Remove useless parameters

2026-01-16 17:20:33 +00:00 · 2026-01-04 22:40:55 +08:00
parent 6d3bdc0b3e
commit ec3b75bbb6
5 changed files with 2 additions and 22 deletions
--- a/crates/kms/examples/kms_local_demo.rs
+++ b/crates/kms/examples/kms_local_demo.rs
--- a/crates/kms/examples/kms_vault_kv_demo.rs
+++ b/crates/kms/examples/kms_vault_kv_demo.rs
--- a/crates/kms/src/backends/local.rs
+++ b/crates/kms/src/backends/local.rs
@@ -249,12 +249,9 @@ impl LocalKmsClient {

 #[async_trait]
 impl KmsClient for LocalKmsClient {
-    async fn generate_data_key(&self, request: &GenerateKeyRequest, context: Option<&OperationContext>) -> Result<DataKey> {
+    async fn generate_data_key(&self, request: &GenerateKeyRequest, _context: Option<&OperationContext>) -> Result<DataKey> {
        debug!("Generating data key for master key: {}", request.master_key_id);

-        // Verify master key exists and get its version
-        let master_key_info = self.describe_key(&request.master_key_id, context).await?;
-
        // Generate random data key material
        let key_length = match request.key_spec.as_str() {
            "AES_256" => 32,
@@ -272,7 +269,6 @@ impl KmsClient for LocalKmsClient {
        let envelope = DataKeyEnvelope {
            key_id: uuid::Uuid::new_v4().to_string(),
            master_key_id: request.master_key_id.clone(),
-            master_key_version: master_key_info.version,
            key_spec: request.key_spec.clone(),
            encrypted_key: encrypted_key.clone(),
            nonce,
--- a/crates/kms/src/backends/vault.rs
+++ b/crates/kms/src/backends/vault.rs
@@ -286,12 +286,9 @@ impl VaultKmsClient {

 #[async_trait]
 impl KmsClient for VaultKmsClient {
-    async fn generate_data_key(&self, request: &GenerateKeyRequest, context: Option<&OperationContext>) -> Result<DataKey> {
+    async fn generate_data_key(&self, request: &GenerateKeyRequest, _context: Option<&OperationContext>) -> Result<DataKey> {
        debug!("Generating data key for master key: {}", request.master_key_id);

-        // Verify master key exists and get its version
-        let master_key_info = self.describe_key(&request.master_key_id, context).await?;
-
        // Generate random data key material using the existing method
        let plaintext_key = generate_key_material(&request.key_spec)?;

@@ -302,7 +299,6 @@ impl KmsClient for VaultKmsClient {
        let envelope = DataKeyEnvelope {
            key_id: uuid::Uuid::new_v4().to_string(),
            master_key_id: request.master_key_id.clone(),
-            master_key_version: master_key_info.version,
            key_spec: request.key_spec.clone(),
            encrypted_key: encrypted_key.clone(),
            nonce,
--- a/crates/kms/src/encryption/dek.rs
+++ b/crates/kms/src/encryption/dek.rs
@@ -35,11 +35,6 @@ use std::collections::HashMap;
 pub struct DataKeyEnvelope {
    pub key_id: String,
    pub master_key_id: String,
-    /// Version of the master key (KEK) used to encrypt this DEK
-    /// This is critical for key rotation: when a KEK is rotated, we need to know
-    /// which version was used to encrypt each DEK so we can use the correct KEK version for decryption.
-    #[serde(default = "default_master_key_version")]
-    pub master_key_version: u32,
    pub key_spec: String,
    pub encrypted_key: Vec<u8>,
    pub nonce: Vec<u8>,
@@ -47,10 +42,6 @@ pub struct DataKeyEnvelope {
    pub created_at: chrono::DateTime<chrono::Utc>,
 }

-fn default_master_key_version() -> u32 {
-    1
-}
-
 /// Trait for encrypting and decrypting data encryption keys (DEK)
 ///
 /// This trait abstracts the encryption operations used to protect
@@ -280,7 +271,6 @@ mod tests {
        let envelope = DataKeyEnvelope {
            key_id: "test-key-id".to_string(),
            master_key_id: "master-key-id".to_string(),
-            master_key_version: 1,
            key_spec: "AES_256".to_string(),
            encrypted_key: vec![1, 2, 3, 4],
            nonce: vec![5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16],
@@ -301,7 +291,6 @@ mod tests {
            serde_json::from_slice(&serialized).expect("Deserialization should succeed");
        assert_eq!(deserialized.key_id, envelope.key_id);
        assert_eq!(deserialized.master_key_id, envelope.master_key_id);
-        assert_eq!(deserialized.master_key_version, envelope.master_key_version);
        assert_eq!(deserialized.encrypted_key, envelope.encrypted_key);
    }

@@ -322,7 +311,6 @@ mod tests {
            serde_json::from_str(old_envelope_json).expect("Should deserialize old format");
        assert_eq!(deserialized.key_id, "test-key-id");
        assert_eq!(deserialized.master_key_id, "master-key-id");
-        assert_eq!(deserialized.master_key_version, 1); // Should default to 1
    }
 }