mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
Update module github.com/Azure/azure-sdk-for-go/sdk/keyvault (#267)
* Update module github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys to v0.8.1 * Update module github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets to v0.10.1 * Adjust Azure KMS opts struct * Update kms readme formatting Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This commit is contained in:
parent
9af0640aad
commit
9a1d795597
6
go.mod
6
go.mod
@ -39,8 +39,8 @@ require (
|
||||
cloud.google.com/go/storage v1.23.0
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.4
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.6.0
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.8.0
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.8.1
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.10.1
|
||||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/applicationinsights/armapplicationinsights v1.0.0
|
||||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v2 v2.0.0
|
||||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0
|
||||
@ -118,7 +118,7 @@ require (
|
||||
cloud.google.com/go/iam v0.3.0 // indirect
|
||||
code.cloudfoundry.org/clock v0.0.0-20180518195852-02e53af36e6c // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 // indirect
|
||||
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
|
||||
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
|
||||
github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 // indirect
|
||||
|
12
go.sum
12
go.sum
@ -114,12 +114,12 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4Sath
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.6.0 h1:3Onh5qkCDHpIJplrRI/DbbzWPnFKHRjQV4idRwLrghQ=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.6.0/go.mod h1:y8KaF8j2nkUhLFJPccRG+vCxSKF22wZEit6pMINlvEo=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.8.0 h1:A6Kf8v5DPFR+V7/qQOefHEU8W71OBVJvXu7UO0EHJkA=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.8.0/go.mod h1:u5EGU7cPuj/T2qhJWXDbWgv0dy3ORAEaAzR1zP6p4X8=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 h1:9cn6ICCGiWFNA/slKnrkf+ENyvaCRKHtuoGtnLIAgao=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.8.1 h1:11WqUxXzxqALlSLk0z69I/cA8VlQYu7qgA5mUMBiiyE=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.8.1/go.mod h1:EAyXOW1F6BTJPiK2pDvmnvxOHPxoTYWoqBeIlql+QhI=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.10.1 h1:AhZnZn4kUKz36bHJ8AK/FH2tH/q3CAkG+Gme+2ibuak=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.10.1/go.mod h1:S78i9yTr4o/nXlH76bKjGUye9Z2wSxO5Tz7GoDr4vfI=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 h1:Lg6BW0VPmCwcMlvOviL3ruHFO+H9tZNqscK0AeuFjGM=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/applicationinsights/armapplicationinsights v1.0.0 h1:BpGGvzarSyE7kQF1x1hptUcGmNzZEE3yYI+uqBSNRxk=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/applicationinsights/armapplicationinsights v1.0.0/go.mod h1:1ijUM40peD7YK5MFEJja2wjjp4eimFNWv0NXoY3nsZM=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute v1.0.0 h1:/Di3vB4sNeQ+7A8efjUVENvyB945Wruvstucqp7ZArg=
|
||||
|
@ -63,9 +63,9 @@ require (
|
||||
cloud.google.com/go/kms v1.4.0 // indirect
|
||||
cloud.google.com/go/storage v1.23.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.6.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.8.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.8.1 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.10.1 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1 // indirect
|
||||
github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 // indirect
|
||||
|
12
hack/go.sum
12
hack/go.sum
@ -106,12 +106,12 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4Sath
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.6.0 h1:3Onh5qkCDHpIJplrRI/DbbzWPnFKHRjQV4idRwLrghQ=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.6.0/go.mod h1:y8KaF8j2nkUhLFJPccRG+vCxSKF22wZEit6pMINlvEo=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.8.0 h1:A6Kf8v5DPFR+V7/qQOefHEU8W71OBVJvXu7UO0EHJkA=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.8.0/go.mod h1:u5EGU7cPuj/T2qhJWXDbWgv0dy3ORAEaAzR1zP6p4X8=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 h1:9cn6ICCGiWFNA/slKnrkf+ENyvaCRKHtuoGtnLIAgao=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.8.1 h1:11WqUxXzxqALlSLk0z69I/cA8VlQYu7qgA5mUMBiiyE=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.8.1/go.mod h1:EAyXOW1F6BTJPiK2pDvmnvxOHPxoTYWoqBeIlql+QhI=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.10.1 h1:AhZnZn4kUKz36bHJ8AK/FH2tH/q3CAkG+Gme+2ibuak=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.10.1/go.mod h1:S78i9yTr4o/nXlH76bKjGUye9Z2wSxO5Tz7GoDr4vfI=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 h1:Lg6BW0VPmCwcMlvOviL3ruHFO+H9tZNqscK0AeuFjGM=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute v1.0.0 h1:/Di3vB4sNeQ+7A8efjUVENvyB945Wruvstucqp7ZArg=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v2 v2.0.0 h1:xxe4naFUPYEW1W6C8yWrfFNmyZLnEbO+CsbsSF83wDo=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v2 v2.0.0/go.mod h1:aLFjumYDvv63tH1qnqkcmdjdZ6Sn+/viPv7H3jft0oY=
|
||||
|
@ -15,7 +15,6 @@ Currently planned are KMS are:
|
||||
* GCP CKM
|
||||
* Azure Key Vault
|
||||
|
||||
|
||||
## Storage
|
||||
|
||||
Storage is where the CSI Plugin stores the encrypted DEKs.
|
||||
@ -40,26 +39,34 @@ To use the AWS S3 Bucket plugin, you need to have an existing [AWS account](http
|
||||
For authentication, you have to pass a config file to the plugin. The AWS config package lets you automatically fetch the data from the local AWS directory.
|
||||
|
||||
#### Passing credentials automatically
|
||||
|
||||
You need to store your credentials in your local AWS directory at `$HOME/.aws/`. The AWS config package uses the values from the directory to build a config file, which is used to authenticate the client. The local AWS directory must contain two files:
|
||||
- `credentials`
|
||||
```bash
|
||||
[default]
|
||||
aws_access_key_id = MyAccessKeyId
|
||||
aws_secret_access_key = MySecretAccessKey
|
||||
```
|
||||
- `config`
|
||||
```bash
|
||||
[default]
|
||||
region = MyRegion
|
||||
output = json
|
||||
```
|
||||
|
||||
* `credentials`
|
||||
|
||||
```bash
|
||||
[default]
|
||||
aws_access_key_id = MyAccessKeyId
|
||||
aws_secret_access_key = MySecretAccessKey
|
||||
```
|
||||
|
||||
* `config`
|
||||
|
||||
```bash
|
||||
[default]
|
||||
region = MyRegion
|
||||
output = json
|
||||
```
|
||||
|
||||
If you have the [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) installed, you can
|
||||
initialise the files with the following command:
|
||||
|
||||
```bash
|
||||
aws configure
|
||||
```
|
||||
|
||||
To create the client:
|
||||
|
||||
```Go
|
||||
cfg, err := config.LoadDefaultConfig(context.TODO())
|
||||
store, err := storage.NewAWSS3Storage(context.TODO(), "bucketName", cfg, func(*s3.Options) {})
|
||||
@ -71,6 +78,7 @@ To use the Azure Blob storage plugin, you need to first [create a storage accoun
|
||||
|
||||
The plugin uses a connection string created for the storage account to authenticate itself to the Azure API.
|
||||
The connection string can be found in your storage account in the Azure Portal under the "Access Keys" section or with the following Azure CLI command:
|
||||
|
||||
```bash
|
||||
az storage account show-connection-string -g MyResourceGroup -n MyStorageAccount
|
||||
```
|
||||
@ -78,6 +86,7 @@ az storage account show-connection-string -g MyResourceGroup -n MyStorageAccount
|
||||
The client will use the specified Blob container if it already exists, or create it first otherwise.
|
||||
|
||||
To create the client:
|
||||
|
||||
```Go
|
||||
connectionString := "DefaultEndpointsProtocol=https;AccountName=<myAccountName>;AccountKey=<myAccountKey>;EndpointSuffix=core.windows.net"
|
||||
store, err := storage.NewAzureStorage(context.TODO(), connectionString, "myContainer", nil)
|
||||
@ -91,6 +100,7 @@ When using the Google Cloud APIs, your application will typically [authenticate
|
||||
You have two options for passing service account credentials to the Storage plugin: (1) Fetching them automatically from the environment or (2) passing them manually in your Go code.
|
||||
|
||||
Note that the serivce account requires the following permissions:
|
||||
|
||||
* `storage.buckets.create`
|
||||
* `storage.buckets.get`
|
||||
* `storage.objects.create`
|
||||
@ -104,11 +114,13 @@ If your application is running inside a Google Cloud environment, and you have [
|
||||
If your application is running in an environment with no service account attached, you can manually attach a [service account key](https://cloud.google.com/iam/docs/service-accounts#service_account_keys) to that environment.
|
||||
After you [created a service account and stored its access key to file](https://cloud.google.com/docs/authentication/production#create_service_account) you need to set the environment variable `GOOGLE_APPLICATION_CREDENTIALS` to the location of that file.
|
||||
The Storage Plugin will then be able to automatically load the credentials from there:
|
||||
|
||||
```bash
|
||||
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account-file.json"
|
||||
```
|
||||
|
||||
To create the client:
|
||||
|
||||
```Go
|
||||
store, err := storage.NewGoogleCloudStorage(context.TODO(), "myProject", "myBucket", nil)
|
||||
```
|
||||
@ -120,6 +132,7 @@ First, create a service account and key the same way as in [finding credentials
|
||||
You can then specify the location of the file in your application code.
|
||||
|
||||
To create the client:
|
||||
|
||||
```Go
|
||||
credentialFile := "/path/to/service-account-file.json"
|
||||
opts := option.WithCredentialsFile(credentialFile)
|
||||
@ -137,6 +150,7 @@ To use the AWS KMS, you need to have an existing [AWS account](https://aws.amazo
|
||||
For authentication, you have to pass a config file to the plugin. As with the AWS S3 Bucket, you can use the config package to retrieve the data for the config file from your local AWS directory. Follow the steps listed in the [AWS S3 Bucket](#aws-s3-bucket) section on how to build the config file automatically.
|
||||
|
||||
To create the client:
|
||||
|
||||
```Go
|
||||
cfg, err := config.LoadDefaultConfig(context.TODO())
|
||||
awsClient := kms.NewFromConfig(cfg)
|
||||
@ -150,11 +164,13 @@ To use the Azure Key Vault, you need to first [create a new key vault](https://d
|
||||
The implementation uses `NewDefaultAzureCredential` to load credentials. If you application is running on Azure infrastructure, credentials will be loaded using [managed identities](https://docs.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication?tabs=bash#managed-identity). Otherwise you can use [environment variables to configure the client](https://docs.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication?tabs=bash#-option-1-define-environment-variables).
|
||||
|
||||
To create the client for Azure KMS:
|
||||
|
||||
```Go
|
||||
client, err := kmsAzure.New(context.TODO(), "myVault", kmsAz.DefaultCloud, nil, nil)
|
||||
```
|
||||
|
||||
To create the client for Azure manged HSM KMS:
|
||||
|
||||
```Go
|
||||
client, err := kmsAzure.NewHSM(context.TODO(), "myHSM", nil, nil)
|
||||
```
|
||||
@ -166,6 +182,7 @@ To use the Google Key Management Service, you need to first enable the KMS API a
|
||||
Providing credentials to your application for Google's Cloud Key Managment Service happens the same way as described in [Google Cloud Storage](#google-cloud-storage).
|
||||
|
||||
Note that the service account used for authentication requires the following permissions:
|
||||
|
||||
* `cloudkms.cryptoKeyVersions.create`
|
||||
* `cloudkms.cryptoKeyVersions.update`
|
||||
* `cloudkms.cryptoKeyVersions.useToDecrypt`
|
||||
|
@ -13,9 +13,9 @@ import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
|
||||
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
|
||||
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
|
||||
"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys"
|
||||
"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets"
|
||||
"github.com/edgelesssys/constellation/v2/kms/internal/config"
|
||||
"github.com/edgelesssys/constellation/v2/kms/internal/storage"
|
||||
@ -47,13 +47,13 @@ type kmsClientAPI interface {
|
||||
type KMSClient struct {
|
||||
client kmsClientAPI
|
||||
storage kms.Storage
|
||||
opts *Opts
|
||||
}
|
||||
|
||||
// Opts are optional settings for AKV clients.
|
||||
type Opts struct {
|
||||
credentials *azidentity.DefaultAzureCredentialOptions
|
||||
client *azcore.ClientOptions
|
||||
Credentials *azidentity.DefaultAzureCredentialOptions
|
||||
Keys *azkeys.ClientOptions
|
||||
Secrets *azsecrets.ClientOptions
|
||||
}
|
||||
|
||||
// New initializes a KMS client for Azure Key Vault.
|
||||
@ -61,11 +61,11 @@ func New(ctx context.Context, vaultName string, vaultType VaultSuffix, store kms
|
||||
if opts == nil {
|
||||
opts = &Opts{}
|
||||
}
|
||||
cred, err := azidentity.NewDefaultAzureCredential(opts.credentials)
|
||||
cred, err := azidentity.NewDefaultAzureCredential(opts.Credentials)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("loading credentials: %w", err)
|
||||
}
|
||||
client := azsecrets.NewClient(vaultPrefix+vaultName+string(vaultType), cred, opts.client)
|
||||
client := azsecrets.NewClient(vaultPrefix+vaultName+string(vaultType), cred, opts.Secrets)
|
||||
|
||||
// `azsecrets.NewClient()` does not error if the vault is non existent
|
||||
// Test here if we can reach the vault, and error otherwise
|
||||
@ -77,7 +77,7 @@ func New(ctx context.Context, vaultName string, vaultType VaultSuffix, store kms
|
||||
if store == nil {
|
||||
store = storage.NewMemMapStorage()
|
||||
}
|
||||
return &KMSClient{client: client, storage: store, opts: opts}, nil
|
||||
return &KMSClient{client: client, storage: store}, nil
|
||||
}
|
||||
|
||||
// CreateKEK saves a new Key Encryption Key using Azure Key Vault.
|
||||
|
@ -80,7 +80,6 @@ func TestKMSCreateKEK(t *testing.T) {
|
||||
|
||||
client := &KMSClient{
|
||||
client: tc.client,
|
||||
opts: &Opts{},
|
||||
}
|
||||
|
||||
err := client.CreateKEK(context.Background(), "test-key", tc.importKey)
|
||||
@ -154,7 +153,6 @@ func TestKMSGetDEK(t *testing.T) {
|
||||
client := KMSClient{
|
||||
client: tc.client,
|
||||
storage: tc.storage,
|
||||
opts: &Opts{},
|
||||
}
|
||||
|
||||
dek, err := client.GetDEK(context.Background(), "test-key", "volume-01", 32)
|
||||
|
@ -38,7 +38,6 @@ type HSMClient struct {
|
||||
client hsmClientAPI
|
||||
storage kms.Storage
|
||||
vaultURL string
|
||||
opts *azcore.ClientOptions
|
||||
}
|
||||
|
||||
// NewHSM initializes a KMS client for Azure manged HSM Key Vault.
|
||||
@ -46,13 +45,13 @@ func NewHSM(ctx context.Context, vaultName string, store kms.Storage, opts *Opts
|
||||
if opts == nil {
|
||||
opts = &Opts{}
|
||||
}
|
||||
cred, err := azidentity.NewDefaultAzureCredential(opts.credentials)
|
||||
cred, err := azidentity.NewDefaultAzureCredential(opts.Credentials)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("loading credentials: %w", err)
|
||||
}
|
||||
|
||||
vaultURL := vaultPrefix + vaultName + string(HSMDefaultCloud)
|
||||
client := azkeys.NewClient(vaultURL, cred, opts.client)
|
||||
client := azkeys.NewClient(vaultURL, cred, opts.Keys)
|
||||
|
||||
// `azkeys.NewClient()` does not error if the vault is non existent
|
||||
// Test here if we can reach the vault, and error otherwise
|
||||
@ -70,7 +69,6 @@ func NewHSM(ctx context.Context, vaultName string, store kms.Storage, opts *Opts
|
||||
client: client,
|
||||
credentials: cred,
|
||||
storage: store,
|
||||
opts: opts.client,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
@ -11,7 +11,6 @@ import (
|
||||
"errors"
|
||||
"testing"
|
||||
|
||||
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
|
||||
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
|
||||
"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys"
|
||||
"github.com/edgelesssys/constellation/v2/kms/internal/storage"
|
||||
@ -164,7 +163,6 @@ func TestHSMGetNewDEK(t *testing.T) {
|
||||
client := HSMClient{
|
||||
client: tc.client,
|
||||
storage: tc.storage,
|
||||
opts: &azcore.ClientOptions{},
|
||||
}
|
||||
|
||||
dek, err := client.GetDEK(context.Background(), "test-key", "volume-01", 32)
|
||||
@ -208,7 +206,6 @@ func TestHSMGetExistingDEK(t *testing.T) {
|
||||
client := HSMClient{
|
||||
client: tc.client,
|
||||
storage: storage,
|
||||
opts: &azcore.ClientOptions{},
|
||||
}
|
||||
|
||||
dek, err := client.GetDEK(context.Background(), "test-key", keyID, len(testKey))
|
||||
|
Loading…
Reference in New Issue
Block a user