kms.ListKeys returns CreatedBy/CreatedAt when information is available (#20223)

2025-11-07 12:52:58 -05:00 · 2024-08-18 16:43:03 +10:00
parent 9e81ccd2d9
commit 6378ca10a4
9 changed files with 81 additions and 71 deletions
--- a/internal/kms/conn.go
+++ b/internal/kms/conn.go
@@ -48,7 +48,7 @@ type conn interface {
 	// CreateKey creates a new key at the KMS with the given key ID.
 	CreateKey(context.Context, *CreateKeyRequest) error

-	ListKeyNames(context.Context, *ListRequest) ([]string, string, error)
+	ListKeys(context.Context, *ListRequest) ([]madmin.KMSKeyInfo, string, error)

 	// GenerateKey generates a new data encryption key using the
 	// key referenced by the key ID.
--- a/internal/kms/kes.go
+++ b/internal/kms/kes.go
@@ -126,8 +126,16 @@ func (c *kesConn) Status(ctx context.Context) (map[string]madmin.ItemState, erro
 	return status, nil
 }

-func (c *kesConn) ListKeyNames(ctx context.Context, req *ListRequest) ([]string, string, error) {
-	return c.client.ListKeys(ctx, req.Prefix, req.Limit)
+func (c *kesConn) ListKeys(ctx context.Context, req *ListRequest) ([]madmin.KMSKeyInfo, string, error) {
+	names, continueAt, err := c.client.ListKeys(ctx, req.Prefix, req.Limit)
+	if err != nil {
+		return nil, "", err
+	}
+	keyInfos := make([]madmin.KMSKeyInfo, len(names))
+	for i := range names {
+		keyInfos[i].Name = names[i]
+	}
+	return keyInfos, continueAt, nil
 }

 // CreateKey tries to create a new key at the KMS with the
--- a/internal/kms/kms.go
+++ b/internal/kms/kms.go
@@ -213,13 +213,13 @@ func (k *KMS) CreateKey(ctx context.Context, req *CreateKeyRequest) error {
 	return err
 }

-// ListKeyNames returns a list of key names and a potential
+// ListKeys returns a list of keys with metadata and a potential
 // next name from where to continue a subsequent listing.
-func (k *KMS) ListKeyNames(ctx context.Context, req *ListRequest) ([]string, string, error) {
+func (k *KMS) ListKeys(ctx context.Context, req *ListRequest) ([]madmin.KMSKeyInfo, string, error) {
 	if req.Prefix == "*" {
 		req.Prefix = ""
 	}
-	return k.conn.ListKeyNames(ctx, req)
+	return k.conn.ListKeys(ctx, req)
 }

 // GenerateKey generates a new data key using the master key req.Name.
@@ -320,7 +320,7 @@ func (c *kmsConn) Status(ctx context.Context) (map[string]madmin.ItemState, erro
 	return stat, nil
 }

-func (c *kmsConn) ListKeyNames(ctx context.Context, req *ListRequest) ([]string, string, error) {
+func (c *kmsConn) ListKeys(ctx context.Context, req *ListRequest) ([]madmin.KMSKeyInfo, string, error) {
 	resp, err := c.client.ListKeys(ctx, &kms.ListRequest{
 		Enclave:    c.enclave,
 		Prefix:     req.Prefix,
@@ -331,11 +331,13 @@ func (c *kmsConn) ListKeyNames(ctx context.Context, req *ListRequest) ([]string,
 		return nil, "", errListingKeysFailed(err)
 	}

-	names := make([]string, 0, len(resp.Items))
-	for _, item := range resp.Items {
-		names = append(names, item.Name)
+	keyInfos := make([]madmin.KMSKeyInfo, len(resp.Items))
+	for i, v := range resp.Items {
+		keyInfos[i].Name = v.Name
+		keyInfos[i].CreatedAt = v.CreatedAt
+		keyInfos[i].CreatedBy = string(v.CreatedBy)
 	}
-	return names, resp.ContinueAt, nil
+	return keyInfos, resp.ContinueAt, nil
 }

 func (c *kmsConn) CreateKey(ctx context.Context, req *CreateKeyRequest) error {
--- a/internal/kms/secret-key.go
+++ b/internal/kms/secret-key.go
@@ -95,12 +95,12 @@ func (secretKey) Status(context.Context) (map[string]madmin.ItemState, error) {
 	}, nil
 }

-// ListKeyNames returns a list of key names. The builtin KMS consists of just a single key.
-func (s secretKey) ListKeyNames(ctx context.Context, req *ListRequest) ([]string, string, error) {
+// ListKeys returns a list of keys with metadata. The builtin KMS consists of just a single key.
+func (s secretKey) ListKeys(ctx context.Context, req *ListRequest) ([]madmin.KMSKeyInfo, string, error) {
 	if strings.HasPrefix(s.keyID, req.Prefix) && strings.HasPrefix(s.keyID, req.ContinueAt) {
-		return []string{s.keyID}, "", nil
+		return []madmin.KMSKeyInfo{{Name: s.keyID}}, "", nil
 	}
-	return []string{}, "", nil
+	return []madmin.KMSKeyInfo{}, "", nil
 }

 // CreateKey returns ErrKeyExists unless req.Name is equal to the secretKey name.
--- a/internal/kms/stub.go
+++ b/internal/kms/stub.go
@@ -22,11 +22,19 @@ import (
 	"net/http"
 	"slices"
 	"sync/atomic"
+	"time"

 	"github.com/minio/madmin-go/v3"
 	"github.com/minio/pkg/v3/wildcard"
 )

+var (
+	// StubCreatedAt is a constant timestamp for testing
+	StubCreatedAt = time.Date(2024, time.January, 1, 15, 0, 0, 0, time.UTC)
+	// StubCreatedBy is a constant created identity for testing
+	StubCreatedBy = "MinIO"
+)
+
 // NewStub returns a stub of KMS for testing
 func NewStub(defaultKeyName string) *KMS {
 	return &KMS{
@@ -64,15 +72,15 @@ func (s StubKMS) Status(context.Context) (map[string]madmin.ItemState, error) {
 	}, nil
 }

-// ListKeyNames returns a list of key names.
-func (s StubKMS) ListKeyNames(ctx context.Context, req *ListRequest) ([]string, string, error) {
-	matches := []string{}
+// ListKeys returns a list of keys with metadata.
+func (s StubKMS) ListKeys(ctx context.Context, req *ListRequest) ([]madmin.KMSKeyInfo, string, error) {
+	matches := []madmin.KMSKeyInfo{}
 	if req.Prefix == "" {
 		req.Prefix = "*"
 	}
 	for _, keyName := range s.KeyNames {
 		if wildcard.MatchAsPatternPrefix(req.Prefix, keyName) {
-			matches = append(matches, keyName)
+			matches = append(matches, madmin.KMSKeyInfo{Name: keyName, CreatedAt: StubCreatedAt, CreatedBy: StubCreatedBy})
 		}
 	}