fix: remove -key1 suffix (#392)

Moritz72 · moritz eckert · web-flow · commit 78bbfa0f1fc9 · 2025-09-01T14:06:30.000+02:00
* Remove '-key1' suffix

* Remove unused import

* Remove another unused import

---------

Co-authored-by: moritz eckert &lt;moritz.eckert@dlr.de&gt;
diff --git a/extensions/common/azure/azure-blob-core/src/main/java/org/eclipse/edc/azure/blob/cache/AccountCacheImpl.java b/extensions/common/azure/azure-blob-core/src/main/java/org/eclipse/edc/azure/blob/cache/AccountCacheImpl.java
@@ -44,7 +44,7 @@ public BlobServiceClient getBlobServiceClient(String accountName) {
             return getAccount(accountName);
         }
 
-        var accountKey = vault.resolveSecret(accountName + "-key1");
+        var accountKey = vault.resolveSecret(accountName);
 
         return saveAccount(accountName, accountKey);
     }
diff --git a/extensions/data-plane/data-plane-azure-data-factory/src/test/java/org/eclipse/edc/connector/dataplane/azure/datafactory/AzureDataFactoryCopyIntegrationTest.java b/extensions/data-plane/data-plane-azure-data-factory/src/test/java/org/eclipse/edc/connector/dataplane/azure/datafactory/AzureDataFactoryCopyIntegrationTest.java
@@ -122,7 +122,7 @@ void transfer_success(
                 .property(ACCOUNT_NAME, providerStorage.name)
                 .property(CONTAINER_NAME, providerStorage.containerName)
                 .property(BLOB_NAME, blobName)
-                .keyName(providerStorage.name + "-key1")
+                .keyName(providerStorage.name)
                 .build();
 
         var destSecretKeyName = consumerStorage.name + "-ittest-sas-" + UUID.randomUUID();
diff --git a/extensions/data-plane/data-plane-azure-data-factory/src/test/java/org/eclipse/edc/connector/dataplane/azure/datafactory/TestFunctions.java b/extensions/data-plane/data-plane-azure-data-factory/src/test/java/org/eclipse/edc/connector/dataplane/azure/datafactory/TestFunctions.java
@@ -32,7 +32,7 @@ public static Map<String, Object> sourceProperties() {
         var srcStorageAccount = createAccountName();
         return DataAddress.Builder.newInstance()
                 .type(AzureBlobStoreSchema.TYPE)
-                .keyName(srcStorageAccount + "-key1")
+                .keyName(srcStorageAccount)
                 .property(AzureBlobStoreSchema.ACCOUNT_NAME, srcStorageAccount)
                 .property(AzureBlobStoreSchema.CONTAINER_NAME, createContainerName())
                 .property(AzureBlobStoreSchema.BLOB_NAME, createBlobName())
@@ -45,7 +45,7 @@ public static Map<String, Object> destinationProperties() {
 
         return DataAddress.Builder.newInstance()
                 .type(AzureBlobStoreSchema.TYPE)
-                .keyName(destStorageAccount + "-key1")
+                .keyName(destStorageAccount)
                 .property(AzureBlobStoreSchema.ACCOUNT_NAME, destStorageAccount)
                 .property(AzureBlobStoreSchema.CONTAINER_NAME, createContainerName())
                 .build()
diff --git a/extensions/data-plane/data-plane-azure-storage/README.md b/extensions/data-plane/data-plane-azure-storage/README.md
@@ -87,6 +87,11 @@ An example destination address:
 
 The `folderName` and the `blobName` are optional properties in destination address.
 
+### Transfer Provisioning
+
+When provisioning a transfer, the key with the value of `account` will be resolved from the vault.
+This key will be used to authenticate with Azure. If such a key is not present environment/system variables will be used.
+
 ### AzureStorage Transfer Configuration
 
 The existing implementation takes under consideration transfer of files up to 200GB and that can be accomplished within
diff --git a/extensions/data-plane/data-plane-azure-storage/src/test/java/org/eclipse/edc/connector/dataplane/azure/storage/AzureDataPlaneCopyIntegrationTest.java b/extensions/data-plane/data-plane-azure-storage/src/test/java/org/eclipse/edc/connector/dataplane/azure/storage/AzureDataPlaneCopyIntegrationTest.java
@@ -124,7 +124,7 @@ void transfer_success() {
                 .keyName(account2KeyName)
                 .build();
 
-        when(vault.resolveSecret(CONSUMER_STORAGE_ACCOUNT_NAME + "-key1"))
+        when(vault.resolveSecret(CONSUMER_STORAGE_ACCOUNT_NAME))
                 .thenReturn(CONSUMER_STORAGE_ACCOUNT_KEY);
 
         var account2SasToken = account2Api.createContainerSasToken(CONSUMER_STORAGE_ACCOUNT_NAME, sinkContainerName,
diff --git a/extensions/data-plane/data-plane-azure-storage/src/test/java/org/eclipse/edc/connector/dataplane/azure/storage/pipeline/AzureStorageDataSourceFactoryTest.java b/extensions/data-plane/data-plane-azure-storage/src/test/java/org/eclipse/edc/connector/dataplane/azure/storage/pipeline/AzureStorageDataSourceFactoryTest.java
@@ -49,7 +49,7 @@ class AzureStorageDataSourceFactoryTest {
     @Test
     void validate_whenBlobRequestValid_succeeds() {
         assertThat(factory.validateRequest(request.sourceDataAddress(dataAddress
-                                .keyName(accountName + "-key1")
+                                .keyName(accountName)
                                 .property(AzureBlobStoreSchema.ACCOUNT_NAME, accountName)
                                 .property(AzureBlobStoreSchema.CONTAINER_NAME, containerName)
                                 .property(AzureBlobStoreSchema.BLOB_NAME, blobName)
@@ -61,7 +61,7 @@ void validate_whenBlobRequestValid_succeeds() {
     @Test
     void validate_whenBlobFolderRequestValid_succeeds() {
         assertThat(factory.validateRequest(request.sourceDataAddress(dataAddress
-                                .keyName(accountName + "-key1")
+                                .keyName(accountName)
                                 .property(AzureBlobStoreSchema.ACCOUNT_NAME, accountName)
                                 .property(AzureBlobStoreSchema.CONTAINER_NAME, containerName)
                                 .property(AzureBlobStoreSchema.BLOB_PREFIX, blobPrefix)
diff --git a/resources/azure/testing/terraform/main.tf b/resources/azure/testing/terraform/main.tf
@@ -103,7 +103,7 @@ resource "azurerm_role_assignment" "data_factory" {
 
 ## Store provider storage account accesss key seceret
 resource "azurerm_key_vault_secret" "provider_storage_key" {
-  name         = "${azurerm_storage_account.provider.name}-key1"
+  name         = azurerm_storage_account.provider.name
   value        = azurerm_storage_account.provider.primary_access_key
   key_vault_id = azurerm_key_vault.main.id
   depends_on   = [
@@ -113,7 +113,7 @@ resource "azurerm_key_vault_secret" "provider_storage_key" {
 
 ## Store consumer storage account accesss key seceret
 resource "azurerm_key_vault_secret" "consumer_storage_key" {
-  name         = "${azurerm_storage_account.consumer.name}-key1"
+  name         = azurerm_storage_account.consumer.name
   value        = azurerm_storage_account.consumer.primary_access_key
   key_vault_id = azurerm_key_vault.main.id
   depends_on   = [
diff --git a/system-tests/azure-blob-transfer-fixtures/src/testFixtures/java/org/eclipse/edc/test/system/blob/BlobTransferParticipant.java b/system-tests/azure-blob-transfer-fixtures/src/testFixtures/java/org/eclipse/edc/test/system/blob/BlobTransferParticipant.java
@@ -27,7 +27,6 @@
 import java.util.UUID;
 
 import static jakarta.json.Json.createObjectBuilder;
-import static java.lang.String.format;
 import static java.lang.String.valueOf;
 import static java.util.Map.entry;
 import static org.eclipse.edc.boot.BootServicesExtension.PARTICIPANT_ID;
@@ -69,7 +68,7 @@ public String createBlobAsset(String accountName, String containerName, String b
                 AzureBlobStoreSchema.ACCOUNT_NAME, accountName,
                 AzureBlobStoreSchema.CONTAINER_NAME, containerName,
                 AzureBlobStoreSchema.BLOB_NAME, blobName,
-                "keyName", format("%s-key1", accountName)
+                "keyName", accountName
         );
 
         Map<String, Object> properties = Map.of(
@@ -89,7 +88,7 @@ public String createBlobInFolderAsset(String accountName, String containerName,
                 AzureBlobStoreSchema.ACCOUNT_NAME, accountName,
                 AzureBlobStoreSchema.CONTAINER_NAME, containerName,
                 AzureBlobStoreSchema.BLOB_PREFIX, blobPrefix,
-                "keyName", format("%s-key1", accountName)
+                "keyName", accountName
         );
 
         Map<String, Object> properties = Map.of(
diff --git a/system-tests/azure-blob-transfer-tests/src/test/java/org/eclipse/edc/test/system/blob/BlobTransferIntegrationTest.java b/system-tests/azure-blob-transfer-tests/src/test/java/org/eclipse/edc/test/system/blob/BlobTransferIntegrationTest.java
@@ -38,7 +38,6 @@
 import java.util.UUID;
 import java.util.stream.Stream;
 
-import static java.lang.String.format;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.eclipse.edc.connector.controlplane.transfer.spi.types.TransferProcessStates.COMPLETED;
 import static org.eclipse.edc.test.system.blob.Constants.POLL_INTERVAL;
@@ -97,8 +96,8 @@ void transferBlob_success(String assetName, String[] blobsToTransfer) {
         PROVIDER.createContractDefinition(assetId, UUID.randomUUID().toString(), policyId, policyId);
 
         // Write Key to vault
-        CONSUMER_RUNTIME.getService(Vault.class).storeSecret(format("%s-key1", CONSUMER_STORAGE_ACCOUNT_NAME), CONSUMER_STORAGE_ACCOUNT_KEY);
-        PROVIDER_RUNTIME.getService(Vault.class).storeSecret(format("%s-key1", PROVIDER_STORAGE_ACCOUNT_NAME), PROVIDER_STORAGE_ACCOUNT_KEY);
+        CONSUMER_RUNTIME.getService(Vault.class).storeSecret(CONSUMER_STORAGE_ACCOUNT_NAME, CONSUMER_STORAGE_ACCOUNT_KEY);
+        PROVIDER_RUNTIME.getService(Vault.class).storeSecret(PROVIDER_STORAGE_ACCOUNT_NAME, PROVIDER_STORAGE_ACCOUNT_KEY);
 
         var transferProcessId = CONSUMER.requestAssetAndTransferToBlob(PROVIDER, assetId, CONSUMER_STORAGE_ACCOUNT_NAME);
         await().pollInterval(POLL_INTERVAL).atMost(TIMEOUT).untilAsserted(() -> {
diff --git a/system-tests/azure-data-factory-tests/src/test/java/org/eclipse/edc/test/system/blob/AzureDataFactoryTransferIntegrationTest.java b/system-tests/azure-data-factory-tests/src/test/java/org/eclipse/edc/test/system/blob/AzureDataFactoryTransferIntegrationTest.java
@@ -148,7 +148,7 @@ void transferBlob_success() {
                 .credential(new DefaultAzureCredentialBuilder().build())
                 .buildClient();
         var vault = new AzureVault(new ConsoleMonitor(), secretClient);
-        var consumerAccountKey = Objects.requireNonNull(vault.resolveSecret(format("%s-key1", consumerStorageAccountName)));
+        var consumerAccountKey = Objects.requireNonNull(vault.resolveSecret(consumerStorageAccountName));
         var blobStoreApi = new BlobStoreApiImpl(vault, BLOB_STORE_CORE_EXTENSION_CONFIG);
 
         // Upload a blob with test data on provider blob container

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ public BlobServiceClient getBlobServiceClient(String accountName) {`
`44`	`44`	`return getAccount(accountName);`
`45`	`45`	`}`
`46`	`46`
`47`		`- var accountKey = vault.resolveSecret(accountName + "-key1");`
	`47`	`+ var accountKey = vault.resolveSecret(accountName);`
`48`	`48`
`49`	`49`	`return saveAccount(accountName, accountKey);`
`50`	`50`	`}`