1 package bannerctl
2
3 import (
4 "context"
5 "fmt"
6 "time"
7
8 kms "cloud.google.com/go/kms/apiv1"
9 "github.com/golang-jwt/jwt"
10
11 "edge-infra.dev/pkg/edge/edgeencrypt"
12 )
13
14 func CreateDecryptionInfra(ctx context.Context, kmsClient *kms.KeyManagementClient, _sm jwt.SigningMethod, sm secretManager, kmsKey edgeencrypt.KmsKey, timeout time.Duration) error {
15 err := createKeyRing(ctx, kmsClient, kmsKey, kmsKey.ProjectID)
16 if err != nil {
17 return err
18 }
19
20 secretClient, err := sm.NewWithOptions(ctx, kmsKey.ProjectID)
21 if err != nil {
22 return fmt.Errorf("failed to create secret manager client: %w", err)
23 }
24
25 err = createKmsKey(ctx, kmsClient, secretClient, kmsKey, kmsKey.ProjectID, edgeencrypt.DecryptionJWTSecret, nil,
26 edgeencrypt.DefaultSigningCryptoKeyPurpose, edgeencrypt.DefaultSigningCryptoKeyAlgorithm,
27 edgeencrypt.DecryptionJWTSecretManager, timeout)
28 if err != nil {
29 return fmt.Errorf("failed to create decryption jwt secret: %w", err)
30 }
31
32 key := kmsKey.KeyPath(kmsKey.ProjectID, edgeencrypt.DecryptionJWTSecret, "1")
33
34 return createBearerToken(ctx, secretClient, _sm, key, edgeencrypt.DecryptionJWTSecret, edgeencrypt.DecryptionJWTSecret,
35 edgeencrypt.DecryptionTokenSecretManager, edgeencrypt.Decryption, 1, nil)
36 }
37
View as plain text