fix: pass the correct value for the vaultURI

Signed-off-by: Shahram Kalantari <[email protected]>
ratify-project · Nov 5, 2024 · db0f2a9 · db0f2a9
1 parent 46d23da
commit db0f2a9
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 14 deletions.
diff --git a/pkg/certificateprovider/azurekeyvault/provider.go b/pkg/certificateprovider/azurekeyvault/provider.go
@@ -81,7 +81,7 @@ func (s *akvCertProvider) GetCertificates(ctx context.Context, attrib map[string
 		return nil, nil, re.ErrorCodeConfigInvalid.NewError(re.CertProvider, providerName, re.AKVLink, nil, "clientID is not set", re.HideStackTrace)
 	}
 
-	azureCloudEnv, err := parseAzureEnvironment(cloudName)
+	_, err := parseAzureEnvironment(cloudName)
 	if err != nil {
 		return nil, nil, re.ErrorCodeConfigInvalid.NewError(re.CertProvider, providerName, re.EmptyLink, nil, fmt.Sprintf("cloudName %s is not valid", cloudName), re.HideStackTrace)
 	}
@@ -97,7 +97,7 @@ func (s *akvCertProvider) GetCertificates(ctx context.Context, attrib map[string
 
 	logger.GetLogger(ctx, logOpt).Debugf("vaultURI %s", keyvaultURI)
 
-	kvClientSecrets, err := initializeKvClient(ctx, azureCloudEnv.KeyVaultEndpoint, tenantID, workloadIdentityClientID, nil)
+	kvClientSecrets, err := initializeKvClient(ctx, keyvaultURI, tenantID, workloadIdentityClientID, nil)
 	if err != nil {
 		return nil, nil, re.ErrorCodePluginInitFailure.NewError(re.CertProvider, providerName, re.AKVLink, err, "failed to get keyvault client", re.HideStackTrace)
 	}
@@ -231,7 +231,7 @@ func initializeKvClient(ctx context.Context, keyVaultEndpoint, tenantID, clientI
 	if err != nil {
 		return nil, re.ErrorCodeConfigInvalid.WithDetail("Failed to create Key Vault client").WithRemediation(re.AKVLink).WithError(err)
 	}
-	logger.GetLogger(ctx, logOpt).Infof("azsecrets kvclient created successfully")
+	logger.GetLogger(ctx, logOpt).Debugf("azsecrets kvclient created successfully")
 
 	return kvClientSecrets, nil
 }

diff --git a/pkg/keymanagementprovider/azurekeyvault/provider.go b/pkg/keymanagementprovider/azurekeyvault/provider.go
@@ -43,7 +43,6 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys"
 	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets"
 
-	// kv "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault"
 	"github.com/Azure/go-autorest/autorest/azure"
 )
 
@@ -126,9 +125,8 @@ func (f *akvKMProviderFactory) Create(_ string, keyManagementProviderConfig conf
 		return nil, err
 	}
 
-	logger.GetLogger(context.Background(), logOpt).Debugf("vaultURI %s", provider.vaultURI)
-
-	kvClientKeys, kvClientSecrets, err := initKVClient(context.Background(), provider.cloudEnv.KeyVaultEndpoint, provider.tenantID, provider.clientID, nil)
+	// create keyvault clients
+	kvClientKeys, kvClientSecrets, err := initKVClient(context.Background(), provider.vaultURI, provider.tenantID, provider.clientID, nil)
 	if err != nil {
 		return nil, re.ErrorCodePluginInitFailure.NewError(re.KeyManagementProvider, ProviderName, re.AKVLink, err, "failed to create keyvault client", re.HideStackTrace)
 	}
@@ -144,7 +142,7 @@ func (s *akvKMProvider) GetCertificates(ctx context.Context) (map[keymanagementp
 	certsMap := map[keymanagementprovider.KMPMapKey][]*x509.Certificate{}
 	certsStatus := []map[string]string{}
 	for _, keyVaultCert := range s.certificates {
-		logger.GetLogger(ctx, logOpt).Debugf("fetching secret from key vault, certName %v,  keyvault %v", keyVaultCert.Name, s.vaultURI)
+		logger.GetLogger(ctx, logOpt).Debugf("fetching secret from key vault, certName %v, certVersion %v", keyVaultCert.Name)
 
 		// fetch the object from Key Vault
 		// GetSecret is required so we can fetch the entire cert chain. See issue https://github.com/ratify-project/ratify/issues/695 for details
@@ -234,9 +232,9 @@ func parseAzureEnvironment(cloudName string) (*azure.Environment, error) {
 	return &env, err
 }
 
-func initializeKvClient(ctx context.Context, keyVaultEndpoint, tenantID, clientID string, credProvider azcore.TokenCredential) (*azkeys.Client, *azsecrets.Client, error) {
+func initializeKvClient(ctx context.Context, keyVaultURI, tenantID, clientID string, credProvider azcore.TokenCredential) (*azkeys.Client, *azsecrets.Client, error) {
 	// Trim any trailing slash from the endpoint
-	kvEndpoint := strings.TrimSuffix(keyVaultEndpoint, "/")
+	kvEndpoint := strings.TrimSuffix(keyVaultURI, "/")
 
 	// If credProvider is nil, create the default credential
 	if credProvider == nil {
@@ -261,7 +259,8 @@ func initializeKvClient(ctx context.Context, keyVaultEndpoint, tenantID, clientI
 	if err != nil {
 		return nil, nil, re.ErrorCodeConfigInvalid.WithDetail("Failed to create Key Vault client").WithRemediation(re.AKVLink).WithError(err)
 	}
-	logger.GetLogger(ctx, logOpt).Infof("azsecrets kvclient created successfully")
+
+	logger.GetLogger(ctx, logOpt).Debugf("azkeys and azsecrets clients created successfully")
 
 	return kvClientKeys, kvClientSecrets, nil
 }

diff --git a/pkg/keymanagementprovider/azurekeyvault/provider_test.go b/pkg/keymanagementprovider/azurekeyvault/provider_test.go
@@ -71,8 +71,6 @@ func SkipTestInitializeKVClient(t *testing.T) {
 		assert.NoError(t, err)
 		assert.NotNil(t, kvClientkeys)
 		assert.NotNil(t, kvClientSecrets)
-		// assert.NotNil(t, kvClientkeys.Authorizer)
-		// assert.Contains(t, kvClientkeys.UserAgent, version.UserAgent)
 	}
 }
 
@@ -731,6 +729,5 @@ func TestInitializeKvClient_FailureInAzSecretsClient(t *testing.T) {
 	assert.Nil(t, kvClientKeys)
 	assert.Nil(t, kvClientSecrets)
 	assert.Error(t, err)
-	// assert.Contains(t, err.Error(), "Failed to create Key Vault client")
 	assert.Contains(t, err.Error(), "failed to create workload identity credential")
 }