in src/aws_encryption_sdk/key_providers/kms.py [0:0]
def validate_config(self):
"""Validates the provided configuration."""
if not self.config.key_ids:
# //= compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider.txt#2.6
# //# The key id list MUST NOT be empty or null in strict mode.
raise ConfigMismatchError("To enable strict mode you must provide key ids")
for key_id in self.config.key_ids:
# //= compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider.txt#2.6
# //# The key id list MUST NOT contain any null or empty string values.
if not key_id:
raise ConfigMismatchError("Key ids must be valid AWS KMS ARNs")
if self.config.discovery_filter:
# //= compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider.txt#2.6
# //# A discovery filter MUST NOT be configured in strict mode.
raise ConfigMismatchError("To enable discovery mode, use a DiscoveryAwsKmsMasterKeyProvider")
if self.config.discovery_region:
# //= compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider.txt#2.6
# //# A default MRK Region MUST NOT be configured in strict mode.
raise ConfigMismatchError(
"To enable MRK-aware discovery mode, use a MRKAwareDiscoveryAwsKmsMasterKeyProvider"
)