Skip to content

updated CSR enrollment to use Keyfactor Client SDK#44

Merged
spbsoluble merged 6 commits intorelease-1.4from
feat/AB#70987/update-vault-libraries
Aug 4, 2025
Merged

updated CSR enrollment to use Keyfactor Client SDK#44
spbsoluble merged 6 commits intorelease-1.4from
feat/AB#70987/update-vault-libraries

Conversation

@joevanwanzeeleKF
Copy link
Copy Markdown
Contributor

@joevanwanzeeleKF joevanwanzeeleKF commented May 22, 2025

  • Updated the Hashicorp SDK libraries
  • Incorporated the Keyfactor GO SDK for authentication and interaction with the Command API

@spbsoluble spbsoluble requested a review from Copilot June 4, 2025 16:20

This comment was marked as outdated.

Sign in to view

@spbsoluble spbsoluble requested a review from Copilot August 4, 2025 16:27
@spbsoluble spbsoluble merged commit 95b66c8 into release-1.4 Aug 4, 2025
28 checks passed
Copilot AI reviewed Aug 4, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the HashiCorp Vault secrets engine to use the Keyfactor GO SDK v24 for authentication and API interactions, replacing the previous custom HTTP client implementation. The changes modernize the integration by leveraging the official SDK for better maintainability and feature support.

  • Updated dependencies including HashiCorp SDK libraries and Go toolchain to version 1.24
  • Replaced custom HTTP client code with Keyfactor GO SDK v24 API calls
  • Improved error handling and logging throughout the codebase

Reviewed Changes

Copilot reviewed 12 out of 14 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
go.mod Updated Go version to 1.24 and added Keyfactor GO SDK v24 dependency
client.go Refactored client creation to use Keyfactor SDK instead of custom HTTP client
cert_util.go Replaced manual HTTP requests with SDK API calls for certificate operations
path_certs.go Updated certificate revocation to use SDK and improved JSON validation
backend.go Modified backend to use SDK client type and added plugin version
path_revoke.go Removed commented-out revocation code
cmd/keyfactor/main.go Updated to use ServeMultiplex for plugin serving
fields.go Fixed documentation reference from alt_names to dns_sans
README.md, readme_source.md, installation.txt Added clarifying notes about CA certificate requirements
CHANGELOG.md Added entry for version 1.4.2
Comments suppressed due to low confidence (3)

go.mod:3

  • Go version 1.24.0 does not exist. The latest stable Go version as of my knowledge cutoff is 1.23.x. Please use a valid Go version like 1.23.3.
go 1.24.0

go.mod:5

  • Go toolchain version 1.24.3 does not exist. Please use a valid Go toolchain version that corresponds to an actual Go release.
toolchain go1.24.3

cert_util.go:540

  • Variable name 'keyfactorId' should follow Go naming conventions and be 'keyfactorID' (with uppercase 'ID').
		return []string{}, fmt.Errorf("error decoding base64 string: %w", err)

Comment thread path_certs.go
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.pathRevokeCert,
logical.CreateOperation: b.pathRevokeCert,
logical.RevokeOperation: b.pathRevokeCert,
Copy link

Copilot AI Aug 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The operation type should be logical.UpdateOperation or logical.CreateOperation for revoke endpoints. logical.RevokeOperation is typically used for lease revocation, not certificate revocation endpoints.

Suggested change
logical.RevokeOperation: b.pathRevokeCert,

Copilot uses AI. Check for mistakes.
Comment thread cert_util.go
err = req.Storage.Put(ctx, entry)
if err != nil {
return nil, "", errwrap.Wrapf("unable to store certificate locally: {{err}}", err)
return nil, "", fmt.Errorf("unable to store certificate locally: {{err}}", err)
Copy link

Copilot AI Aug 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error message format string contains '{{err}}' but uses %w verb style. It should be either fmt.Errorf("unable to store certificate locally: %w", err) or use a different format.

Suggested change
return nil, "", fmt.Errorf("unable to store certificate locally: {{err}}", err)
return nil, "", fmt.Errorf("unable to store certificate locally: %w", err)

Copilot uses AI. Check for mistakes.
Comment thread cert_util.go
err = req.Storage.Put(ctx, kfIdEntry)
if err != nil {
return nil, "", errwrap.Wrapf("unable to store the keyfactor ID for the certificate locally: {{err}}", err)
return nil, "", fmt.Errorf("unable to store the keyfactor ID for the certificate locally: {{err}}", err)
Copy link

Copilot AI Aug 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error message format string contains '{{err}}' but uses %w verb style. It should be either fmt.Errorf("unable to store the keyfactor ID for the certificate locally: %w", err) or use a different format.

Suggested change
return nil, "", fmt.Errorf("unable to store the keyfactor ID for the certificate locally: {{err}}", err)
return nil, "", fmt.Errorf("unable to store the keyfactor ID for the certificate locally: %w", err)

Copilot uses AI. Check for mistakes.
@spbsoluble spbsoluble deleted the feat/AB#70987/update-vault-libraries branch August 4, 2025 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@joevanwanzeeleKF @spbsoluble