func()

in plugin/healthz.go [117:141]

• 20 lines of code
• 3 McCabe index (conditional complexity)

func (h *HealthCheckerManager) TestIAMPermissions() error {
	want := sets.NewString("cloudkms.cryptoKeyVersions.useToEncrypt", "cloudkms.cryptoKeyVersions.useToDecrypt")
	glog.Infof("Testing IAM permissions, want %v", want.List())

	req := &kmspb.TestIamPermissionsRequest{
		Permissions: want.List(),
	}

	resp, err := h.KeyService.TestIamPermissions(h.keyName, req).Do()
	if err != nil {
		return fmt.Errorf("failed to test IAM Permissions on %s, %v", h.keyName, err)
	}
	glog.Infof("Got permissions: %v from CloudKMS for key:%s", resp.Permissions, h.keyName)

	got := sets.NewString(resp.Permissions...)
	diff := want.Difference(got)

	if diff.Len() != 0 {
		glog.Errorf("Failed to validate IAM Permissions on %s, diff: %v", h.keyName, diff)
		return fmt.Errorf("missing %v IAM permissions on CryptoKey:%s", diff, h.keyName)
	}

	glog.Infof("Successfully validated IAM Permissions on %s.", h.keyName)
	return nil
}