support aliyun kms ram mode

Sunrisea · Sunrisea · commit 103a80bc92a5 · 2024-12-23T17:40:32.000+08:00
diff --git a/common/encryption/const.go b/common/encryption/const.go
@@ -64,4 +64,5 @@ var (
 	EmptyPasswordKmsV3ClientInitError         = fmt.Errorf("init kmsV3 client failed with empty password")
 	EmptyClientKeyContentKmsV3ClientInitError = fmt.Errorf("init kmsV3 client failed with empty client key content")
 	EmptyCaVerifyKmsV3ClientInitError         = fmt.Errorf("init kmsV3 client failed with empty ca verify")
+	EmptyEndpointKmsRamClientInitError        = fmt.Errorf("init kmsRam client failed with empty endpoint")
 )
diff --git a/common/encryption/kms_client.go b/common/encryption/kms_client.go
@@ -72,6 +72,19 @@ func checkKmsV1InitParam(regionId, ak, sk string) error {
 	return nil
 }
 
+func checkKmsRamInitParam(endpoint, ak, sk string) error {
+	if len(endpoint) == 0 {
+		return EmptyEndpointKmsRamClientInitError
+	}
+	if len(ak) == 0 {
+		return EmptyAkKmsV1ClientInitError
+	}
+	if len(sk) == 0 {
+		return EmptySkKmsV1ClientInitError
+	}
+	return nil
+}
+
 func NewKmsV3ClientWithConfig(config *dkms_api.Config, caVerify string) (*TransferKmsClient, error) {
 	var rErr error
 	if rErr = checkKmsV3InitParam(config, caVerify); rErr != nil {
@@ -191,16 +204,15 @@ type RamKmsClient struct {
 }
 
 func NewKmsRamClient(kmsConfig *constant.KMSConfig, regionId, ak, sk string) (*RamKmsClient, error) {
-	var rErr error
-	if rErr = checkKmsV1InitParam(regionId, ak, sk); rErr != nil {
-		return nil, rErr
-	}
-	config := &openapi.Config{}
-	config.AccessKeyId = tea.String(ak)
-	config.AccessKeySecret = tea.String(sk)
-	config.RegionId = tea.String(regionId)
 	if kmsConfig == nil || len(kmsConfig.Endpoint) == 0 {
-		_result, _err := kms20160120.NewClient(config)
+		if err := checkKmsV1InitParam(regionId, ak, sk); err != nil {
+			return nil, err
+		}
+		KmsV1Config := &openapi.Config{}
+		KmsV1Config.AccessKeyId = tea.String(ak)
+		KmsV1Config.AccessKeySecret = tea.String(sk)
+		KmsV1Config.RegionId = tea.String(regionId)
+		_result, _err := kms20160120.NewClient(KmsV1Config)
 		if _err != nil {
 			return nil, _err
 		}
@@ -211,6 +223,15 @@ func NewKmsRamClient(kmsConfig *constant.KMSConfig, regionId, ak, sk string) (*R
 		}
 		return _ramClient, nil
 	}
+	if err := checkKmsRamInitParam(kmsConfig.Endpoint, ak, sk); err != nil {
+		return nil, err
+	}
+	config := &openapi.Config{}
+	config.AccessKeyId = tea.String(ak)
+	config.AccessKeySecret = tea.String(sk)
+	if len(regionId) != 0 {
+		config.RegionId = tea.String(regionId)
+	}
 	config.Endpoint = tea.String(kmsConfig.Endpoint)
 	config.Ca = tea.String(kmsConfig.CaContent)
 	runtimeOption := &util.RuntimeOptions{}

Original file line number	Diff line number	Diff line change
`@@ -64,4 +64,5 @@ var (`
`64`	`64`	`EmptyPasswordKmsV3ClientInitError = fmt.Errorf("init kmsV3 client failed with empty password")`
`65`	`65`	`EmptyClientKeyContentKmsV3ClientInitError = fmt.Errorf("init kmsV3 client failed with empty client key content")`
`66`	`66`	`EmptyCaVerifyKmsV3ClientInitError = fmt.Errorf("init kmsV3 client failed with empty ca verify")`
	`67`	`+ EmptyEndpointKmsRamClientInitError = fmt.Errorf("init kmsRam client failed with empty endpoint")`
`67`	`68`	`)`