func NewAKVSecretConfig()

in vaults/azurekeyvault.go [53:104]

• 38 lines of code
• 9 McCabe index (conditional complexity)

func NewAKVSecretConfig(vaultURL, msiClientID string) (*AKVSecretConfig, error) {
	if vaultURL == "" {
		return nil, errors.New("missing azure keyvault URL")
	}

	normalizedVaultURL := strings.TrimSuffix(strings.ToLower(vaultURL), "/")

	parsedURL, err := url.Parse(normalizedVaultURL)
	if err != nil {
		return nil, errors.Wrap(err, "failed to parse the azure keyvault secret URL")
	}

	if parsedURL.Scheme != "https" {
		return nil, errors.New("invalid azure keyvault secret URL scheme. Expected Https")
	}

	urlSegments := strings.Split(parsedURL.Path, "/")

	if len(urlSegments) != 3 && len(urlSegments) != 4 {
		return nil, fmt.Errorf("invalid azure keyvault secret URL. Bad number of URL segments: %d", len(urlSegments))
	}

	if urlSegments[1] != "secrets" {
		return nil, fmt.Errorf("invalid azure keyvault secret URL. Expected 'secrets' collection, but found: %s", urlSegments[1])
	}

	secretVersion := ""

	if len(urlSegments) == 4 {
		secretVersion = urlSegments[3]
	}

	vaultHostWithScheme := fmt.Sprintf("%s://%s", parsedURL.Scheme, parsedURL.Host)
	splitStr := strings.SplitAfterN(vaultHostWithScheme, ".", 2)
	// Ex. https://myacbvault.vault.azure.net -> ["https://myacbvault." "vault.azure.net"]
	if len(splitStr) != 2 {
		return nil, fmt.Errorf("extracted vault resource %s from vault URL %s is invalid", vaultHostWithScheme, vaultURL)
	}

	// Ex. https://vault.azure.net
	vaultAADResourceURL := fmt.Sprintf("%s://%s", parsedURL.Scheme, splitStr[1])

	akvConfig := &AKVSecretConfig{
		VaultURL:       vaultHostWithScheme,
		SecretName:     urlSegments[2],
		SecretVersion:  secretVersion,
		MSIClientID:    msiClientID,
		AADResourceURL: vaultAADResourceURL,
	}

	return akvConfig, nil
}