func getKeyInfo()

in cmd/conformance/main.go [1495:1538]

• 35 lines of code
• 9 McCabe index (conditional complexity)

func getKeyInfo(ctx context.Context, resourceName string) (*externalKeyInfo, error) {
	client, err := kms.NewKeyManagementClient(ctx)
	if err != nil {
		return nil, fmt.Errorf("error creating Cloud KMS client: %v", err)
	}
	defer client.Close()

	cryptoKey, err := client.GetCryptoKey(ctx, &spb.GetCryptoKeyRequest{Name: resourceName})
	if err != nil {
		return nil, fmt.Errorf("error getting CryptoKey for %v: %v", resourceName, err)
	}

	cryptoKeyVer := cryptoKey.GetPrimary()
	if cryptoKeyVer.GetState() != rpb.CryptoKeyVersion_ENABLED {
		return nil, fmt.Errorf("key %v is not enabled", resourceName)
	}

	if cryptoKeyVer.ProtectionLevel == rpb.ProtectionLevel_EXTERNAL {
		if cryptoKeyVer.ExternalProtectionLevelOptions == nil {
			return nil, fmt.Errorf("key %vs does not have external protection level options", resourceName)
		}

		return &externalKeyInfo{
			uri: cryptoKeyVer.GetExternalProtectionLevelOptions().GetExternalKeyUri(),
		}, nil

	} else if cryptoKeyVer.ProtectionLevel == rpb.ProtectionLevel_EXTERNAL_VPC {
		// Create an EKM Client to retrieve EkmConnection.
		cloudEKMClient, err := kms.NewEkmClient(ctx)
		if err != nil {
			return nil, fmt.Errorf("error creating KMS EKM Client: %w", err)
		}
		defer cloudEKMClient.Close()

		uri, certs, err := vpc.GetURIAndCerts(ctx, cloudEKMClient, cryptoKey)
		if err != nil {
			return nil, fmt.Errorf("error getting EXTERNAL_VPC uri and certs: %v", err)
		}

		return &externalKeyInfo{uri, certs}, nil
	}

	return nil, fmt.Errorf("key %v does not have EXTERNAL or EXTERNAL_VPC protection level", resourceName)
}