diff --git a/client-encryption-aws/src/main/java/io/confluent/kafka/schemaregistry/encryption/aws/AwsKmsDriver.java b/client-encryption-aws/src/main/java/io/confluent/kafka/schemaregistry/encryption/aws/AwsKmsDriver.java index 0b7fd4d2cbc..32682110f76 100644 --- a/client-encryption-aws/src/main/java/io/confluent/kafka/schemaregistry/encryption/aws/AwsKmsDriver.java +++ b/client-encryption-aws/src/main/java/io/confluent/kafka/schemaregistry/encryption/aws/AwsKmsDriver.java @@ -26,7 +26,6 @@ import com.google.crypto.tink.integration.awskms.AwsKmsClient; import io.confluent.kafka.schemaregistry.encryption.tink.KmsDriver; import java.io.ByteArrayInputStream; -import java.io.IOException; import java.lang.reflect.Field; import java.nio.charset.StandardCharsets; import java.security.GeneralSecurityException; @@ -58,7 +57,7 @@ private AWSCredentialsProvider getCredentials(Map configs) } else { return new DefaultAWSCredentialsProviderChain(); } - } catch (IOException e) { + } catch (Exception e) { throw new GeneralSecurityException("cannot load credentials", e); } } diff --git a/client-encryption-gcp/src/main/java/io/confluent/kafka/schemaregistry/encryption/gcp/GcpKmsDriver.java b/client-encryption-gcp/src/main/java/io/confluent/kafka/schemaregistry/encryption/gcp/GcpKmsDriver.java index 38d89c4fd59..6a1de8faab0 100644 --- a/client-encryption-gcp/src/main/java/io/confluent/kafka/schemaregistry/encryption/gcp/GcpKmsDriver.java +++ b/client-encryption-gcp/src/main/java/io/confluent/kafka/schemaregistry/encryption/gcp/GcpKmsDriver.java @@ -23,7 +23,6 @@ import com.google.crypto.tink.integration.gcpkms.GcpKmsClient; import io.confluent.kafka.schemaregistry.encryption.tink.KmsDriver; import java.io.ByteArrayInputStream; -import java.io.IOException; import java.lang.reflect.Field; import java.nio.charset.StandardCharsets; import java.security.GeneralSecurityException; @@ -68,7 +67,7 @@ private GoogleCredentials getCredentials(Map configs) } else { return GoogleCredentials.getApplicationDefault(); } - } catch (IOException e) { + } catch (Exception e) { throw new GeneralSecurityException("cannot load credentials", e); } } diff --git a/client-encryption/src/main/java/io/confluent/kafka/schemaregistry/encryption/FieldEncryptionExecutor.java b/client-encryption/src/main/java/io/confluent/kafka/schemaregistry/encryption/FieldEncryptionExecutor.java index 41ffc98a499..2d2c420a06c 100644 --- a/client-encryption/src/main/java/io/confluent/kafka/schemaregistry/encryption/FieldEncryptionExecutor.java +++ b/client-encryption/src/main/java/io/confluent/kafka/schemaregistry/encryption/FieldEncryptionExecutor.java @@ -81,6 +81,11 @@ public class FieldEncryptionExecutor implements FieldRuleExecutor { public FieldEncryptionExecutor() { } + @Override + public boolean addOriginalConfigs() { + return true; + } + @Override public void configure(Map configs) { this.configs = configs; @@ -406,7 +411,7 @@ public Object transform(RuleContext ctx, FieldContext fieldCtx, Object fieldValu default: throw new IllegalArgumentException("Unsupported rule mode " + ctx.ruleMode()); } - } catch (GeneralSecurityException e) { + } catch (Exception e) { throw new RuleException(e); } } diff --git a/dek-registry-client/src/main/java/io/confluent/dekregistry/client/CachedDekRegistryClient.java b/dek-registry-client/src/main/java/io/confluent/dekregistry/client/CachedDekRegistryClient.java index 2019569bee2..0b1405f3d39 100644 --- a/dek-registry-client/src/main/java/io/confluent/dekregistry/client/CachedDekRegistryClient.java +++ b/dek-registry-client/src/main/java/io/confluent/dekregistry/client/CachedDekRegistryClient.java @@ -148,6 +148,18 @@ public Kek createKek( String doc, boolean shared) throws IOException, RestClientException { + return createKek(DEFAULT_REQUEST_PROPERTIES, name, kmsType, kmsKeyId, kmsProps, doc, shared); + } + + public Kek createKek( + Map requestProperties, + String name, + String kmsType, + String kmsKeyId, + Map kmsProps, + String doc, + boolean shared) + throws IOException, RestClientException { CreateKekRequest request = new CreateKekRequest(); request.setName(name); request.setKmsType(kmsType); @@ -155,7 +167,7 @@ public Kek createKek( request.setKmsProps(kmsProps); request.setDoc(doc); request.setShared(shared); - Kek kek = restService.createKek(request); + Kek kek = restService.createKek(requestProperties, request); kekCache.put(new KekId(name, false), kek); return kek; } @@ -167,11 +179,21 @@ public Dek createDek( DekFormat algorithm, String encryptedKeyMaterial) throws IOException, RestClientException { + return createDek(DEFAULT_REQUEST_PROPERTIES, kekName, subject, algorithm, encryptedKeyMaterial); + } + + public Dek createDek( + Map requestProperties, + String kekName, + String subject, + DekFormat algorithm, + String encryptedKeyMaterial) + throws IOException, RestClientException { CreateDekRequest request = new CreateDekRequest(); request.setSubject(subject); request.setAlgorithm(algorithm); request.setEncryptedKeyMaterial(encryptedKeyMaterial); - Dek dek = restService.createDek(kekName, request); + Dek dek = restService.createDek(requestProperties, kekName, request); dekCache.put(new DekId(kekName, subject, algorithm, false), dek); return dek; } @@ -183,11 +205,21 @@ public Kek updateKek( String doc, Boolean shared) throws IOException, RestClientException { + return updateKek(DEFAULT_REQUEST_PROPERTIES, name, kmsProps, doc, shared); + } + + public Kek updateKek( + Map requestProperties, + String name, + Map kmsProps, + String doc, + Boolean shared) + throws IOException, RestClientException { UpdateKekRequest request = new UpdateKekRequest(); request.setKmsProps(kmsProps); request.setDoc(doc); request.setShared(shared); - Kek kek = restService.updateKek(name, request); + Kek kek = restService.updateKek(requestProperties, name, request); kekCache.put(new KekId(name, false), kek); return kek; } @@ -195,21 +227,41 @@ public Kek updateKek( @Override public void deleteKek(String kekName, boolean permanentDelete) throws IOException, RestClientException { - restService.deleteKek(kekName, permanentDelete); + deleteKek(DEFAULT_REQUEST_PROPERTIES, kekName, permanentDelete); + } + + public void deleteKek( + Map requestProperties, String kekName, boolean permanentDelete) + throws IOException, RestClientException { + restService.deleteKek(requestProperties, kekName, permanentDelete); kekCache.invalidate(new KekId(kekName, permanentDelete)); } @Override public void deleteDek(String kekName, String subject, boolean permanentDelete) throws IOException, RestClientException { - deleteDek(kekName, subject, null, permanentDelete); + deleteDek(DEFAULT_REQUEST_PROPERTIES, kekName, subject, permanentDelete); + } + + public void deleteDek( + Map requestProperties, String kekName, + String subject, boolean permanentDelete) + throws IOException, RestClientException { + deleteDek(requestProperties, kekName, subject, null, permanentDelete); } @Override public void deleteDek( String kekName, String subject, DekFormat algorithm, boolean permanentDelete) throws IOException, RestClientException { - restService.deleteDek(kekName, subject, algorithm, permanentDelete); + deleteDek(DEFAULT_REQUEST_PROPERTIES, kekName, subject, algorithm, permanentDelete); + } + + public void deleteDek( + Map requestProperties, String kekName, String subject, DekFormat algorithm, + boolean permanentDelete) + throws IOException, RestClientException { + restService.deleteDek(requestProperties, kekName, subject, algorithm, permanentDelete); dekCache.invalidate(new DekId(kekName, subject, algorithm, permanentDelete)); } diff --git a/dek-registry/src/main/java/io/confluent/dekregistry/storage/DekRegistry.java b/dek-registry/src/main/java/io/confluent/dekregistry/storage/DekRegistry.java index 9be3a95ae80..2aef510fb14 100644 --- a/dek-registry/src/main/java/io/confluent/dekregistry/storage/DekRegistry.java +++ b/dek-registry/src/main/java/io/confluent/dekregistry/storage/DekRegistry.java @@ -23,6 +23,8 @@ import io.confluent.dekregistry.client.rest.DekRegistryRestService; import io.confluent.dekregistry.client.rest.entities.CreateDekRequest; import io.confluent.dekregistry.client.rest.entities.CreateKekRequest; +import io.confluent.dekregistry.client.rest.entities.Dek; +import io.confluent.dekregistry.client.rest.entities.Kek; import io.confluent.dekregistry.storage.exceptions.DekGenerationException; import io.confluent.dekregistry.storage.exceptions.InvalidKeyException; import io.confluent.dekregistry.storage.utils.CompositeCacheUpdateHandler; @@ -98,11 +100,11 @@ public class DekRegistry implements Closeable { public static final String AZURE_KMS = "azure-kms"; public static final String GCP_KMS = "gcp-kms"; - private static final TypeReference KEY_ENCRYPTION_KEY_TYPE = - new TypeReference() { + private static final TypeReference KEK_TYPE = + new TypeReference() { }; - private static final TypeReference DATA_ENCRYPTION_KEY_TYPE = - new TypeReference() { + private static final TypeReference DEK_TYPE = + new TypeReference() { }; private static final TypeReference VOID_TYPE = new TypeReference() { @@ -360,13 +362,13 @@ public DataEncryptionKey getDek(String kekName, String subject, DekFormat algori } } - public KeyEncryptionKey createKekOrForward(CreateKekRequest request, + public Kek createKekOrForward(CreateKekRequest request, Map headerProperties) throws SchemaRegistryException { String tenant = schemaRegistry.tenant(); lock(tenant, headerProperties); try { if (isLeader(headerProperties)) { - return createKek(request); + return createKek(request).toKekEntity(); } else { // forward registering request to the leader if (schemaRegistry.leaderIdentity() != null) { @@ -380,7 +382,7 @@ public KeyEncryptionKey createKekOrForward(CreateKekRequest request, } } - private KeyEncryptionKey forwardCreateKekRequestToLeader(CreateKekRequest request, + private Kek forwardCreateKekRequestToLeader(CreateKekRequest request, Map headerProperties) throws SchemaRegistryRequestForwardingException { RestService leaderRestService = schemaRegistry.leaderRestService(); @@ -392,7 +394,7 @@ private KeyEncryptionKey forwardCreateKekRequestToLeader(CreateKekRequest reques log.debug(String.format("Forwarding create key request to %s", baseUrl)); try { return leaderRestService.httpRequest( - path, "POST", toJson(request), headerProperties, KEY_ENCRYPTION_KEY_TYPE); + path, "POST", toJson(request), headerProperties, KEK_TYPE); } catch (IOException e) { throw new SchemaRegistryRequestForwardingException( String.format("Unexpected error while forwarding the create key request to %s", @@ -441,13 +443,13 @@ private String normalizeKmsType(String kmsType) { } } - public DataEncryptionKey createDekOrForward(String kekName, CreateDekRequest request, + public Dek createDekOrForward(String kekName, CreateDekRequest request, Map headerProperties) throws SchemaRegistryException { String tenant = schemaRegistry.tenant(); lock(tenant, headerProperties); try { if (isLeader(headerProperties)) { - return createDek(kekName, request); + return createDek(kekName, request).toDekEntity(); } else { // forward registering request to the leader if (schemaRegistry.leaderIdentity() != null) { @@ -461,7 +463,7 @@ public DataEncryptionKey createDekOrForward(String kekName, CreateDekRequest req } } - private DataEncryptionKey forwardCreateDekRequestToLeader(String kekName, + private Dek forwardCreateDekRequestToLeader(String kekName, CreateDekRequest request, Map headerProperties) throws SchemaRegistryRequestForwardingException { RestService leaderRestService = schemaRegistry.leaderRestService(); @@ -473,7 +475,7 @@ private DataEncryptionKey forwardCreateDekRequestToLeader(String kekName, log.debug(String.format("Forwarding create key request to %s", baseUrl)); try { return leaderRestService.httpRequest( - path, "POST", toJson(request), headerProperties, DATA_ENCRYPTION_KEY_TYPE); + path, "POST", toJson(request), headerProperties, DEK_TYPE); } catch (IOException e) { throw new SchemaRegistryRequestForwardingException( String.format("Unexpected error while forwarding the create key request to %s", @@ -559,13 +561,14 @@ protected DataEncryptionKey generateRawDek(KeyEncryptionKey kek, DataEncryptionK } } - public KeyEncryptionKey putKekOrForward(String name, UpdateKekRequest request, + public Kek putKekOrForward(String name, UpdateKekRequest request, Map headerProperties) throws SchemaRegistryException { String tenant = schemaRegistry.tenant(); lock(tenant, headerProperties); try { if (isLeader(headerProperties)) { - return putKek(name, request); + KeyEncryptionKey kek = putKek(name, request); + return kek != null ? kek.toKekEntity() : null; } else { // forward registering request to the leader if (schemaRegistry.leaderIdentity() != null) { @@ -579,7 +582,7 @@ public KeyEncryptionKey putKekOrForward(String name, UpdateKekRequest request, } } - private KeyEncryptionKey forwardPutKekRequestToLeader(String name, + private Kek forwardPutKekRequestToLeader(String name, UpdateKekRequest request, Map headerProperties) throws SchemaRegistryRequestForwardingException { RestService leaderRestService = schemaRegistry.leaderRestService(); @@ -591,7 +594,7 @@ private KeyEncryptionKey forwardPutKekRequestToLeader(String name, log.debug(String.format("Forwarding put key request to %s", baseUrl)); try { return leaderRestService.httpRequest( - path, "PUT", toJson(request), headerProperties, KEY_ENCRYPTION_KEY_TYPE); + path, "PUT", toJson(request), headerProperties, KEK_TYPE); } catch (IOException e) { throw new SchemaRegistryRequestForwardingException( String.format("Unexpected error while forwarding the put key request to %s", diff --git a/dek-registry/src/main/java/io/confluent/dekregistry/web/rest/resources/DekRegistryResource.java b/dek-registry/src/main/java/io/confluent/dekregistry/web/rest/resources/DekRegistryResource.java index 040978d49ad..8736e8c2301 100644 --- a/dek-registry/src/main/java/io/confluent/dekregistry/web/rest/resources/DekRegistryResource.java +++ b/dek-registry/src/main/java/io/confluent/dekregistry/web/rest/resources/DekRegistryResource.java @@ -203,8 +203,7 @@ public void createKek( headers, getSchemaRegistry().config().whitelistHeaders()); try { - KeyEncryptionKey key = dekRegistry.createKekOrForward(request, headerProperties); - Kek kek = key.toKekEntity(); + Kek kek = dekRegistry.createKekOrForward(request, headerProperties); asyncResponse.resume(kek); } catch (AlreadyExistsException e) { throw DekRegistryErrors.alreadyExistsException(e.getMessage()); @@ -245,8 +244,7 @@ public void createDek( headers, getSchemaRegistry().config().whitelistHeaders()); try { - DataEncryptionKey key = dekRegistry.createDekOrForward(kekName, request, headerProperties); - Dek dek = key.toDekEntity(); + Dek dek = dekRegistry.createDekOrForward(kekName, request, headerProperties); asyncResponse.resume(dek); } catch (AlreadyExistsException e) { throw DekRegistryErrors.alreadyExistsException(e.getMessage()); @@ -286,11 +284,10 @@ public void putKek( headers, getSchemaRegistry().config().whitelistHeaders()); try { - KeyEncryptionKey key = dekRegistry.putKekOrForward(name, request, headerProperties); - if (key == null) { + Kek kek = dekRegistry.putKekOrForward(name, request, headerProperties); + if (kek == null) { throw DekRegistryErrors.keyNotFoundException(name); } - Kek kek = key.toKekEntity(); asyncResponse.resume(kek); } catch (SchemaRegistryException e) { throw Errors.schemaRegistryException("Error while creating key", e); diff --git a/dek-registry/src/test/java/io/confluent/dekregistry/web/rest/RestApiTest.java b/dek-registry/src/test/java/io/confluent/dekregistry/web/rest/RestApiTest.java index 052a095ae81..6951d61df2e 100644 --- a/dek-registry/src/test/java/io/confluent/dekregistry/web/rest/RestApiTest.java +++ b/dek-registry/src/test/java/io/confluent/dekregistry/web/rest/RestApiTest.java @@ -14,9 +14,9 @@ */ package io.confluent.dekregistry.web.rest; +import static io.confluent.dekregistry.storage.DekRegistry.X_FORWARD_HEADER; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; import static org.junit.Assert.fail; import com.google.common.collect.ImmutableList; @@ -24,7 +24,6 @@ import com.google.crypto.tink.Aead; import io.confluent.dekregistry.DekRegistryResourceExtension; import io.confluent.dekregistry.client.CachedDekRegistryClient; -import io.confluent.dekregistry.client.DekRegistryClient; import io.confluent.dekregistry.client.rest.DekRegistryRestService; import io.confluent.dekregistry.client.rest.entities.Dek; import io.confluent.dekregistry.client.rest.entities.Kek; @@ -32,6 +31,7 @@ import io.confluent.kafka.schemaregistry.ClusterTestHarness; import io.confluent.kafka.schemaregistry.ParsedSchema; import io.confluent.kafka.schemaregistry.avro.AvroUtils; +import io.confluent.kafka.schemaregistry.client.rest.Versions; import io.confluent.kafka.schemaregistry.client.rest.entities.Rule; import io.confluent.kafka.schemaregistry.client.rest.entities.RuleMode; import io.confluent.kafka.schemaregistry.client.rest.entities.RuleSet; @@ -41,6 +41,7 @@ import io.confluent.kafka.schemaregistry.client.rest.exceptions.RestClientException; import io.confluent.kafka.schemaregistry.encryption.tink.Cryptor; import io.confluent.kafka.schemaregistry.encryption.tink.DekFormat; +import io.confluent.kafka.schemaregistry.rest.SchemaRegistryConfig; import io.confluent.kafka.schemaregistry.storage.KafkaSchemaRegistry; import io.confluent.kafka.schemaregistry.storage.RuleSetHandler; import java.nio.charset.StandardCharsets; @@ -57,7 +58,7 @@ public class RestApiTest extends ClusterTestHarness { FakeTicker fakeTicker; - DekRegistryClient client; + CachedDekRegistryClient client; public RestApiTest() { super(1, true); @@ -66,7 +67,14 @@ public RestApiTest() { @Override public Properties getSchemaRegistryProperties() throws Exception { Properties props = new Properties(); - props.setProperty("resource.extension.class", DekRegistryResourceExtension.class.getName()); + props.put( + SchemaRegistryConfig.RESOURCE_EXTENSION_CONFIG, + DekRegistryResourceExtension.class.getName() + ); + props.put( + SchemaRegistryConfig.INTER_INSTANCE_HEADERS_WHITELIST_CONFIG, + DekRegistryRestService.X_FORWARD_HEADER + ); return props; } @@ -99,6 +107,20 @@ public io.confluent.kafka.schemaregistry.storage.RuleSet transform(RuleSet ruleS @Test public void testBasic() throws Exception { + Map headers = new HashMap<>(); + headers.put("Content-Type", Versions.SCHEMA_REGISTRY_V1_JSON_WEIGHTED); + testBasic(headers); + } + + @Test + public void testForwarding() throws Exception { + Map headers = new HashMap<>(); + headers.put("Content-Type", Versions.SCHEMA_REGISTRY_V1_JSON_WEIGHTED); + headers.put(X_FORWARD_HEADER, "false"); + testBasic(headers); + } + + private void testBasic(Map headers) throws Exception { String kekName = "kek1"; String kmsType = "test-kms"; String kmsKeyId = "myid"; @@ -109,7 +131,7 @@ public void testBasic() throws Exception { Kek kek = new Kek(kekName, kmsType, kmsKeyId, null, null, false, null); // Create kek - Kek newKek = client.createKek(kekName, kmsType, kmsKeyId, null, null, false); + Kek newKek = client.createKek(headers, kekName, kmsType, kmsKeyId, null, null, false); assertEquals(kek, newKek); newKek = client.getKek(kekName, false); @@ -119,19 +141,19 @@ public void testBasic() throws Exception { assertEquals(Collections.singletonList(kekName), keks); try { - client.deleteKek(kekName, true); + client.deleteKek(headers, kekName, true); fail(); } catch (RestClientException e) { assertEquals(DekRegistryErrors.KEY_NOT_SOFT_DELETED_ERROR_CODE, e.getErrorCode()); } // Delete kek - client.deleteKek(kekName, false); + client.deleteKek(headers, kekName, false); Map kmsProps = Collections.singletonMap("hi", "there"); String doc = "mydoc"; try { - client.updateKek(kekName, kmsProps, doc, true); + client.updateKek(headers, kekName, kmsProps, doc, true); fail(); } catch (RestClientException e) { assertEquals(DekRegistryErrors.KEY_NOT_FOUND_ERROR_CODE, e.getErrorCode()); @@ -153,7 +175,7 @@ public void testBasic() throws Exception { newKek = client.getKek(kekName, true); assertEquals(kek, newKek); - client.deleteKek(kekName, true); + client.deleteKek(headers, kekName, true); try { client.getKek(kekName, false); @@ -176,7 +198,7 @@ public void testBasic() throws Exception { assertEquals(Collections.emptyList(), keks); // Recreate kek - newKek = client.createKek(kekName, kmsType, kmsKeyId, null, null, false); + newKek = client.createKek(headers, kekName, kmsType, kmsKeyId, null, null, false); assertEquals(kek, newKek); newKek = client.getKek(kekName, false); @@ -192,7 +214,7 @@ public void testBasic() throws Exception { Dek dek = new Dek(kekName, subject, 1, algorithm, encryptedDekStr, null, null); // Create dek - Dek newDek = client.createDek(kekName, subject, algorithm, encryptedDekStr); + Dek newDek = client.createDek(headers, kekName, subject, algorithm, encryptedDekStr); assertEquals(dek, newDek); newDek = client.getDek(kekName, subject, algorithm, false); @@ -200,7 +222,7 @@ public void testBasic() throws Exception { // Create dek w/o key material try { - newDek = client.createDek(kekName, badSubject, algorithm, null); + newDek = client.createDek(headers, kekName, badSubject, algorithm, null); fail(); } catch (RestClientException e) { assertEquals(DekRegistryErrors.INVALID_KEY_ERROR_CODE, e.getErrorCode()); @@ -212,7 +234,7 @@ public void testBasic() throws Exception { Kek kek2 = new Kek(kekName, kmsType, kmsKeyId, kmsProps, doc, true, null); // Set shared flag to true - newKek = client.updateKek(kekName, kmsProps, doc, true); + newKek = client.updateKek(headers, kekName, kmsProps, doc, true); assertEquals(kek2, newKek); // Advance ticker @@ -224,7 +246,7 @@ public void testBasic() throws Exception { assertEquals(dek2, newDek); // Create dek w/o key material, receive both encrypted and decrypted key material - newDek = client.createDek(kekName, subject2, algorithm, null); + newDek = client.createDek(headers, kekName, subject2, algorithm, null); assertNotNull(newDek.getEncryptedKeyMaterial()); assertNotNull(newDek.getKeyMaterial()); @@ -232,20 +254,20 @@ public void testBasic() throws Exception { assertEquals(ImmutableList.of(subject, subject2), deks); try { - client.deleteKek(kekName, false); + client.deleteKek(headers, kekName, false); fail(); } catch (RestClientException e) { assertEquals(DekRegistryErrors.REFERENCE_EXISTS_ERROR_CODE, e.getErrorCode()); } try { - client.deleteDek(kekName, subject, algorithm, true); + client.deleteDek(headers, kekName, subject, algorithm, true); fail(); } catch (RestClientException e) { assertEquals(DekRegistryErrors.KEY_NOT_SOFT_DELETED_ERROR_CODE, e.getErrorCode()); } - client.deleteDek(kekName, subject, algorithm, false); + client.deleteDek(headers, kekName, subject, algorithm, false); try { client.getDek(kekName, subject, algorithm, false); @@ -263,8 +285,8 @@ public void testBasic() throws Exception { deks = client.listDeks(kekName, true); assertEquals(ImmutableList.of(subject, subject2), deks); - client.deleteDek(kekName, subject2, algorithm, false); - client.deleteKek(kekName, false); + client.deleteDek(headers, kekName, subject2, algorithm, false); + client.deleteKek(headers, kekName, false); deks = client.listDeks(kekName, false); assertEquals(Collections.emptyList(), deks); @@ -273,14 +295,14 @@ public void testBasic() throws Exception { assertEquals(ImmutableList.of(subject, subject2), deks); try { - client.deleteKek(kekName, true); + client.deleteKek(headers, kekName, true); fail(); } catch (RestClientException e) { assertEquals(DekRegistryErrors.REFERENCE_EXISTS_ERROR_CODE, e.getErrorCode()); } - client.deleteDek(kekName, subject, algorithm, true); - client.deleteDek(kekName, subject2, algorithm, true); + client.deleteDek(headers, kekName, subject, algorithm, true); + client.deleteDek(headers, kekName, subject2, algorithm, true); deks = client.listDeks(kekName, false); assertEquals(Collections.emptyList(), deks); @@ -288,7 +310,7 @@ public void testBasic() throws Exception { deks = client.listDeks(kekName, true); assertEquals(Collections.emptyList(), deks); - client.deleteKek(kekName, true); + client.deleteKek(headers, kekName, true); } @Test