refactor: Simplify get_ssh_private_key parameters and improve documentation; remove unused SSH key retrieval logic in WorkspacePlugin

Author: devanshjainms

src/agents/plugins/keyvault.py

@@ -172,27 +172,14 @@ def parse_key_vault_id_and_secret_id(
     @kernel_function(
         name="get_ssh_private_key",
         description="Retrieve SSH private key from Azure Key Vault. "
-        + "IMPORTANT: Read sap-parameters.yaml first to get vault_name (from secret_id), "
-        + "secret_name, and user_assigned_identity_client_id (pass as managed_identity_client_id).",
+        + "Read sap-parameters.yaml first to get secret_id and user_assigned_identity_client_id.",
     )
     def get_ssh_private_key(
         self,
-        secret_name: Annotated[
-            str,
-            "Name of the SSH key secret in Key Vault (e.g., 'sshkey', 'deployer-ssh-key')",
-        ],
-        vault_name: Annotated[
-            str,
-            "Name of the Azure Key Vault (parse from secret_id in sap-parameters.yaml)",
-        ] = "",
-        key_filename: Annotated[
-            str,
-            "Filename for the temporary key file (default: 'id_rsa')",
-        ] = "id_rsa",
-        managed_identity_client_id: Annotated[
-            str,
-            "Client ID from user_assigned_identity_client_id in sap-parameters.yaml",
-        ] = "",
+        secret_name: Annotated[str, "Name of the SSH key secret in Key Vault"],
+        vault_name: Annotated[str, "Name of the Azure Key Vault"],
+        key_filename: Annotated[str, "Filename for the temporary key file"] = "id_rsa",
+        managed_identity_client_id: Annotated[str, "Client ID from sap-parameters.yaml"] = "",
     ) -> Annotated[str, "JSON string with key file path or error"]:
         """Retrieve SSH private key and save to temporary file.
 
@@ -223,10 +210,8 @@ def get_ssh_private_key(
         Example output (error):
             {"error": "Failed to retrieve SSH key", "secret_name": "sshkey"}
         """
+        effective_identity = managed_identity_client_id.strip() if managed_identity_client_id else None
         effective_vault = vault_name.strip() if vault_name else None
-        effective_identity = (
-            managed_identity_client_id.strip() if managed_identity_client_id else None
-        )
 
         if not effective_vault:
             error_msg = "No Key Vault specified. Provide vault_name."

src/agents/plugins/workspace.py

@@ -478,42 +478,6 @@ def get_execution_context(self, workspace_id: Annotated[str, "Workspace name/ID"
                     logger.info(f"Resolved SSH key from KeyVault temp: {temp_key_path}")
                     break
 
-        if not result["ssh_key_path"] and self.keyvault_plugin:
-            secret_id = result["sap_parameters"].get("secret_id", "")
-            if secret_id:
-                try:
-                    parse_result = json.loads(
-                        self.keyvault_plugin.parse_key_vault_id_and_secret_id(secret_id)
-                    )
-                    if "error" not in parse_result:
-                        vault_name = parse_result.get("vault_name")
-                        secret_name = parse_result.get("secret_name")
-                        if vault_name and secret_name:
-                            key_result = json.loads(
-                                self.keyvault_plugin.get_ssh_private_key(
-                                    secret_name=secret_name,
-                                    vault_name=vault_name,
-                                    key_filename=f"{workspace_id}_id_rsa",
-                                )
-                            )
-                            if "key_path" in key_result:
-                                result["ssh_key_path"] = key_result["key_path"]
-                                result["ssh_key_file"] = f"{workspace_id}_id_rsa"
-                                result["ssh_key_source"] = "keyvault"
-                                logger.info(
-                                    f"Successfully fetched SSH key from Key Vault: "
-                                    f"{key_result['key_path']}"
-                                )
-                            else:
-                                logger.warning(
-                                    f"Failed to fetch SSH key from Key Vault: "
-                                    f"{key_result.get('error', 'Unknown error')}"
-                                )
-                    else:
-                        logger.warning(f"Failed to parse secret_id: {parse_result.get('error')}")
-                except Exception as e:
-                    logger.error(f"Error fetching SSH key from Key Vault: {e}")
-
         if not result["ssh_key_path"]:
             result["missing"].append("ssh_key")
         result["ready"] = (