rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-11-03 05:17:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor: rename kms feature flag to aws_kms (#3249)

Browse Source 
Co-authored-by: hyperswitch-bot[bot] <148525504+hyperswitch-bot[bot]@users.noreply.github.com>
This commit is contained in:
Chethan Rao
2024-02-02 15:48:29 +05:30
committed by GitHub
parent d283053e5e
commit 91519d8462
40 changed files with 507 additions and 486 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
crates/router/src/core/api_keys.rs
View File

@ -2,11 +2,11 @@ use common_utils::date_time;
#[cfg(feature = "email")]
use diesel_models::{api_keys::ApiKey, enums as storage_enums};
use error_stack::{report, IntoReport, ResultExt};
#[cfg(feature = "aws_kms")]
use external_services::aws_kms;
#[cfg(feature = "hashicorp-vault")]
use external_services::hashicorp_vault::decrypt::VaultFetch;
#[cfg(feature = "kms")]
use external_services::kms;
#[cfg(not(feature = "kms"))]
#[cfg(not(feature = "aws_kms"))]
use masking::ExposeInterface;
use masking::{PeekInterface, StrongSecret};
use router_env::{instrument, tracing};
@ -30,26 +30,26 @@ const API_KEY_EXPIRY_NAME: &str = "API_KEY_EXPIRY";
#[cfg(feature = "email")]
const API_KEY_EXPIRY_RUNNER: &str = "API_KEY_EXPIRY_WORKFLOW";
#[cfg(feature = "kms")]
use external_services::kms::decrypt::KmsDecrypt;
#[cfg(feature = "aws_kms")]
use external_services::aws_kms::decrypt::AwsKmsDecrypt;
static HASH_KEY: tokio::sync::OnceCell<StrongSecret<[u8; PlaintextApiKey::HASH_KEY_LEN]>> =
tokio::sync::OnceCell::const_new();
pub async fn get_hash_key(
api_key_config: &settings::ApiKeys,
#[cfg(feature = "kms")] kms_client: &kms::KmsClient,
#[cfg(feature = "aws_kms")] aws_kms_client: &aws_kms::AwsKmsClient,
#[cfg(feature = "hashicorp-vault")]
hc_client: &external_services::hashicorp_vault::HashiCorpVault,
) -> errors::RouterResult<&'static StrongSecret<[u8; PlaintextApiKey::HASH_KEY_LEN]>> {
HASH_KEY
.get_or_try_init(|| async {
let hash_key = {
#[cfg(feature = "kms")]
#[cfg(feature = "aws_kms")]
{
api_key_config.kms_encrypted_hash_key.clone()
}
#[cfg(not(feature = "kms"))]
#[cfg(not(feature = "aws_kms"))]
{
masking::Secret::<_, masking::WithType>::new(api_key_config.hash_key.clone())
}
@ -61,14 +61,14 @@ pub async fn get_hash_key(
.await
.change_context(errors::ApiErrorResponse::InternalServerError)?;
#[cfg(feature = "kms")]
#[cfg(feature = "aws_kms")]
let hash_key = hash_key
.decrypt_inner(kms_client)
.decrypt_inner(aws_kms_client)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Failed to KMS decrypt API key hashing key")?;
.attach_printable("Failed to AWS KMS decrypt API key hashing key")?;
#[cfg(not(feature = "kms"))]
#[cfg(not(feature = "aws_kms"))]
let hash_key = hash_key.expose();
<[u8; PlaintextApiKey::HASH_KEY_LEN]>::try_from(
@ -153,7 +153,7 @@ impl PlaintextApiKey {
#[instrument(skip_all)]
pub async fn create_api_key(
state: AppState,
#[cfg(feature = "kms")] kms_client: &kms::KmsClient,
#[cfg(feature = "aws_kms")] aws_kms_client: &aws_kms::AwsKmsClient,
#[cfg(feature = "hashicorp-vault")]
hc_client: &external_services::hashicorp_vault::HashiCorpVault,
api_key: api::CreateApiKeyRequest,
@ -175,8 +175,8 @@ pub async fn create_api_key(
let hash_key = get_hash_key(
api_key_config,
#[cfg(feature = "kms")]
kms_client,
#[cfg(feature = "aws_kms")]
aws_kms_client,
#[cfg(feature = "hashicorp-vault")]
hc_client,
)
@ -589,8 +589,8 @@ mod tests {
let plaintext_api_key = PlaintextApiKey::new(consts::API_KEY_LENGTH);
let hash_key = get_hash_key(
&settings.api_keys,
#[cfg(feature = "kms")]
external_services::kms::get_kms_client(&settings.kms).await,
#[cfg(feature = "aws_kms")]
external_services::aws_kms::get_aws_kms_client(&settings.kms).await,
#[cfg(feature = "hashicorp-vault")]
external_services::hashicorp_vault::get_hashicorp_client(&settings.hc_vault)
.await