This commit updates the cryptographic key handling by separatingworkspace app token and API key features. It corrects feature identifiersfor clearer distinction between OIDC conversion and API key usage, enhancingthe maintainability and clarity around cryptographic key usage within thesystem. Additionally, reworks related tests and migration scripts to alignwith these changes.

- Consolidates key cache handling by replacing legacy key cache references with central key caches.- Enhances modularity and maintainability by using consistent key management methods.- Removes redundant `StaticKeyManager` implementation for streamlined code.- Adjusts cryptographic key generation and cache utilization across critical components.

Enhances flexibility by making the `Fetcher` interfacereceive a `CryptoKeyFeature` parameter. This change alignsvarious call sites that implement or utilize `Fetcher`, allowingfor more granular queries.

- Improve code clarity by refactoring key caching logic.- Simplify logger initialization for signing and encryption caches.- Ensure consistent closing of caches in the API and server.

This change enhances the crypto_keys table by updating enumhandling for features. It introduces distinct roles for keystorage, aiding in better distinction and maintenance of keyfeatures.

- Improve clarity by naming loggers used in key cache creation.- Adjust key cache context to utilize KeyReader for consistent  context handling.- Refactor API to use central key cache management approach.- Enhance error messages for crypto key fetching.- Update test to add safety against unexpected panics.

- Enhance testing scenarios for cryptokey features including cases  with no keys and specific key states.- Update tests to ensure new cryptokey features are handled correctly.- Remove outdated migration scripts for cryptokey features as they  are not required anymore.- Refactor workspace proxy keys to only allow whitelisted  cryptokey features, improving security and stability.

Enhances the cache functionality by wrapping the context with a keyreader, ensuring proper authorization checks during cryptographicoperations. This change aligns cache behavior with security practices.

Adjust comments to accurately describe cache functionalityand fix a typo in the `New` function parameters for clarity.

Refactored various tests to eliminate the need for manually setting upa database connection and generating crypto keys. This change simplifiesthe test setup and makes it less dependent on database-specificconfigurations, aligning with recent structural refactoring.

Ensure that logging only occurs when an error is present during the initialization of the key caches. This prevents unnecessary log entries when no error is encountered, improving log clarity and reducing noise.

Remove redundant database setup for tests by generating keys in memory.Enhance tests by validating both inclusion and exclusion of specific keys.

spikecurtis left a comment

移動StaticKeyからcryptokeysパッケージへのjwtutils。これにより、jwtutilsとのセキュリティおよび独立性の一貫性が強化されます。また、tailnetの依存関係を減らします。