task: drop support for kmip and local file encryption (#2780)

internal/cli/atlas/logs/logs.go

@@ -29,11 +29,9 @@ func Builder() *cobra.Command {
 		Short:   "Download host logs for your project.",
 	}
 
-	keyProvidersCmd := decryption.KeyProvidersBuilder()
-	keyProvidersCmd.Hidden = true
 	cmd.AddCommand(
 		DownloadBuilder(),
-		keyProvidersCmd,
+		decryption.KeyProvidersBuilder(),
 		DecryptBuilder(),
 	)
 

internal/cli/decryption/key_providers.go

@@ -24,6 +24,7 @@ func KeyProvidersBuilder() *cobra.Command {
 		Use:     "keyProviders",
 		Aliases: cli.GenerateAliases("keyProviders", "keys"),
 		Short:   "Manage your key collections.",
+		Hidden:  true,
 	}
 
 	cmd.AddCommand(KeyProvidersListBuilder())

internal/cli/decryption/list_key_provider_test.go

@@ -17,12 +17,10 @@
 package decryption
 
 import (
-	"bytes"
 	"testing"
 
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/flag"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/test"
-	"github.com/spf13/afero"
 )
 
 func TestListKeyProviderBuilder(t *testing.T) {
@@ -36,29 +34,3 @@ func TestListKeyProviderBuilder(t *testing.T) {
 		},
 	)
 }
-
-func TestKeyProviderListOpts_Run(t *testing.T) {
-	fileJSON := []byte(`{"ts":{"$date":{"$numberLong":"1644232049921"}},"version":"0.0","compressionMode":"zstd","keyStoreIdentifier":{"provider":"local","filename":"localKey"},"encryptedKey":{"$binary":{"base64":"+yjPCaKKE1M8fZmPGzGHkyfHYxaw34okpavsHzpd8iPVx2+JjOhXwXw5E2FdI5Rcb5JgmcPUFRPISh/7Si1R/g==","subType":"0"}},"MAC":"qE9fUsGK0EuRrrCRAQAAAAAAAAAAAAAA","auditRecordType":"header"}
-{"ts":{"$date":{"$numberLong":"1644232049922"}},"log":"1Lu4o8XVMM/Rg7GKAQAAAAEAAAAAAAAA/8tXQ36mEd90OaAOzCOSti7N5a2jr0B9ek48/uvyteG/zUJHyM16Hs3wMEhDqTQGBwGhWSHEqXh0/5Jbz6tXsYHhDTMr1BOsn1zaavZScx/CkO5+Hd8Vx+zeFPREtQTe1y+JngXSIroezeyV0/zF4YC4vpug+OZtrEQLNEgwT2bjaqUyaKDbmzCNetd2Ff/eFfMFzinbzKVgXAC7T4YmDuowqXommEXLIBiYh2u4VagwJKZRw5OGZjnvqwyVpSPgGqLxGKUoFigh3NgC6EuGi17VIs5BLRZOIw7+OfbPgQQiKzjCxCk="}
-{"ts":{"$date":{"$numberLong":"1644232049921"}},"version":"0.0","compressionMode":"zstd","keyStoreIdentifier":{"provider":"kmip","uid":"uniqueKeyID","kmipServerName":["kmipServerName"],"kmipPort":{"$numberInt":"8081"},"keyWrapMethod":"get"},"encryptedKey":{"$binary":{"base64":"+yjPCaKKE1M8fZmPGzGHkyfHYxaw34okpavsHzpd8iPVx2+JjOhXwXw5E2FdI5Rcb5JgmcPUFRPISh/7Si1R/g==","subType":"0"}},"MAC":"qE9fUsGK0EuRrrCRAQAAAAAAAAAAAAAA","auditRecordType":"header"}
-{"ts":{"$date":{"$numberLong":"1644232049922"}},"log":"1Lu4o8XVMM/Rg7GKAQAAAAEAAAAAAAAA/8tXQ36mEd90OaAOzCOSti7N5a2jr0B9ek48/uvyteG/zUJHyM16Hs3wMEhDqTQGBwGhWSHEqXh0/5Jbz6tXsYHhDTMr1BOsn1zaavZScx/CkO5+Hd8Vx+zeFPREtQTe1y+JngXSIroezeyV0/zF4YC4vpug+OZtrEQLNEgwT2bjaqUyaKDbmzCNetd2Ff/eFfMFzinbzKVgXAC7T4YmDuowqXommEXLIBiYh2u4VagwJKZRw5OGZjnvqwyVpSPgGqLxGKUoFigh3NgC6EuGi17VIs5BLRZOIw7+OfbPgQQiKzjCxCk="}`)
-
-	listOpts := &KeyProviderListOpts{
-		file: "test",
-		fs:   afero.NewMemMapFs(),
-	}
-	bufOut := new(bytes.Buffer)
-	_ = listOpts.InitOutput(bufOut, listTmpl)()
-	_ = afero.WriteFile(listOpts.fs, "test", fileJSON, 0600)
-
-	if err := listOpts.Run(); err != nil {
-		t.Fatalf("Run() unexpected error: %v", err)
-	}
-
-	expected := `local: Filename = localKey
-kmip: Unique Key ID = "uniqueKeyID" KMIP Server Name = "[kmipServerName]" KMIP Port = "8081" Key Wrap Method = "get"
-`
-	if bufOut.String() != expected {
-		t.Fatalf("Run() expected: %s got: %v", expected, bufOut.String())
-	}
-}

internal/decryption/audit_log_line_scanner.go

@@ -56,12 +56,12 @@ func peekFirstByte(reader io.ReadSeeker) (byte, error) {
 	return b[0], nil
 }
 
-func readAuditLogFile(reader io.ReadSeeker) (AuditLogFormat, auditLogScanner, error) {
+func readAuditLogFile(reader io.ReadSeeker) (auditLogScanner, error) {
 	auditLogFormat := BSON
 
 	b, err := peekFirstByte(reader)
 	if err != nil {
-		return auditLogFormat, nil, err
+		return nil, err
 	}
 
 	if b == '{' {
@@ -75,7 +75,7 @@ func readAuditLogFile(reader io.ReadSeeker) (AuditLogFormat, auditLogScanner, er
 	case JSON:
 		scanner = newJSONScanner(reader)
 	}
-	return auditLogFormat, scanner, err
+	return scanner, err
 }
 
 type auditLogScanner interface {

internal/decryption/decryption.go

@@ -79,7 +79,7 @@ func WithAzureOpts(tenantID, clientID, secret string) func(d *Decryption) {
 // the credentials provided by the user and the AES-GCM algorithm.
 // The decrypted audit log records are saved in the out stream.
 func (d *Decryption) Decrypt(logReader io.ReadSeeker, out io.Writer) error {
-	_, logLineScanner, err := readAuditLogFile(logReader)
+	logLineScanner, err := readAuditLogFile(logReader)
 	if err != nil {
 		return err
 	}

internal/decryption/encrypted_audit_log.go

@@ -32,13 +32,6 @@ type AuditRecordType string
 
 type AuditLogLineKeyStoreIdentifier struct {
 	Provider *keyproviders.KeyStoreProvider `json:"provider,omitempty"`
-	// localKey
-	Filename string `json:"filename,omitempty"`
-	// kmip
-	UID            string                         `json:"uniqueKeyID,omitempty"`
-	KMIPServerName []string                       `json:"kmipServerName,omitempty"`
-	KMIPPort       int                            `json:"kmipPort,omitempty"`
-	KeyWrapMethod  keyproviders.KMIPKeyWrapMethod `json:"keyWrapMethod,omitempty"`
 	// aws
 	Key      string `json:"key,omitempty"`
 	Region   string `json:"region,omitempty"`
@@ -76,29 +69,6 @@ func (logLine *AuditLogLine) KeyProvider(opts KeyProviderOpts) (keyproviders.Key
 	}
 
 	switch *logLine.KeyStoreIdentifier.Provider {
-	case keyproviders.LocalKey:
-		if opts.Local == nil {
-			return nil, fmt.Errorf("%w: %s", ErrKeyProviderNotSupported, *logLine.KeyStoreIdentifier.Provider)
-		}
-		return &keyproviders.LocalKeyIdentifier{
-			HeaderFilename: logLine.KeyStoreIdentifier.Filename,
-			Filename:       opts.Local.KeyFileName,
-		}, nil
-	case keyproviders.KMIP:
-		if opts.KMIP == nil {
-			return nil, fmt.Errorf("%w: %s", ErrKeyProviderNotSupported, *logLine.KeyStoreIdentifier.Provider)
-		}
-		return &keyproviders.KMIPKeyIdentifier{
-			UniqueKeyID:               logLine.KeyStoreIdentifier.UID,
-			ServerNames:               logLine.KeyStoreIdentifier.KMIPServerName,
-			ServerPort:                logLine.KeyStoreIdentifier.KMIPPort,
-			KeyWrapMethod:             logLine.KeyStoreIdentifier.KeyWrapMethod,
-			ServerCAFileName:          opts.KMIP.ServerCAFileName,
-			ClientCertificateFileName: opts.KMIP.ClientCertificateFileName,
-			ClientCertificatePassword: opts.KMIP.ClientCertificatePassword,
-			Username:                  opts.KMIP.Username,
-			Password:                  opts.KMIP.Password,
-		}, nil
 	case keyproviders.AWS:
 		if opts.AWS == nil {
 			return nil, fmt.Errorf("%w: %s", ErrKeyProviderNotSupported, *logLine.KeyStoreIdentifier.Provider)

internal/decryption/header_test.go

@@ -18,6 +18,7 @@ package decryption
 
 import (
 	"encoding/base64"
+	"fmt"
 	"testing"
 	"time"
 
@@ -96,7 +97,7 @@ func Test_validateMAC(t *testing.T) {
 func Test_validateHeaderFields(t *testing.T) {
 	ts := time.Now()
 	invalidCompressionMode := "foo"
-	provider := keyproviders.LocalKey
+	provider := keyproviders.Azure
 	encryptedKey := []byte{0, 1, 2, 3}
 
 	testCases := []struct {
@@ -225,12 +226,16 @@ func Test_validateHeaderFields(t *testing.T) {
 			expectErr: true,
 		},
 	}
-	for _, testCase := range testCases {
-		err := validateHeaderFields(pointer.Get(testCase.input))
-		if testCase.expectErr && err == nil {
-			t.Errorf("expected: not nil got: %v", err)
-		} else if !testCase.expectErr && err != nil {
-			t.Errorf("expected: nil got: %v", err)
-		}
+	for i, tc := range testCases {
+		tt := tc
+		t.Run(fmt.Sprintf("test_%d", i), func(t *testing.T) {
+			t.Parallel()
+			err := validateHeaderFields(&tt.input)
+			if tt.expectErr && err == nil {
+				t.Errorf("expected: not nil got: %v", err)
+			} else if !tt.expectErr && err != nil {
+				t.Errorf("expected: nil got: %v", err)
+			}
+		})
 	}
 }

internal/decryption/keyproviders/key_provider.go

@@ -24,11 +24,9 @@ import (
 type KeyStoreProvider string
 
 const (
-	LocalKey KeyStoreProvider = "local"
-	KMIP     KeyStoreProvider = "kmip"
-	AWS      KeyStoreProvider = "aws"
-	GCP      KeyStoreProvider = "gcp"
-	Azure    KeyStoreProvider = "azure"
+	AWS   KeyStoreProvider = "aws"
+	GCP   KeyStoreProvider = "gcp"
+	Azure KeyStoreProvider = "azure"
 )
 
 type KeyProvider interface {