forked from TrueCloudLab/certificates
Define an interface for kms operations.
This interface will be used for unit testing.
This commit is contained in:
parent
deac15327f
commit
d4cb9f4ac7
2 changed files with 15 additions and 5 deletions
|
@ -7,19 +7,29 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/smallstep/certificates/kms/uri"
|
"github.com/aws/aws-sdk-go/aws"
|
||||||
|
"github.com/aws/aws-sdk-go/aws/request"
|
||||||
"github.com/aws/aws-sdk-go/aws/session"
|
"github.com/aws/aws-sdk-go/aws/session"
|
||||||
"github.com/aws/aws-sdk-go/service/kms"
|
"github.com/aws/aws-sdk-go/service/kms"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/smallstep/certificates/kms/apiv1"
|
"github.com/smallstep/certificates/kms/apiv1"
|
||||||
|
"github.com/smallstep/certificates/kms/uri"
|
||||||
"github.com/smallstep/cli/crypto/pemutil"
|
"github.com/smallstep/cli/crypto/pemutil"
|
||||||
)
|
)
|
||||||
|
|
||||||
// KMS implements a KMS using AWS Key Management Service.
|
// KMS implements a KMS using AWS Key Management Service.
|
||||||
type KMS struct {
|
type KMS struct {
|
||||||
session *session.Session
|
session *session.Session
|
||||||
service *kms.KMS
|
service KeyManagementClient
|
||||||
|
}
|
||||||
|
|
||||||
|
// KeyManagementClient defines the methods on KeyManagementClient that this
|
||||||
|
// package will use. This interface will be used for unit testing.
|
||||||
|
type KeyManagementClient interface {
|
||||||
|
GetPublicKeyWithContext(ctx aws.Context, input *kms.GetPublicKeyInput, opts ...request.Option) (*kms.GetPublicKeyOutput, error)
|
||||||
|
CreateKeyWithContext(ctx aws.Context, input *kms.CreateKeyInput, opts ...request.Option) (*kms.CreateKeyOutput, error)
|
||||||
|
CreateAliasWithContext(ctx aws.Context, input *kms.CreateAliasInput, opts ...request.Option) (*kms.CreateAliasOutput, error)
|
||||||
|
SignWithContext(ctx aws.Context, input *kms.SignInput, opts ...request.Option) (*kms.SignOutput, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// customerMasterKeySpecMapping is a mapping between the step signature algorithm,
|
// customerMasterKeySpecMapping is a mapping between the step signature algorithm,
|
||||||
|
|
|
@ -12,13 +12,13 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type Signer struct {
|
type Signer struct {
|
||||||
service *kms.KMS
|
service KeyManagementClient
|
||||||
keyID string
|
keyID string
|
||||||
publicKey crypto.PublicKey
|
publicKey crypto.PublicKey
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewSigner creates a new signer using a key in the AWS KMS.
|
// NewSigner creates a new signer using a key in the AWS KMS.
|
||||||
func NewSigner(svc *kms.KMS, signingKey string) (*Signer, error) {
|
func NewSigner(svc KeyManagementClient, signingKey string) (*Signer, error) {
|
||||||
keyID, err := parseKeyID(signingKey)
|
keyID, err := parseKeyID(signingKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
Loading…
Reference in a new issue