Revert "Adding encryption config to airshipctl config"

This reverts commit f328c43295. Reason for revert: Encryption config is no longer needed and not used in airshipctl config. Change-Id: I07f5fd035236b8ecbf4ad6dd164acb7e8c98deb5
2021-03-08 23:59:10 +00:00 · 2021-03-08 23:59:10 +00:00 · 701afe4c50
commit 701afe4c50
parent e4436ca36d
13 changed files with 4 additions and 479 deletions
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -49,9 +49,6 @@ type Config struct {
 	// Manifests is a map of referenceable names to documents
 	Manifests map[string]*Manifest `json:"manifests"`

-	// EncryptionConfigs is a map of referenceable names to encryption configs
-	EncryptionConfigs map[string]*EncryptionConfig `json:"encryptionConfigs"`
-
 	// CurrentContext is the name of the context that you would like to use by default
 	CurrentContext string `json:"currentContext"`

@ -301,9 +298,6 @@ func (c *Config) ModifyContext(context *Context, theContext *ContextOptions) {
 	if theContext.Manifest != "" {
 		context.Manifest = theContext.Manifest
 	}
-	if theContext.EncryptionConfig != "" {
-		context.EncryptionConfig = theContext.EncryptionConfig
-	}
 }

 // GetCurrentContext methods Returns the appropriate information for the current context
@ -479,57 +473,6 @@ func (c *Config) ModifyRepository(repository *Repository, theManifest *ManifestO
 	return nil
 }

-// GetEncryptionConfigs returns all the encryption configs associated with the Config sorted by name
-func (c *Config) GetEncryptionConfigs() []*EncryptionConfig {
-	keys := make([]string, 0, len(c.EncryptionConfigs))
-	for name := range c.EncryptionConfigs {
-		keys = append(keys, name)
-	}
-	sort.Strings(keys)
-
-	encryptionConfigs := make([]*EncryptionConfig, 0, len(c.EncryptionConfigs))
-	for _, name := range keys {
-		encryptionConfigs = append(encryptionConfigs, c.EncryptionConfigs[name])
-	}
-	return encryptionConfigs
-}
-
-// AddEncryptionConfig creates a new encryption config
-func (c *Config) AddEncryptionConfig(options *EncryptionConfigOptions) *EncryptionConfig {
-	encryptionConfig := &EncryptionConfig{
-		EncryptionKeyFileSource: EncryptionKeyFileSource{
-			EncryptionKeyPath: options.EncryptionKeyPath,
-			DecryptionKeyPath: options.DecryptionKeyPath,
-		},
-		EncryptionKeySecretSource: EncryptionKeySecretSource{
-			KeySecretName:      options.KeySecretName,
-			KeySecretNamespace: options.KeySecretNamespace,
-		},
-	}
-	if c.EncryptionConfigs == nil {
-		c.EncryptionConfigs = make(map[string]*EncryptionConfig)
-	}
-	c.EncryptionConfigs[options.Name] = encryptionConfig
-	return encryptionConfig
-}
-
-// ModifyEncryptionConfig sets existing values to existing encryption config
-func (c *Config) ModifyEncryptionConfig(encryptionConfig *EncryptionConfig, options *EncryptionConfigOptions) {
-	if options.EncryptionKeyPath != "" {
-		encryptionConfig.EncryptionKeyPath = options.EncryptionKeyPath
-	}
-	if options.DecryptionKeyPath != "" {
-		encryptionConfig.DecryptionKeyPath = options.DecryptionKeyPath
-	}
-	if options.KeySecretName != "" {
-		encryptionConfig.KeySecretName = options.KeySecretName
-	}
-	if options.KeySecretNamespace != "" {
-		encryptionConfig.KeySecretNamespace = options.KeySecretNamespace
-	}
-	return
-}
-
 // CurrentContextManagementConfig returns the management options for the current context
 func (c *Config) CurrentContextManagementConfig() (*ManagementConfiguration, error) {
 	currentContext, err := c.GetCurrentContext()
--- a/pkg/config/config_helper.go
+++ b/pkg/config/config_helper.go
@ -115,34 +115,3 @@ func RunSetManifest(o *ManifestOptions, airconfig *Config, writeToStorage bool)

 	return modified, nil
 }
-
-// RunSetEncryptionConfig validates the given command line options
-// and invokes AddEncryptionConfig/ModifyEncryptionConfig
-func RunSetEncryptionConfig(o *EncryptionConfigOptions, airconfig *Config, writeToStorage bool) (bool, error) {
-	modified := false
-	err := o.Validate()
-	if err != nil {
-		return modified, err
-	}
-
-	encryptionConfig, exists := airconfig.EncryptionConfigs[o.Name]
-	if !exists {
-		// encryption config didn't exist, create it
-		// ignoring the returned added encryption config
-		airconfig.AddEncryptionConfig(o)
-		modified = true
-	} else {
-		// encryption config exists, lets update
-		airconfig.ModifyEncryptionConfig(encryptionConfig, o)
-		modified = true
-	}
-	// Update configuration file just in time persistence approach
-	if writeToStorage {
-		if err := airconfig.PersistConfig(true); err != nil {
-			// Error that it didnt persist the changes
-			return modified, ErrConfigFailed{}
-		}
-	}
-
-	return modified, nil
-}
--- a/pkg/config/config_helper_test.go
+++ b/pkg/config/config_helper_test.go
@ -81,59 +81,3 @@ func TestRunSetManifest(t *testing.T) {
 		assert.Equal(t, "/tmp/default", conf.Manifests["dummy_manifest"].TargetPath)
 	})
 }
-
-func TestRunSetEncryptionConfigLocalFile(t *testing.T) {
-	t.Run("testAddEncryptionConfig", func(t *testing.T) {
-		conf := testutil.DummyConfig()
-		dummyEncryptionConfig := testutil.DummyEncryptionConfigOptions()
-		dummyEncryptionConfig.Name = "test_encryption_config"
-
-		modified, err := config.RunSetEncryptionConfig(dummyEncryptionConfig, conf, false)
-		assert.Error(t, err)
-		assert.False(t, modified)
-	})
-
-	t.Run("testModifyEncryptionConfig", func(t *testing.T) {
-		conf := testutil.DummyConfig()
-		dummyEncryptionConfigOptions := &config.EncryptionConfigOptions{
-			Name:              "testModifyEncryptionConfig",
-			EncryptionKeyPath: "testdata/ca.crt",
-			DecryptionKeyPath: "testdata/test-key.pem",
-		}
-
-		modified, err := config.RunSetEncryptionConfig(dummyEncryptionConfigOptions, conf, false)
-		assert.NoError(t, err)
-		assert.True(t, modified)
-		assert.Equal(t, "testdata/ca.crt", conf.EncryptionConfigs["testModifyEncryptionConfig"].EncryptionKeyPath)
-		assert.Equal(t, "testdata/test-key.pem", conf.EncryptionConfigs["testModifyEncryptionConfig"].DecryptionKeyPath)
-	})
-}
-
-func TestRunSetEncryptionConfigAPIBackend(t *testing.T) {
-	t.Run("testAddEncryptionConfig", func(t *testing.T) {
-		conf := testutil.DummyConfig()
-		dummyEncryptionConfig := testutil.DummyEncryptionConfigOptions()
-		dummyEncryptionConfig.Name = "test_encryption_config"
-
-		modified, err := config.RunSetEncryptionConfig(dummyEncryptionConfig, conf, false)
-		assert.Error(t, err)
-		assert.False(t, modified)
-	})
-
-	t.Run("testModifyEncryptionConfig", func(t *testing.T) {
-		conf := testutil.DummyConfig()
-		dummyEncryptionConfigOptions := &config.EncryptionConfigOptions{
-			Name:               "testModifyEncryptionConfig",
-			KeySecretName:      "dummySecret",
-			KeySecretNamespace: "dummyNamespace",
-			EncryptionKeyPath:  "",
-			DecryptionKeyPath:  "",
-		}
-
-		modified, err := config.RunSetEncryptionConfig(dummyEncryptionConfigOptions, conf, false)
-		assert.NoError(t, err)
-		assert.True(t, modified)
-		assert.Equal(t, "dummySecret", conf.EncryptionConfigs["testModifyEncryptionConfig"].KeySecretName)
-		assert.Equal(t, "dummyNamespace", conf.EncryptionConfigs["testModifyEncryptionConfig"].KeySecretNamespace)
-	})
-}
--- a/pkg/config/config_test.go
+++ b/pkg/config/config_test.go
@ -72,10 +72,6 @@ func TestString(t *testing.T) {
 			name:     "managementconfiguration",
 			stringer: testutil.DummyManagementConfiguration(),
 		},
-		{
-			name:     "encryption-config",
-			stringer: testutil.DummyEncryptionConfig(),
-		},
 	}

 	for _, tt := range tests {
@ -166,7 +162,6 @@ func TestEnsureComplete(t *testing.T) {
 		{
 			name: "complete config",
 			config: config.Config{
-				EncryptionConfigs: map[string]*config.EncryptionConfig{"testEncryptionConfig": {}},
 				Contexts:       map[string]*config.Context{"testContext": {Manifest: "testManifest"}},
 				Manifests:      map[string]*config.Manifest{"testManifest": {}},
 				CurrentContext: "testContext",
@ -506,42 +501,6 @@ func TestModifyManifests(t *testing.T) {
 	require.Error(t, err)
 }

-func TestGetDefaultEncryptionConfigs(t *testing.T) {
-	conf, cleanup := testutil.InitConfig(t)
-	defer cleanup(t)
-
-	encryptionConfigs := conf.GetEncryptionConfigs()
-	require.NotNil(t, encryptionConfigs)
-	// by default, we dont expect any encryption configs
-	assert.Equal(t, 0, len(encryptionConfigs))
-}
-
-func TestModifyEncryptionConfigs(t *testing.T) {
-	conf, cleanup := testutil.InitConfig(t)
-	defer cleanup(t)
-
-	eco := testutil.DummyEncryptionConfigOptions()
-	encryptionConfig := conf.AddEncryptionConfig(eco)
-	require.NotNil(t, encryptionConfig)
-
-	eco.KeySecretName += stringDelta
-	conf.ModifyEncryptionConfig(encryptionConfig, eco)
-	modifiedConfig := conf.EncryptionConfigs[eco.Name]
-	assert.Equal(t, eco.KeySecretName, modifiedConfig.KeySecretName)
-
-	eco.KeySecretNamespace += stringDelta
-	conf.ModifyEncryptionConfig(encryptionConfig, eco)
-	assert.Equal(t, eco.KeySecretNamespace, modifiedConfig.KeySecretNamespace)
-
-	eco.EncryptionKeyPath += stringDelta
-	conf.ModifyEncryptionConfig(encryptionConfig, eco)
-	assert.Equal(t, eco.EncryptionKeyPath, modifiedConfig.EncryptionKeyPath)
-
-	eco.DecryptionKeyPath += stringDelta
-	conf.ModifyEncryptionConfig(encryptionConfig, eco)
-	assert.Equal(t, eco.DecryptionKeyPath, modifiedConfig.DecryptionKeyPath)
-}
-
 func TestWorkDir(t *testing.T) {
 	conf, cleanup := testutil.InitConfig(t)
 	defer cleanup(t)
--- a/pkg/config/context.go
+++ b/pkg/config/context.go
@ -24,14 +24,10 @@ type Context struct {
 	// NameInKubeconf is the Context name in kubeconf
 	NameInKubeconf string `json:"contextKubeconf"`

-	// Manifest is the default manifest to be used with this context
+	// Manifest is the default manifest to be use with this context
 	// +optional
 	Manifest string `json:"manifest,omitempty"`

-	// EncryptionConfig is the default encryption config to be used with this context
-	// +optional
-	EncryptionConfig string `json:"encryptionConfig,omitempty"`
-
 	// Management configuration which will be used for all hosts in the cluster
 	ManagementConfiguration string `json:"managementConfiguration"`
 }
--- a/pkg/config/encryption_config.go
+++ b/pkg/config/encryption_config.go
@ -1,47 +0,0 @@
-/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package config
-
-import "sigs.k8s.io/yaml"
-
-// EncryptionConfig holds the public and private key information
-// used to encrypt and decrypt secrets
-type EncryptionConfig struct {
-	EncryptionKeyFileSource   `json:",inline"`
-	EncryptionKeySecretSource `json:",inline"`
-}
-
-// EncryptionKeyFileSource hold the local file information for the public and private
-// keys used for encryption and decryption
-type EncryptionKeyFileSource struct {
-	EncryptionKeyPath string `json:"encryptionKeyPath,omitempty"`
-	DecryptionKeyPath string `json:"decryptionKeyPath,omitempty"`
-}
-
-// EncryptionKeySecretSource holds the secret information for the public and private
-// keys used for encryption and decryption
-type EncryptionKeySecretSource struct {
-	KeySecretName      string `json:"keySecretName,omitempty"`
-	KeySecretNamespace string `json:"keySecretNamespace,omitempty"`
-}
-
-// String returns the encryption config in yaml format
-func (ec *EncryptionConfig) String() string {
-	yamlData, err := yaml.Marshal(&ec)
-	if err != nil {
-		return ""
-	}
-	return string(yamlData)
-}
--- a/pkg/config/encryption_config_test.go
+++ b/pkg/config/encryption_config_test.go
@ -1,91 +0,0 @@
-/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package config
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestEncryptionConfigOutputString(t *testing.T) {
-	expectedEncryptionConfigYaml := `decryptionKeyPath: /tmp/decryption.pub
-encryptionKeyPath: /tmp/encryption.key
-`
-	encryptionConfig := &EncryptionConfig{
-		EncryptionKeyFileSource: EncryptionKeyFileSource{
-			EncryptionKeyPath: "/tmp/encryption.key",
-			DecryptionKeyPath: "/tmp/decryption.pub",
-		},
-	}
-
-	assert.Equal(t, expectedEncryptionConfigYaml, encryptionConfig.String())
-}
-
-func TestValidateEncryptionConfigInvalid(t *testing.T) {
-	encryptionConfig := &EncryptionConfigOptions{}
-	err := encryptionConfig.Validate()
-	assert.Error(t, err)
-}
-
-func TestValidateEncryptionConfigInvalidOnlyEncKey(t *testing.T) {
-	encryptionConfig := &EncryptionConfigOptions{
-		EncryptionKeyPath: "/tmp/encryption.key",
-	}
-	err := encryptionConfig.Validate()
-	assert.Error(t, err)
-}
-
-func TestValidateEncryptionConfigInvalidOnlyDecKey(t *testing.T) {
-	encryptionConfig := &EncryptionConfigOptions{
-		DecryptionKeyPath: "/tmp/decryption.pub",
-	}
-	err := encryptionConfig.Validate()
-	assert.Error(t, err)
-}
-
-func TestValidateEncryptionConfigInvalidOnlySecretName(t *testing.T) {
-	encryptionConfig := &EncryptionConfigOptions{
-		KeySecretName: "secretName",
-	}
-	err := encryptionConfig.Validate()
-	assert.Error(t, err)
-}
-
-func TestValidateEncryptionConfigInvalidOnlySecretNamespace(t *testing.T) {
-	encryptionConfig := &EncryptionConfigOptions{
-		KeySecretNamespace: "secretNamespace",
-	}
-	err := encryptionConfig.Validate()
-	assert.Error(t, err)
-}
-
-func TestValidateEncryptionConfigValidWithSecret(t *testing.T) {
-	encryptionConfig := &EncryptionConfigOptions{
-		KeySecretName:      "secretName",
-		KeySecretNamespace: "secretNamespace",
-	}
-	err := encryptionConfig.Validate()
-	assert.Error(t, err)
-}
-
-func TestValidateEncryptionConfigValidWithFile(t *testing.T) {
-	encryptionConfig := &EncryptionConfigOptions{
-		EncryptionKeyPath: "/tmp/encryption.key",
-		DecryptionKeyPath: "/tmp/decryption.pub",
-	}
-	err := encryptionConfig.Validate()
-	assert.Error(t, err)
-}
--- a/pkg/config/errors.go
+++ b/pkg/config/errors.go
@ -144,16 +144,6 @@ func (e ErrManagementConfigurationNotFound) Error() string {
 	return fmt.Sprintf("Unknown management configuration '%s'.", e.Name)
 }

-// ErrEncryptionConfigurationNotFound describes a situation in which a user has attempted to reference an encryption
-// configuration that cannot be referenced.
-type ErrEncryptionConfigurationNotFound struct {
-	Name string
-}
-
-func (e ErrEncryptionConfigurationNotFound) Error() string {
-	return fmt.Sprintf("Unknown encryption configuration '%s'.", e.Name)
-}
-
 // ErrMissingCurrentContext returned in case --current used without setting current-context
 type ErrMissingCurrentContext struct {
 }
@ -251,42 +241,6 @@ func (e ErrMissingManifestName) Error() string {
 	return "missing manifest name"
 }

-// ErrMissingEncryptionConfigName is returned when encryption config name is empty
-type ErrMissingEncryptionConfigName struct {
-}
-
-func (e ErrMissingEncryptionConfigName) Error() string {
-	return "missing encryption config name"
-}
-
-// ErrMutuallyExclusiveEncryptionConfigType is returned when encryption config specifies both
-// local key files and secret information for keys stored as secrets in the apiserver
-type ErrMutuallyExclusiveEncryptionConfigType struct {
-}
-
-func (e ErrMutuallyExclusiveEncryptionConfigType) Error() string {
-	return "specify mutually exclusive encryption config sources, use either: " +
-		"--decryption-key-path/--decryption-key-path or --secret-name/--secret-namespace."
-}
-
-// ErrInvalidEncryptionKeyPath is returned when encryption config specifies only one of
-// encryption and decryption keys
-type ErrInvalidEncryptionKeyPath struct {
-}
-
-func (e ErrInvalidEncryptionKeyPath) Error() string {
-	return "specify both encryption and decryption keys when setting encryption config"
-}
-
-// ErrInvalidEncryptionKey is returned when encryption config specifies only one of
-// encryption keys secret name and namespace
-type ErrInvalidEncryptionKey struct {
-}
-
-func (e ErrInvalidEncryptionKey) Error() string {
-	return "specify both secret name and namespace when setting encryption config"
-}
-
 // ErrMissingFlag is returned when flag is not provided
 type ErrMissingFlag struct {
 	FlagName string
--- a/pkg/config/options.go
+++ b/pkg/config/options.go
@ -15,8 +15,6 @@ limitations under the License.
 package config

 import (
-	"os"
-
 	"opendev.org/airship/airshipctl/pkg/errors"
 )

@ -27,7 +25,6 @@ type ContextOptions struct {
 	Manifest                string
 	Current                 bool
 	ManagementConfiguration string
-	EncryptionConfig        string
 }

 // ManifestOptions holds all configurable options for manifest configuration
@ -45,15 +42,6 @@ type ManifestOptions struct {
 	MetadataPath string
 }

-// EncryptionConfigOptions holds all configurable options for encryption configuration
-type EncryptionConfigOptions struct {
-	Name               string
-	EncryptionKeyPath  string
-	DecryptionKeyPath  string
-	KeySecretName      string
-	KeySecretNamespace string
-}
-
 // TODO(howell): The following functions are tightly coupled with flags passed
 // on the command line. We should find a way to remove this coupling, since it
 // is possible to create (and validate) these objects without using the command
@ -103,59 +91,3 @@ func (o *ManifestOptions) Validate() error {
 	}
 	return nil
 }
-
-// Validate checks for the possible errors with encryption config
-// Error when invalid value, incompatible choice of values given or if the
-// key file paths do not exist in the file system
-func (o *EncryptionConfigOptions) Validate() error {
-	switch {
-	case o.Name == "":
-		return ErrMissingEncryptionConfigName{}
-
-	case o.backedByFileSystem() == o.backedByAPIServer():
-		return ErrMutuallyExclusiveEncryptionConfigType{}
-
-	case o.backedByFileSystem():
-		if o.EncryptionKeyPath == "" || o.DecryptionKeyPath == "" {
-			return ErrInvalidEncryptionKeyPath{}
-		}
-
-	case o.backedByAPIServer():
-		if o.KeySecretName == "" || o.KeySecretNamespace == "" {
-			return ErrInvalidEncryptionKey{}
-		}
-	}
-
-	if o.backedByFileSystem() {
-		if err := checkExists("encryption-key-path", o.EncryptionKeyPath); err != nil {
-			return err
-		}
-		if err := checkExists("decryption-key-path", o.EncryptionKeyPath); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (o EncryptionConfigOptions) backedByFileSystem() bool {
-	return o.EncryptionKeyPath != "" || o.DecryptionKeyPath != ""
-}
-
-func (o EncryptionConfigOptions) backedByAPIServer() bool {
-	return o.KeySecretName != "" || o.KeySecretNamespace != ""
-}
-
-func checkExists(flagName, path string) error {
-	if path == "" {
-		return ErrMissingFlag{FlagName: flagName}
-	}
-	if _, err := os.Stat(path); err != nil {
-		return ErrCheckFile{
-			FlagName:    flagName,
-			Path:        path,
-			InternalErr: err,
-		}
-	}
-	return nil
-}
--- a/pkg/config/testdata/config-string.yaml
+++ b/pkg/config/testdata/config-string.yaml
@ -2,14 +2,9 @@ apiVersion: airshipit.org/v1alpha1
 contexts:
  dummy_context:
    contextKubeconf: dummy_cluster_ephemeral
-    encryptionConfig: dummy_encryption_config
    managementConfiguration: dummy_management_config
    manifest: dummy_manifest
 currentContext: dummy_context
-encryptionConfigs:
-  dummy_encryption_config:
-    decryptionKeyPath: /tmp/decryption.pub
-    encryptionKeyPath: /tmp/encryption.key
 kind: Config
 managementConfiguration:
  dummy_management_config:
--- a/pkg/config/testdata/context-string.yaml
+++ b/pkg/config/testdata/context-string.yaml
@ -1,4 +1,3 @@
 contextKubeconf: dummy_cluster_ephemeral
-encryptionConfig: dummy_encryption_config
 managementConfiguration: dummy_management_config
 manifest: dummy_manifest
--- a/pkg/config/testdata/encryption-config-string.yaml
+++ b/pkg/config/testdata/encryption-config-string.yaml
@ -1,2 +0,0 @@
-decryptionKeyPath: /tmp/decryption.pub
-encryptionKeyPath: /tmp/encryption.key
--- a/testutil/testconfig.go
+++ b/testutil/testconfig.go
@ -45,9 +45,6 @@ func DummyConfig() *config.Config {
 	conf.ManagementConfiguration = map[string]*config.ManagementConfiguration{
 		"dummy_management_config": DummyManagementConfiguration(),
 	}
-	conf.EncryptionConfigs = map[string]*config.EncryptionConfig{
-		"dummy_encryption_config": DummyEncryptionConfig(),
-	}
 	conf.CurrentContext = "dummy_context"
 	return conf
 }
@ -57,7 +54,6 @@ func DummyContext() *config.Context {
 	c := config.NewContext()
 	c.NameInKubeconf = "dummy_cluster_ephemeral"
 	c.Manifest = "dummy_manifest"
-	c.EncryptionConfig = "dummy_encryption_config"
 	c.ManagementConfiguration = "dummy_management_config"
 	return c
 }
@ -134,31 +130,9 @@ func DummyContextOptions() *config.ContextOptions {
 	co.Name = "dummy_context"
 	co.Manifest = "dummy_manifest"
 	co.CurrentContext = false
-	co.EncryptionConfig = "dummy_encryption_config"
 	return co
 }

-// DummyEncryptionConfig creates EncryptionConfigOptions object
-// for unit testing
-func DummyEncryptionConfig() *config.EncryptionConfig {
-	return &config.EncryptionConfig{
-		EncryptionKeyFileSource: config.EncryptionKeyFileSource{
-			EncryptionKeyPath: "/tmp/encryption.key",
-			DecryptionKeyPath: "/tmp/decryption.pub",
-		},
-	}
-}
-
-// DummyEncryptionConfigOptions creates ManifestOptions config object
-// for unit testing
-func DummyEncryptionConfigOptions() *config.EncryptionConfigOptions {
-	return &config.EncryptionConfigOptions{
-		Name:              "dummy_encryption_config",
-		EncryptionKeyPath: "/tmp/encryption.key",
-		DecryptionKeyPath: "/tmp/decryption.pub",
-	}
-}
-
 // DummyManagementConfiguration creates a management configuration for unit testing
 func DummyManagementConfiguration() *config.ManagementConfiguration {
 	return &config.ManagementConfiguration{