kms.ListKeys returns CreatedBy/CreatedAt when information is available (#20223)

cmd/kms-handlers.go

@@ -22,7 +22,6 @@ import (
 	"encoding/json"
 	"net/http"
 
-	"github.com/minio/kms-go/kes"
 	"github.com/minio/madmin-go/v3"
 	"github.com/minio/minio/internal/auth"
 	"github.com/minio/minio/internal/kms"
@@ -197,7 +196,7 @@ func (a kmsAPIHandlers) KMSListKeysHandler(w http.ResponseWriter, r *http.Reques
 		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrKMSNotConfigured), r.URL)
 		return
 	}
-	allKeyNames, _, err := GlobalKMS.ListKeyNames(ctx, &kms.ListRequest{
+	allKeys, _, err := GlobalKMS.ListKeys(ctx, &kms.ListRequest{
 		Prefix: r.Form.Get("pattern"),
 	})
 	if err != nil {
@@ -213,21 +212,17 @@ func (a kmsAPIHandlers) KMSListKeysHandler(w http.ResponseWriter, r *http.Reques
 	}
 
 	// Now we have all the key names, for each of them, check whether the policy grants permission for
-	// the user to list it.
-	keyNames := []string{}
-	for _, name := range allKeyNames {
-		if checkKMSActionAllowed(r, owner, cred, policy.KMSListKeysAction, name) {
-			keyNames = append(keyNames, name)
+	// the user to list it. Filter in place to leave only allowed keys.
+	n := 0
+	for _, k := range allKeys {
+		if checkKMSActionAllowed(r, owner, cred, policy.KMSListKeysAction, k.Name) {
+			allKeys[n] = k
+			n++
 		}
 	}
+	allKeys = allKeys[:n]
 
-	values := make([]kes.KeyInfo, 0, len(keyNames))
-	for _, name := range keyNames {
-		values = append(values, kes.KeyInfo{
-			Name: name,
-		})
-	}
-	if res, err := json.Marshal(values); err != nil {
+	if res, err := json.Marshal(allKeys); err != nil {
 		writeCustomErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrInternalError), err.Error(), r.URL)
 	} else {
 		writeSuccessResponseJSON(w, res)

cmd/kms-handlers_test.go

@@ -658,13 +658,24 @@ func execKMSTest(t *testing.T, test kmsTestCase, adminTestBed *adminErasureTestB
 
 	// Check returned key list is correct
 	if test.wantKeyNames != nil {
-		gotKeyNames := keyNamesFromListKeysResp(t, rec.Body.Bytes())
-		if len(test.wantKeyNames) != len(gotKeyNames) {
-			t.Fatalf("want keys len: %d, got len: %d", len(test.wantKeyNames), len(gotKeyNames))
+		keys := []madmin.KMSKeyInfo{}
+		err := json.Unmarshal(rec.Body.Bytes(), &keys)
+		if err != nil {
+			t.Fatal(err)
 		}
-		for i, wantKeyName := range test.wantKeyNames {
-			if gotKeyNames[i] != wantKeyName {
-				t.Fatalf("want key name %s, in position %d, got %s", wantKeyName, i, gotKeyNames[i])
+		if len(keys) != len(test.wantKeyNames) {
+			t.Fatalf("want %d keys, got %d", len(test.wantKeyNames), len(keys))
+		}
+
+		for i, want := range keys {
+			if want.CreatedBy != kms.StubCreatedBy {
+				t.Fatalf("want key created by %s, got %s", kms.StubCreatedBy, want.CreatedBy)
+			}
+			if want.CreatedAt != kms.StubCreatedAt {
+				t.Fatalf("want key created at %s, got %s", kms.StubCreatedAt, want.CreatedAt)
+			}
+			if test.wantKeyNames[i] != want.Name {
+				t.Fatalf("want key name %s, got %s", test.wantKeyNames[i], want.Name)
 			}
 		}
 	}
@@ -835,17 +846,3 @@ func setupKMSUser(t *testing.T, accessKey, secretKey, p string) {
 		}
 	}
 }
-
-func keyNamesFromListKeysResp(t *testing.T, b []byte) []string {
-	var keyInfos []madmin.KMSKeyInfo
-	err := json.Unmarshal(b, &keyInfos)
-	if err != nil {
-		t.Fatalf("cannot unmarshal '%s', err: %v", b, err)
-	}
-
-	var gotKeyNames []string
-	for _, keyInfo := range keyInfos {
-		gotKeyNames = append(gotKeyNames, keyInfo.Name)
-	}
-	return gotKeyNames
-}