Make it work not only on ecs but also outside ecs

AliyunContainerService · Mar 15, 2020 · 93861e5 · 93861e5
1 parent 725f4c4
commit 93861e5
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 14 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+ack-kms-plugin
diff --git a/Makefile b/Makefile
@@ -1,10 +1,10 @@
 ##############################################################################################################
-binary := kubernetes-kms
-DOCKER_IMAGE := acs/ack-kms-plugin
+BINARY := ack-kms-plugin
+DOCKER_IMAGE ?= acs/ack-kms-plugin
 METALINTER_CONCURRENCY ?= 4
 METALINTER_DEADLINE ?= 180
-VERSION          := v0.0.1
-CGO_ENABLED_FLAG := 0
+VERSION          ?= v0.0.1
+CGO_ENABLED_FLAG ?= 0
 
 ifeq ($(OS),Windows_NT)
 	GOOS_FLAG = windows
@@ -38,7 +38,7 @@ deps: setup
 
 clean:
 	@echo "Clean..."
-	$Q rm -rf $(binary)
+	$Q rm -rf $(BINARY)
 
 setup: clean
 	@echo "Setup..."
@@ -53,7 +53,7 @@ authors:
 
 testint:
 	@echo "Running Integration tests..."
-	$Q sudo GOPATH=$(GOPATH) go test -v -count=1 gitlab.alibaba-inc.com/cos/ack-kms-plugin/tests/client
+	$Q sudo GOPATH=$(GOPATH) go test -v -count=1 github.com/AliyunContainerService/ack-kms-plugin/tests/client
 
 test:
 	@echo "Running Unit Tests..."
@@ -77,6 +77,3 @@ check-all:
 	gometalinter --concurrency=$(METALINTER_CONCURRENCY) --deadline=600s ./... --vendor --cyclo-over=20 \
 		--linter='vet:go vet --no-recurse:PATH:LINE:MESSAGE' --dupl-threshold=50
 		--dupl-threshold=50
-
-clean:
-	rm -f $(BIN)
diff --git a/plugin/server.go b/plugin/server.go
@@ -15,6 +15,7 @@ import (
 	"os"
 	"reflect"
 	"strconv"
+	"strings"
 	"sync"
 	"time"
 
@@ -28,8 +29,11 @@ const (
 	Version        = "v1beta1"
 	runtime        = "Alibaba Cloud KMS"
 	runtimeVersion = "0.1.0"
-	// REGION is region id env
-	REGION = "REGION"
+	// envRegion is region id env
+	envRegion = "ACK_KMS_REGION_ID"
+	// envKmsDomain is kms domain env
+	envKmsDomain = "ACK_KMS_DOMAIN"
+	defaultKmsDomain = "kms-vpc.%s.aliyuncs.com"
 	// KeyUsageEncryptDecrypt is the usage of kms key
 	keyUsageEncryptDecrypt = "ENCRYPT/DECRYPT"
 	// HTTPS protocol
@@ -54,15 +58,27 @@ type KMSServer struct {
 
 // New creates an instance of the KMS Service Server.
 func New(pathToUnixSocketFile, keyID string) (*KMSServer, error) {
-	kMSServer := new(KMSServer)
+	kMSServer := &KMSServer{
+		stopCh:  make(chan struct{}),
+	}
 	kMSServer.pathToUnixSocket = pathToUnixSocketFile
 	kMSServer.keyID = keyID
-	region := GetMetaData(RegionID)
+	region := os.Getenv(envRegion)
+	if region == "" {
+		region = GetMetaData(RegionID)
+	}
 	if region == "" {
 		return nil, fmt.Errorf("empty region set in env")
 	}
+	domain := os.Getenv(envKmsDomain)
+	if domain == "" {
+		domain = defaultKmsDomain
+	}
+	if strings.Contains(domain, "%s") {
+		domain = fmt.Sprintf(domain, region)
+	}
 	kMSServer.region = region
-	kMSServer.domain = fmt.Sprintf("kms-vpc.%s.aliyuncs.com", region)
+	kMSServer.domain = domain
 	// Check for an optional custom frequency at which we should poll for creds.
 	credCheckFreqSec := defaultCredCheckFreqSeconds
 	checkFreqSecRaw := os.Getenv("CREDENTIAL_INTERVAL")