internal: refactor storage credentials (#1071)

* Move storage clients to separate packages * Allow setting of client credentials for AWS S3 * Use managed identity client secret or default credentials for Azure Blob Storage * Use credentials file to authorize GCS client --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-05-02 06:16:08 -04:00 · 2023-03-02 15:08:31 +01:00 · 2023-03-02 15:08:31 +01:00 · 5eb73706f5
commit 5eb73706f5
parent 96b4b74a7a
30 changed files with 857 additions and 1130 deletions
--- a/cli/internal/cmd/init_test.go
+++ b/cli/internal/cmd/init_test.go
@ -18,9 +18,6 @@ import (
 	"testing"
 	"time"

-	kmssetup "github.com/edgelesssys/constellation/v2/internal/kms/setup"
-	"github.com/edgelesssys/constellation/v2/internal/versions"
-
 	"github.com/edgelesssys/constellation/v2/bootstrapper/initproto"
 	"github.com/edgelesssys/constellation/v2/cli/internal/cloudcmd"
 	"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
@ -33,9 +30,11 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials"
 	"github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
 	"github.com/edgelesssys/constellation/v2/internal/grpc/testdialer"
+	"github.com/edgelesssys/constellation/v2/internal/kms/uri"
 	"github.com/edgelesssys/constellation/v2/internal/license"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/internal/oid"
+	"github.com/edgelesssys/constellation/v2/internal/versions"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@ -193,7 +192,7 @@ func TestInitialize(t *testing.T) {
 			require.NoError(err)
 			// assert.Contains(out.String(), base64.StdEncoding.EncodeToString([]byte("ownerID")))
 			assert.Contains(out.String(), hex.EncodeToString([]byte("clusterID")))
-			var secret kmssetup.MasterSecret
+			var secret uri.MasterSecret
 			assert.NoError(fileHandler.ReadJSON(constants.MasterSecretFilename, &secret))
 			assert.NotEmpty(secret.Key)
 			assert.NotEmpty(secret.Salt)
@ -288,7 +287,7 @@ func TestReadOrGenerateMasterSecret(t *testing.T) {
 			createFileFunc: func(handler file.Handler) error {
 				return handler.WriteJSON(
 					"someSecret",
-					kmssetup.MasterSecret{Key: []byte("constellation-master-secret"), Salt: []byte("constellation-32Byte-length-salt")},
+					uri.MasterSecret{Key: []byte("constellation-master-secret"), Salt: []byte("constellation-32Byte-length-salt")},
 					file.OptNone,
 				)
 			},
@ -319,7 +318,7 @@ func TestReadOrGenerateMasterSecret(t *testing.T) {
 			createFileFunc: func(handler file.Handler) error {
 				return handler.WriteJSON(
 					"shortSecret",
-					kmssetup.MasterSecret{Key: []byte("constellation-master-secret"), Salt: []byte("short")},
+					uri.MasterSecret{Key: []byte("constellation-master-secret"), Salt: []byte("short")},
 					file.OptNone,
 				)
 			},
@ -331,7 +330,7 @@ func TestReadOrGenerateMasterSecret(t *testing.T) {
 			createFileFunc: func(handler file.Handler) error {
 				return handler.WriteJSON(
 					"shortSecret",
-					kmssetup.MasterSecret{Key: []byte("short"), Salt: []byte("constellation-32Byte-length-salt")},
+					uri.MasterSecret{Key: []byte("short"), Salt: []byte("constellation-32Byte-length-salt")},
 					file.OptNone,
 				)
 			},
@ -377,7 +376,7 @@ func TestReadOrGenerateMasterSecret(t *testing.T) {
 					tc.filename = strings.Trim(filename[1], "\n")
 				}

-				var masterSecret kmssetup.MasterSecret
+				var masterSecret uri.MasterSecret
 				require.NoError(fileHandler.ReadJSON(tc.filename, &masterSecret))
 				assert.Equal(masterSecret.Key, secret.Key)
 				assert.Equal(masterSecret.Salt, secret.Salt)