refactor: remove deprecated IKeyVault

Remove the implmentation for IKeyVault in favor of the new Signer Store Signed-off-by: Kairo de Araujo <[email protected]>
repository-service-tuf · Jul 2, 2024 · 355f118 · 355f118
1 parent 1285654
commit 355f118
Show file tree

Hide file tree

Showing 22 changed files with 426 additions and 1,336 deletions.
diff --git a/Pipfile b/Pipfile
@@ -9,7 +9,7 @@ redis = "*"
 tuf = "*"
 dynaconf = {extras = ["ini"], version = "*"}
 supervisor = "*"
-securesystemslib = {extras = ["pynacl", "crypto"], version = ">-=0.31.0,<1.0.0"}
+securesystemslib = {extras = ["pynacl", "crypto"], version = "*"}
 sqlalchemy = "*"
 psycopg2 = "*"
 alembic = "*"

diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/docs/diagrams/repository-service-tuf-worker-C2.puml b/docs/diagrams/repository-service-tuf-worker-C2.puml
@@ -56,14 +56,8 @@ Container_Boundary(repository_storage, "Storage Service"){
     Container_Ext(aws_s3, "AWS S3", "Storage", $tags="aws_s3") #Grey
     Container_Ext(azure_blob, "Azure Blob", "Storage", $tags="azure_blob") #Grey
 }
-Container_Boundary(key_storage, "Key Vault Service"){
-    Container_Ext(key_fs, "Filesystem", "Storage", $tags="storage_service") #Grey
-    Container_Ext(aws_kms, "AWS KMS", "Storage", $tags="aws_kms") #Grey
-    Container_Ext(azure_kv, "Azure Key Vault", "Storage", $tags="azure_kv") #Grey
-}
 Rel_D(broker, repository_service_tuf_worker, "Consumer", "Tasks")
 Rel_U(repository_service_tuf_worker, broker, "Publisher", "Tasks Results")
-Rel_U(key_storage, repository_service_tuf_worker, "Read", "Online Keys")
 BiRel_U(repository_service_tuf_worker, redis, "Repository Configuration", "Consumer")
 BiRel_U(repository_service_tuf_worker, sql, "TargetsFiles, TargetsRoles", "")
 BiRel_R(repository_service_tuf_worker, data_dir, "Write/Read", "Service settings")

diff --git a/docs/diagrams/repository-service-tuf-worker-C3.puml b/docs/diagrams/repository-service-tuf-worker-C3.puml
@@ -20,7 +20,6 @@
 
 
 AddContainerTag("webui", $sprite="application_server", $legendText="Web UI Interface", $bgColor=Gray)
-AddContainerTag("key_service", $sprite="lock_with_key_security", $legendText="Key Service", $bgColor=Gray)
 AddContainerTag("storage_service", $sprite="file_server", $legendText="Storage Service", $bgColor=Gray)
 AddContainerTag("rest_api", $sprite="web_server", $legendText="Repository REST API")
 AddContainerTag("repository_service_tuf_worker", $sprite="service_application", $legendText="Repository Metadata Worker")
@@ -54,12 +53,8 @@ System_Boundary(repository_service_tuf_worker, "Repository Service for TUF Worke
         }
         Container_Boundary(interfaces, "interfaces") #CornflowerBlue {
             Container(IStorage, "Storage Interface")
-            Container(IKeyVault, "Key Vault Interface")
         }
         Container_Boundary(services, "services") #DeepSkyBlue{
-            Container_Boundary(keyvault, "keyvault") #LightSteelBlue {
-                Container(LocalKeyVault, "LocalKeyVault", "File System")
-            }
             Container_Boundary(storage, "storage") #LightSteelBlue {
                 Container(LocalStorage, "LocalStorage", "File System")
             }
@@ -73,11 +68,8 @@ Container_Ext(broker, "Broker", "RabbitMQ, Redis, etc", $tags="queue") #Grey
 Container_Ext(redis, "Redis", "Redis Server", $tags="queue") #Grey
 Container_Ext(sql, "SQL", "SQL Server", $tags="sql_db") #Grey
 Container_Ext(ext_storage, "Metadata Storage", "specific technology", $tags="key_service") #Grey
-Container_Ext(ext_key_storage, "Key Vault Storage", "specific technology", $tags="storage_service") #Grey
 
 Rel(LocalStorage, ext_storage, " ")
-Rel(LocalKeyVault, ext_key_storage, " ")
-Rel(IKeyVault, LocalKeyVault, "uses")
 Rel(IStorage, LocalStorage, "uses")
 Rel(metadata_repository, IStorage, " ")
 Rel(metadata_repository, IKeyVault, " ")

diff --git a/docs/source/_static/repository-service-tuf-worker-C2.png b/docs/source/_static/repository-service-tuf-worker-C2.png
diff --git a/docs/source/_static/repository-service-tuf-worker-C3.png b/docs/source/_static/repository-service-tuf-worker-C3.png
diff --git a/docs/source/devel/repository_service_tuf_worker.services.rst b/docs/source/devel/repository_service_tuf_worker.services.rst
@@ -7,7 +7,6 @@ Subpackages
 .. toctree::
    :maxdepth: 4
 
-   repository_service_tuf_worker.services.keyvault
    repository_service_tuf_worker.services.storage
 
 Module contents

diff --git a/repository_service_tuf_worker/interfaces.py b/repository_service_tuf_worker/interfaces.py
@@ -9,7 +9,6 @@
 from typing import Any, List, Optional
 
 from dynaconf import Dynaconf
-from securesystemslib.signer import Key, Signer
 from tuf.api.metadata import Metadata, T
 
 
@@ -22,36 +21,6 @@ class ServiceSettings:
     default: Optional[Any] = None
 
 
-class IKeyVault(ABC):
-    @classmethod
-    @abstractmethod
-    def configure(cls, settings: Dynaconf) -> "IKeyVault":
-        """
-        Run actions to verify, configure and create object using the settings.
-        """
-        pass  # pragma: no cover
-
-    @classmethod
-    def from_dynaconf(cls, settings: Dynaconf) -> None:
-        """
-        Run actions to verify and configure using the settings.
-        """
-        _setup_service_dynaconf(cls, settings.KEYVAULT_BACKEND, settings)
-
-    @classmethod
-    @abstractmethod
-    def settings(cls) -> List[ServiceSettings]:
-        """
-        Define all the ServiceSettings required in settings.
-        """
-        pass  # pragma: no cover
-
-    @abstractmethod
-    def get(self, public_key: Key) -> Signer:
-        """Return a signer using the online key."""
-        pass  # pragma: no cover
-
-
 class IStorage(ABC):
     @classmethod
     @abstractmethod
@@ -155,9 +124,5 @@ def _setup_service_dynaconf(cls: Any, backend: Any, settings: Dynaconf):
             settings.STORAGE_BACKEND = backend
             settings.STORAGE = settings.STORAGE_BACKEND.configure(settings)
 
-        elif cls.__name__ == "IKeyVault":
-            settings.KEYVAULT_BACKEND = backend
-            settings.KEYVAULT = settings.KEYVAULT_BACKEND.configure(settings)
-
         else:
             raise ValueError(f"Invalid Interface {cls.__name__}")
diff --git a/repository_service_tuf_worker/repository.py b/repository_service_tuf_worker/repository.py
@@ -45,7 +45,7 @@
     get_repository_settings,
     get_worker_settings,
 )
-from repository_service_tuf_worker.interfaces import IKeyVault, IStorage
+from repository_service_tuf_worker.interfaces import IStorage
 from repository_service_tuf_worker.models import (
     rstuf_db,
     targets_crud,
@@ -190,10 +190,6 @@ def refresh_settings(self, worker_settings: Optional[Dynaconf] = None):
         # storage
         IStorage.from_dynaconf(settings)
 
-        # keyvault
-        if settings.get("KEYVAULT_BACKEND"):
-            IKeyVault.from_dynaconf(settings)
-
         self._worker_settings = settings
         return settings
 

diff --git a/repository_service_tuf_worker/services/__init__.py b/repository_service_tuf_worker/services/__init__.py
@@ -4,13 +4,9 @@
 # SPDX-License-Identifier: MIT
 
 from repository_service_tuf_worker.interfaces import (  # noqa
-    IKeyVault,
     IStorage,
     ServiceSettings,
 )
-from repository_service_tuf_worker.services.keyvault.local import (  # noqa
-    LocalKeyVault,
-)
 from repository_service_tuf_worker.services.storage import (  # noqa
     AWSS3,
     LocalStorage,

diff --git a/repository_service_tuf_worker/services/keyvault/__init__.py b/repository_service_tuf_worker/services/keyvault/__init__.py
diff --git a/repository_service_tuf_worker/services/keyvault/local.py b/repository_service_tuf_worker/services/keyvault/local.py