More CE changes for hybrid wireup (#29282)

* More CE changes for hybrid wireup * remove unused func * undo reintroduction of loss of omitempty * Add ent hooks and handle unsupported keys correctly * tidy import * Fix ent encode test logic
2025-10-29 17:52:32 +00:00 · 2025-01-06 11:45:07 -05:00
parent d3a91f74c7
commit 031c5d6d20
2 changed files with 25 additions and 0 deletions
--- a/builtin/logical/transit/backend_ce.go
+++ b/builtin/logical/transit/backend_ce.go
@@ -8,6 +8,7 @@ package transit
 import (
 	"context"

+	"github.com/hashicorp/vault/sdk/helper/keysutil"
 	"github.com/hashicorp/vault/sdk/logical"
 )

@@ -24,3 +25,11 @@ func (b *backend) periodicFuncEnt(_ context.Context, _ *logical.Request) error {
 func (b *backend) cleanupEnt(_ context.Context) {}

 func (b *backend) setupEnt() {}
+
+func entEncodePrivateKey(_ string, p *keysutil.Policy, _ *keysutil.KeyEntry) (string, error) {
+	return "", nil
+}
+
+func entEncodePublicKey(_ string, p *keysutil.Policy, _ *keysutil.KeyEntry) (string, error) {
+	return "", nil
+}
--- a/builtin/logical/transit/path_export.go
+++ b/builtin/logical/transit/path_export.go
@@ -225,6 +225,14 @@ func getExportKey(policy *keysutil.Policy, key *keysutil.KeyEntry, exportType st
 				return "", err
 			}
 			return rsaKey, nil
+		default:
+			key, err := entEncodePrivateKey(exportType, policy, key)
+			if err != nil {
+				return "", err
+			}
+			if key != "" {
+				return key, nil
+			}
 		}
 	case exportTypePublicKey:
 		switch policy.Type {
@@ -253,6 +261,14 @@ func getExportKey(policy *keysutil.Policy, key *keysutil.KeyEntry, exportType st
 				return "", err
 			}
 			return rsaKey, nil
+		default:
+			key, err := entEncodePublicKey(exportType, policy, key)
+			if err != nil {
+				return "", err
+			}
+			if key != "" {
+				return key, nil
+			}
 		}
 	case exportTypeCertificateChain:
 		if key.CertificateChain == nil {