kms: rename kms to keyservice

In the light of extending our eKMS support it will be helpful to have a tighter use of the word "KMS". KMS should refer to the actual component that manages keys. The keyservice, also called KMS in the constellation code, does not manage keys itself. It talks to a KMS backend, which in turn does the actual key management.
2025-08-03 20:44:14 -04:00 · 2023-01-11 10:08:57 +01:00 · 2023-01-11 10:08:57 +01:00 · 90b88e1cf9
commit 90b88e1cf9
parent 67f8336b9d
101 changed files with 313 additions and 319 deletions
--- a/joinservice/README.md
+++ b/joinservice/README.md
@ -34,7 +34,7 @@ sequenceDiagram

 ### [internal/kms](./internal/kms/)

-Implements interaction with Constellation's key management service.
+Implements interaction with Constellation's keyservice.
 This is needed for fetching data encryption keys for joining nodes.

 ### [internal/kubeadm](./internal/kubeadm/)
--- a/joinservice/cmd/main.go
+++ b/joinservice/cmd/main.go
@ -40,7 +40,7 @@ const vpcIPTimeout = 30 * time.Second

 func main() {
 	provider := flag.String("cloud-provider", "", "cloud service provider this binary is running on")
-	kmsEndpoint := flag.String("kms-endpoint", "", "endpoint of Constellations key management service")
+	keyserviceEndpoint := flag.String("keyservice-endpoint", "", "endpoint of Constellations key management service")
 	verbosity := flag.Int("v", 0, logger.CmdLineVerbosityDescription)
 	flag.Parse()

@ -78,7 +78,7 @@ func main() {
 	if err != nil {
 		log.With(zap.Error(err)).Fatalf("Failed to create kubeadm")
 	}
-	kms := kms.New(log.Named("kms"), *kmsEndpoint)
+	keyserviceClient := kms.New(log.Named("keyserviceClient"), *keyserviceEndpoint)

 	measurementSalt, err := handler.Read(filepath.Join(constants.ServiceBasePath, constants.MeasurementSaltFilename))
 	if err != nil {
@ -89,7 +89,7 @@ func main() {
 		measurementSalt,
 		kubernetesca.New(log.Named("certificateAuthority"), handler),
 		kubeadm,
-		kms,
+		keyserviceClient,
 		log.Named("server"),
 	)
 	if err != nil {
--- a/joinservice/internal/kms/kms.go
+++ b/joinservice/internal/kms/kms.go
@ -11,13 +11,13 @@ import (
 	"fmt"

 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/kms/kmsproto"
+	"github.com/edgelesssys/constellation/v2/keyservice/keyserviceproto"
 	"go.uber.org/zap"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 )

-// Client interacts with Constellation's key management service.
+// Client interacts with Constellation's keyservice.
 type Client struct {
 	log      *logger.Logger
 	endpoint string
@ -48,7 +48,7 @@ func (c Client) GetDataKey(ctx context.Context, keyID string, length int) ([]byt
 	log.Infof("Requesting data key")
 	res, err := c.grpc.GetDataKey(
 		ctx,
-		&kmsproto.GetDataKeyRequest{
+		&keyserviceproto.GetDataKeyRequest{
 			DataKeyId: keyID,
 			Length:    uint32(length),
 		},
@ -63,11 +63,11 @@ func (c Client) GetDataKey(ctx context.Context, keyID string, length int) ([]byt
 }

 type grpcClient interface {
-	GetDataKey(context.Context, *kmsproto.GetDataKeyRequest, *grpc.ClientConn) (*kmsproto.GetDataKeyResponse, error)
+	GetDataKey(context.Context, *keyserviceproto.GetDataKeyRequest, *grpc.ClientConn) (*keyserviceproto.GetDataKeyResponse, error)
 }

 type client struct{}

-func (c client) GetDataKey(ctx context.Context, req *kmsproto.GetDataKeyRequest, conn *grpc.ClientConn) (*kmsproto.GetDataKeyResponse, error) {
-	return kmsproto.NewAPIClient(conn).GetDataKey(ctx, req)
+func (c client) GetDataKey(ctx context.Context, req *keyserviceproto.GetDataKeyRequest, conn *grpc.ClientConn) (*keyserviceproto.GetDataKeyResponse, error) {
+	return keyserviceproto.NewAPIClient(conn).GetDataKey(ctx, req)
 }
--- a/joinservice/internal/kms/kms_test.go
+++ b/joinservice/internal/kms/kms_test.go
@ -12,7 +12,7 @@ import (
 	"testing"

 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/edgelesssys/constellation/v2/kms/kmsproto"
+	"github.com/edgelesssys/constellation/v2/keyservice/keyserviceproto"
 	"github.com/stretchr/testify/assert"
 	"go.uber.org/goleak"
 	"google.golang.org/grpc"
@ -24,8 +24,8 @@ type stubClient struct {
 	dataKey       []byte
 }

-func (c *stubClient) GetDataKey(context.Context, *kmsproto.GetDataKeyRequest, *grpc.ClientConn) (*kmsproto.GetDataKeyResponse, error) {
-	return &kmsproto.GetDataKeyResponse{DataKey: c.dataKey}, c.getDataKeyErr
+func (c *stubClient) GetDataKey(context.Context, *keyserviceproto.GetDataKeyRequest, *grpc.ClientConn) (*keyserviceproto.GetDataKeyResponse, error) {
+	return &keyserviceproto.GetDataKeyResponse{DataKey: c.dataKey}, c.getDataKeyErr
 }

 func TestMain(m *testing.M) {