oci: Add OCI key manager to the list of available key managers

This enables the use of the OCI key manager. Signed-off-by: Patrick Colp <[email protected]>
intel · Oct 25, 2024 · d327f1d · d327f1d
1 parent 0bed7c7
commit d327f1d
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 2 deletions.
diff --git a/config/default.go b/config/default.go
@@ -59,7 +59,7 @@ func DefaultConfig() *Configuration {
 			ServerPort:  viper.GetString(VaultServerPort),
 			ClientToken: viper.GetString(VaultClientToken),
 		}
-	} else {
+	} else if strings.ToLower(cfg.KeyManager) == constant.KmipKeyManager {
 		cfg.Kmip = KmipConfig{
 			Version:                   viper.GetString(KmipVersion),
 			ServerIP:                  viper.GetString(KmipServerIP),
@@ -72,5 +72,6 @@ func DefaultConfig() *Configuration {
 			RootCertificateFilePath:   viper.GetString(KmipRootCertPath),
 		}
 	}
+	// Currently we do nothing special for OCI config.
 	return cfg
 }
diff --git a/constant/constant.go b/constant/constant.go
@@ -47,6 +47,7 @@ const (
 
 	// kmipmanager constants
 	KmipKeyManager   = "kmip"
+	OCIKeyManager    = "oci"
 	VaultKeyManager  = "vault"
 	DefaultVaultPort = 8200
 

diff --git a/keymanager/key_manager.go b/keymanager/key_manager.go
@@ -7,6 +7,7 @@
 package keymanager
 
 import (
+	"intel/kbs/v1/ociclient"
 	"intel/kbs/v1/vaultclient"
 	"strings"
 
@@ -27,6 +28,13 @@ func NewKeyManager(cfg *config.Configuration) (KeyManager, error) {
 			return nil, errors.Wrap(err, "Failed to initialize KmipManager")
 		}
 		return NewKmipManager(kmipClient), nil
+	} else if strings.ToLower(cfg.KeyManager) == constant.OCIKeyManager {
+		ociClient := ociclient.NewOCIClient()
+		err := ociClient.InitializeClient()
+		if err != nil {
+			return nil, errors.Wrap(err, "keymanager/key_manager:NewKeyManager() Failed to initialize OCI client")
+		}
+		return NewOCIManager(ociClient), nil
 	} else if strings.ToLower(cfg.KeyManager) == constant.VaultKeyManager {
 		vaultClient := vaultclient.NewVaultClient()
 		err := vaultClient.InitializeClient(cfg.Vault.ServerIP, cfg.Vault.ServerPort, cfg.Vault.ClientToken)

diff --git a/service/key.go b/service/key.go
@@ -53,7 +53,8 @@ func (svc service) CreateKey(_ context.Context, keyCreateReq model.KeyRequest) (
 
 	var err error
 	var createdKey *model.KeyResponse
-	if keyCreateReq.KeyInfo.KeyData == "" && keyCreateReq.KeyInfo.KmipKeyID == "" {
+	if keyCreateReq.KeyInfo.KeyData == "" &&
+		(keyCreateReq.KeyInfo.KmipKeyID == "" || keyCreateReq.KeyInfo.OciSecretId == "") {
 
 		log.Debug("Create key request received")
 		createdKey, err = svc.remoteManager.CreateKey(&keyCreateReq)