Skip to content

Commit cb64f07

Browse files
hslatmanhslatman
authored
Merge pull request #484 from smallstep/herman/fix-cloudkms-resource-uris
Fix GCP CloudKMS resource URIs sometimes starting with `cloudkms:`
2 parents 2980706 + 927f094 commit cb64f07

File tree

6 files changed

+90
-76
lines changed

6 files changed

+90
-76
lines changed

kms/cloudkms/cloudkms.go

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -204,7 +204,7 @@ func (k *CloudKMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyRespo
204204
return nil, err
205205
}
206206

207-
var crytoKeyName string
207+
var cryptoKeyName string
208208

209209
ctx, cancel := defaultContext()
210210
defer cancel()
@@ -240,13 +240,13 @@ func (k *CloudKMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyRespo
240240
if err != nil {
241241
return nil, errors.Wrap(err, "cloudKMS CreateCryptoKeyVersion failed")
242242
}
243-
crytoKeyName = response.Name
243+
cryptoKeyName = response.Name
244244
} else {
245-
crytoKeyName = response.Name + "/cryptoKeyVersions/1"
245+
cryptoKeyName = response.Name + "/cryptoKeyVersions/1"
246246
}
247247

248248
// Use uri format for the keys
249-
crytoKeyName = uri.NewOpaque(Scheme, crytoKeyName).String()
249+
cryptoKeyName = uri.NewOpaque(Scheme, cryptoKeyName).String()
250250

251251
// Sleep deterministically to avoid retries because of PENDING_GENERATING.
252252
// One second is often enough.
@@ -256,17 +256,17 @@ func (k *CloudKMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyRespo
256256

257257
// Retrieve public key to add it to the response.
258258
pk, err := k.GetPublicKey(&apiv1.GetPublicKeyRequest{
259-
Name: crytoKeyName,
259+
Name: cryptoKeyName,
260260
})
261261
if err != nil {
262262
return nil, errors.Wrap(err, "cloudKMS GetPublicKey failed")
263263
}
264264

265265
return &apiv1.CreateKeyResponse{
266-
Name: crytoKeyName,
266+
Name: cryptoKeyName,
267267
PublicKey: pk,
268268
CreateSignerRequest: apiv1.CreateSignerRequest{
269-
SigningKey: crytoKeyName,
269+
SigningKey: cryptoKeyName,
270270
},
271271
}, nil
272272
}

kms/cloudkms/cloudkms_test.go

Lines changed: 37 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ import (
1313
"cloud.google.com/go/kms/apiv1/kmspb"
1414
gax "github.com/googleapis/gax-go/v2"
1515
"github.com/stretchr/testify/assert"
16+
"github.com/stretchr/testify/require"
1617
"go.step.sm/crypto/kms/apiv1"
1718
"go.step.sm/crypto/kms/uri"
1819
"go.step.sm/crypto/pemutil"
@@ -174,13 +175,9 @@ func TestCloudKMS_CreateSigner(t *testing.T) {
174175
keyURI := uri.NewOpaque(Scheme, keyName).String()
175176

176177
pemBytes, err := os.ReadFile("testdata/pub.pem")
177-
if err != nil {
178-
t.Fatal(err)
179-
}
178+
require.NoError(t, err)
180179
pk, err := pemutil.ParseKey(pemBytes)
181-
if err != nil {
182-
t.Fatal(err)
183-
}
180+
require.NoError(t, err)
184181

185182
type fields struct {
186183
client KeyManagementClient
@@ -196,17 +193,20 @@ func TestCloudKMS_CreateSigner(t *testing.T) {
196193
wantErr bool
197194
}{
198195
{"ok", fields{&MockClient{
199-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
196+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
197+
assert.NotContains(t, r.Name, "cloudkms:")
200198
return &kmspb.PublicKey{Pem: string(pemBytes)}, nil
201199
},
202200
}}, args{&apiv1.CreateSignerRequest{SigningKey: keyName}}, &Signer{client: &MockClient{}, signingKey: keyName, publicKey: pk}, false},
203201
{"ok with uri", fields{&MockClient{
204-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
202+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
203+
assert.NotContains(t, r.Name, "cloudkms:")
205204
return &kmspb.PublicKey{Pem: string(pemBytes)}, nil
206205
},
207206
}}, args{&apiv1.CreateSignerRequest{SigningKey: keyURI}}, &Signer{client: &MockClient{}, signingKey: keyName, publicKey: pk}, false},
208207
{"fail", fields{&MockClient{
209-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
208+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
209+
assert.NotContains(t, r.Name, "cloudkms:")
210210
return nil, fmt.Errorf("test error")
211211
},
212212
}}, args{&apiv1.CreateSignerRequest{SigningKey: ""}}, nil, true},
@@ -238,13 +238,9 @@ func TestCloudKMS_CreateKey(t *testing.T) {
238238
alreadyExists := status.Error(codes.AlreadyExists, "already exists")
239239

240240
pemBytes, err := os.ReadFile("testdata/pub.pem")
241-
if err != nil {
242-
t.Fatal(err)
243-
}
241+
require.NoError(t, err)
244242
pk, err := pemutil.ParseKey(pemBytes)
245-
if err != nil {
246-
t.Fatal(err)
247-
}
243+
require.NoError(t, err)
248244

249245
var retries int
250246
type fields struct {
@@ -269,7 +265,8 @@ func TestCloudKMS_CreateKey(t *testing.T) {
269265
assert.Nil(t, req.CryptoKey.DestroyScheduledDuration)
270266
return &kmspb.CryptoKey{Name: keyName}, nil
271267
},
272-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
268+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
269+
assert.NotContains(t, r.Name, "cloudkms:")
273270
return &kmspb.PublicKey{Pem: string(pemBytes)}, nil
274271
},
275272
}},
@@ -284,7 +281,8 @@ func TestCloudKMS_CreateKey(t *testing.T) {
284281
assert.Equal(t, req.CryptoKey.DestroyScheduledDuration, durationpb.New(24*time.Hour))
285282
return &kmspb.CryptoKey{Name: keyName}, nil
286283
},
287-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
284+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
285+
assert.NotContains(t, r.Name, "cloudkms:")
288286
return &kmspb.PublicKey{Pem: string(pemBytes)}, nil
289287
},
290288
}},
@@ -301,7 +299,8 @@ func TestCloudKMS_CreateKey(t *testing.T) {
301299
createCryptoKey: func(_ context.Context, _ *kmspb.CreateCryptoKeyRequest, _ ...gax.CallOption) (*kmspb.CryptoKey, error) {
302300
return &kmspb.CryptoKey{Name: keyName}, nil
303301
},
304-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
302+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
303+
assert.NotContains(t, r.Name, "cloudkms:")
305304
return &kmspb.PublicKey{Pem: string(pemBytes)}, nil
306305
},
307306
}},
@@ -318,7 +317,8 @@ func TestCloudKMS_CreateKey(t *testing.T) {
318317
createCryptoKeyVersion: func(_ context.Context, _ *kmspb.CreateCryptoKeyVersionRequest, _ ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
319318
return &kmspb.CryptoKeyVersion{Name: keyName + "/cryptoKeyVersions/2"}, nil
320319
},
321-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
320+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
321+
assert.NotContains(t, r.Name, "cloudkms:")
322322
return &kmspb.PublicKey{Pem: string(pemBytes)}, nil
323323
},
324324
}},
@@ -332,7 +332,8 @@ func TestCloudKMS_CreateKey(t *testing.T) {
332332
createCryptoKey: func(_ context.Context, _ *kmspb.CreateCryptoKeyRequest, _ ...gax.CallOption) (*kmspb.CryptoKey, error) {
333333
return &kmspb.CryptoKey{Name: keyName}, nil
334334
},
335-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
335+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
336+
assert.NotContains(t, r.Name, "cloudkms:")
336337
if retries != 2 {
337338
retries++
338339
return nil, status.Error(codes.FailedPrecondition, "key is not enabled, current state is: PENDING_GENERATION")
@@ -391,7 +392,8 @@ func TestCloudKMS_CreateKey(t *testing.T) {
391392
createCryptoKey: func(_ context.Context, _ *kmspb.CreateCryptoKeyRequest, _ ...gax.CallOption) (*kmspb.CryptoKey, error) {
392393
return &kmspb.CryptoKey{Name: keyName}, nil
393394
},
394-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
395+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
396+
assert.NotContains(t, r.Name, "cloudkms:")
395397
return nil, testError
396398
},
397399
}},
@@ -424,13 +426,9 @@ func TestCloudKMS_GetPublicKey(t *testing.T) {
424426
testError := fmt.Errorf("an error")
425427

426428
pemBytes, err := os.ReadFile("testdata/pub.pem")
427-
if err != nil {
428-
t.Fatal(err)
429-
}
429+
require.NoError(t, err)
430430
pk, err := pemutil.ParseKey(pemBytes)
431-
if err != nil {
432-
t.Fatal(err)
433-
}
431+
require.NoError(t, err)
434432

435433
var retries int
436434
type fields struct {
@@ -448,28 +446,32 @@ func TestCloudKMS_GetPublicKey(t *testing.T) {
448446
}{
449447
{"ok", fields{
450448
&MockClient{
451-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
449+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
450+
assert.NotContains(t, r.Name, "cloudkms:")
452451
return &kmspb.PublicKey{Pem: string(pemBytes)}, nil
453452
},
454453
}},
455454
args{&apiv1.GetPublicKeyRequest{Name: keyName}}, pk, false},
456455
{"ok with uri", fields{
457456
&MockClient{
458-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
457+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
458+
assert.NotContains(t, r.Name, "cloudkms:")
459459
return &kmspb.PublicKey{Pem: string(pemBytes)}, nil
460460
},
461461
}},
462462
args{&apiv1.GetPublicKeyRequest{Name: keyURI}}, pk, false},
463463
{"ok with resource uri", fields{
464464
&MockClient{
465-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
465+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
466+
assert.NotContains(t, r.Name, "cloudkms:")
466467
return &kmspb.PublicKey{Pem: string(pemBytes)}, nil
467468
},
468469
}},
469470
args{&apiv1.GetPublicKeyRequest{Name: keyResource}}, pk, false},
470471
{"ok with retries", fields{
471472
&MockClient{
472-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
473+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
474+
assert.NotContains(t, r.Name, "cloudkms:")
473475
if retries != 2 {
474476
retries++
475477
return nil, status.Error(codes.FailedPrecondition, "key is not enabled, current state is: PENDING_GENERATION")
@@ -481,14 +483,16 @@ func TestCloudKMS_GetPublicKey(t *testing.T) {
481483
{"fail name", fields{&MockClient{}}, args{&apiv1.GetPublicKeyRequest{}}, nil, true},
482484
{"fail get public key", fields{
483485
&MockClient{
484-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
486+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
487+
assert.NotContains(t, r.Name, "cloudkms:")
485488
return nil, testError
486489
},
487490
}},
488491
args{&apiv1.GetPublicKeyRequest{Name: keyName}}, nil, true},
489492
{"fail parse pem", fields{
490493
&MockClient{
491-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
494+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
495+
assert.NotContains(t, r.Name, "cloudkms:")
492496
return &kmspb.PublicKey{Pem: string("bad pem")}, nil
493497
},
494498
}},

kms/cloudkms/decrypter.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -39,19 +39,19 @@ func NewDecrypter(client KeyManagementClient, decryptionKey string) (*Decrypter,
3939
client: client,
4040
decryptionKey: resourceName(decryptionKey),
4141
}
42-
if err := decrypter.preloadKey(decryptionKey); err != nil { // TODO(hs): (option for) lazy load instead?
42+
if err := decrypter.preloadKey(); err != nil { // TODO(hs): (option for) lazy load instead?
4343
return nil, err
4444
}
4545

4646
return decrypter, nil
4747
}
4848

49-
func (d *Decrypter) preloadKey(signingKey string) error {
49+
func (d *Decrypter) preloadKey() error {
5050
ctx, cancel := defaultContext()
5151
defer cancel()
5252

5353
response, err := d.client.GetPublicKey(ctx, &kmspb.GetPublicKeyRequest{
54-
Name: signingKey,
54+
Name: d.decryptionKey,
5555
})
5656
if err != nil {
5757
return fmt.Errorf("cloudKMS GetPublicKey failed: %w", err)

kms/cloudkms/decrypter_test.go

Lines changed: 18 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -39,22 +39,26 @@ func TestCloudKMS_CreateDecrypter(t *testing.T) {
3939
wantErr bool
4040
}{
4141
{"ok", fields{&MockClient{
42-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
42+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
43+
assert.NotContains(t, r.Name, "cloudkms:")
4344
return &kmspb.PublicKey{Pem: string(pemBytes)}, nil
4445
},
4546
}}, args{&apiv1.CreateDecrypterRequest{DecryptionKey: keyName}}, &Decrypter{client: &MockClient{}, decryptionKey: keyName, publicKey: pk}, false},
4647
{"ok with uri", fields{&MockClient{
47-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
48+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
49+
assert.NotContains(t, r.Name, "cloudkms:")
4850
return &kmspb.PublicKey{Pem: string(pemBytes)}, nil
4951
},
5052
}}, args{&apiv1.CreateDecrypterRequest{DecryptionKey: "cloudkms:resource=" + keyName}}, &Decrypter{client: &MockClient{}, decryptionKey: keyName, publicKey: pk}, false},
5153
{"ok with opaque uri", fields{&MockClient{
52-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
54+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
55+
assert.NotContains(t, r.Name, "cloudkms:")
5356
return &kmspb.PublicKey{Pem: string(pemBytes)}, nil
5457
},
5558
}}, args{&apiv1.CreateDecrypterRequest{DecryptionKey: "cloudkms:" + keyName}}, &Decrypter{client: &MockClient{}, decryptionKey: keyName, publicKey: pk}, false},
5659
{"fail", fields{&MockClient{
57-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
60+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
61+
assert.NotContains(t, r.Name, "cloudkms:")
5862
return nil, fmt.Errorf("test error")
5963
},
6064
}}, args{&apiv1.CreateDecrypterRequest{DecryptionKey: ""}}, nil, true},
@@ -92,17 +96,20 @@ func TestNewDecrypter(t *testing.T) {
9296
wantErr bool
9397
}{
9498
{"ok", args{&MockClient{
95-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
99+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
100+
assert.NotContains(t, r.Name, "cloudkms:")
96101
return &kmspb.PublicKey{Pem: string(pemBytes)}, nil
97102
},
98103
}, "decryptionKey"}, &Decrypter{client: &MockClient{}, decryptionKey: "decryptionKey", publicKey: pk}, false},
99104
{"fail get public key", args{&MockClient{
100-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
105+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
106+
assert.NotContains(t, r.Name, "cloudkms:")
101107
return nil, fmt.Errorf("an error")
102108
},
103109
}, "decryptionKey"}, nil, true},
104110
{"fail parse pem", args{&MockClient{
105-
getPublicKey: func(_ context.Context, _ *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
111+
getPublicKey: func(_ context.Context, r *kmspb.GetPublicKeyRequest, _ ...gax.CallOption) (*kmspb.PublicKey, error) {
112+
assert.NotContains(t, r.Name, "cloudkms:")
106113
return &kmspb.PublicKey{Pem: string("bad pem")}, nil
107114
},
108115
}, "decryptionKey"}, nil, true},
@@ -160,21 +167,25 @@ func TestDecrypter_Decrypt(t *testing.T) {
160167
keyName := "projects/p/locations/l/keyRings/k/cryptoKeys/c/cryptoKeyVersions/1"
161168
okClient := &MockClient{
162169
asymmetricDecrypt: func(ctx context.Context, adr *kmspb.AsymmetricDecryptRequest, co ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse, error) {
170+
assert.NotContains(t, adr.Name, "cloudkms:")
163171
return &kmspb.AsymmetricDecryptResponse{Plaintext: []byte("decrypted"), PlaintextCrc32C: wrapperspb.Int64(crc32c([]byte("decrypted"))), VerifiedCiphertextCrc32C: true}, nil
164172
},
165173
}
166174
failClient := &MockClient{
167175
asymmetricDecrypt: func(ctx context.Context, adr *kmspb.AsymmetricDecryptRequest, co ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse, error) {
176+
assert.NotContains(t, adr.Name, "cloudkms:")
168177
return nil, fmt.Errorf("an error")
169178
},
170179
}
171180
requestCRC32Client := &MockClient{
172181
asymmetricDecrypt: func(ctx context.Context, adr *kmspb.AsymmetricDecryptRequest, co ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse, error) {
182+
assert.NotContains(t, adr.Name, "cloudkms:")
173183
return &kmspb.AsymmetricDecryptResponse{Plaintext: []byte("decrypted"), PlaintextCrc32C: wrapperspb.Int64(crc32c([]byte("decrypted"))), VerifiedCiphertextCrc32C: false}, nil
174184
},
175185
}
176186
responseCRC32Client := &MockClient{
177187
asymmetricDecrypt: func(ctx context.Context, adr *kmspb.AsymmetricDecryptRequest, co ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse, error) {
188+
assert.NotContains(t, adr.Name, "cloudkms:")
178189
return &kmspb.AsymmetricDecryptResponse{Plaintext: []byte("decrypted"), PlaintextCrc32C: wrapperspb.Int64(crc32c([]byte("wrong"))), VerifiedCiphertextCrc32C: true}, nil
179190
},
180191
}

kms/cloudkms/signer.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,19 +28,19 @@ func NewSigner(c KeyManagementClient, signingKey string) (*Signer, error) {
2828
client: c,
2929
signingKey: resourceName(signingKey),
3030
}
31-
if err := signer.preloadKey(signingKey); err != nil {
31+
if err := signer.preloadKey(); err != nil {
3232
return nil, err
3333
}
3434

3535
return signer, nil
3636
}
3737

38-
func (s *Signer) preloadKey(signingKey string) error {
38+
func (s *Signer) preloadKey() error {
3939
ctx, cancel := defaultContext()
4040
defer cancel()
4141

4242
response, err := s.client.GetPublicKey(ctx, &kmspb.GetPublicKeyRequest{
43-
Name: signingKey,
43+
Name: s.signingKey,
4444
})
4545
if err != nil {
4646
return errors.Wrap(err, "cloudKMS GetPublicKey failed")

0 commit comments

Comments
 (0)