createKMSConfig returns an AWS config with the credentialsProvider of the MasterKey, or the default configuration sources.
(ctx context.Context)
| 390 | // createKMSConfig returns an AWS config with the credentialsProvider of the |
| 391 | // MasterKey, or the default configuration sources. |
| 392 | func (key MasterKey) createKMSConfig(ctx context.Context) (*aws.Config, error) { |
| 393 | re := regexp.MustCompile(arnRegex) |
| 394 | matches := re.FindStringSubmatch(key.Arn) |
| 395 | if matches == nil { |
| 396 | return nil, fmt.Errorf("no valid ARN found in '%s'", key.Arn) |
| 397 | } |
| 398 | region := matches[1] |
| 399 | |
| 400 | cfg, err := config.LoadDefaultConfig(ctx, func(lo *config.LoadOptions) error { |
| 401 | // Use the credentialsProvider if present, otherwise default to reading credentials |
| 402 | // from the environment. |
| 403 | if key.credentialsProvider != nil { |
| 404 | lo.Credentials = key.credentialsProvider |
| 405 | } |
| 406 | if key.AwsProfile != "" { |
| 407 | lo.SharedConfigProfile = key.AwsProfile |
| 408 | } |
| 409 | lo.Region = region |
| 410 | if key.httpClient != nil { |
| 411 | lo.HTTPClient = key.httpClient |
| 412 | } |
| 413 | return nil |
| 414 | }) |
| 415 | if err != nil { |
| 416 | return nil, fmt.Errorf("could not load AWS config: %w", err) |
| 417 | } |
| 418 | |
| 419 | if key.Role != "" { |
| 420 | return key.createSTSConfig(ctx, &cfg) |
| 421 | } |
| 422 | return &cfg, nil |
| 423 | } |
| 424 | |
| 425 | // createClient creates a new AWS KMS client with the provided config. |
| 426 | func (key MasterKey) createClient(config *aws.Config) *kms.Client { |