Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make endpoint config optional in AWS secrets-manager keystore config #496

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 0 additions & 3 deletions kesconf/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -571,9 +571,6 @@ func ymlToKeyStore(y *ymlFile) (KeyStore, error) {
if keystore != nil {
return nil, errors.New("kesconf: invalid keystore config: more than once keystore specified")
}
if y.KeyStore.AWS.SecretsManager.Endpoint.Value == "" {
return nil, errors.New("kesconf: invalid AWS secretsmanager keystore: no endpoint specified")
}
if y.KeyStore.AWS.SecretsManager.Region.Value == "" {
return nil, errors.New("kesconf: invalid AWS secretsmanager keystore: no region specified")
}
Expand Down
41 changes: 41 additions & 0 deletions kesconf/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -285,3 +285,44 @@ func TestReadServerConfigYAML_AWS_NoCredentials(t *testing.T) {
t.Fatalf("Invalid secret key: got '%s' - want '%s'", aws.SessionToken, SessionToken)
}
}

func TestReadServerConfigYAML_AWS_NoEndpoint(t *testing.T) {
// The AWS SDK will use the pre-configured endpoints
// when no endpoint is specified in the config.

const (
Filename = "./testdata/aws-no-endpoint.yml"

Endpoint = ""
Region = "us-east-2"
AccessKey = "AKIAIOSFODNN7EXAMPLE"
Secretkey = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
SessionToken = ""
)

config, err := ReadFile(Filename)
if err != nil {
t.Fatalf("Failed to read file '%s': %v", Filename, err)
}

aws, ok := config.KeyStore.(*AWSSecretsManagerKeyStore)
if !ok {
var want *AWSSecretsManagerKeyStore
t.Fatalf("Invalid keystore: got type '%T' - want type '%T'", config.KeyStore, want)
}
if aws.Endpoint != Endpoint {
t.Fatalf("Invalid endpoint: got '%s' - want '%s'", aws.Endpoint, Endpoint)
}
if aws.Region != Region {
t.Fatalf("Invalid region: got '%s' - want '%s'", aws.Region, Region)
}
if aws.AccessKey != AccessKey {
t.Fatalf("Invalid access key: got '%s' - want '%s'", aws.AccessKey, AccessKey)
}
if aws.SecretKey != Secretkey {
t.Fatalf("Invalid secret key: got '%s' - want '%s'", aws.SecretKey, Secretkey)
}
if aws.SessionToken != SessionToken {
t.Fatalf("Invalid secret key: got '%s' - want '%s'", aws.SessionToken, SessionToken)
}
}
18 changes: 18 additions & 0 deletions kesconf/testdata/aws-no-endpoint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
version: v1

address: 0.0.0.0:7373

admin:
identity: c84cc9b91ae2399b043da7eca616048d4b4200edf2ff418d8af3835911db945d

tls:
key: ./server.key
cert: ./server.cert

keystore:
aws:
secretsmanager:
region: us-east-2
credentials:
accesskey: AKIAIOSFODNN7EXAMPLE
secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY