Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[REVIEW] alias fix, needs test #541

Closed
wants to merge 6 commits into from
Closed

[REVIEW] alias fix, needs test #541

wants to merge 6 commits into from

Conversation

rosscdh
Copy link

@rosscdh rosscdh commented Sep 26, 2019

sops should support aws kms alias in the same way the aws cli does as per #381

I've added a simple check, please review and ill try add tests for it (first go contribution, go easy please)

@rosscdh rosscdh mentioned this pull request Sep 26, 2019
Open
@codecov-io
Copy link

Codecov Report

Merging #541 into master will decrease coverage by 0.06%.
The diff coverage is 0%.

Impacted file tree graph

@@            Coverage Diff            @@
##           master    #541      +/-   ##
=========================================
- Coverage   36.46%   36.4%   -0.07%     
=========================================
  Files          20      20              
  Lines        2863    2868       +5     
=========================================
  Hits         1044    1044              
- Misses       1725    1730       +5     
  Partials       94      94
Impacted Files Coverage Δ
kms/keysource.go 48.73% <0%> (-1.6%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 14a22d7...63f6c38. Read the comment docs.

autrilla
autrilla suggested changes Oct 8, 2019
View reviewed changes
kms/keysource.go Outdated Show resolved Hide resolved
kms/keysource.go Outdated
Comment on lines 195 to 203
} else {

config := aws.Config{Region: aws.String(matches[1])}
if alias_matches != nil {
// its an alias the region is irrelevant
config := aws.Config{Region: aws.String(matches[0])}
} else {
return nil, fmt.Errorf("No valid ARN found in %q", key.Arn)
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unnest this into an else if and an else.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I'm not sure about my butchering the arn pattern to force the region into the alias?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you tested what happens if you provide a bogus region to the alias? e.g. blah:alias/foo.

I don't currently have an AWS account set up so this is not particularly easy for me to test :(

@rosscdh
Copy link
Author

rosscdh commented Oct 8, 2019 via email

@autrilla
Copy link
Contributor

autrilla commented Oct 8, 2019

I don't mean automated tests, just whether you've tested that this actually works with aliases, and what happens when you provide either the wrong region, or a region that doesn't exist. I'm not asking about what behavior should be implemented, I'm just wondering what the behavior of the AWS SDK is.

@ajvb ajvb closed this Feb 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@autrilla autrilla autrilla requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rosscdh @codecov-io @autrilla @ajvb