* Extract backend provider from key, validate arn for errors. * @param {string} key KeyId or KeyArn * @param {object} log logger * @returns {object} error or client with extracted KeyId
(key, log)
| 120 | * @returns {object} error or client with extracted KeyId |
| 121 | */ |
| 122 | function getClientForKey(key, log) { |
| 123 | // if extraction only return the id, it is not a scality arnPrefix |
| 124 | const detail = extractDetailFromArn(key); |
| 125 | let clientIdentifier; |
| 126 | if (detail.type) { |
| 127 | // if type was extracted, it is a scality arnPrefix, it needs validation |
| 128 | // might throw if arn malformed or backend not available |
| 129 | // for any request (PUT or GET) |
| 130 | const error = validateKeyDetail(detail, availableBackends); |
| 131 | if (error) { |
| 132 | log.error('KMS key arn is invalid', { key, detail, availableBackends }); |
| 133 | return { error }; |
| 134 | } |
| 135 | clientIdentifier = `${detail.type}:${detail.protocol}:${detail.provider}`; |
| 136 | } else if (config.sseMigration) { |
| 137 | // if not a scality arnPrefix but migration from previous KMS |
| 138 | clientIdentifier = previousIdentifier; |
| 139 | } else { |
| 140 | // if not a scality arnPrefix and no migration |
| 141 | clientIdentifier = currentIdentifier; |
| 142 | } |
| 143 | |
| 144 | const instance = clientInstances[clientIdentifier]; |
| 145 | |
| 146 | if (instance) { |
| 147 | // was already instantiated |
| 148 | // return the extracted key id to avoid further processing of potential arn |
| 149 | // return clientIdentifier to allow usage restriction |
| 150 | return { ...instance, clientIdentifier, key: detail.id }; |
| 151 | } |
| 152 | |
| 153 | // Only pre instantiated previous KMS from sseMigration is supported now |
| 154 | // Here we could instantiate other provider on the fly to manage multi providers |
| 155 | log.error('KMS key doesn\'t match any KMS instance', { key, detail, availableBackends }); |
| 156 | return { error: new errors.InvalidArgument |
| 157 | // eslint-disable-next-line new-cap |
| 158 | .customizeDescription(`KMS unknown provider for key ${key}`), |
| 159 | }; |
| 160 | } |
| 161 | |
| 162 | class KMS { |
| 163 | /** Access to client for tests (to create a key without vault check and bucket) */ |
no test coverage detected