Remove SQL credentials from Keyring (#1059)

* Remove SQL credentials from Keyring Remove SQL credentials from Keyring. SQL credentials will be managed by an automated system (go/dr-sql-security) and the keyring is no longer a suitable place to hold them. Also stopped loading SQL credentials from they keyring for comparison with those from the secret manager.
2025-07-19 17:26:09 +02:00 · 2021-04-07 10:05:59 -04:00 · 2021-04-07 10:05:59 -04:00 · 928b272d89
commit 928b272d89
parent e31f0cb9ba
15 changed files with 10 additions and 169 deletions
--- a/core/src/test/java/google/registry/keyring/kms/KmsKeyringTest.java
+++ b/core/src/test/java/google/registry/keyring/kms/KmsKeyringTest.java
@ -48,20 +48,6 @@ class KmsKeyringTest {
    keyring = new KmsKeyring(new FakeKmsConnection());
  }

-  @TestOfyAndSql
-  void test_getCloudSqlPassword() {
-    saveCleartextSecret("cloud-sql-password-string");
-    String cloudSqlPassword = keyring.getCloudSqlPassword();
-    assertThat(cloudSqlPassword).isEqualTo("cloud-sql-password-stringmoo");
-  }
-
-  @TestOfyAndSql
-  void test_getToolsCloudSqlPassword() {
-    saveCleartextSecret("tools-cloud-sql-password-string");
-    String toolsCloudSqlPassword = keyring.getToolsCloudSqlPassword();
-    assertThat(toolsCloudSqlPassword).isEqualTo("tools-cloud-sql-password-stringmoo");
-  }
-
  @TestOfyAndSql
  void test_getRdeSigningKey() throws Exception {
    saveKeyPairSecret("rde-signing-public", "rde-signing-private");
--- a/core/src/test/java/google/registry/keyring/kms/KmsUpdaterTest.java
+++ b/core/src/test/java/google/registry/keyring/kms/KmsUpdaterTest.java
@ -96,24 +96,6 @@ public class KmsUpdaterTest {
        getCiphertext(KmsTestHelper.getPublicKey()));
  }

-  @TestOfyAndSql
-  void test_setCloudSqlPassword() {
-    updater.setCloudSqlPassword("value1").update();
-
-    verifySecretAndSecretRevisionWritten(
-        "cloud-sql-password-string", "cloud-sql-password-string/foo", getCiphertext("value1"));
-  }
-
-  @TestOfyAndSql
-  void test_setToolsCloudSqlPassword() {
-    updater.setToolsCloudSqlPassword("value1").update();
-
-    verifySecretAndSecretRevisionWritten(
-        "tools-cloud-sql-password-string",
-        "tools-cloud-sql-password-string/foo",
-        getCiphertext("value1"));
-  }
-
  @TestOfyAndSql
  void test_setIcannReportingPassword() {
    updater.setIcannReportingPassword("value1").update();
--- a/core/src/test/java/google/registry/testing/FakeKeyringModule.java
+++ b/core/src/test/java/google/registry/testing/FakeKeyringModule.java
@ -56,8 +56,6 @@ public final class FakeKeyringModule {
  private static final String MARKSDB_LORDN_PASSWORD = "yolo";
  private static final String MARKSDB_SMDRL_LOGIN_AND_PASSWORD = "smdrl:yolo";
  private static final String JSON_CREDENTIAL = "json123";
-  private static final String CLOUD_SQL_PASSWORD = "cloudsqlpw";
-  private static final String TOOLS_CLOUD_SQL_PASSWORD = "toolscloudsqlpw";

  @Provides
  public Keyring get() {
@ -82,15 +80,6 @@ public final class FakeKeyringModule {
    final String sshPrivate = loadFile(FakeKeyringModule.class, "registry-unittest.id_rsa");

    return new Keyring() {
-      @Override
-      public String getCloudSqlPassword() {
-        return CLOUD_SQL_PASSWORD;
-      }
-
-      @Override
-      public String getToolsCloudSqlPassword() {
-        return TOOLS_CLOUD_SQL_PASSWORD;
-      }

      @Override
      public PGPPublicKey getRdeStagingEncryptionKey() {