cleanup: refactor functions to accept a context parameter

Signed-off-by: Praveen M <m.praveen@ibm.com>
2025-06-13 10:33:35 +00:00 · 2024-03-04 20:43:31 +05:30
parent c90f7ed777
commit e345b26340
21 changed files with 104 additions and 97 deletions
--- a/internal/util/crypto.go
+++ b/internal/util/crypto.go
@ -189,12 +189,12 @@ func (ve *VolumeEncryption) Destroy() {

 // RemoveDEK deletes the DEK for a particular volumeID from the DEKStore linked
 // with this VolumeEncryption instance.
-func (ve *VolumeEncryption) RemoveDEK(volumeID string) error {
+func (ve *VolumeEncryption) RemoveDEK(ctx context.Context, volumeID string) error {
 	if ve.dekStore == nil {
 		return ErrDEKStoreNotFound
 	}

-	return ve.dekStore.RemoveDEK(volumeID)
+	return ve.dekStore.RemoveDEK(ctx, volumeID)
 }

 func (ve *VolumeEncryption) GetID() string {
@ -203,13 +203,13 @@ func (ve *VolumeEncryption) GetID() string {

 // StoreCryptoPassphrase takes an unencrypted passphrase, encrypts it and saves
 // it in the DEKStore.
-func (ve *VolumeEncryption) StoreCryptoPassphrase(volumeID, passphrase string) error {
-	encryptedPassphrase, err := ve.KMS.EncryptDEK(volumeID, passphrase)
+func (ve *VolumeEncryption) StoreCryptoPassphrase(ctx context.Context, volumeID, passphrase string) error {
+	encryptedPassphrase, err := ve.KMS.EncryptDEK(ctx, volumeID, passphrase)
 	if err != nil {
 		return fmt.Errorf("failed encrypt the passphrase for %s: %w", volumeID, err)
 	}

-	err = ve.dekStore.StoreDEK(volumeID, encryptedPassphrase)
+	err = ve.dekStore.StoreDEK(ctx, volumeID, encryptedPassphrase)
 	if err != nil {
 		return fmt.Errorf("failed to save the passphrase for %s: %w", volumeID, err)
 	}
@ -218,23 +218,23 @@ func (ve *VolumeEncryption) StoreCryptoPassphrase(volumeID, passphrase string) e
 }

 // StoreNewCryptoPassphrase generates a new passphrase and saves it in the KMS.
-func (ve *VolumeEncryption) StoreNewCryptoPassphrase(volumeID string, length int) error {
+func (ve *VolumeEncryption) StoreNewCryptoPassphrase(ctx context.Context, volumeID string, length int) error {
 	passphrase, err := generateNewEncryptionPassphrase(length)
 	if err != nil {
 		return fmt.Errorf("failed to generate passphrase for %s: %w", volumeID, err)
 	}

-	return ve.StoreCryptoPassphrase(volumeID, passphrase)
+	return ve.StoreCryptoPassphrase(ctx, volumeID, passphrase)
 }

 // GetCryptoPassphrase Retrieves passphrase to encrypt volume.
-func (ve *VolumeEncryption) GetCryptoPassphrase(volumeID string) (string, error) {
-	passphrase, err := ve.dekStore.FetchDEK(volumeID)
+func (ve *VolumeEncryption) GetCryptoPassphrase(ctx context.Context, volumeID string) (string, error) {
+	passphrase, err := ve.dekStore.FetchDEK(ctx, volumeID)
 	if err != nil {
 		return "", err
 	}

-	return ve.KMS.DecryptDEK(volumeID, passphrase)
+	return ve.KMS.DecryptDEK(ctx, volumeID, passphrase)
 }

 // generateNewEncryptionPassphrase generates a random passphrase for encryption.
--- a/internal/util/crypto_test.go
+++ b/internal/util/crypto_test.go
@ -17,6 +17,7 @@ limitations under the License.
 package util

 import (
+	"context"
 	"encoding/base64"
 	"testing"

@ -55,11 +56,12 @@ func TestKMSWorkflow(t *testing.T) {
 	assert.Equal(t, kms.DefaultKMSType, ve.GetID())

 	volumeID := "volume-id"
+	ctx := context.TODO()

-	err = ve.StoreNewCryptoPassphrase(volumeID, defaultEncryptionPassphraseSize)
+	err = ve.StoreNewCryptoPassphrase(ctx, volumeID, defaultEncryptionPassphraseSize)
 	assert.NoError(t, err)

-	passphrase, err := ve.GetCryptoPassphrase(volumeID)
+	passphrase, err := ve.GetCryptoPassphrase(ctx, volumeID)
 	assert.NoError(t, err)
 	assert.Equal(t, secrets["encryptionPassphrase"], passphrase)
 }
--- a/internal/util/fscrypt/fscrypt.go
+++ b/internal/util/fscrypt/fscrypt.go
@ -76,14 +76,14 @@ func getPassphrase(ctx context.Context, encryption util.VolumeEncryption, volID

 	switch encryption.KMS.RequiresDEKStore() {
 	case kms.DEKStoreIntegrated:
-		passphrase, err = encryption.GetCryptoPassphrase(volID)
+		passphrase, err = encryption.GetCryptoPassphrase(ctx, volID)
 		if err != nil {
 			log.ErrorLog(ctx, "fscrypt: failed to get passphrase from KMS: %v", err)

 			return "", err
 		}
 	case kms.DEKStoreMetadata:
-		passphrase, err = encryption.KMS.GetSecret(volID)
+		passphrase, err = encryption.KMS.GetSecret(ctx, volID)
 		if err != nil {
 			log.ErrorLog(ctx, "fscrypt: failed to GetSecret: %v", err)

@ -453,7 +453,7 @@ func Unlock(
 	if !kernelPolicyExists && !metadataDirExists {
 		log.DebugLog(ctx, "fscrypt: Creating new protector and policy")
 		if volEncryption.KMS.RequiresDEKStore() == kms.DEKStoreIntegrated {
-			if err := volEncryption.StoreNewCryptoPassphrase(volID, encryptionPassphraseSize); err != nil {
+			if err := volEncryption.StoreNewCryptoPassphrase(ctx, volID, encryptionPassphraseSize); err != nil {
 				log.ErrorLog(ctx, "fscrypt: store new crypto passphrase failed: %v", err)

 				return err
--- a/internal/util/getsecret_test.go
+++ b/internal/util/getsecret_test.go
@ -14,6 +14,7 @@ limitations under the License.
 package util

 import (
+	"context"
 	"errors"
 	"testing"

@ -34,7 +35,7 @@ func TestGetPassphraseFromKMS(t *testing.T) {

 		volEnc, err := NewVolumeEncryption(provider.UniqueID, kms)
 		if errors.Is(err, ErrDEKStoreNeeded) {
-			_, err = volEnc.KMS.GetSecret("")
+			_, err = volEnc.KMS.GetSecret(context.TODO(), "")
 			if errors.Is(err, kmsapi.ErrGetSecretUnsupported) {
 				continue // currently unsupported by fscrypt integration
 			}
@ -45,7 +46,7 @@ func TestGetPassphraseFromKMS(t *testing.T) {
 			continue
 		}

-		secret, err := kms.GetSecret("")
+		secret, err := kms.GetSecret(context.TODO(), "")
 		assert.NoError(t, err, provider.UniqueID)
 		assert.NotEmpty(t, secret, provider.UniqueID)
 	}