Skip to content

Commit

Permalink
mod: set KMPMapKey Enabled to bool & fix metrics reporting in akv pro…
Browse files Browse the repository at this point in the history
…vider

Signed-off-by: Joshua Duffney <[email protected]>
  • Loading branch information
duffney committed Oct 21, 2024
1 parent 3ffa53e commit ee5d257
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 13 deletions.
24 changes: 12 additions & 12 deletions pkg/keymanagementprovider/azurekeyvault/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"encoding/json"
"encoding/pem"
"fmt"
"strconv"
"strings"
"time"

Expand Down Expand Up @@ -141,6 +142,7 @@ func (s *akvKMProvider) GetCertificates(ctx context.Context) (map[keymanagementp
logger.GetLogger(ctx, logOpt).Debugf("fetching secret from key vault, certName %v, keyvault %v", keyVaultCert.Name, s.vaultURI)

// fetch the object from Key Vault
startTime := time.Now()
certBundle, err := s.kvClient.GetCertificate(ctx, s.vaultURI, keyVaultCert.Name, keyVaultCert.Version)
if err != nil {
return nil, nil, fmt.Errorf("failed to get certificate objectName:%s, objectVersion:%s, error: %w", keyVaultCert.Name, keyVaultCert.Version, err)
Expand All @@ -153,27 +155,25 @@ func (s *akvKMProvider) GetCertificates(ctx context.Context) (map[keymanagementp
if !*certBundle.Attributes.Enabled {
fmt.Printf("debug: certificate %s version %s is disabled.", keyVaultCert.Name, keyVaultCert.Version)

isEnabled := "false"
isEnabled := false
startTime := time.Now()
lastRefreshed := startTime.Format(time.RFC3339)

metrics.ReportAKVCertificateDuration(ctx, time.Since(startTime).Milliseconds(), keyVaultCert.Name)
certProperty := getStatusProperty(keyVaultCert.Name, keyVaultCert.Version, isEnabled, lastRefreshed)
certProperty := getStatusProperty(keyVaultCert.Name, keyVaultCert.Version, strconv.FormatBool(isEnabled), lastRefreshed)
certsStatus = append(certsStatus, certProperty)
certMapKey := keymanagementprovider.KMPMapKey{Name: keyVaultCert.Name, Version: keyVaultCert.Version, Enabled: isEnabled}
certsMap[certMapKey] = []*x509.Certificate{} // empty cert chain
continue
}

// GetSecret is required so we can fetch the entire cert chain. See issue https://github.com/ratify-project/ratify/issues/695 for details
isEnabled := "true"
startTime := time.Now()
isEnabled := true
secretBundle, err := s.kvClient.GetSecret(ctx, s.vaultURI, keyVaultCert.Name, keyVaultCert.Version)
if err != nil {
return nil, nil, fmt.Errorf("failed to get secret objectName:%s, objectVersion:%s, error: %w", keyVaultCert.Name, keyVaultCert.Version, err)
}

certResult, certProperty, err := getCertsFromSecretBundle(ctx, secretBundle, keyVaultCert.Name, isEnabled)
certResult, certProperty, err := getCertsFromSecretBundle(ctx, secretBundle, keyVaultCert.Name, strconv.FormatBool(isEnabled))
if err != nil {
return nil, nil, fmt.Errorf("failed to get certificates from secret bundle:%w", err)
}
Expand Down Expand Up @@ -206,25 +206,25 @@ func (s *akvKMProvider) GetKeys(ctx context.Context) (map[keymanagementprovider.
}

if keyBundle.Attributes != nil && keyBundle.Attributes.Enabled != nil && !*keyBundle.Attributes.Enabled {
isEnabled := "false"
isEnabled := false
startTime := time.Now()
lastRefreshed := startTime.Format(time.RFC3339)

keysMap[keymanagementprovider.KMPMapKey{Name: keyVaultKey.Name, Version: keyVaultKey.Version}] = nil
metrics.ReportAKVCertificateDuration(ctx, time.Since(startTime).Milliseconds(), keyVaultKey.Name)
properties := getStatusProperty(keyVaultKey.Name, keyVaultKey.Version, isEnabled, lastRefreshed)
keysMap[keymanagementprovider.KMPMapKey{Name: keyVaultKey.Name, Version: keyVaultKey.Version, Enabled: isEnabled}] = nil
properties := getStatusProperty(keyVaultKey.Name, keyVaultKey.Version, strconv.FormatBool(isEnabled), lastRefreshed)
keysStatus = append(keysStatus, properties)

continue
}

isEnabled := true
publicKey, err := getKeyFromKeyBundle(keyBundle)
if err != nil {
return nil, nil, fmt.Errorf("failed to get key from key bundle:%w", err)
}
keysMap[keymanagementprovider.KMPMapKey{Name: keyVaultKey.Name, Version: keyVaultKey.Version}] = publicKey
keysMap[keymanagementprovider.KMPMapKey{Name: keyVaultKey.Name, Version: keyVaultKey.Version, Enabled: isEnabled}] = publicKey
metrics.ReportAKVCertificateDuration(ctx, time.Since(startTime).Milliseconds(), keyVaultKey.Name)
properties := getStatusProperty(keyVaultKey.Name, keyVaultKey.Version, "true", time.Now().Format(time.RFC3339))
properties := getStatusProperty(keyVaultKey.Name, keyVaultKey.Version, strconv.FormatBool(isEnabled), time.Now().Format(time.RFC3339))
keysStatus = append(keysStatus, properties)
}

Expand Down
2 changes: 1 addition & 1 deletion pkg/keymanagementprovider/keymanagementprovider.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ type KeyManagementProviderStatus map[string]interface{}
type KMPMapKey struct {
Name string
Version string
Enabled string
Enabled bool
}

type PublicKey struct {
Expand Down

0 comments on commit ee5d257

Please sign in to comment.