deps: bump github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets from 0.7.1 to 0.11.0 (#1693)

dependabot[bot] · web-flow · commit 044f16dc15d5 · 2023-03-21T20:44:15.000Z
diff --git a/go.mod b/go.mod
@@ -5,7 +5,7 @@ go 1.19
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.3
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0
-	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.7.1
+	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.11.0
 	github.com/Masterminds/semver v1.5.0
 	github.com/Microsoft/go-winio v0.4.17
 	github.com/Microsoft/hcsshim v0.8.23
@@ -54,7 +54,7 @@ require (
 require (
 	code.cloudfoundry.org/clock v1.0.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
diff --git a/go.sum b/go.sum
@@ -47,10 +47,10 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4Sath
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.7.1 h1:X7FHRMKr0u5YiPnD6L/nqG64XBOcK0IYavhAHBQEmms=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.7.1/go.mod h1:WcC2Tk6JyRlqjn2byvinNnZzgdXmZ1tOiIOWNh1u0uA=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 h1:9cn6ICCGiWFNA/slKnrkf+ENyvaCRKHtuoGtnLIAgao=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.11.0 h1:82w8tzLcOwDP/Q35j/wEBPt0n0kVC3cjtPdD62G8UAk=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.11.0/go.mod h1:S78i9yTr4o/nXlH76bKjGUye9Z2wSxO5Tz7GoDr4vfI=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 h1:Lg6BW0VPmCwcMlvOviL3ruHFO+H9tZNqscK0AeuFjGM=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
diff --git a/keyvault/shim.go b/keyvault/shim.go
@@ -24,7 +24,7 @@ const (
 )
 
 type secretFetcher interface {
-	GetSecret(ctx context.Context, secretName string, opts *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error)
+	GetSecret(ctx context.Context, secretName, version string, opts *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error)
 }
 
 // Shim provides convenience methods for working with KeyVault.
@@ -45,12 +45,12 @@ func NewShim(vaultURL string, cred azcore.TokenCredential) (*Shim, error) {
 
 // GetLatestTLSCertificate fetches the latest version of a keyvault certificate and transforms it into a usable tls.Certificate.
 func (s *Shim) GetLatestTLSCertificate(ctx context.Context, certName string) (tls.Certificate, error) {
-	resp, err := s.sf.GetSecret(ctx, certName, nil)
+	resp, err := s.sf.GetSecret(ctx, certName, "", nil)
 	if err != nil {
 		return tls.Certificate{}, errors.Wrap(err, "could not get secret")
 	}
 
-	pemBlocks, err := getPEMBlocks(*resp.Properties.ContentType, *resp.Value)
+	pemBlocks, err := getPEMBlocks(*resp.ContentType, *resp.Value)
 	if err != nil {
 		return tls.Certificate{}, errors.Wrap(err, "could not get pem blocks")
 	}
diff --git a/keyvault/shim_test.go b/keyvault/shim_test.go
@@ -50,19 +50,17 @@ func newFakeSecretFetcher(certPath, contentType string) *fakeSecretFetcher {
 	return &fakeSecretFetcher{certPath: certPath, contentType: contentType}
 }
 
-func (f *fakeSecretFetcher) GetSecret(_ context.Context, _ string, _ *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error) {
+func (f *fakeSecretFetcher) GetSecret(_ context.Context, _, _ string, _ *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error) {
 	bs, err := os.ReadFile(f.certPath)
 	if err != nil {
 		return azsecrets.GetSecretResponse{}, errors.Wrap(err, "could not read file")
 	}
-
 	v := string(bs)
 	resp := azsecrets.GetSecretResponse{
-		Secret: azsecrets.Secret{
-			Properties: &azsecrets.Properties{ContentType: &f.contentType},
-			Value:      &v,
+		SecretBundle: azsecrets.SecretBundle{
+			ContentType: &f.contentType,
+			Value:       &v,
 		},
 	}
-
 	return resp, nil
 }

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ const (`
`24`	`24`	`)`
`25`	`25`
`26`	`26`	`type secretFetcher interface {`
`27`		`- GetSecret(ctx context.Context, secretName string, opts *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error)`
	`27`	`+ GetSecret(ctx context.Context, secretName, version string, opts *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error)`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`// Shim provides convenience methods for working with KeyVault.`
`@@ -45,12 +45,12 @@ func NewShim(vaultURL string, cred azcore.TokenCredential) (*Shim, error) {`
`45`	`45`
`46`	`46`	`// GetLatestTLSCertificate fetches the latest version of a keyvault certificate and transforms it into a usable tls.Certificate.`
`47`	`47`	`func (s *Shim) GetLatestTLSCertificate(ctx context.Context, certName string) (tls.Certificate, error) {`
`48`		`- resp, err := s.sf.GetSecret(ctx, certName, nil)`
	`48`	`+ resp, err := s.sf.GetSecret(ctx, certName, "", nil)`
`49`	`49`	`if err != nil {`
`50`	`50`	`return tls.Certificate{}, errors.Wrap(err, "could not get secret")`
`51`	`51`	`}`
`52`	`52`
`53`		`- pemBlocks, err := getPEMBlocks(resp.Properties.ContentType, resp.Value)`
	`53`	`+ pemBlocks, err := getPEMBlocks(resp.ContentType, resp.Value)`
`54`	`54`	`if err != nil {`
`55`	`55`	`return tls.Certificate{}, errors.Wrap(err, "could not get pem blocks")`
`56`	`56`	`}`
Original file line number	Diff line number	Diff line change
`@@ -50,19 +50,17 @@ func newFakeSecretFetcher(certPath, contentType string) *fakeSecretFetcher {`
`50`	`50`	`return &fakeSecretFetcher{certPath: certPath, contentType: contentType}`
`51`	`51`	`}`
`52`	`52`
`53`		`-func (f fakeSecretFetcher) GetSecret(_ context.Context, _ string, _ azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error) {`
	`53`	`+func (f fakeSecretFetcher) GetSecret(_ context.Context, _, _ string, _ azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error) {`
`54`	`54`	`bs, err := os.ReadFile(f.certPath)`
`55`	`55`	`if err != nil {`
`56`	`56`	`return azsecrets.GetSecretResponse{}, errors.Wrap(err, "could not read file")`
`57`	`57`	`}`
`58`		`-`
`59`	`58`	`v := string(bs)`
`60`	`59`	`resp := azsecrets.GetSecretResponse{`
`61`		`- Secret: azsecrets.Secret{`
`62`		`- Properties: &azsecrets.Properties{ContentType: &f.contentType},`
`63`		`- Value: &v,`
	`60`	`+ SecretBundle: azsecrets.SecretBundle{`
	`61`	`+ ContentType: &f.contentType,`
	`62`	`+ Value: &v,`
`64`	`63`	`},`
`65`	`64`	`}`
`66`		`-`
`67`	`65`	`return resp, nil`
`68`	`66`	`}`