From 8559f3394545e687111eebdc9208d1292d14d832 Mon Sep 17 00:00:00 2001
From: Juncheng Zhu <junczhu@microsoft.com>
Date: Fri, 29 Nov 2024 07:15:12 +0000
Subject: [PATCH] chore: revert changes in AKV KMP provider

Signed-off-by: Juncheng Zhu <junczhu@microsoft.com>
---
 .../azurekeyvault/provider.go                 | 31 ++++++++++---------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/pkg/keymanagementprovider/azurekeyvault/provider.go b/pkg/keymanagementprovider/azurekeyvault/provider.go
index 9c9e95945..5a77692d5 100644
--- a/pkg/keymanagementprovider/azurekeyvault/provider.go
+++ b/pkg/keymanagementprovider/azurekeyvault/provider.go
@@ -35,7 +35,7 @@ import (
 	"github.com/go-jose/go-jose/v3"
 	re "github.com/ratify-project/ratify/errors"
 	"github.com/ratify-project/ratify/internal/logger"
-	kmp "github.com/ratify-project/ratify/pkg/keymanagementprovider"
+	"github.com/ratify-project/ratify/pkg/keymanagementprovider"
 	"github.com/ratify-project/ratify/pkg/keymanagementprovider/azurekeyvault/types"
 	"github.com/ratify-project/ratify/pkg/keymanagementprovider/config"
 	"github.com/ratify-project/ratify/pkg/keymanagementprovider/factory"
@@ -133,7 +133,7 @@ func init() {
 }
 
 // Create creates a new instance of the provider after marshalling and validating the configuration
-func (f *akvKMProviderFactory) Create(_ string, keyManagementProviderConfig config.KeyManagementProviderConfig, _ string) (kmp.KeyManagementProvider, error) {
+func (f *akvKMProviderFactory) Create(_ string, keyManagementProviderConfig config.KeyManagementProviderConfig, _ string) (keymanagementprovider.KeyManagementProvider, error) {
 	conf := AKVKeyManagementProviderConfig{}
 
 	keyManagementProviderConfigBytes, err := json.Marshal(keyManagementProviderConfig)
@@ -179,8 +179,8 @@ func (f *akvKMProviderFactory) Create(_ string, keyManagementProviderConfig conf
 
 // GetCertificates returns an array of certificates based on certificate properties defined in config
 // get certificate retrieve the entire cert chain using getSecret API call
-func (s *akvKMProvider) GetCertificates(ctx context.Context) (map[kmp.KMPMapKey][]*x509.Certificate, kmp.KeyManagementProviderStatus, error) {
-	certsMap := map[kmp.KMPMapKey][]*x509.Certificate{}
+func (s *akvKMProvider) GetCertificates(ctx context.Context) (map[keymanagementprovider.KMPMapKey][]*x509.Certificate, keymanagementprovider.KeyManagementProviderStatus, error) {
+	certsMap := map[keymanagementprovider.KMPMapKey][]*x509.Certificate{}
 	certsStatus := []map[string]string{}
 	for _, keyVaultCert := range s.certificates {
 		logger.GetLogger(ctx, logOpt).Debugf("fetching secret from key vault, certName %v, certVersion %v, vaultURI: %v", keyVaultCert.Name, keyVaultCert.Version, s.vaultURI)
@@ -200,8 +200,8 @@ func (s *akvKMProvider) GetCertificates(ctx context.Context) (map[kmp.KMPMapKey]
 				lastRefreshed := startTime.Format(time.RFC3339)
 				certProperty := getStatusProperty(keyVaultCert.Name, keyVaultCert.Version, lastRefreshed, isEnabled)
 				certsStatus = append(certsStatus, certProperty)
-				mapKey := kmp.KMPMapKey{Name: keyVaultCert.Name, Version: keyVaultCert.Version, Enabled: isEnabled}
-				kmp.DeleteCertificateFromMap(s.resource, mapKey)
+				mapKey := keymanagementprovider.KMPMapKey{Name: keyVaultCert.Name, Version: keyVaultCert.Version, Enabled: isEnabled}
+				keymanagementprovider.DeleteCertificateFromMap(s.resource, mapKey)
 				continue
 			}
 			return nil, nil, fmt.Errorf("failed to get secret objectName:%s, objectVersion:%s, error: %w", keyVaultCert.Name, keyVaultCert.Version, err)
@@ -214,17 +214,18 @@ func (s *akvKMProvider) GetCertificates(ctx context.Context) (map[kmp.KMPMapKey]
 		if err != nil {
 			return nil, nil, fmt.Errorf("failed to get certificates from secret bundle:%w", err)
 		}
+
 		metrics.ReportAKVCertificateDuration(ctx, time.Since(startTime).Milliseconds(), keyVaultCert.Name)
 		certsStatus = append(certsStatus, certProperty...)
-		certMapKey := kmp.KMPMapKey{Name: keyVaultCert.Name, Version: keyVaultCert.Version, Enabled: isEnabled}
+		certMapKey := keymanagementprovider.KMPMapKey{Name: keyVaultCert.Name, Version: keyVaultCert.Version, Enabled: isEnabled}
 		certsMap[certMapKey] = certResult
 	}
 	return certsMap, getStatusMap(certsStatus, types.CertificatesStatus), nil
 }
 
 // GetKeys returns an array of keys based on key properties defined in config
-func (s *akvKMProvider) GetKeys(ctx context.Context) (map[kmp.KMPMapKey]crypto.PublicKey, kmp.KeyManagementProviderStatus, error) {
-	keysMap := map[kmp.KMPMapKey]crypto.PublicKey{}
+func (s *akvKMProvider) GetKeys(ctx context.Context) (map[keymanagementprovider.KMPMapKey]crypto.PublicKey, keymanagementprovider.KeyManagementProviderStatus, error) {
+	keysMap := map[keymanagementprovider.KMPMapKey]crypto.PublicKey{}
 	keysStatus := []map[string]string{}
 
 	for _, keyVaultKey := range s.keys {
@@ -246,8 +247,8 @@ func (s *akvKMProvider) GetKeys(ctx context.Context) (map[kmp.KMPMapKey]crypto.P
 			lastRefreshed := startTime.Format(time.RFC3339)
 			properties := getStatusProperty(keyVaultKey.Name, keyVaultKey.Version, lastRefreshed, isEnabled)
 			keysStatus = append(keysStatus, properties)
-			mapKey := kmp.KMPMapKey{Name: keyVaultKey.Name, Version: keyVaultKey.Version, Enabled: isEnabled}
-			kmp.DeleteKeyFromMap(s.resource, mapKey)
+			mapKey := keymanagementprovider.KMPMapKey{Name: keyVaultKey.Name, Version: keyVaultKey.Version, Enabled: isEnabled}
+			keymanagementprovider.DeleteKeyFromMap(s.resource, mapKey)
 			continue
 		}
 
@@ -255,7 +256,7 @@ func (s *akvKMProvider) GetKeys(ctx context.Context) (map[kmp.KMPMapKey]crypto.P
 		if err != nil {
 			return nil, nil, fmt.Errorf("failed to get key from key bundle:%w", err)
 		}
-		keysMap[kmp.KMPMapKey{Name: keyVaultKey.Name, Version: keyVaultKey.Version, Enabled: isEnabled}] = publicKey
+		keysMap[keymanagementprovider.KMPMapKey{Name: keyVaultKey.Name, Version: keyVaultKey.Version, Enabled: isEnabled}] = publicKey
 		metrics.ReportAKVCertificateDuration(ctx, time.Since(startTime).Milliseconds(), keyVaultKey.Name)
 		properties := getStatusProperty(keyVaultKey.Name, keyVaultKey.Version, time.Now().Format(time.RFC3339), isEnabled)
 		keysStatus = append(keysStatus, properties)
@@ -269,8 +270,8 @@ func (s *akvKMProvider) IsRefreshable() bool {
 }
 
 // azure keyvault provider certificate/key status is a map from "certificates" key or "keys" key to an array of key management provider status
-func getStatusMap(statusMap []map[string]string, contentType string) kmp.KeyManagementProviderStatus {
-	status := kmp.KeyManagementProviderStatus{}
+func getStatusMap(statusMap []map[string]string, contentType string) keymanagementprovider.KeyManagementProviderStatus {
+	status := keymanagementprovider.KeyManagementProviderStatus{}
 	status[contentType] = statusMap
 	return status
 }
@@ -373,7 +374,7 @@ func getCertsFromSecretBundle(ctx context.Context, secretBundle azsecrets.Secret
 		case "CERTIFICATE":
 			var pemData []byte
 			pemData = append(pemData, pem.EncodeToMemory(block)...)
-			decodedCerts, err := kmp.DecodeCertificates(pemData)
+			decodedCerts, err := keymanagementprovider.DecodeCertificates(pemData)
 			if err != nil {
 				return nil, nil, re.ErrorCodeCertInvalid.NewError(re.KeyManagementProvider, ProviderName, re.EmptyLink, err, fmt.Sprintf("azure keyvault key management provider: failed to decode Certificate %s, version %s", certName, version), re.HideStackTrace)
 			}