Respect AwsProfile set in Keygroup Config

Kouzukii · Kouzukii · commit 2714ec18c9c3 · 2022-09-01T23:17:06.000+02:00
diff --git a/config/config.go b/config/config.go
@@ -165,7 +165,7 @@ func getKeyGroupsFromCreationRule(cRule *creationRule, kmsEncryptionContext map[
 				keyGroup = append(keyGroup, pgp.NewMasterKeyFromFingerprint(k))
 			}
 			for _, k := range group.KMS {
-				keyGroup = append(keyGroup, kms.NewMasterKey(k.Arn, k.Role, k.Context))
+				keyGroup = append(keyGroup, kms.NewMasterKey(k.Arn, k.Role, k.Context, k.AwsProfile))
 			}
 			for _, k := range group.GCPKMS {
 				keyGroup = append(keyGroup, gcpkms.NewMasterKeyFromResourceID(k.ResourceID))
diff --git a/config/config_test.go b/config/config_test.go
@@ -93,6 +93,7 @@ creation_rules:
     key_groups:
     - kms:
       - arn: foo
+        aws_profile: bar
       pgp:
       - bar
       gcp_kms:
@@ -105,6 +106,7 @@ creation_rules:
       - 'https://foo.vault:8200/v1/foo/keys/foo-key'
     - kms:
       - arn: baz
+        aws_profile: foo
       pgp:
       - qux
       gcp_kms:
@@ -280,14 +282,14 @@ func TestLoadConfigFileWithGroups(t *testing.T) {
 				PathRegex: "",
 				KeyGroups: []keyGroup{
 					{
-						KMS:     []kmsKey{{Arn: "foo"}},
+						KMS:     []kmsKey{{Arn: "foo", AwsProfile: "bar"}},
 						PGP:     []string{"bar"},
 						GCPKMS:  []gcpKmsKey{{ResourceID: "foo"}},
 						AzureKV: []azureKVKey{{VaultURL: "https://foo.vault.azure.net", Key: "foo-key", Version: "fooversion"}},
 						Vault:   []string{"https://foo.vault:8200/v1/foo/keys/foo-key"},
 					},
 					{
-						KMS: []kmsKey{{Arn: "baz"}},
+						KMS: []kmsKey{{Arn: "baz", AwsProfile: "foo"}},
 						PGP: []string{"qux"},
 						GCPKMS: []gcpKmsKey{
 							{ResourceID: "bar"},
diff --git a/kms/keysource.go b/kms/keysource.go
@@ -77,13 +77,14 @@ type MasterKey struct {
 	epResolver aws.EndpointResolverWithOptions
 }
 
-// NewMasterKey creates a new MasterKey from an ARN, role and context, setting
+// NewMasterKey creates a new MasterKey from an ARN, role, context and awsProfile, setting
 // the creation date to the current date.
-func NewMasterKey(arn string, role string, context map[string]*string) *MasterKey {
+func NewMasterKey(arn string, role string, context map[string]*string, awsProfile string) *MasterKey {
 	return &MasterKey{
 		Arn:               arn,
 		Role:              role,
 		EncryptionContext: context,
+		AwsProfile:        awsProfile,
 		CreationDate:      time.Now().UTC(),
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -165,7 +165,7 @@ func getKeyGroupsFromCreationRule(cRule *creationRule, kmsEncryptionContext map[`
`165`	`165`	`keyGroup = append(keyGroup, pgp.NewMasterKeyFromFingerprint(k))`
`166`	`166`	`}`
`167`	`167`	`for _, k := range group.KMS {`
`168`		`- keyGroup = append(keyGroup, kms.NewMasterKey(k.Arn, k.Role, k.Context))`
	`168`	`+ keyGroup = append(keyGroup, kms.NewMasterKey(k.Arn, k.Role, k.Context, k.AwsProfile))`
`169`	`169`	`}`
`170`	`170`	`for _, k := range group.GCPKMS {`
`171`	`171`	`keyGroup = append(keyGroup, gcpkms.NewMasterKeyFromResourceID(k.ResourceID))`
Original file line number	Diff line number	Diff line change
`@@ -77,13 +77,14 @@ type MasterKey struct {`
`77`	`77`	`epResolver aws.EndpointResolverWithOptions`
`78`	`78`	`}`
`79`	`79`
`80`		`-// NewMasterKey creates a new MasterKey from an ARN, role and context, setting`
	`80`	`+// NewMasterKey creates a new MasterKey from an ARN, role, context and awsProfile, setting`
`81`	`81`	`// the creation date to the current date.`
`82`		`-func NewMasterKey(arn string, role string, context map[string]string) MasterKey {`
	`82`	`+func NewMasterKey(arn string, role string, context map[string]string, awsProfile string) MasterKey {`
`83`	`83`	`return &MasterKey{`
`84`	`84`	`Arn: arn,`
`85`	`85`	`Role: role,`
`86`	`86`	`EncryptionContext: context,`
	`87`	`+ AwsProfile: awsProfile,`
`87`	`88`	`CreationDate: time.Now().UTC(),`
`88`	`89`	`}`
`89`	`90`	`}`