forked from TrueCloudLab/certificates
Add URI support initializing an awskms.
This commit is contained in:
parent
4745be2309
commit
4902e45729
2 changed files with 27 additions and 1 deletions
|
@ -17,6 +17,9 @@ import (
|
||||||
"go.step.sm/crypto/pemutil"
|
"go.step.sm/crypto/pemutil"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Scheme is the scheme used in uris.
|
||||||
|
const Scheme = "awskms"
|
||||||
|
|
||||||
// KMS implements a KMS using AWS Key Management Service.
|
// KMS implements a KMS using AWS Key Management Service.
|
||||||
type KMS struct {
|
type KMS struct {
|
||||||
session *session.Session
|
session *session.Session
|
||||||
|
@ -69,7 +72,24 @@ var customerMasterKeySpecMapping = map[apiv1.SignatureAlgorithm]interface{}{
|
||||||
// AWS sessions can also be configured with environment variables, see docs at
|
// AWS sessions can also be configured with environment variables, see docs at
|
||||||
// https://docs.aws.amazon.com/sdk-for-go/api/aws/session/ for all the options.
|
// https://docs.aws.amazon.com/sdk-for-go/api/aws/session/ for all the options.
|
||||||
func New(ctx context.Context, opts apiv1.Options) (*KMS, error) {
|
func New(ctx context.Context, opts apiv1.Options) (*KMS, error) {
|
||||||
o := session.Options{}
|
var o session.Options
|
||||||
|
|
||||||
|
if opts.URI != "" {
|
||||||
|
u, err := uri.ParseWithScheme(Scheme, opts.URI)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
o.Profile = u.Get("profile")
|
||||||
|
if v := u.Get("region"); v != "" {
|
||||||
|
o.Config.Region = new(string)
|
||||||
|
*o.Config.Region = v
|
||||||
|
}
|
||||||
|
if f := u.Get("credentials-file"); f != "" {
|
||||||
|
o.SharedConfigFiles = []string{opts.CredentialsFile}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Deprecated way to setting configuration parameters.
|
||||||
if opts.Region != "" {
|
if opts.Region != "" {
|
||||||
o.Config.Region = &opts.Region
|
o.Config.Region = &opts.Region
|
||||||
}
|
}
|
||||||
|
|
|
@ -60,7 +60,13 @@ func TestNew(t *testing.T) {
|
||||||
Profile: "smallstep",
|
Profile: "smallstep",
|
||||||
CredentialsFile: "~/aws/credentials",
|
CredentialsFile: "~/aws/credentials",
|
||||||
}}, expected, false},
|
}}, expected, false},
|
||||||
|
{"ok with uri", args{ctx, apiv1.Options{
|
||||||
|
URI: "awskms:region=us-east-1;profile=smallstep;credentials-file=/var/run/aws/credentials",
|
||||||
|
}}, expected, false},
|
||||||
{"fail", args{ctx, apiv1.Options{}}, nil, true},
|
{"fail", args{ctx, apiv1.Options{}}, nil, true},
|
||||||
|
{"fail uri", args{ctx, apiv1.Options{
|
||||||
|
URI: "pkcs11:region=us-east-1;profile=smallstep;credentials-file=/var/run/aws/credentials",
|
||||||
|
}}, nil, true},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
|
Loading…
Reference in a new issue