Rename KMS purpose 'controller' to 'root'

internal/cmd/base/servers.go

@@ -327,7 +327,7 @@ func (b *Server) SetupKMSes(ui cli.Ui, config *configutil.SharedConfig, purposes
 			switch purpose {
 			case "":
 				return errors.New("KMS block missing 'purpose'")
-			case "controller", "worker-auth", "config":
+			case "root", "worker-auth", "config":
 			default:
 				return fmt.Errorf("Unknown KMS purpose %q", kms.Purpose)
 			}
@@ -346,7 +346,7 @@ func (b *Server) SetupKMSes(ui cli.Ui, config *configutil.SharedConfig, purposes
 					"After configuration nil KMS returned, KMS type was %s", kms.Type)
 			}
 
-			if purpose == "controller" {
+			if purpose == "root" {
 				b.ControllerKMS = wrapper
 			} else {
 				b.WorkerAuthKMS = wrapper

internal/cmd/commands/config/fixtures/configDecrypt.hcl

@@ -5,7 +5,7 @@ kms "aead" {
 }
 
 kms "aead" {
-  purpose = "controller"
+  purpose = "root"
   aead_type = "aes-gcm"
   key ="{{decrypt(CkgsDUoQ7B5JhE1ye2yVAm3Ss_KNbLQgBhKtibtGSvpGOrwQ3zRTF_qoHPHX-xuqLyZ9zsb3cMo6OpphKOj7AeTn1_iiqZ_VaCsqAA)}}"
 }

internal/cmd/commands/config/fixtures/configEncrypt.hcl

@@ -5,7 +5,7 @@ kms "aead" {
 }
 
 kms "aead" {
-  purpose = "controller"
+  purpose = "root"
   aead_type = "aes-gcm"
   key ="{{encrypt(eb78KqCwowELYnkOOko/XYz01q1ax3g76J1vCAvt5dQ=)}}"
 }

internal/cmd/commands/controller/controller.go

@@ -198,7 +198,7 @@ func (c *Command) Run(args []string) int {
 		return 1
 	}
 
-	if err := c.SetupKMSes(c.UI, c.Config.SharedConfig, []string{"controller", "worker-auth"}); err != nil {
+	if err := c.SetupKMSes(c.UI, c.Config.SharedConfig, []string{"root", "worker-auth"}); err != nil {
 		c.UI.Error(err.Error())
 		return 1
 	}

internal/cmd/commands/dev/dev.go

@@ -236,7 +236,7 @@ func (c *Command) Run(args []string) int {
 		return 1
 	}
 
-	if err := c.SetupKMSes(c.UI, devConfig.SharedConfig, []string{"controller", "worker-auth"}); err != nil {
+	if err := c.SetupKMSes(c.UI, devConfig.SharedConfig, []string{"root", "worker-auth"}); err != nil {
 		c.UI.Error(err.Error())
 		return 1
 	}

internal/cmd/config/config.go

@@ -30,7 +30,7 @@ controller {
 }
 
 kms "aead" {
-	purpose = "controller"
+	purpose = "root"
 	aead_type = "aes-gcm"
 	key = "%s"
 }

internal/cmd/config/config_test.go

@@ -49,7 +49,7 @@ func TestDevController(t *testing.T) {
 			Seals: []*configutil.KMS{
 				{
 					Type:    "aead",
-					Purpose: []string{"controller"},
+					Purpose: []string{"root"},
 					Config: map[string]string{
 						"aead_type": "aes-gcm",
 					},
@@ -140,7 +140,7 @@ kms "aead" {
 }
 
 kms "aead" {
-  purpose = "controller"
+  purpose = "root"
   aead_type = "aes-gcm"
   key ="eb78KqCwowELYnkOOko/XYz01q1ax3g76J1vCAvt5dQ="
 }`
@@ -153,7 +153,7 @@ kms "aead" {
 }
 
 kms "aead" {
-  purpose = "controller"
+  purpose = "root"
   aead_type = "aes-gcm"
   key ="{{decrypt(Ckh57d4NA6nsnRKV6DiHTyfwLIakdhN8w7qdPJgo-KWnBdlEKv3NQkUFbouU0eorSGik1Qbca5xEy2NqYT9UYj_GUGo6hHz13MEqAA)}}"
 }`

internal/servers/controller/cors_test.go

@@ -22,7 +22,7 @@ telemetry {
 }
 
 kms "aead" {
-        purpose = "controller"
+        purpose = "root"
         aead_type = "aes-gcm"
         key = "09iqFxRJNYsl/b8CQxjnGw=="
 }

internal/servers/controller/testing.go

@@ -262,7 +262,7 @@ func NewTestController(t *testing.T, opts *TestControllerOpts) *TestController {
 		tc.b.ControllerKMS = opts.ControllerKMS
 		tc.b.WorkerAuthKMS = opts.WorkerAuthKMS
 	case opts.ControllerKMS == nil && opts.WorkerAuthKMS == nil:
-		if err := tc.b.SetupKMSes(nil, opts.Config.SharedConfig, []string{"controller", "worker-auth"}); err != nil {
+		if err := tc.b.SetupKMSes(nil, opts.Config.SharedConfig, []string{"root", "worker-auth"}); err != nil {
 			t.Fatal(err)
 		}
 	default: