rename

ratify-project · Mar 12, 2024 · 854007d · 854007d
1 parent 8805eff
commit 854007d
Show file tree

Hide file tree

Showing 7 changed files with 35 additions and 35 deletions.
diff --git a/charts/ratify/README.md b/charts/ratify/README.md
@@ -126,5 +126,5 @@ $ helm upgrade -n gatekeeper-system [RELEASE_NAME] ratify/ratify
 | akvCertConfig.cert1Version                         | Exact version of certificate to use from AKV. This value has been ***deprecated*** , and will be removed in future releases of Ratify. Please switch to ```akvCertConfig.certificates``` to specify an array of verification certificates                                                                                                                              | ``                                |
 | akvCertConfig.cert2Name                            | Exact name of the certificate stored in AKV. This value has been ***deprecated*** , and will be removed in future releases of Ratify. Please switch to ```akvCertConfig.certificates``` to specify an array of verification certificates                                                                                                                               | ``                                |
 | akvCertConfig.cert2Version                         | Exact version of certificate to use from AKV. This value has been ***deprecated*** , and will be removed in future releases of Ratify. Please switch to ```akvCertConfig.certificates``` to specify an array of verification certificates                                                                                                                              | ``                                |
-| akvCertConfig.certificates                         | An array of certificate objects identified by certificateName and certificateVersion stored in AKV                                                                                                                                                                                                                                                                     | ``                                |
+| akvCertConfig.certificates                         | An array of certificate objects identified by `name` and `version` stored in AKV                                                                                                                                                                                                                                                                                       | ``                                |
 | akvCertConfig.tenantId                             | TenantID of the configured AKV resource                                                                                                                                                                                                                                                                                                                                | ``                                |
diff --git a/charts/ratify/templates/akv-key-management-provider.yaml b/charts/ratify/templates/akv-key-management-provider.yaml
@@ -12,17 +12,17 @@ spec:
     vaultURI: {{ required "vaultURI must be provided when AKV cert config is enabled" .Values.akvCertConfig.vaultURI  }}
     certificates:
       {{- if .Values.akvCertConfig.cert1Name }}
-      - certificateName: {{ .Values.akvCertConfig.cert1Name  }}
-        certificateVersion: {{ .Values.akvCertConfig.cert1Version  }}
+      - name: {{ .Values.akvCertConfig.cert1Name  }}
+        version: {{ .Values.akvCertConfig.cert1Version  }}
       {{ end }}    
       {{- if .Values.akvCertConfig.cert2Name }}
-      - certificateName: {{ .Values.akvCertConfig.cert2Name  }}
-        certificateVersion: {{ .Values.akvCertConfig.cert2Version  }}        
+      - name: {{ .Values.akvCertConfig.cert2Name  }}
+        version: {{ .Values.akvCertConfig.cert2Version  }}        
       {{ end }}
       {{-  range .Values.akvCertConfig.certificates }}
-      {{- if .certificateName }}
-      - certificateName: {{ .certificateName  }}
-        certificateVersion: {{ .certificateVersion  }}
+      {{- if .name }}
+      - name: {{ .name  }}
+        version: {{ .version  }}
       {{- end }}
       {{- end }}
     tenantID: {{ required "tenantID must be provided when AKV cert config is enabled" .Values.akvCertConfig.tenantId  }}    

diff --git a/config/samples/config_v1beta1_keymanagementprovider_akv.yaml b/config/samples/config_v1beta1_keymanagementprovider_akv.yaml
@@ -7,7 +7,7 @@ spec:
   parameters:
     vaultURI: https://yourkeyvault.vault.azure.net/
     certificates:
-      - certificateName: yourCertName
-        certificateVersion: yourCertVersion # Optional, fetch latest version if empty 
+      - name: yourCertName
+        version: yourCertVersion # Optional, fetch latest version if empty 
     tenantID:
     clientID: 
diff --git a/pkg/keymanagementprovider/azurekeyvault/provider.go b/pkg/keymanagementprovider/azurekeyvault/provider.go
@@ -127,26 +127,26 @@ func (s *akvKMProvider) GetCertificates(ctx context.Context) (map[keymanagementp
 	certsMap := map[keymanagementprovider.KMPMapKey][]*x509.Certificate{}
 	certsStatus := []map[string]string{}
 	for _, keyVaultCert := range s.certificates {
-		logger.GetLogger(ctx, logOpt).Debugf("fetching secret from key vault, certName %v,  keyvault %v", keyVaultCert.CertificateName, s.vaultURI)
+		logger.GetLogger(ctx, logOpt).Debugf("fetching secret from key vault, certName %v,  keyvault %v", keyVaultCert.Name, s.vaultURI)
 
 		// fetch the object from Key Vault
 		// GetSecret is required so we can fetch the entire cert chain. See issue https://github.com/deislabs/ratify/issues/695 for details
 		startTime := time.Now()
-		secretBundle, err := kvClient.GetSecret(ctx, s.vaultURI, keyVaultCert.CertificateName, keyVaultCert.CertificateVersion)
+		secretBundle, err := kvClient.GetSecret(ctx, s.vaultURI, keyVaultCert.Name, keyVaultCert.Version)
 
 		if err != nil {
-			return nil, nil, fmt.Errorf("failed to get secret objectName:%s, objectVersion:%s, error: %w", keyVaultCert.CertificateName, keyVaultCert.CertificateVersion, err)
+			return nil, nil, fmt.Errorf("failed to get secret objectName:%s, objectVersion:%s, error: %w", keyVaultCert.Name, keyVaultCert.Version, err)
 		}
 
-		certResult, certProperty, err := getCertsFromSecretBundle(ctx, secretBundle, keyVaultCert.CertificateName)
+		certResult, certProperty, err := getCertsFromSecretBundle(ctx, secretBundle, keyVaultCert.Name)
 
 		if err != nil {
 			return nil, nil, fmt.Errorf("failed to get certificates from secret bundle:%w", err)
 		}
 
-		metrics.ReportAKVCertificateDuration(ctx, time.Since(startTime).Milliseconds(), keyVaultCert.CertificateName)
+		metrics.ReportAKVCertificateDuration(ctx, time.Since(startTime).Milliseconds(), keyVaultCert.Name)
 		certsStatus = append(certsStatus, certProperty...)
-		certMapKey := keymanagementprovider.KMPMapKey{Name: keyVaultCert.CertificateName, Version: keyVaultCert.CertificateVersion}
+		certMapKey := keymanagementprovider.KMPMapKey{Name: keyVaultCert.Name, Version: keyVaultCert.Version}
 		certsMap[certMapKey] = certResult
 	}
 
@@ -314,7 +314,7 @@ func (s *akvKMProvider) validate() error {
 	for i := range s.certificates {
 		// remove whitespace from all fields in key vault cert
 		formatKeyVaultCertificate(&s.certificates[i])
-		if s.certificates[i].CertificateName == "" {
+		if s.certificates[i].Name == "" {
 			return re.ErrorCodeConfigInvalid.NewError(re.CertProvider, providerName, re.EmptyLink, nil, fmt.Sprintf("certificate name is not set for certificate %d", i), re.HideStackTrace)
 		}
 	}

diff --git a/pkg/keymanagementprovider/azurekeyvault/provider_test.go b/pkg/keymanagementprovider/azurekeyvault/provider_test.go
@@ -63,23 +63,23 @@ func TestFormatKeyVaultCertificate(t *testing.T) {
 		{
 			desc: "leading and trailing whitespace trimmed from all fields",
 			keyVaultObject: types.KeyVaultCertificate{
-				CertificateName:    "cert1     ",
-				CertificateVersion: "",
+				Name:    "cert1     ",
+				Version: "",
 			},
 			expectedKeyVaultObject: types.KeyVaultCertificate{
-				CertificateName:    "cert1",
-				CertificateVersion: "",
+				Name:    "cert1",
+				Version: "",
 			},
 		},
 		{
 			desc: "no data loss for already sanitized object",
 			keyVaultObject: types.KeyVaultCertificate{
-				CertificateName:    "cert1",
-				CertificateVersion: "version1",
+				Name:    "cert1",
+				Version: "version1",
 			},
 			expectedKeyVaultObject: types.KeyVaultCertificate{
-				CertificateName:    "cert1",
-				CertificateVersion: "version1",
+				Name:    "cert1",
+				Version: "version1",
 			},
 		},
 	}
@@ -128,7 +128,7 @@ func TestCreate(t *testing.T) {
 				"clientID": "clientid",
 				"certificates": []map[string]interface{}{
 					{
-						"certificateName": "cert1",
+						"name": "cert1",
 					},
 				},
 			},
@@ -190,8 +190,8 @@ func TestCreate(t *testing.T) {
 				"clientID": "clientid",
 				"certificates": []map[string]interface{}{
 					{
-						"certificateName":    "",
-						"certificateVersion": "version1",
+						"name":    "",
+						"version": "version1",
 					},
 				},
 			},
@@ -217,8 +217,8 @@ func TestGetCertificates(t *testing.T) {
 		"clientID": "clientid",
 		"certificates": []map[string]interface{}{
 			{
-				"certificateName":    "cert1",
-				"certificateVersion": "",
+				"name":    "cert1",
+				"version": "",
 			},
 		},
 	}

diff --git a/pkg/keymanagementprovider/azurekeyvault/types/types.go b/pkg/keymanagementprovider/azurekeyvault/types/types.go
@@ -20,7 +20,7 @@ const (
 	// key of the certificate status property
 	CertificatesStatus = "Certificates"
 	// Static string for certificate name for the certificate status property
-	CertificateName = "CertificateName"
+	CertificateName = "Name"
 	// Certificate version string for the certificate status property
 	CertificateVersion = "Version"
 	// Last refreshed string for the certificate status property
@@ -30,7 +30,7 @@ const (
 // KeyVaultCertificate holds keyvault certificate related config
 type KeyVaultCertificate struct {
 	// the name of the Azure Key Vault certificate
-	CertificateName string `json:"certificateName" yaml:"certificateName"`
+	Name string `json:"name" yaml:"name"`
 	// the version of the Azure Key Vault certificate
-	CertificateVersion string `json:"certificateVersion" yaml:"certificateVersion"`
+	Version string `json:"version" yaml:"version"`
 }
diff --git a/scripts/azure-ci-test.sh b/scripts/azure-ci-test.sh
@@ -66,8 +66,8 @@ deploy_ratify() {
     --set gatekeeper.version=${GATEKEEPER_VERSION} \
     --set akvCertConfig.enabled=true \
     --set akvCertConfig.vaultURI=${VAULT_URI} \
-    --set akvCertConfig.certificates[0].certificateName=${NOTATION_PEM_NAME} \
-    --set akvCertConfig.certificates[1].certificateName=${NOTATION_CHAIN_PEM_NAME} \
+    --set akvCertConfig.certificates[0].name=${NOTATION_PEM_NAME} \
+    --set akvCertConfig.certificates[1].name=${NOTATION_CHAIN_PEM_NAME} \
     --set akvCertConfig.tenantId=${TENANT_ID} \
     --set oras.authProviders.azureWorkloadIdentityEnabled=true \
     --set azureWorkloadIdentity.clientId=${IDENTITY_CLIENT_ID} \