func()

in aws/pkg/tasks/container/recover.go [49:122]

• 50 lines of code
• 12 McCabe index (conditional complexity)

func (t *RecoverTask) Run(ctx context.Context) error {
	// Create input reader
	reader, err := t.JSONReader(ctx)
	if err != nil {
		return fmt.Errorf("unable to initialize reader: %w", err)
	}

	// Extract identity
	input, err := identity.FromReader(reader)
	if err != nil {
		return fmt.Errorf("unable to read identity from reader: %w", err)
	}
	if input == nil {
		return fmt.Errorf("identity is nil")
	}

	// Prepare key ID
	h := blake2b.Sum256([]byte(t.KeyID))
	if !strings.HasPrefix(input.Private.Encoding, fmt.Sprintf("kms:aws:%s", base64.RawURLEncoding.EncodeToString(h[:]))) {
		return fmt.Errorf("invalid identity encoding or not handled by this tool or KMS key not matching")
	}

	// Prepare AWS KMS client
	sess := session.Must(session.NewSessionWithOptions(session.Options{
		SharedConfigState: session.SharedConfigEnable,
	}))

	// Assemble an envelope value transformer
	awsKmsClient := kms.New(sess)

	// Initialize Key encryption transformer
	awsKMSService, err := awskms.Service(awsKmsClient, t.KeyID)
	if err != nil {
		return fmt.Errorf("unable to initialize KMS service: %w", err)
	}

	// Initialize Data encryption transformer
	transformer, err := envelope.Transformer(awsKMSService, aead.Chacha20Poly1305)
	if err != nil {
		return fmt.Errorf("unable to initialize KMS service: %w", err)
	}

	// Try to decrypt identity
	key, err := input.Decrypt(ctx, transformer)
	if err != nil {
		return fmt.Errorf("unable to decrypt identity: %w", err)
	}

	// Check validity
	if !security.SecureCompareString(input.Public, key.X) {
		return fmt.Errorf("invalid identity, key mismatch detected")
	}

	// Get output writer
	outputWriter, err := t.OutputWriter(ctx)
	if err != nil {
		return fmt.Errorf("unable to retrieve output writer: %w", err)
	}

	// Display as json
	if t.JSONOutput {
		if err := json.NewEncoder(outputWriter).Encode(map[string]interface{}{
			"container_key": key.D,
		}); err != nil {
			return fmt.Errorf("unable to display as json: %w", err)
		}
	} else {
		// Display container key
		fmt.Fprintf(outputWriter, "Container key : %s\n", key.D)
	}

	// No error
	return nil
}