refactor(config): rename client_key() to build_client_key() and improve zerokms error logging

Rename EncryptConfig::client_key() to build_client_key() for clarity, update for_testing()
fixture with a valid client key, and add tracing on ZeroKMS auth strategy detection failure.

Author: tobyhede

packages/cipherstash-proxy/src/config/tandem.rs

@@ -217,8 +217,7 @@ impl TandemConfig {
                 }
             })?;
 
-        ClientKey::from_hex_v1(config.encrypt.client_id, &config.encrypt.client_key)
-            .map_err(|e| ConfigError::InvalidClientKey(e.into()))?;
+        config.encrypt.build_client_key()?;
 
         Ok(config)
     }
@@ -313,7 +312,7 @@ impl TandemConfig {
             },
             encrypt: EncryptConfig {
                 client_id: Uuid::parse_str("00000000-0000-0000-0000-000000000001").unwrap(),
-                client_key: "test".to_string(),
+                client_key: "a4627031a16b7065726d75746174696f6e900e05030d0608090007020c04010b0a0f6770325f66726f6da16b7065726d75746174696f6e900608000a0204030f01070d090e0b0c056570325f746fa16b7065726d75746174696f6e90000908060701030a05040e020d0b0c0f627033a16b7065726d75746174696f6e982107181d130d05181f08040a181c1002181e010311181818200b0f0e0915181b0c16171819060012181a14".to_string(),
                 default_keyset_id: Some(
                     Uuid::parse_str("00000000-0000-0000-0000-000000000000").unwrap(),
                 ),
@@ -327,7 +326,7 @@ impl TandemConfig {
 }
 
 impl EncryptConfig {
-    pub fn client_key(&self) -> Result<ClientKey, Error> {
+    pub fn build_client_key(&self) -> Result<ClientKey, Error> {
         ClientKey::from_hex_v1(self.client_id, &self.client_key)
             .map_err(|e| ConfigError::InvalidClientKey(e.into()).into())
     }

packages/cipherstash-proxy/src/proxy/zerokms/mod.rs

@@ -19,9 +19,12 @@ pub(crate) fn init_zerokms_client(config: &TandemConfig) -> Result<ZerokmsClient
         .with_access_key(&config.auth.client_access_key)
         .with_workspace_crn(config.auth.workspace_crn.clone())
         .detect()
-        .map_err(|_| ZeroKMSError::AuthenticationFailed)?;
+        .map_err(|e| {
+            tracing::warn!(target: "zerokms", msg = "ZeroKMS authentication strategy detection failed", error = %e);
+            ZeroKMSError::AuthenticationFailed
+        })?;
 
-    let client_key = config.encrypt.client_key()?;
+    let client_key = config.encrypt.build_client_key()?;
 
     let builder = ZeroKMSBuilder::new(strategy);
     Ok(builder.with_client_key(client_key).build()?)