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/storage"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms"
+	"github.com/edgelesssys/constellation/v2/internal/kms/storage"
 	"github.com/stretchr/testify/assert"
 	"go.uber.org/goleak"
 )

internal/kms/kms/azure/hsm.go

@@ -15,10 +15,10 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/config"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/storage"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms/util"
+	"github.com/edgelesssys/constellation/v2/internal/kms/config"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms/util"
+	"github.com/edgelesssys/constellation/v2/internal/kms/storage"
 )
 
 type hsmClientAPI interface {

internal/kms/kms/azure/hsm_test.go

@@ -13,8 +13,8 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/storage"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms"
+	"github.com/edgelesssys/constellation/v2/internal/kms/storage"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

internal/kms/kms/gcp/gcp.go

@@ -19,10 +19,10 @@ import (
 
 	kms "cloud.google.com/go/kms/apiv1"
 	"cloud.google.com/go/kms/apiv1/kmspb"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/config"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/storage"
-	kmsInterface "github.com/edgelesssys/constellation/v2/keyservice/kms"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms/util"
+	"github.com/edgelesssys/constellation/v2/internal/kms/config"
+	kmsInterface "github.com/edgelesssys/constellation/v2/internal/kms/kms"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms/util"
+	"github.com/edgelesssys/constellation/v2/internal/kms/storage"
 	"github.com/googleapis/gax-go/v2"
 	"google.golang.org/api/option"
 	"google.golang.org/grpc/codes"

internal/kms/kms/gcp/gcp_test.go

@@ -12,9 +12,9 @@ import (
 	"testing"
 
 	"cloud.google.com/go/kms/apiv1/kmspb"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/storage"
-	kmsInterface "github.com/edgelesssys/constellation/v2/keyservice/kms"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms/util"
+	kmsInterface "github.com/edgelesssys/constellation/v2/internal/kms/kms"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms/util"
+	"github.com/edgelesssys/constellation/v2/internal/kms/storage"
 	"github.com/googleapis/gax-go/v2"
 	"github.com/stretchr/testify/assert"
 	"go.uber.org/goleak"

internal/kms/setup/setup.go

@@ -14,12 +14,12 @@ import (
 	"strconv"
 
 	"cloud.google.com/go/kms/apiv1/kmspb"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/storage"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms/aws"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms/azure"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms/cluster"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms/gcp"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms/aws"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms/azure"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms/cluster"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms/gcp"
+	"github.com/edgelesssys/constellation/v2/internal/kms/storage"
 )
 
 // Well known endpoints for KMS services.
@@ -28,7 +28,7 @@ const (
 	AzureKMSURI   = "kms://azure-kms?name=%s&type=%s"
 	AzureHSMURI   = "kms://azure-hsm?name=%s"
 	GCPKMSURI     = "kms://gcp?project=%s&location=%s&keyRing=%s&protectionLvl=%s"
-	ClusterKMSURI = "kms://cluster-kms"
+	ClusterKMSURI = "kms://cluster-kms?key=%s&salt=%s"
 	AWSS3URI      = "storage://aws?bucket=%s"
 	AzureBlobURI  = "storage://azure?container=%s&connectionString=%s"
 	GCPStorageURI = "storage://gcp?projects=%s&bucket=%s"

internal/kms/storage/awss3storage.go

@@ -16,7 +16,7 @@ import (
 	awsconfig "github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/config"
+	"github.com/edgelesssys/constellation/v2/internal/kms/config"
 )
 
 type awsS3ClientAPI interface {

internal/kms/storage/azurestorage.go

@@ -16,7 +16,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/blob"
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/bloberror"
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/container"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/config"
+	"github.com/edgelesssys/constellation/v2/internal/kms/config"
 )
 
 type azureBlobAPI interface {

keyservice/cmd/main.go

@@ -18,9 +18,9 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/crypto"
 	"github.com/edgelesssys/constellation/v2/internal/file"
+	"github.com/edgelesssys/constellation/v2/internal/kms/setup"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/keyservice/internal/server"
-	"github.com/edgelesssys/constellation/v2/keyservice/setup"
 	"github.com/spf13/afero"
 	"go.uber.org/zap"
 )

keyservice/internal/server/server.go

@@ -14,9 +14,9 @@ import (
 
 	"github.com/edgelesssys/constellation/v2/internal/crypto"
 	"github.com/edgelesssys/constellation/v2/internal/grpc/grpclog"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/keyservice/keyserviceproto"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 	"google.golang.org/grpc"

keyservice/internal/test/aws_test.go

@@ -19,9 +19,9 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/kms"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
-	kmsconfig "github.com/edgelesssys/constellation/v2/keyservice/internal/config"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/storage"
-	awsInterface "github.com/edgelesssys/constellation/v2/keyservice/kms/aws"
+	kmsconfig "github.com/edgelesssys/constellation/v2/internal/kms/config"
+	awsInterface "github.com/edgelesssys/constellation/v2/internal/kms/kms/aws"
+	"github.com/edgelesssys/constellation/v2/internal/kms/storage"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

keyservice/internal/test/azure_test.go

@@ -13,9 +13,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/config"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/storage"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms/azure"
+	"github.com/edgelesssys/constellation/v2/internal/kms/config"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms/azure"
+	"github.com/edgelesssys/constellation/v2/internal/kms/storage"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

keyservice/internal/test/gcp_test.go

@@ -14,9 +14,9 @@ import (
 	"time"
 
 	"cloud.google.com/go/kms/apiv1/kmspb"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/config"
-	"github.com/edgelesssys/constellation/v2/keyservice/internal/storage"
-	"github.com/edgelesssys/constellation/v2/keyservice/kms/gcp"
+	"github.com/edgelesssys/constellation/v2/internal/kms/config"
+	"github.com/edgelesssys/constellation/v2/internal/kms/kms/gcp"
+	"github.com/edgelesssys/constellation/v2/internal/kms/storage"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )