File: lazy_client.go

package info (click to toggle)
golang-github-smallstep-crypto 0.63.0-1
  • links: PTS, VCS
  • area: main
  • in suites: experimental
  • size: 3,800 kB
  • sloc: sh: 66; makefile: 50
file content (64 lines) | stat: -rw-r--r-- 1,454 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
//go:build !noazurekms
// +build !noazurekms

package azurekms

import (
	"fmt"
	"sync"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys"
)

type lazyClientFunc func(vaultURL string) (KeyVaultClient, error)

type lazyClient struct {
	rw        sync.RWMutex
	clients   map[string]KeyVaultClient
	new       lazyClientFunc
	dnsSuffix string
}

func newLazyClient(dnsSuffix string, fn lazyClientFunc) *lazyClient {
	return &lazyClient{
		clients:   make(map[string]KeyVaultClient),
		new:       fn,
		dnsSuffix: dnsSuffix,
	}
}

func (l *lazyClient) Get(vault string) (KeyVaultClient, error) {
	vaultURL := vaultBaseURL(vault, l.dnsSuffix)
	// Get an already initialize client
	l.rw.RLock()
	c, ok := l.clients[vaultURL]
	l.rw.RUnlock()
	if ok {
		return c, nil
	}

	// Create a new client
	c, err := l.new(vaultURL)
	if err != nil {
		return nil, fmt.Errorf("error creating client for vault %q: %w", vaultURL, err)
	}

	l.rw.Lock()
	l.clients[vaultURL] = c
	l.rw.Unlock()
	return c, nil
}

func lazyClientCreator(credential azcore.TokenCredential) lazyClientFunc {
	return func(vaultURL string) (KeyVaultClient, error) {
		return azkeys.NewClient(vaultURL, credential, &azkeys.ClientOptions{
			// See https://aka.ms/azsdk/blog/vault-uri
			DisableChallengeResourceVerification: true,
		})
	}
}

func vaultBaseURL(vault, dnsSuffix string) string {
	return "https://" + vault + "." + dnsSuffix + "/"
}