-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kms: remove
Enclave
field from object requests
This commit removes the `Enclave` field from various object request types, like `CreateKeyRequest`. Instead, the enclave should be specified as part of the API call directly. For example: ``` client.CreateKey(ctx, "my-enclave", &kms.CreateKeyRequest{}) ``` This change is required for potential pipelining support. All operations within a pipeline have to operate within the same enclave (or outside of an enclave). A pipeline with multiple commands that operate on separate enclaves will not be supported. Hence, the enclave should be specified once outside of the object request.
- Loading branch information
Showing
3 changed files
with
123 additions
and
97 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
// Copyright 2024 - MinIO, Inc. All rights reserved. | ||
// Use of this source code is governed by the AGPLv3 | ||
// license that can be found in the LICENSE file. | ||
|
||
package kms_test | ||
|
||
import ( | ||
"crypto/tls" | ||
"log" | ||
|
||
"github.com/minio/kms-go/kms" | ||
) | ||
|
||
func ExampleNewClient() { | ||
key, err := kms.ParseAPIKey("k1:d7cY_5k8HbBGkZpoy2hGmvkxg83QDBXsA_nFXDfTk2E") | ||
if err != nil { | ||
log.Fatalf("Failed to parse KMS API key: %v", err) | ||
} | ||
|
||
client, err := kms.NewClient(&kms.Config{ | ||
Endpoints: []string{ | ||
"10.1.2.1:7373", | ||
"10.1.2.2:7373", | ||
"10.1.2.3:7373", | ||
}, | ||
APIKey: key, | ||
TLS: &tls.Config{ | ||
// This CertPool must contain the CA certificate that issued the | ||
// certificates of the KMS servers. Defaults to the system trust | ||
// store. | ||
// Using no or the wrong CA certificate is a common pitfall that | ||
// causes TLS/X.509 certificate verification errors. | ||
// A good test is a simple: | ||
// | ||
// $ curl -v 'https://<endpoint:port>/version' | ||
RootCAs: nil, | ||
}, | ||
}) | ||
if err != nil { | ||
log.Fatalf("Failed to create KMS client: %v", err) | ||
} | ||
|
||
_ = client // TODO: use client for some operations | ||
|
||
// Output: | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.