rename key to keyRing

integration/helpers/helpers.go

@@ -138,15 +138,14 @@ func ExternalSSHCommand(o CommandOptions) (*exec.Cmd, error) {
 	return cmd, nil
 }
 
-// CreateAgent creates a SSH agent with the passed in private key and
-// certificate that can be used in tests. This is useful so tests don't
-// clobber your system agent.
-func CreateAgent(me *user.User, key *client.KeyRing) (*teleagent.AgentServer, string, string, error) {
+// CreateAgent creates a SSH agent with the passed in key ring that can be used
+// in tests. This is useful so tests don't clobber your system agent.
+func CreateAgent(me *user.User, keyRing *client.KeyRing) (*teleagent.AgentServer, string, string, error) {
 	// create a path to the unix socket
 	sockDirName := "int-test"
 	sockName := "agent.sock"
 
-	agentKey, err := key.AsAgentKey()
+	agentKey, err := keyRing.AsAgentKey()
 	if err != nil {
 		return nil, "", "", trace.Wrap(err)
 	}
@@ -189,36 +188,36 @@ func CloseAgent(teleAgent *teleagent.AgentServer, socketDirPath string) error {
 	return nil
 }
 
-func MustCreateUserKey(t *testing.T, tc *TeleInstance, username string, ttl time.Duration) *client.KeyRing {
-	key, err := client.GenerateRSAKey()
+func MustCreateUserKeyRing(t *testing.T, tc *TeleInstance, username string, ttl time.Duration) *client.KeyRing {
+	keyRing, err := client.GenerateRSAKeyRing()
 	require.NoError(t, err)
-	key.ClusterName = tc.Secrets.SiteName
+	keyRing.ClusterName = tc.Secrets.SiteName
 
 	sshCert, tlsCert, err := tc.Process.GetAuthServer().GenerateUserTestCerts(auth.GenerateUserTestCertsRequest{
-		Key:            key.PrivateKey.MarshalSSHPublicKey(),
+		Key:            keyRing.PrivateKey.MarshalSSHPublicKey(),
 		Username:       username,
 		TTL:            ttl,
 		Compatibility:  constants.CertificateFormatStandard,
 		RouteToCluster: tc.Secrets.SiteName,
 	})
 	require.NoError(t, err)
 
-	key.Cert = sshCert
-	key.TLSCert = tlsCert
+	keyRing.Cert = sshCert
+	keyRing.TLSCert = tlsCert
 
 	hostCAs, err := tc.Process.GetAuthServer().GetCertAuthorities(context.Background(), types.HostCA, false)
 	require.NoError(t, err)
-	key.TrustedCerts = authclient.AuthoritiesToTrustedCerts(hostCAs)
-	return key
+	keyRing.TrustedCerts = authclient.AuthoritiesToTrustedCerts(hostCAs)
+	return keyRing
 }
 
 func MustCreateUserIdentityFile(t *testing.T, tc *TeleInstance, username string, ttl time.Duration) string {
-	key := MustCreateUserKey(t, tc, username, ttl)
+	keyRing := MustCreateUserKeyRing(t, tc, username, ttl)
 
 	idPath := filepath.Join(t.TempDir(), "user_identity")
 	_, err := identityfile.Write(context.Background(), identityfile.WriteConfig{
 		OutputPath: idPath,
-		Key:        key,
+		KeyRing:    keyRing,
 		Format:     identityfile.FormatFile,
 	})
 	require.NoError(t, err)

integration/helpers/instance.go

@@ -86,7 +86,7 @@ func fatalIf(err error) {
 type User struct {
 	Username      string          `json:"username"`
 	AllowedLogins []string        `json:"logins"`
-	Key           *client.KeyRing `json:"key"`
+	KeyRing       *client.KeyRing `json:"key"`
 	Roles         []types.Role    `json:"-"`
 }
 
@@ -1640,7 +1640,7 @@ func (i *TeleInstance) AddClientCredentials(tc *client.TeleportClient, cfg Clien
 
 	// Add key to client and update CAs that will be trusted (equivalent to
 	// updating "known hosts" with OpenSSH.
-	err = tc.AddKey(&creds.Key)
+	err = tc.AddKeyRing(&creds.KeyRing)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}

integration/helpers/usercreds.go

@@ -36,15 +36,15 @@ import (
 
 // UserCreds holds user client credentials
 type UserCreds struct {
-	// Key is user client key and certificate
-	Key client.KeyRing
-	// HostCA is a trusted host certificate authority
+	// KeyRing is user client key ring.
+	KeyRing client.KeyRing
+	// HostCA is a trusted host certificate authority.
 	HostCA types.CertAuthority
 }
 
 // SetupUserCreds sets up user credentials for client
 func SetupUserCreds(tc *client.TeleportClient, proxyHost string, creds UserCreds) error {
-	err := tc.AddKey(&creds.Key)
+	err := tc.AddKeyRing(&creds.KeyRing)
 	if err != nil {
 		return trace.Wrap(err)
 	}
@@ -145,7 +145,7 @@ func GenerateUserCreds(req UserCredsRequest) (*UserCreds, error) {
 
 	return &UserCreds{
 		HostCA: ca,
-		Key: client.KeyRing{
+		KeyRing: client.KeyRing{
 			PrivateKey: priv,
 			Cert:       sshCert,
 			TLSCert:    x509Cert,

integration/integration_test.go

@@ -4533,7 +4533,7 @@ func testExternalClient(t *testing.T, suite *integrationTestSuite) {
 			require.NoError(t, err)
 
 			// Start (and defer close) a agent that runs during this integration test.
-			teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.Key)
+			teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.KeyRing)
 			require.NoError(t, err)
 			defer helpers.CloseAgent(teleAgent, socketDirPath)
 
@@ -4629,7 +4629,7 @@ func testControlMaster(t *testing.T, suite *integrationTestSuite) {
 			require.NoError(t, err)
 
 			// Start (and defer close) a agent that runs during this integration test.
-			teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.Key)
+			teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.KeyRing)
 			require.NoError(t, err)
 			defer helpers.CloseAgent(teleAgent, socketDirPath)
 
@@ -4726,7 +4726,7 @@ func testX11Forwarding(t *testing.T, suite *integrationTestSuite) {
 			require.NoError(t, err)
 
 			// Start an agent that runs during this integration test.
-			teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.Key)
+			teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.KeyRing)
 			require.NoError(t, err)
 			t.Cleanup(func() { helpers.CloseAgent(teleAgent, socketDirPath) })
 

integration/tctl_terraform_env_test.go

@@ -217,15 +217,15 @@ func createTCTLTerraformUserAndRole(t *testing.T, username string, instance *hel
 // For the tests, the client is configured to trust the proxy TLS certs on first connection.
 func getAuthClientForProxy(t *testing.T, tc *helpers.TeleInstance, username string, ttl time.Duration) *authclient.Client {
 	// Get TLS and SSH material
-	key := helpers.MustCreateUserKey(t, tc, username, ttl)
+	keyRing := helpers.MustCreateUserKeyRing(t, tc, username, ttl)
 	ctx, cancel := context.WithCancel(context.Background())
 	t.Cleanup(cancel)
-	tlsConfig, err := key.TeleportClientTLSConfig(nil, []string{tc.Config.Auth.ClusterName.GetClusterName()})
+	tlsConfig, err := keyRing.TeleportClientTLSConfig(nil, []string{tc.Config.Auth.ClusterName.GetClusterName()})
 	require.NoError(t, err)
 	tlsConfig.InsecureSkipVerify = true
 	proxyAddr, err := tc.Process.ProxyWebAddr()
 	require.NoError(t, err)
-	sshConfig, err := key.ProxyClientSSHConfig(proxyAddr.Host())
+	sshConfig, err := keyRing.ProxyClientSSHConfig(proxyAddr.Host())
 	require.NoError(t, err)
 
 	// Build auth client configuration
@@ -276,10 +276,10 @@ func getAuthClientForProxy(t *testing.T, tc *helpers.TeleInstance, username stri
 // This client only has TLSConfig set (as opposed to TLSConfig+SSHConfig).
 func getAuthClientForAuth(t *testing.T, tc *helpers.TeleInstance, username string, ttl time.Duration) *authclient.Client {
 	// Get TLS and SSH material
-	key := helpers.MustCreateUserKey(t, tc, username, ttl)
+	keyRing := helpers.MustCreateUserKeyRing(t, tc, username, ttl)
 	ctx, cancel := context.WithCancel(context.Background())
 	t.Cleanup(cancel)
-	tlsConfig, err := key.TeleportClientTLSConfig(nil, []string{tc.Config.Auth.ClusterName.GetClusterName()})
+	tlsConfig, err := keyRing.TeleportClientTLSConfig(nil, []string{tc.Config.Auth.ClusterName.GetClusterName()})
 	require.NoError(t, err)
 
 	// Build auth client configuration

integrations/terraform/testlib/main_test.go

@@ -194,7 +194,7 @@ func (s *TerraformBaseSuite) getTLSCreds(ctx context.Context, user types.User, o
 	// write the cert+private key to the output:
 	_, err = identityfile.Write(ctx, identityfile.WriteConfig{
 		OutputPath:           outputPath,
-		Key:                  keyRing,
+		KeyRing:              keyRing,
 		Format:               identityfile.FormatTLS,
 		OverwriteDestination: false,
 		Writer:               &identityfile.StandardConfigWriter{},

lib/benchmark/kube.go

@@ -106,7 +106,7 @@ func getKubeTLSClientConfig(ctx context.Context, tc *client.TeleportClient) (res
 		return rest.TLSClientConfig{}, trace.Wrap(err)
 	}
 
-	credentials, err := tc.LocalAgent().GetCoreKey()
+	credentials, err := tc.LocalAgent().GetCoreKeyRing()
 	if err != nil {
 		return rest.TLSClientConfig{}, trace.Wrap(err)
 	}

lib/client/alpn.go

@@ -115,12 +115,12 @@ func RunALPNAuthTunnel(ctx context.Context, cfg ALPNAuthTunnelConfig) error {
 
 func getUserCerts(ctx context.Context, client ALPNAuthClient, mfaResponse *proto.MFAAuthenticateResponse, expires time.Time, routeToDatabase proto.RouteToDatabase, connectionDiagnosticID string) (tls.Certificate, error) {
 	// TODO(nklaassen): support configurable signature algorithms.
-	key, err := GenerateRSAKey()
+	keyRing, err := GenerateRSAKeyRing()
 	if err != nil {
 		return tls.Certificate{}, trace.Wrap(err)
 	}
 
-	publicKeyPEM, err := keys.MarshalPublicKey(key.PrivateKey.Public())
+	publicKeyPEM, err := keys.MarshalPublicKey(keyRing.PrivateKey.Public())
 	if err != nil {
 		return tls.Certificate{}, trace.Wrap(err)
 	}
@@ -142,7 +142,7 @@ func getUserCerts(ctx context.Context, client ALPNAuthClient, mfaResponse *proto
 		return tls.Certificate{}, trace.Wrap(err)
 	}
 
-	tlsCert, err := keys.X509KeyPair(certs.TLS, key.PrivateKey.PrivateKeyPEM())
+	tlsCert, err := keys.X509KeyPair(certs.TLS, keyRing.PrivateKey.PrivateKeyPEM())
 	if err != nil {
 		return tls.Certificate{}, trace.BadParameter("failed to parse private key: %v", err)
 	}