|
33 | 33 | _PROVIDER_ID = 'aws-kms' |
34 | 34 |
|
35 | 35 |
|
| 36 | +def _region_from_key_id(key_id, default_region=None): |
| 37 | + """Determine the target region from a key ID, falling back to a default region if provided. |
| 38 | +
|
| 39 | + :param str key_id: AWS KMS key ID |
| 40 | + :param str default_region: Region to use if no region found in key_id |
| 41 | + :returns: region name |
| 42 | + :rtype: str |
| 43 | + :raises UnknownRegionError: if no region found in key_id and no default_region provided |
| 44 | + """ |
| 45 | + try: |
| 46 | + region_name = key_id.split(':', 4)[3] |
| 47 | + if default_region is None: |
| 48 | + default_region = region_name |
| 49 | + except IndexError: |
| 50 | + if default_region is None: |
| 51 | + raise UnknownRegionError( |
| 52 | + 'No default region found and no region determinable from key id: {}'.format(key_id) |
| 53 | + ) |
| 54 | + region_name = default_region |
| 55 | + return region_name |
| 56 | + |
| 57 | + |
36 | 58 | @attr.s(hash=True) |
37 | 59 | class KMSMasterKeyProviderConfig(MasterKeyProviderConfig): |
38 | 60 | """Configuration object for KMSMasterKeyProvider objects. |
@@ -136,16 +158,7 @@ def _client(self, key_id): |
136 | 158 |
|
137 | 159 | :param str key_id: KMS CMK ID |
138 | 160 | """ |
139 | | - try: |
140 | | - region_name = key_id.split(':', 4)[3] |
141 | | - if self.default_region is None: |
142 | | - self.default_region = region_name |
143 | | - except IndexError: |
144 | | - if self.default_region is None: |
145 | | - raise UnknownRegionError( |
146 | | - 'No default region found and no region determinable from key id: {}'.format(key_id) |
147 | | - ) |
148 | | - region_name = self.default_region |
| 161 | + region_name = _region_from_key_id(key_id, self.default_region) |
149 | 162 | self.add_regional_client(region_name) |
150 | 163 | return self._regional_clients[region_name] |
151 | 164 |
|
@@ -175,14 +188,28 @@ class KMSMasterKeyConfig(MasterKeyConfig): |
175 | 188 | """ |
176 | 189 |
|
177 | 190 | provider_id = _PROVIDER_ID |
178 | | - client = attr.ib(hash=True, validator=attr.validators.instance_of(botocore.client.BaseClient)) |
| 191 | + client = attr.ib( |
| 192 | + hash=True, |
| 193 | + validator=attr.validators.instance_of(botocore.client.BaseClient) |
| 194 | + ) |
179 | 195 | grant_tokens = attr.ib( |
180 | 196 | hash=True, |
181 | 197 | default=attr.Factory(tuple), |
182 | 198 | validator=attr.validators.instance_of(tuple), |
183 | 199 | converter=tuple |
184 | 200 | ) |
185 | 201 |
|
| 202 | + @client.default |
| 203 | + def client_default(self): |
| 204 | + """Create a client if one was not provided.""" |
| 205 | + try: |
| 206 | + region_name = _region_from_key_id(to_str(self.key_id)) |
| 207 | + kwargs = dict(region_name=region_name) |
| 208 | + except UnknownRegionError: |
| 209 | + kwargs = {} |
| 210 | + botocore_config = botocore.config.Config(user_agent_extra=USER_AGENT_SUFFIX) |
| 211 | + return boto3.session.Session(**kwargs).client('kms', config=botocore_config) |
| 212 | + |
186 | 213 |
|
187 | 214 | class KMSMasterKey(MasterKey): |
188 | 215 | """Master Key class for KMS CMKs. |
|
0 commit comments