Review fixes

Strnadj · Strnadj · commit 12f31cc1aef5 · 2026-03-19T16:13:52.000+01:00
diff --git a/cmd/kms_priv_key_importer/main.go b/cmd/kms_priv_key_importer/main.go
@@ -14,8 +14,6 @@ import (
 	"strings"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
-	awsconfig "github.com/aws/aws-sdk-go-v2/config"
-	"github.com/aws/aws-sdk-go-v2/credentials"
 	awskms "github.com/aws/aws-sdk-go-v2/service/kms"
 	"github.com/aws/aws-sdk-go-v2/service/kms/types"
 	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
@@ -149,7 +147,7 @@ func main() {
 	}
 
 	if issuerKMSETHProviderToUse == config.AWSSM {
-		cfg, err := LoadAWSConfig(ctx)
+		cfg, err := kms.LoadAWSConfig(ctx)
 
 		if err != nil {
 			log.Error(ctx, "error loading AWSSM config", "err", err)
@@ -233,33 +231,10 @@ func validate(issuerKMSETHProviderToUse string, fPrivateKey *string, ctx context
 	return nil
 }
 
-func LoadAWSConfig(ctx context.Context) (aws.Config, error) {
-	// Backward-compatible behaviour for AWS SDK configuration
-	// env variables (DEPRECATED)
-	// "ISSUER_KMS_AWS_ACCESS_KEY"
-	// "ISSUER_KMS_AWS_SECRET_KEY"
-	// "ISSUER_KMS_AWS_REGION"
-	accessKey := strings.TrimSpace(os.Getenv("ISSUER_KMS_AWS_ACCESS_KEY"))
-	secretKey := strings.TrimSpace(os.Getenv("ISSUER_KMS_AWS_SECRET_KEY"))
-	region := strings.TrimSpace(os.Getenv("ISSUER_KMS_AWS_REGION"))
-
-	if accessKey != "" && secretKey != "" && region != "" {
-		return awsconfig.LoadDefaultConfig(
-			ctx,
-			awsconfig.WithCredentialsProvider(
-				credentials.NewStaticCredentialsProvider(accessKey, secretKey, ""),
-			),
-			awsconfig.WithRegion(region),
-		)
-	}
-
-	return awsconfig.LoadDefaultConfig(ctx)
-}
-
 //
 //nolint:unused
 func createEmptyKey(ctx context.Context, privateKeyAlias string) (*string, error) {
-	cfg, err := LoadAWSConfig(ctx)
+	cfg, err := kms.LoadAWSConfig(ctx)
 
 	if err != nil {
 		log.Error(ctx, "error loading AWSKMS config", "err", err)
diff --git a/internal/kms/aws.go b/internal/kms/aws.go
@@ -40,41 +40,39 @@ func AwsSecretsManager(ctx context.Context) (*secretsmanager.Client, error) {
 	cfg, err := LoadAWSConfig(ctx)
 
 	if err != nil {
-		return nil, fmt.Errorf("unable to load SDK config, %v", err)
+		return nil, fmt.Errorf("unable to load SDK config, %w", err)
 	}
 
-	var options = make([]func(*secretsmanager.Options), 1)
-
 	// LocalStack/OpenStack mode
 	// https://docs.localstack.cloud/aws/integrations/aws-sdks/go/
 	// Region is provided from AWS_REGION env variable
 	url := strings.TrimSpace(os.Getenv("ISSUER_KMS_AWS_URL"))
+	var options []func(*secretsmanager.Options)
 	if url != "" {
-		options[0] = func(o *secretsmanager.Options) {
+		options = append(options, func(o *secretsmanager.Options) {
 			o.BaseEndpoint = aws.String(url)
-		}
+		})
 	}
-
 	return secretsmanager.NewFromConfig(cfg, options...), nil
 }
 
 func AwsKms(ctx context.Context) (*kms.Client, error) {
 	cfg, err := LoadAWSConfig(ctx)
 
 	if err != nil {
-		return nil, fmt.Errorf("unable to load SDK config, %v", err)
+		return nil, fmt.Errorf("unable to load SDK config, %w", err)
 	}
 
-	options := make([]func(*kms.Options), 1)
+	var options []func(*kms.Options)
 
 	// LocalStack/OpenStack mode
 	// https://docs.localstack.cloud/aws/integrations/aws-sdks/go/
 	// Region is provided from AWS_REGION env variable
 	url := strings.TrimSpace(os.Getenv("ISSUER_KMS_AWS_URL"))
 	if url != "" {
-		options[0] = func(o *kms.Options) {
+		options = append(options, func(o *kms.Options) {
 			o.BaseEndpoint = aws.String(url)
-		}
+		})
 	}
 
 	return kms.NewFromConfig(cfg, options...), nil
diff --git a/internal/kms/aws_kms_eth_key_provider.go b/internal/kms/aws_kms_eth_key_provider.go
@@ -36,7 +36,7 @@ func NewAwsKMSEthKeyProvider(ctx context.Context, keyType KeyType, issuerETHTran
 	client, err := AwsKms(ctx)
 
 	if err != nil {
-		return nil, fmt.Errorf("failed to create AWS KMS client: %v", err)
+		return nil, fmt.Errorf("failed to create AWS KMS client: %w", err)
 	}
 
 	return &awsKmsEthKeyProvider{
diff --git a/internal/kms/aws_secret_storage_provider.go b/internal/kms/aws_secret_storage_provider.go
@@ -31,7 +31,7 @@ func NewAwsSecretStorageProvider(ctx context.Context) (*awsSecretStorageProvider
 	client, err := AwsSecretsManager(ctx)
 
 	if err != nil {
-		return nil, fmt.Errorf("failed to create AWS Secrets Manager client: %v", err)
+		return nil, fmt.Errorf("failed to create AWS Secrets Manager client: %w", err)
 	}
 
 	return &awsSecretStorageProvider{

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ func NewAwsKMSEthKeyProvider(ctx context.Context, keyType KeyType, issuerETHTran`
`36`	`36`	`client, err := AwsKms(ctx)`
`37`	`37`
`38`	`38`	`if err != nil {`
`39`		`- return nil, fmt.Errorf("failed to create AWS KMS client: %v", err)`
	`39`	`+ return nil, fmt.Errorf("failed to create AWS KMS client: %w", err)`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`return &awsKmsEthKeyProvider{`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ func NewAwsSecretStorageProvider(ctx context.Context) (*awsSecretStorageProvider`
`31`	`31`	`client, err := AwsSecretsManager(ctx)`
`32`	`32`
`33`	`33`	`if err != nil {`
`34`		`- return nil, fmt.Errorf("failed to create AWS Secrets Manager client: %v", err)`
	`34`	`+ return nil, fmt.Errorf("failed to create AWS Secrets Manager client: %w", err)`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`return &awsSecretStorageProvider{`