func()

in pkg/plugin/kms_v2_server.go [43:77]

• 29 lines of code
• 4 McCabe index (conditional complexity)

func (s *KeyManagementServiceV2Server) Status(ctx context.Context, _ *kmsv2.StatusRequest) (*kmsv2.StatusResponse, error) {
	// We perform a simple encrypt/decrypt operation to verify the plugin's connectivity with Key Vault.
	// The KMS invokes the Status API every minute, resulting in 120 calls per hour to the Key Vault.
	// This volume of calls is well within the permissible limit of Key Vault.
	encryptResponse, err := s.kvClient.Encrypt(ctx, []byte(healthCheckPlainText), s.encryptionAlgorithm)
	if err != nil {
		mlog.Error("failed to encrypt healthcheck call", err)
		return nil, err
	}

	decryptedText, err := s.kvClient.Decrypt(
		ctx,
		encryptResponse.Ciphertext,
		s.encryptionAlgorithm,
		version.KMSv2APIVersion,
		encryptResponse.Annotations,
		encryptResponse.KeyID,
	)
	if err != nil {
		mlog.Error("failed to decrypt healthcheck call", err)
		return nil, err
	}

	if string(decryptedText) != healthCheckPlainText {
		err = fmt.Errorf("decrypted text does not match")
		mlog.Error("healthcheck failed", err)
		return nil, err
	}

	return &kmsv2.StatusResponse{
		Version: version.KMSv2APIVersion,
		Healthz: "ok",
		KeyId:   encryptResponse.KeyID,
	}, nil
}