api: rename /api/versions to versionsapi and /api/attestationcfig to attestationconfigapi (#1876)

* rename to attestationconfigapi + put client and fetcher inside pkg

* rename api/version to versionsapi and put fetcher + client inside pkg

* rename AttestationConfigAPIFetcher to Fetcher

internal/api/attestationconfig/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "attestationconfig",
-    srcs = [
-        "azure.go",
-        "configapi.go",
-    ],
-    importpath = "github.com/edgelesssys/constellation/v2/internal/api/attestationconfig",
-    visibility = ["//:__subpackages__"],
-    deps = [
-        "//internal/constants",
-        "//internal/variant",
-    ],
-)

internal/api/attestationconfig/client/BUILD.bazel

@@ -1,34 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-load("//bazel/go:go_test.bzl", "go_test")
-
-go_library(
-    name = "client",
-    srcs = ["client.go"],
-    importpath = "github.com/edgelesssys/constellation/v2/internal/api/attestationconfig/client",
-    visibility = ["//:__subpackages__"],
-    deps = [
-        "//internal/api/attestationconfig",
-        "//internal/api/attestationconfig/fetcher",
-        "//internal/api/client",
-        "//internal/logger",
-        "//internal/sigstore",
-        "//internal/staticupload",
-        "//internal/variant",
-    ],
-)
-
-go_test(
-    name = "client_test",
-    srcs = ["client_test.go"],
-    # keep
-    count = 1,
-    embed = [":client"],
-    # keep
-    gotags = ["e2e"],
-    # keep
-    tags = ["manual"],
-    deps = [
-        "//internal/api/attestationconfig",
-        "@com_github_stretchr_testify//assert",
-    ],
-)

internal/api/attestationconfig/fetcher/BUILD.bazel

@@ -1,25 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-load("//bazel/go:go_test.bzl", "go_test")
-
-go_library(
-    name = "fetcher",
-    srcs = ["fetcher.go"],
-    importpath = "github.com/edgelesssys/constellation/v2/internal/api/attestationconfig/fetcher",
-    visibility = ["//:__subpackages__"],
-    deps = [
-        "//internal/api/attestationconfig",
-        "//internal/api/fetcher",
-        "//internal/constants",
-        "//internal/sigstore",
-    ],
-)
-
-go_test(
-    name = "fetcher_test",
-    srcs = ["fetcher_test.go"],
-    embed = [":fetcher"],
-    deps = [
-        "//internal/api/attestationconfig",
-        "@com_github_stretchr_testify//assert",
-    ],
-)

internal/api/attestationconfig/fetcher/fetcher.go

@@ -1,87 +0,0 @@
-/*
-Copyright (c) Edgeless Systems GmbH
-
-SPDX-License-Identifier: AGPL-3.0-only
-*/
-
-package fetcher
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-
-	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfig"
-	"github.com/edgelesssys/constellation/v2/internal/api/fetcher"
-	"github.com/edgelesssys/constellation/v2/internal/constants"
-	"github.com/edgelesssys/constellation/v2/internal/sigstore"
-)
-
-const cosignPublicKey = constants.CosignPublicKeyReleases
-
-// AttestationConfigAPIFetcher fetches config API resources without authentication.
-type AttestationConfigAPIFetcher interface {
-	FetchAzureSEVSNPVersion(ctx context.Context, azureVersion attestationconfig.AzureSEVSNPVersionAPI) (attestationconfig.AzureSEVSNPVersionAPI, error)
-	FetchAzureSEVSNPVersionList(ctx context.Context, attestation attestationconfig.AzureSEVSNPVersionList) (attestationconfig.AzureSEVSNPVersionList, error)
-	FetchAzureSEVSNPVersionLatest(ctx context.Context) (attestationconfig.AzureSEVSNPVersionAPI, error)
-}
-
-// Fetcher fetches AttestationCfg API resources without authentication.
-type Fetcher struct {
-	fetcher.HTTPClient
-}
-
-// New returns a new Fetcher.
-func New() *Fetcher {
-	return NewWithClient(fetcher.NewHTTPClient())
-}
-
-// NewWithClient returns a new Fetcher with custom http client.
-func NewWithClient(client fetcher.HTTPClient) *Fetcher {
-	return &Fetcher{client}
-}
-
-// FetchAzureSEVSNPVersionList fetches the version list information from the config API.
-func (f *Fetcher) FetchAzureSEVSNPVersionList(ctx context.Context, attestation attestationconfig.AzureSEVSNPVersionList) (attestationconfig.AzureSEVSNPVersionList, error) {
-	return fetcher.Fetch(ctx, f.HTTPClient, attestation)
-}
-
-// FetchAzureSEVSNPVersion fetches the version information from the config API.
-func (f *Fetcher) FetchAzureSEVSNPVersion(ctx context.Context, azureVersion attestationconfig.AzureSEVSNPVersionAPI) (attestationconfig.AzureSEVSNPVersionAPI, error) {
-	fetchedVersion, err := fetcher.Fetch(ctx, f.HTTPClient, azureVersion)
-	if err != nil {
-		return fetchedVersion, fmt.Errorf("fetch version %s: %w", fetchedVersion.Version, err)
-	}
-	versionBytes, err := json.Marshal(fetchedVersion)
-	if err != nil {
-		return fetchedVersion, fmt.Errorf("marshal version for verify %s: %w", azureVersion.Version, err)
-	}
-
-	signature, err := fetcher.Fetch(ctx, f.HTTPClient, attestationconfig.AzureSEVSNPVersionSignature{
-		Version: azureVersion.Version,
-	})
-	if err != nil {
-		return fetchedVersion, fmt.Errorf("fetch version %s signature: %w", azureVersion.Version, err)
-	}
-
-	err = sigstore.CosignVerifier{}.VerifySignature(versionBytes, signature.Signature, []byte(cosignPublicKey))
-	if err != nil {
-		return fetchedVersion, fmt.Errorf("verify version %s signature: %w", azureVersion.Version, err)
-	}
-	return fetchedVersion, nil
-}
-
-// FetchAzureSEVSNPVersionLatest returns the latest versions of the given type.
-func (f *Fetcher) FetchAzureSEVSNPVersionLatest(ctx context.Context) (res attestationconfig.AzureSEVSNPVersionAPI, err error) {
-	var list attestationconfig.AzureSEVSNPVersionList
-	list, err = f.FetchAzureSEVSNPVersionList(ctx, list)
-	if err != nil {
-		return res, fmt.Errorf("fetching versions list: %w", err)
-	}
-	get := attestationconfig.AzureSEVSNPVersionAPI{Version: list[0]} // get latest version (as sorted reversely alphanumerically)
-	get, err = f.FetchAzureSEVSNPVersion(ctx, get)
-	if err != nil {
-		return res, fmt.Errorf("fetching version: %w", err)
-	}
-	return get, nil
-}

internal/api/attestationconfigapi/BUILD.bazel

@@ -0,0 +1,33 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+load("//bazel/go:go_test.bzl", "go_test")
+
+go_library(
+    name = "attestationconfigapi",
+    srcs = [
+        "attestationconfigapi.go",
+        "azure.go",
+        "client.go",
+        "fetcher.go",
+    ],
+    importpath = "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi",
+    visibility = ["//:__subpackages__"],
+    deps = [
+        "//internal/api/client",
+        "//internal/api/fetcher",
+        "//internal/constants",
+        "//internal/logger",
+        "//internal/sigstore",
+        "//internal/staticupload",
+        "//internal/variant",
+    ],
+)
+
+go_test(
+    name = "attestationconfigapi_test",
+    srcs = [
+        "client_test.go",
+        "fetcher_test.go",
+    ],
+    embed = [":attestationconfigapi"],
+    deps = ["@com_github_stretchr_testify//assert"],
+)

internal/api/attestationconfigapi/attestationconfigapi.go

@@ -20,4 +20,4 @@ Thus, existing config types (AWSNitroTPM, AzureSEVSNP, ...) can not be extended
 Instead, we need a separate type that wraps _all_ attestation types. In the codebase this is done using the AttestationCfg interface.
 The new type AttestationCfgGet needs to be located inside internal/config in order to implement UnmarshalJSON.
 */
-package attestationconfig
+package attestationconfigapi

internal/api/attestationconfigapi/azure.go

@@ -4,7 +4,7 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-package attestationconfig
+package attestationconfigapi
 
 import (
 	"fmt"

internal/api/attestationconfigapi/client.go

@@ -3,7 +3,7 @@ Copyright (c) Edgeless Systems GmbH
 
 SPDX-License-Identifier: AGPL-3.0-only
 */
-package client
+package attestationconfigapi
 
 import (
 	"context"
@@ -12,8 +12,6 @@ import (
 	"sort"
 	"time"
 
-	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfig"
-	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfig/fetcher"
 	apiclient "github.com/edgelesssys/constellation/v2/internal/api/client"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/internal/sigstore"
@@ -27,11 +25,10 @@ type Client struct {
 	s3ClientClose func(ctx context.Context) error
 	bucketID      string
 	signer        sigstore.Signer
-	fetcher       fetcher.AttestationConfigAPIFetcher
 }
 
-// New returns a new Client.
-func New(ctx context.Context, cfg staticupload.Config, cosignPwd, privateKey []byte, dryRun bool, log *logger.Logger) (*Client, apiclient.CloseFunc, error) {
+// NewClient returns a new Client.
+func NewClient(ctx context.Context, cfg staticupload.Config, cosignPwd, privateKey []byte, dryRun bool, log *logger.Logger) (*Client, apiclient.CloseFunc, error) {
 	s3Client, clientClose, err := apiclient.NewClient(ctx, cfg.Region, cfg.Bucket, cfg.DistributionID, dryRun, log)
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to create s3 storage: %w", err)
@@ -42,13 +39,12 @@ func New(ctx context.Context, cfg staticupload.Config, cosignPwd, privateKey []b
 		s3ClientClose: clientClose,
 		signer:        sigstore.NewSigner(cosignPwd, privateKey),
 		bucketID:      cfg.Bucket,
-		fetcher:       fetcher.New(),
 	}
 	return repo, clientClose, nil
 }
 
 // UploadAzureSEVSNP uploads the latest version numbers of the Azure SEVSNP.
-func (a Client) UploadAzureSEVSNP(ctx context.Context, version attestationconfig.AzureSEVSNPVersion, date time.Time) error {
+func (a Client) UploadAzureSEVSNP(ctx context.Context, version AzureSEVSNPVersion, date time.Time) error {
 	versions, err := a.List(ctx, variant.AzureSEVSNP{})
 	if err != nil {
 		return fmt.Errorf("fetch version list: %w", err)
@@ -76,7 +72,7 @@ func (a Client) DeleteAzureSEVSNPVersion(ctx context.Context, versionStr string)
 // List returns the list of versions for the given attestation type.
 func (a Client) List(ctx context.Context, attestation variant.Variant) ([]string, error) {
 	if attestation.Equal(variant.AzureSEVSNP{}) {
-		versions, err := apiclient.Fetch(ctx, a.s3Client, attestationconfig.AzureSEVSNPVersionList{})
+		versions, err := apiclient.Fetch(ctx, a.s3Client, AzureSEVSNPVersionList{})
 		if err != nil {
 			return nil, err
 		}
@@ -85,16 +81,16 @@ func (a Client) List(ctx context.Context, attestation variant.Variant) ([]string
 	return nil, fmt.Errorf("unsupported attestation type: %s", attestation)
 }
 
-func (a Client) deleteAzureSEVSNPVersion(versions attestationconfig.AzureSEVSNPVersionList, versionStr string) (ops []crudCmd, err error) {
+func (a Client) deleteAzureSEVSNPVersion(versions AzureSEVSNPVersionList, versionStr string) (ops []crudCmd, err error) {
 	versionStr = versionStr + ".json"
 	ops = append(ops, deleteCmd{
-		apiObject: attestationconfig.AzureSEVSNPVersionAPI{
+		apiObject: AzureSEVSNPVersionAPI{
 			Version: versionStr,
 		},
 	})
 
 	ops = append(ops, deleteCmd{
-		apiObject: attestationconfig.AzureSEVSNPVersionSignature{
+		apiObject: AzureSEVSNPVersionSignature{
 			Version: versionStr,
 		},
 	})
@@ -109,10 +105,10 @@ func (a Client) deleteAzureSEVSNPVersion(versions attestationconfig.AzureSEVSNPV
 	return ops, nil
 }
 
-func (a Client) uploadAzureSEVSNP(versions attestationconfig.AzureSEVSNPVersion, versionNames []string, date time.Time) (res []crudCmd, err error) {
+func (a Client) uploadAzureSEVSNP(versions AzureSEVSNPVersion, versionNames []string, date time.Time) (res []crudCmd, err error) {
 	dateStr := date.Format("2006-01-02-15-04") + ".json"
 
-	res = append(res, putCmd{attestationconfig.AzureSEVSNPVersionAPI{Version: dateStr, AzureSEVSNPVersion: versions}})
+	res = append(res, putCmd{AzureSEVSNPVersionAPI{Version: dateStr, AzureSEVSNPVersion: versions}})
 
 	versionBytes, err := json.Marshal(versions)
 	if err != nil {
@@ -124,22 +120,22 @@ func (a Client) uploadAzureSEVSNP(versions attestationconfig.AzureSEVSNPVersion,
 	}
 	res = append(res, putCmd{signature})
 	newVersions := addVersion(versionNames, dateStr)
-	res = append(res, putCmd{attestationconfig.AzureSEVSNPVersionList(newVersions)})
+	res = append(res, putCmd{AzureSEVSNPVersionList(newVersions)})
 	return
 }
 
-func (a Client) createSignature(content []byte, dateStr string) (res attestationconfig.AzureSEVSNPVersionSignature, err error) {
+func (a Client) createSignature(content []byte, dateStr string) (res AzureSEVSNPVersionSignature, err error) {
 	signature, err := a.signer.Sign(content)
 	if err != nil {
 		return res, fmt.Errorf("sign version file: %w", err)
 	}
-	return attestationconfig.AzureSEVSNPVersionSignature{
+	return AzureSEVSNPVersionSignature{
 		Signature: signature,
 		Version:   dateStr,
 	}, nil
 }
 
-func removeVersion(versions attestationconfig.AzureSEVSNPVersionList, versionStr string) (removedVersions attestationconfig.AzureSEVSNPVersionList, err error) {
+func removeVersion(versions AzureSEVSNPVersionList, versionStr string) (removedVersions AzureSEVSNPVersionList, err error) {
 	for i, v := range versions {
 		if v == versionStr {
 			if i == len(versions)-1 {

internal/api/attestationconfigapi/client_test.go

@@ -3,13 +3,12 @@ Copyright (c) Edgeless Systems GmbH
 
 SPDX-License-Identifier: AGPL-3.0-only
 */
-package client
+package attestationconfigapi
 
 import (
 	"testing"
 	"time"
 
-	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfig"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -18,26 +17,26 @@ func TestUploadAzureSEVSNP(t *testing.T) {
 		bucketID: "bucket",
 		signer:   fakeSigner{},
 	}
-	version := attestationconfig.AzureSEVSNPVersion{}
+	version := AzureSEVSNPVersion{}
 	date := time.Date(2023, 1, 1, 1, 1, 1, 1, time.UTC)
 	ops, err := sut.uploadAzureSEVSNP(version, []string{"2021-01-01-01-01.json", "2019-01-01-01-01.json"}, date)
 	assert := assert.New(t)
 	assert.NoError(err)
 	dateStr := "2023-01-01-01-01.json"
 	assert.Contains(ops, putCmd{
-		apiObject: attestationconfig.AzureSEVSNPVersionAPI{
+		apiObject: AzureSEVSNPVersionAPI{
 			Version:            dateStr,
 			AzureSEVSNPVersion: version,
 		},
 	})
 	assert.Contains(ops, putCmd{
-		apiObject: attestationconfig.AzureSEVSNPVersionSignature{
+		apiObject: AzureSEVSNPVersionSignature{
 			Version:   dateStr,
 			Signature: []byte("signature"),
 		},
 	})
 	assert.Contains(ops, putCmd{
-		apiObject: attestationconfig.AzureSEVSNPVersionList([]string{"2023-01-01-01-01.json", "2021-01-01-01-01.json", "2019-01-01-01-01.json"}),
+		apiObject: AzureSEVSNPVersionList([]string{"2023-01-01-01-01.json", "2021-01-01-01-01.json", "2019-01-01-01-01.json"}),
 	})
 }
 
@@ -45,25 +44,25 @@ func TestDeleteAzureSEVSNPVersions(t *testing.T) {
 	sut := Client{
 		bucketID: "bucket",
 	}
-	versions := attestationconfig.AzureSEVSNPVersionList([]string{"2023-01-01.json", "2021-01-01.json", "2019-01-01.json"})
+	versions := AzureSEVSNPVersionList([]string{"2023-01-01.json", "2021-01-01.json", "2019-01-01.json"})
 
 	ops, err := sut.deleteAzureSEVSNPVersion(versions, "2021-01-01")
 
 	assert := assert.New(t)
 	assert.NoError(err)
 	assert.Contains(ops, deleteCmd{
-		apiObject: attestationconfig.AzureSEVSNPVersionAPI{
+		apiObject: AzureSEVSNPVersionAPI{
 			Version: "2021-01-01.json",
 		},
 	})
 	assert.Contains(ops, deleteCmd{
-		apiObject: attestationconfig.AzureSEVSNPVersionSignature{
+		apiObject: AzureSEVSNPVersionSignature{
 			Version: "2021-01-01.json",
 		},
 	})
 
 	assert.Contains(ops, putCmd{
-		apiObject: attestationconfig.AzureSEVSNPVersionList([]string{"2023-01-01.json", "2019-01-01.json"}),
+		apiObject: AzureSEVSNPVersionList([]string{"2023-01-01.json", "2019-01-01.json"}),
 	})
 }
 

internal/api/attestationconfigapi/fetcher.go

@@ -0,0 +1,86 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+package attestationconfigapi
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	apifetcher "github.com/edgelesssys/constellation/v2/internal/api/fetcher"
+	"github.com/edgelesssys/constellation/v2/internal/constants"
+	"github.com/edgelesssys/constellation/v2/internal/sigstore"
+)
+
+const cosignPublicKey = constants.CosignPublicKeyReleases
+
+// Fetcher fetches config API resources without authentication.
+type Fetcher interface {
+	FetchAzureSEVSNPVersion(ctx context.Context, azureVersion AzureSEVSNPVersionAPI) (AzureSEVSNPVersionAPI, error)
+	FetchAzureSEVSNPVersionList(ctx context.Context, attestation AzureSEVSNPVersionList) (AzureSEVSNPVersionList, error)
+	FetchAzureSEVSNPVersionLatest(ctx context.Context) (AzureSEVSNPVersionAPI, error)
+}
+
+// fetcher fetches AttestationCfg API resources without authentication.
+type fetcher struct {
+	apifetcher.HTTPClient
+}
+
+// NewFetcher returns a new apifetcher.
+func NewFetcher() Fetcher {
+	return NewFetcherWithClient(apifetcher.NewHTTPClient())
+}
+
+// NewFetcherWithClient returns a new fetcher with custom http client.
+func NewFetcherWithClient(client apifetcher.HTTPClient) Fetcher {
+	return &fetcher{client}
+}
+
+// FetchAzureSEVSNPVersionList fetches the version list information from the config API.
+func (f *fetcher) FetchAzureSEVSNPVersionList(ctx context.Context, attestation AzureSEVSNPVersionList) (AzureSEVSNPVersionList, error) {
+	return apifetcher.Fetch(ctx, f.HTTPClient, attestation)
+}
+
+// FetchAzureSEVSNPVersion fetches the version information from the config API.
+func (f *fetcher) FetchAzureSEVSNPVersion(ctx context.Context, azureVersion AzureSEVSNPVersionAPI) (AzureSEVSNPVersionAPI, error) {
+	fetchedVersion, err := apifetcher.Fetch(ctx, f.HTTPClient, azureVersion)
+	if err != nil {
+		return fetchedVersion, fmt.Errorf("fetch version %s: %w", fetchedVersion.Version, err)
+	}
+	versionBytes, err := json.Marshal(fetchedVersion)
+	if err != nil {
+		return fetchedVersion, fmt.Errorf("marshal version for verify %s: %w", azureVersion.Version, err)
+	}
+
+	signature, err := apifetcher.Fetch(ctx, f.HTTPClient, AzureSEVSNPVersionSignature{
+		Version: azureVersion.Version,
+	})
+	if err != nil {
+		return fetchedVersion, fmt.Errorf("fetch version %s signature: %w", azureVersion.Version, err)
+	}
+
+	err = sigstore.CosignVerifier{}.VerifySignature(versionBytes, signature.Signature, []byte(cosignPublicKey))
+	if err != nil {
+		return fetchedVersion, fmt.Errorf("verify version %s signature: %w", azureVersion.Version, err)
+	}
+	return fetchedVersion, nil
+}
+
+// FetchAzureSEVSNPVersionLatest returns the latest versions of the given type.
+func (f *fetcher) FetchAzureSEVSNPVersionLatest(ctx context.Context) (res AzureSEVSNPVersionAPI, err error) {
+	var list AzureSEVSNPVersionList
+	list, err = f.FetchAzureSEVSNPVersionList(ctx, list)
+	if err != nil {
+		return res, fmt.Errorf("fetching versions list: %w", err)
+	}
+	get := AzureSEVSNPVersionAPI{Version: list[0]} // get latest version (as sorted reversely alphanumerically)
+	get, err = f.FetchAzureSEVSNPVersion(ctx, get)
+	if err != nil {
+		return res, fmt.Errorf("fetching version: %w", err)
+	}
+	return get, nil
+}

internal/api/attestationconfigapi/fetcher_test.go

@@ -3,7 +3,7 @@ Copyright (c) Edgeless Systems GmbH
 
 SPDX-License-Identifier: AGPL-3.0-only
 */
-package fetcher
+package attestationconfigapi
 
 import (
 	"bytes"
@@ -14,12 +14,11 @@ import (
 	"net/http"
 	"testing"
 
-	configapi "github.com/edgelesssys/constellation/v2/internal/api/attestationconfig"
 	"github.com/stretchr/testify/assert"
 )
 
-var testCfg = configapi.AzureSEVSNPVersionAPI{
-	AzureSEVSNPVersion: configapi.AzureSEVSNPVersion{
+var testCfg = AzureSEVSNPVersionAPI{
+	AzureSEVSNPVersion: AzureSEVSNPVersion{
 		Microcode:  93,
 		TEE:        0,
 		SNP:        6,
@@ -31,7 +30,7 @@ func TestFetchLatestAzureSEVSNPVersion(t *testing.T) {
 	testcases := map[string]struct {
 		signature []byte
 		wantErr   bool
-		want      configapi.AzureSEVSNPVersionAPI
+		want      AzureSEVSNPVersionAPI
 	}{
 		"get version with valid signature": {
 			signature: []byte("MEQCIBPEbYg89MIQuaGStLhKGLGMKvKFoYCaAniDLwoIwulqAiB+rj7KMaMOMGxmUsjI7KheCXSNM8NzN+tuDw6AywI75A=="), // signed with release key
@@ -49,7 +48,7 @@ func TestFetchLatestAzureSEVSNPVersion(t *testing.T) {
 					signature: tc.signature,
 				},
 			}
-			fetcher := NewWithClient(client)
+			fetcher := NewFetcherWithClient(client)
 			res, err := fetcher.FetchAzureSEVSNPVersionLatest(context.Background())
 
 			assert := assert.New(t)
@@ -93,7 +92,7 @@ func (f *fakeConfigAPIHandler) RoundTrip(req *http.Request) (*http.Response, err
 
 	} else if req.URL.Path == "/constellation/v1/attestation/azure-sev-snp/2021-01-01-01-01.json.sig" {
 		res := &http.Response{}
-		obj := configapi.AzureSEVSNPVersionSignature{
+		obj := AzureSEVSNPVersionSignature{
 			Signature: f.signature,
 		}
 		bt, err := json.Marshal(obj)

internal/api/attestationconfigapi/test/integration_test.go

@@ -16,8 +16,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfig"
-	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfig/client"
+	attestationconfig "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/internal/staticupload"
 	"github.com/stretchr/testify/require"
@@ -76,7 +75,7 @@ var versionValues = attestationconfig.AzureSEVSNPVersion{
 
 func TestUploadAzureSEVSNPVersions(t *testing.T) {
 	ctx := context.Background()
-	client, clientClose, err := client.New(ctx, cfg, []byte(*cosignPwd), privateKey, false, logger.New(logger.PlainLog, zap.DebugLevel).Named("attestationconfig"))
+	client, clientClose, err := attestationconfig.NewClient(ctx, cfg, []byte(*cosignPwd), privateKey, false, logger.New(logger.PlainLog, zap.DebugLevel).Named("attestationconfig"))
 	require.NoError(t, err)
 	defer func() { _ = clientClose(ctx) }()
 	d := time.Date(2021, 1, 1, 1, 1, 1, 1, time.UTC)

internal/api/versions/client/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "client",
-    srcs = ["client.go"],
-    importpath = "github.com/edgelesssys/constellation/v2/internal/api/versions/client",
-    visibility = ["//:__subpackages__"],
-    deps = [
-        "//internal/api/client",
-        "//internal/api/versions",
-        "//internal/constants",
-        "//internal/logger",
-        "@org_golang_x_mod//semver",
-    ],
-)

internal/api/versions/fetcher/BUILD.bazel

@@ -1,25 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-load("//bazel/go:go_test.bzl", "go_test")
-
-go_library(
-    name = "fetcher",
-    srcs = ["fetcher.go"],
-    importpath = "github.com/edgelesssys/constellation/v2/internal/api/versions/fetcher",
-    visibility = ["//:__subpackages__"],
-    deps = [
-        "//internal/api/fetcher",
-        "//internal/api/versions",
-    ],
-)
-
-go_test(
-    name = "fetcher_test",
-    srcs = ["fetcher_test.go"],
-    embed = [":fetcher"],
-    deps = [
-        "//internal/api/versions",
-        "@com_github_stretchr_testify//assert",
-        "@com_github_stretchr_testify//require",
-        "@org_uber_go_goleak//:goleak",
-    ],
-)

internal/api/versionsapi/BUILD.bazel

@@ -2,38 +2,45 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library")
 load("//bazel/go:go_test.bzl", "go_test")
 
 go_library(
-    name = "versions",
+    name = "versionsapi",
     srcs = [
         "apiconstants.go",
+        "client.go",
         "cliinfo.go",
+        "fetcher.go",
         "imageinfo.go",
         "latest.go",
         "list.go",
         "version.go",
         "versionsapi.go",
     ],
-    importpath = "github.com/edgelesssys/constellation/v2/internal/api/versions",
+    importpath = "github.com/edgelesssys/constellation/v2/internal/api/versionsapi",
     visibility = ["//:__subpackages__"],
     deps = [
+        "//internal/api/client",
+        "//internal/api/fetcher",
         "//internal/constants",
+        "//internal/logger",
         "@org_golang_x_mod//semver",
     ],
 )
 
 go_test(
-    name = "versions_test",
+    name = "versionsapi_test",
     srcs = [
         "cliinfo_test.go",
+        "fetcher_test.go",
         "imageinfo_test.go",
         "latest_test.go",
         "list_test.go",
         "version_test.go",
     ],
-    embed = [":versions"],
+    embed = [":versionsapi"],
     deps = [
         "//internal/cloud/cloudprovider",
         "//internal/constants",
         "@com_github_stretchr_testify//assert",
         "@com_github_stretchr_testify//require",
+        "@org_uber_go_goleak//:goleak",
     ],
 )

internal/api/versionsapi/apiconstants.go

@@ -4,7 +4,7 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-package versions
+package versionsapi
 
 var (
 	// APIV1 is the v1 API version.

internal/api/versionsapi/cli/BUILD.bazel

@@ -9,12 +9,11 @@ go_library(
         "main.go",
         "rm.go",
     ],
-    importpath = "github.com/edgelesssys/constellation/v2/internal/api/versions/cli",
+    importpath = "github.com/edgelesssys/constellation/v2/internal/api/versionsapi/cli",
     visibility = ["//visibility:private"],
     deps = [
         "//internal/api/client",
-        "//internal/api/versions",
-        "//internal/api/versions/client",
+        "//internal/api/versionsapi",
         "//internal/constants",
         "//internal/logger",
         "@com_github_aws_aws_sdk_go_v2_config//:config",

internal/api/versionsapi/cli/add.go

@@ -12,8 +12,7 @@ import (
 	"fmt"
 
 	apiclient "github.com/edgelesssys/constellation/v2/internal/api/client"
-	versionsapi "github.com/edgelesssys/constellation/v2/internal/api/versions"
-	verclient "github.com/edgelesssys/constellation/v2/internal/api/versions/client"
+	"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/spf13/cobra"
 	"go.uber.org/zap/zapcore"
@@ -73,7 +72,7 @@ func runAdd(cmd *cobra.Command, _ []string) (retErr error) {
 	}
 
 	log.Debugf("Creating versions API client")
-	client, clientClose, err := verclient.NewClient(cmd.Context(), flags.region, flags.bucket, flags.distributionID, flags.dryRun, log)
+	client, clientClose, err := versionsapi.NewClient(cmd.Context(), flags.region, flags.bucket, flags.distributionID, flags.dryRun, log)
 	if err != nil {
 		return fmt.Errorf("creating client: %w", err)
 	}
@@ -105,7 +104,7 @@ func runAdd(cmd *cobra.Command, _ []string) (retErr error) {
 	return nil
 }
 
-func ensureVersion(ctx context.Context, client *verclient.VersionsClient, kind versionsapi.VersionKind, ver versionsapi.Version, gran versionsapi.Granularity,
+func ensureVersion(ctx context.Context, client *versionsapi.Client, kind versionsapi.VersionKind, ver versionsapi.Version, gran versionsapi.Granularity,
 	log *logger.Logger,
 ) error {
 	verListReq := versionsapi.List{
@@ -145,7 +144,7 @@ func ensureVersion(ctx context.Context, client *verclient.VersionsClient, kind v
 	return nil
 }
 
-func updateLatest(ctx context.Context, client *verclient.VersionsClient, kind versionsapi.VersionKind, ver versionsapi.Version, log *logger.Logger) error {
+func updateLatest(ctx context.Context, client *versionsapi.Client, kind versionsapi.VersionKind, ver versionsapi.Version, log *logger.Logger) error {
 	latest := versionsapi.Latest{
 		Ref:    ver.Ref,
 		Stream: ver.Stream,

internal/api/versionsapi/cli/latest.go

@@ -10,8 +10,7 @@ import (
 	"encoding/json"
 	"fmt"
 
-	versionsapi "github.com/edgelesssys/constellation/v2/internal/api/versions"
-	verclient "github.com/edgelesssys/constellation/v2/internal/api/versions/client"
+	"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/spf13/cobra"
 	"go.uber.org/zap/zapcore"
@@ -47,7 +46,7 @@ func runLatest(cmd *cobra.Command, _ []string) error {
 	}
 
 	log.Debugf("Creating versions API client")
-	client, clientClose, err := verclient.NewReadOnlyClient(cmd.Context(), flags.region, flags.bucket, flags.distributionID, log)
+	client, clientClose, err := versionsapi.NewReadOnlyClient(cmd.Context(), flags.region, flags.bucket, flags.distributionID, log)
 	if err != nil {
 		return fmt.Errorf("creating client: %w", err)
 	}

internal/api/versionsapi/cli/list.go

@@ -17,8 +17,7 @@ import (
 	"golang.org/x/mod/semver"
 
 	apiclient "github.com/edgelesssys/constellation/v2/internal/api/client"
-	versionsapi "github.com/edgelesssys/constellation/v2/internal/api/versions"
-	verclient "github.com/edgelesssys/constellation/v2/internal/api/versions/client"
+	"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 )
 
@@ -53,7 +52,7 @@ func runList(cmd *cobra.Command, _ []string) error {
 	}
 
 	log.Debugf("Creating versions API client")
-	client, clientClose, err := verclient.NewReadOnlyClient(cmd.Context(), flags.region, flags.bucket, flags.distributionID, log)
+	client, clientClose, err := versionsapi.NewReadOnlyClient(cmd.Context(), flags.region, flags.bucket, flags.distributionID, log)
 	if err != nil {
 		return fmt.Errorf("creating client: %w", err)
 	}
@@ -110,7 +109,7 @@ func runList(cmd *cobra.Command, _ []string) error {
 	return nil
 }
 
-func listMinorVersions(ctx context.Context, client *verclient.VersionsClient, ref string, stream string) ([]string, error) {
+func listMinorVersions(ctx context.Context, client *versionsapi.Client, ref string, stream string) ([]string, error) {
 	list := versionsapi.List{
 		Ref:         ref,
 		Stream:      stream,
@@ -126,7 +125,7 @@ func listMinorVersions(ctx context.Context, client *verclient.VersionsClient, re
 	return list.Versions, nil
 }
 
-func listPatchVersions(ctx context.Context, client *verclient.VersionsClient, ref string, stream string, minorVer []string,
+func listPatchVersions(ctx context.Context, client *versionsapi.Client, ref string, stream string, minorVer []string,
 ) ([]versionsapi.Version, error) {
 	var patchVers []versionsapi.Version
 

internal/api/versionsapi/cli/rm.go

@@ -25,8 +25,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/aws/smithy-go"
 	apiclient "github.com/edgelesssys/constellation/v2/internal/api/client"
-	versionsapi "github.com/edgelesssys/constellation/v2/internal/api/versions"
-	verclient "github.com/edgelesssys/constellation/v2/internal/api/versions/client"
+	"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	gaxv2 "github.com/googleapis/gax-go/v2"
 	"github.com/spf13/cobra"
@@ -102,7 +101,7 @@ func runRemove(cmd *cobra.Command, _ []string) (retErr error) {
 	}
 
 	log.Debugf("Creating versions API client")
-	verclient, verclientClose, err := verclient.NewClient(cmd.Context(), flags.region, flags.bucket, flags.distributionID, flags.dryrun, log)
+	verclient, verclientClose, err := versionsapi.NewClient(cmd.Context(), flags.region, flags.bucket, flags.distributionID, flags.dryrun, log)
 	if err != nil {
 		return fmt.Errorf("creating client: %w", err)
 	}
@@ -240,7 +239,7 @@ func deleteImage(ctx context.Context, clients rmImageClients, ver versionsapi.Ve
 }
 
 type rmImageClients struct {
-	version *verclient.VersionsClient
+	version *versionsapi.Client
 	gcp     *gcpClient
 	aws     *awsClient
 	az      *azureClient

internal/api/versionsapi/client.go

@@ -4,10 +4,7 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-/*
-Package client provides a versions API specific implementation of the general API client.
-*/
-package client
+package versionsapi
 
 import (
 	"context"
@@ -18,13 +15,12 @@ import (
 	"golang.org/x/mod/semver"
 
 	apiclient "github.com/edgelesssys/constellation/v2/internal/api/client"
-	versionsapi "github.com/edgelesssys/constellation/v2/internal/api/versions"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 )
 
-// VersionsClient is a client for the versions API.
-type VersionsClient struct {
+// Client is a client for the versions API.
+type Client struct {
 	*apiclient.Client
 	clientClose func(ctx context.Context) error
 }
@@ -32,9 +28,9 @@ type VersionsClient struct {
 // NewClient creates a new client for the versions API.
 func NewClient(ctx context.Context, region, bucket, distributionID string, dryRun bool,
 	log *logger.Logger,
-) (*VersionsClient, CloseFunc, error) {
+) (*Client, CloseFunc, error) {
 	genericClient, genericClientClose, err := apiclient.NewClient(ctx, region, bucket, distributionID, dryRun, log)
-	versionsClient := &VersionsClient{
+	versionsClient := &Client{
 		genericClient,
 		genericClientClose,
 	}
@@ -48,12 +44,12 @@ func NewClient(ctx context.Context, region, bucket, distributionID string, dryRu
 // This client can be used to fetch objects but cannot write updates.
 func NewReadOnlyClient(ctx context.Context, region, bucket, distributionID string,
 	log *logger.Logger,
-) (*VersionsClient, CloseFunc, error) {
+) (*Client, CloseFunc, error) {
 	genericClient, genericClientClose, err := apiclient.NewReadOnlyClient(ctx, region, bucket, distributionID, log)
 	if err != nil {
 		return nil, nil, err
 	}
-	versionsClient := &VersionsClient{
+	versionsClient := &Client{
 		genericClient,
 		genericClientClose,
 	}
@@ -64,7 +60,7 @@ func NewReadOnlyClient(ctx context.Context, region, bucket, distributionID strin
 }
 
 // Close closes the client.
-func (c *VersionsClient) Close(ctx context.Context) error {
+func (c *Client) Close(ctx context.Context) error {
 	if c.clientClose == nil {
 		return nil
 	}
@@ -72,49 +68,49 @@ func (c *VersionsClient) Close(ctx context.Context) error {
 }
 
 // FetchVersionList fetches the given version list from the versions API.
-func (c *VersionsClient) FetchVersionList(ctx context.Context, list versionsapi.List) (versionsapi.List, error) {
+func (c *Client) FetchVersionList(ctx context.Context, list List) (List, error) {
 	return apiclient.Fetch(ctx, c.Client, list)
 }
 
 // UpdateVersionList updates the given version list in the versions API.
-func (c *VersionsClient) UpdateVersionList(ctx context.Context, list versionsapi.List) error {
+func (c *Client) UpdateVersionList(ctx context.Context, list List) error {
 	semver.Sort(list.Versions)
 	return apiclient.Update(ctx, c.Client, list)
 }
 
 // FetchVersionLatest fetches the latest version from the versions API.
-func (c *VersionsClient) FetchVersionLatest(ctx context.Context, latest versionsapi.Latest) (versionsapi.Latest, error) {
+func (c *Client) FetchVersionLatest(ctx context.Context, latest Latest) (Latest, error) {
 	return apiclient.Fetch(ctx, c.Client, latest)
 }
 
 // UpdateVersionLatest updates the latest version in the versions API.
-func (c *VersionsClient) UpdateVersionLatest(ctx context.Context, latest versionsapi.Latest) error {
+func (c *Client) UpdateVersionLatest(ctx context.Context, latest Latest) error {
 	return apiclient.Update(ctx, c.Client, latest)
 }
 
 // FetchImageInfo fetches the given image info from the versions API.
-func (c *VersionsClient) FetchImageInfo(ctx context.Context, imageInfo versionsapi.ImageInfo) (versionsapi.ImageInfo, error) {
+func (c *Client) FetchImageInfo(ctx context.Context, imageInfo ImageInfo) (ImageInfo, error) {
 	return apiclient.Fetch(ctx, c.Client, imageInfo)
 }
 
 // UpdateImageInfo updates the given image info in the versions API.
-func (c *VersionsClient) UpdateImageInfo(ctx context.Context, imageInfo versionsapi.ImageInfo) error {
+func (c *Client) UpdateImageInfo(ctx context.Context, imageInfo ImageInfo) error {
 	return apiclient.Update(ctx, c.Client, imageInfo)
 }
 
 // FetchCLIInfo fetches the given CLI info from the versions API.
-func (c *VersionsClient) FetchCLIInfo(ctx context.Context, cliInfo versionsapi.CLIInfo) (versionsapi.CLIInfo, error) {
+func (c *Client) FetchCLIInfo(ctx context.Context, cliInfo CLIInfo) (CLIInfo, error) {
 	return apiclient.Fetch(ctx, c.Client, cliInfo)
 }
 
 // UpdateCLIInfo updates the given CLI info in the versions API.
-func (c *VersionsClient) UpdateCLIInfo(ctx context.Context, cliInfo versionsapi.CLIInfo) error {
+func (c *Client) UpdateCLIInfo(ctx context.Context, cliInfo CLIInfo) error {
 	return apiclient.Update(ctx, c.Client, cliInfo)
 }
 
 // DeleteRef deletes the given ref from the versions API.
-func (c *VersionsClient) DeleteRef(ctx context.Context, ref string) error {
-	if err := versionsapi.ValidateRef(ref); err != nil {
+func (c *Client) DeleteRef(ctx context.Context, ref string) error {
+	if err := ValidateRef(ref); err != nil {
 		return fmt.Errorf("validating ref: %w", err)
 	}
 
@@ -132,7 +128,7 @@ func (c *VersionsClient) DeleteRef(ctx context.Context, ref string) error {
 // Notice that the versions API can get into an inconsistent state if the version is the latest
 // version but there is no older version of the same minor version available.
 // Manual update of latest versions is required in this case.
-func (c *VersionsClient) DeleteVersion(ctx context.Context, ver versionsapi.Version) error {
+func (c *Client) DeleteVersion(ctx context.Context, ver Version) error {
 	var retErr error
 
 	c.Client.Log.Debugf("Deleting version %s from minor version list", ver.Version)
@@ -146,22 +142,22 @@ func (c *VersionsClient) DeleteVersion(ctx context.Context, ver versionsapi.Vers
 		retErr = errors.Join(retErr, fmt.Errorf("updating latest version: %w", err))
 	}
 
-	c.Client.Log.Debugf("Deleting artifact path %s for %s", ver.ArtifactPath(versionsapi.APIV1), ver.Version)
-	if err := c.Client.DeletePath(ctx, ver.ArtifactPath(versionsapi.APIV1)); err != nil {
+	c.Client.Log.Debugf("Deleting artifact path %s for %s", ver.ArtifactPath(APIV1), ver.Version)
+	if err := c.Client.DeletePath(ctx, ver.ArtifactPath(APIV1)); err != nil {
 		retErr = errors.Join(retErr, fmt.Errorf("deleting artifact path: %w", err))
 	}
 
 	return retErr
 }
 
-func (c *VersionsClient) deleteVersionFromMinorVersionList(ctx context.Context, ver versionsapi.Version,
-) (*versionsapi.Latest, error) {
-	minorList := versionsapi.List{
+func (c *Client) deleteVersionFromMinorVersionList(ctx context.Context, ver Version,
+) (*Latest, error) {
+	minorList := List{
 		Ref:         ver.Ref,
 		Stream:      ver.Stream,
-		Granularity: versionsapi.GranularityMinor,
-		Base:        ver.WithGranularity(versionsapi.GranularityMinor),
-		Kind:        versionsapi.VersionKindImage,
+		Granularity: GranularityMinor,
+		Base:        ver.WithGranularity(GranularityMinor),
+		Kind:        VersionKindImage,
 	}
 	c.Client.Log.Debugf("Fetching minor version list for version %s", ver.Version)
 	minorList, err := c.FetchVersionList(ctx, minorList)
@@ -188,12 +184,12 @@ func (c *VersionsClient) deleteVersionFromMinorVersionList(ctx context.Context,
 		}
 	}
 
-	var latest *versionsapi.Latest
+	var latest *Latest
 	if len(minorList.Versions) != 0 {
-		latest = &versionsapi.Latest{
+		latest = &Latest{
 			Ref:     ver.Ref,
 			Stream:  ver.Stream,
-			Kind:    versionsapi.VersionKindImage,
+			Kind:    VersionKindImage,
 			Version: minorList.Versions[len(minorList.Versions)-1],
 		}
 		c.Client.Log.Debugf("Possible latest version replacement %q", latest.Version)
@@ -213,12 +209,12 @@ func (c *VersionsClient) deleteVersionFromMinorVersionList(ctx context.Context,
 	return latest, nil
 }
 
-func (c *VersionsClient) deleteVersionFromLatest(ctx context.Context, ver versionsapi.Version, possibleNewLatest *versionsapi.Latest,
+func (c *Client) deleteVersionFromLatest(ctx context.Context, ver Version, possibleNewLatest *Latest,
 ) error {
-	latest := versionsapi.Latest{
+	latest := Latest{
 		Ref:    ver.Ref,
 		Stream: ver.Stream,
-		Kind:   versionsapi.VersionKindImage,
+		Kind:   VersionKindImage,
 	}
 	c.Client.Log.Debugf("Fetching latest version from %s", latest.JSONPath())
 	latest, err := c.FetchVersionLatest(ctx, latest)

internal/api/versionsapi/cliinfo.go

@@ -4,7 +4,7 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-package versions
+package versionsapi
 
 import (
 	"errors"

internal/api/versionsapi/cliinfo_test.go

@@ -4,7 +4,7 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-package versions
+package versionsapi
 
 import (
 	"testing"

internal/api/versionsapi/fetcher.go

@@ -4,13 +4,12 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-package fetcher
+package versionsapi
 
 import (
 	"context"
 
 	"github.com/edgelesssys/constellation/v2/internal/api/fetcher"
-	"github.com/edgelesssys/constellation/v2/internal/api/versions"
 )
 
 // Fetcher fetches version API resources without authentication.
@@ -18,27 +17,27 @@ type Fetcher struct {
 	fetcher.HTTPClient
 }
 
-// New returns a new Fetcher.
-func New() *Fetcher {
+// NewFetcher returns a new Fetcher.
+func NewFetcher() *Fetcher {
 	return &Fetcher{fetcher.NewHTTPClient()}
 }
 
 // FetchVersionList fetches the given version list from the versions API.
-func (f *Fetcher) FetchVersionList(ctx context.Context, list versions.List) (versions.List, error) {
+func (f *Fetcher) FetchVersionList(ctx context.Context, list List) (List, error) {
 	return fetcher.Fetch(ctx, f.HTTPClient, list)
 }
 
 // FetchVersionLatest fetches the latest version from the versions API.
-func (f *Fetcher) FetchVersionLatest(ctx context.Context, latest versions.Latest) (versions.Latest, error) {
+func (f *Fetcher) FetchVersionLatest(ctx context.Context, latest Latest) (Latest, error) {
 	return fetcher.Fetch(ctx, f.HTTPClient, latest)
 }
 
 // FetchImageInfo fetches the given image info from the versions API.
-func (f *Fetcher) FetchImageInfo(ctx context.Context, imageInfo versions.ImageInfo) (versions.ImageInfo, error) {
+func (f *Fetcher) FetchImageInfo(ctx context.Context, imageInfo ImageInfo) (ImageInfo, error) {
 	return fetcher.Fetch(ctx, f.HTTPClient, imageInfo)
 }
 
 // FetchCLIInfo fetches the given cli info from the versions API.
-func (f *Fetcher) FetchCLIInfo(ctx context.Context, cliInfo versions.CLIInfo) (versions.CLIInfo, error) {
+func (f *Fetcher) FetchCLIInfo(ctx context.Context, cliInfo CLIInfo) (CLIInfo, error) {
 	return fetcher.Fetch(ctx, f.HTTPClient, cliInfo)
 }

internal/api/versionsapi/fetcher_test.go

@@ -4,7 +4,7 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-package fetcher
+package versionsapi
 
 import (
 	"bytes"
@@ -14,7 +14,6 @@ import (
 	"net/http"
 	"testing"
 
-	versionsapi "github.com/edgelesssys/constellation/v2/internal/api/versions"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/goleak"
@@ -27,23 +26,23 @@ func TestMain(m *testing.M) {
 func TestFetchVersionList(t *testing.T) {
 	require := require.New(t)
 
-	majorList := func() *versionsapi.List {
-		return &versionsapi.List{
+	majorList := func() *List {
+		return &List{
 			Ref:         "test-ref",
 			Stream:      "nightly",
-			Granularity: versionsapi.GranularityMajor,
+			Granularity: GranularityMajor,
 			Base:        "v1",
-			Kind:        versionsapi.VersionKindImage,
+			Kind:        VersionKindImage,
 			Versions:    []string{"v1.0", "v1.1", "v1.2"},
 		}
 	}
-	minorList := func() *versionsapi.List {
-		return &versionsapi.List{
+	minorList := func() *List {
+		return &List{
 			Ref:         "test-ref",
 			Stream:      "nightly",
-			Granularity: versionsapi.GranularityMinor,
+			Granularity: GranularityMinor,
 			Base:        "v1.1",
-			Kind:        versionsapi.VersionKindImage,
+			Kind:        VersionKindImage,
 			Versions:    []string{"v1.1.0", "v1.1.1", "v1.1.2"},
 		}
 	}
@@ -57,19 +56,19 @@ func TestFetchVersionList(t *testing.T) {
 	require.NoError(err)
 
 	testCases := map[string]struct {
-		list       versionsapi.List
+		list       List
 		serverPath string
 		serverResp *http.Response
-		wantList   versionsapi.List
+		wantList   List
 		wantErr    bool
 	}{
 		"major list fetched": {
-			list: versionsapi.List{
+			list: List{
 				Ref:         "test-ref",
 				Stream:      "nightly",
-				Granularity: versionsapi.GranularityMajor,
+				Granularity: GranularityMajor,
 				Base:        "v1",
-				Kind:        versionsapi.VersionKindImage,
+				Kind:        VersionKindImage,
 			},
 			serverPath: "/constellation/v1/ref/test-ref/stream/nightly/versions/major/v1/image.json",
 			serverResp: &http.Response{
@@ -79,12 +78,12 @@ func TestFetchVersionList(t *testing.T) {
 			wantList: *majorList(),
 		},
 		"minor list fetched": {
-			list: versionsapi.List{
+			list: List{
 				Ref:         "test-ref",
 				Stream:      "nightly",
-				Granularity: versionsapi.GranularityMinor,
+				Granularity: GranularityMinor,
 				Base:        "v1.1",
-				Kind:        versionsapi.VersionKindImage,
+				Kind:        VersionKindImage,
 			},
 			serverPath: "/constellation/v1/ref/test-ref/stream/nightly/versions/minor/v1.1/image.json",
 			serverResp: &http.Response{
@@ -94,32 +93,32 @@ func TestFetchVersionList(t *testing.T) {
 			wantList: *minorList(),
 		},
 		"list does not exist": {
-			list: versionsapi.List{
+			list: List{
 				Ref:         "another-ref",
 				Stream:      "nightly",
-				Granularity: versionsapi.GranularityMajor,
+				Granularity: GranularityMajor,
 				Base:        "v1",
-				Kind:        versionsapi.VersionKindImage,
+				Kind:        VersionKindImage,
 			},
 			wantErr: true,
 		},
 		"invalid list requested": {
-			list: versionsapi.List{
+			list: List{
 				Ref:         "",
 				Stream:      "unknown",
-				Granularity: versionsapi.GranularityMajor,
+				Granularity: GranularityMajor,
 				Base:        "v1",
-				Kind:        versionsapi.VersionKindImage,
+				Kind:        VersionKindImage,
 			},
 			wantErr: true,
 		},
 		"unexpected error code": {
-			list: versionsapi.List{
+			list: List{
 				Ref:         "test-ref",
 				Stream:      "nightly",
-				Granularity: versionsapi.GranularityMajor,
+				Granularity: GranularityMajor,
 				Base:        "v1",
-				Kind:        versionsapi.VersionKindImage,
+				Kind:        VersionKindImage,
 			},
 			serverPath: "/constellation/v1/ref/test-ref/stream/nightly/versions/major/v1/image.json",
 			serverResp: &http.Response{
@@ -129,12 +128,12 @@ func TestFetchVersionList(t *testing.T) {
 			wantErr: true,
 		},
 		"invalid json returned": {
-			list: versionsapi.List{
+			list: List{
 				Ref:         "test-ref",
 				Stream:      "nightly",
-				Granularity: versionsapi.GranularityMajor,
+				Granularity: GranularityMajor,
 				Base:        "v1",
-				Kind:        versionsapi.VersionKindImage,
+				Kind:        VersionKindImage,
 			},
 			serverPath: "/constellation/v1/ref/test-ref/stream/nightly/versions/major/v1/image.json",
 			serverResp: &http.Response{
@@ -144,12 +143,12 @@ func TestFetchVersionList(t *testing.T) {
 			wantErr: true,
 		},
 		"invalid list returned": {
-			list: versionsapi.List{
+			list: List{
 				Ref:         "test-ref",
 				Stream:      "nightly",
-				Granularity: versionsapi.GranularityMajor,
+				Granularity: GranularityMajor,
 				Base:        "v2",
-				Kind:        versionsapi.VersionKindImage,
+				Kind:        VersionKindImage,
 			},
 			serverPath: "/constellation/v1/ref/test-ref/stream/nightly/versions/major/v2/image.json",
 			serverResp: &http.Response{
@@ -160,12 +159,12 @@ func TestFetchVersionList(t *testing.T) {
 		},
 		// TODO(katexochen): Remove or find strategy to implement this check in a generic way
 		// "response does not match request": {
-		// 	list: versionsapi.List{
+		// 	list: List{
 		// 		Ref:         "test-ref",
 		// 		Stream:      "nightly",
-		// 		Granularity: versionsapi.GranularityMajor,
+		// 		Granularity: GranularityMajor,
 		// 		Base:        "v3",
-		// 		Kind:        versionsapi.VersionKindImage,
+		// 		Kind:        VersionKindImage,
 		// 	},
 		// 	serverPath: "/constellation/v1/ref/test-ref/stream/nightly/versions/major/v3/image.json",
 		// 	serverResp: &http.Response{

internal/api/versionsapi/imageinfo.go

@@ -4,7 +4,7 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-package versions
+package versionsapi
 
 import (
 	"errors"

internal/api/versionsapi/imageinfo_test.go

@@ -4,7 +4,7 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-package versions
+package versionsapi
 
 import (
 	"testing"

internal/api/versionsapi/latest.go

@@ -4,7 +4,7 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-package versions
+package versionsapi
 
 import (
 	"errors"

internal/api/versionsapi/latest_test.go

@@ -4,7 +4,7 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-package versions
+package versionsapi
 
 import (
 	"testing"

internal/api/versionsapi/list.go

@@ -4,7 +4,7 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-package versions
+package versionsapi
 
 import (
 	"errors"

internal/api/versionsapi/list_test.go

@@ -4,7 +4,7 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-package versions
+package versionsapi
 
 import (
 	"testing"

internal/api/versionsapi/version.go

@@ -4,7 +4,7 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-package versions
+package versionsapi
 
 import (
 	"encoding/json"

internal/api/versionsapi/version_test.go

@@ -4,7 +4,7 @@ Copyright (c) Edgeless Systems GmbH
 SPDX-License-Identifier: AGPL-3.0-only
 */
 
-package versions
+package versionsapi
 
 import (
 	"fmt"

internal/api/versionsapi/versionsapi.go

@@ -17,4 +17,4 @@ in these helper methods.
 The package also provides helper functions that can be used in context of the versions API,
 e.g. to validate versions.
 */
-package versions
+package versionsapi