in internal/kms/kms.go [25:66]
func NewKeyManagementService(cfg conf.KmsConfig) (*KeyManagementService, error) {
// default credentials: https://help.aliyun.com/zh/sdk/developer-reference/v2-manage-go-access-credentials?spm=a2c4g.11186623.help-menu-262060.d_1_9_1_2.33a45c4fAoE9MW&scm=20140722.H_2579531._.OR_help-T_cn~zh-V_1#3ca299f04bw3c
credentialClient, err := credentials.NewCredential(nil)
if err != nil {
return nil, err
}
config := &openapi.Config{
Credential: credentialClient,
RegionId: tea.String(*cfg.Region),
ReadTimeout: tea.Int(3 * 1000),
ConnectTimeout: tea.Int(3 * 1000),
Protocol: tea.String("https"),
}
if *cfg.Endpoint != "" {
config.Endpoint = tea.String(*cfg.Endpoint)
}
if *cfg.Endpoint != "" && strings.HasSuffix(*cfg.Endpoint, InstanceGatewayDomainSuffix) {
if *cfg.CaFilePath != "" {
data, err := os.ReadFile(*cfg.CaFilePath)
if err != nil {
return nil, fmt.Errorf("open ca file faaild:%w", err)
}
config.Ca = tea.String(string(data))
} else {
if ca, ok := RegionIdAndCaMap[*cfg.Region]; !ok {
return nil, errors.New("instance gateway private CA not found")
} else {
config.Ca = tea.String(ca)
}
}
}
smClient, err := newSecretManagerClient(config)
if err != nil {
return nil, err
}
return &KeyManagementService{smClient: smClient, config: config}, nil
}