search

cossacklabs / acra

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.
https://www.cossacklabs.com/acra/
Apache License 2.0
1.33k stars 128 forks source link

Add KMS CreateKey waiter #572

Closed Zhaars closed 1 year ago

Zhaars commented 1 year ago

During playground actualization, faced a problem running Acra after KMS keys creating by acra-keymaker

acra-keymaker-ee_server-user1_1  | 2022-08-30T22:20:36.921200901Z time="2022-08-30T22:20:36Z" level=info msg="Initialized KMS AWS KeyManager"
acra-keymaker-ee_server-user1_1  | 2022-08-30T22:20:36.921550967Z time="2022-08-30T22:20:36Z" level=info msg="Initialized KMS AWS KeyManager"
acra-keymaker-ee_server-user1_1  | 2022-08-30T22:20:37.091789707Z time="2022-08-30T22:20:37Z" level=info msg="KMS key created" key-name=acra_fca9e56609eea6521d95f50dca9ebe45505642727ae179050ee4951f2327575535cd41226988c46790a0ba2e0b0b72542166e0f1561348ac25dc8b97803a52df keyID="arn:aws:kms:eu-west-1:533306693851:key/e6483ab7-7571-4572-8518-2ff1dc19cee4"
acra-keymaker-ee_server-user1_1  | 2022-08-30T22:20:37.119697236Z Generated storage encryption keypair
acra-keymaker-ee_server-user1_1  | 2022-08-30T22:20:37.127808014Z Generated HMAC key for searchable encryption
acra-keymaker-ee_server-user1_1  | 2022-08-30T22:20:37.137321380Z Generated storage symmetric key for clientID
acra-keymaker-ee_server-user1_1  | 2022-08-30T22:20:37.229231384Z time="2022-08-30T22:20:37Z" level=info msg="KMS key created" key-name=acra_audit_log keyID="arn:aws:kms:eu-west-1:533306693851:key/57ee0e00-cc09-4205-8d2f-b2fa2e7caba1"
acra-keymaker-ee_server-user1_1  | 2022-08-30T22:20:37.236369217Z panic: operation error KMS: Encrypt, https response error StatusCode: 400, RequestID: 19e09a64-1e4a-4cc0-866f-bb78973556e0, NotFoundException: Alias arn:aws:kms:eu-west-1:533306693851:alias/acra_audit_log is not found.
acra-keymaker-ee_server-user1_1  | 2022-08-30T22:20:37.236450141Z 
acra-keymaker-ee_server-user1_1  | 2022-08-30T22:20:37.236669041Z goroutine 1 [running]:
acra-keymaker-ee_server-user1_1  | 2022-08-30T22:20:37.236848072Z main.main()
acra-keymaker-ee_server-user1_1  | 2022-08-30T22:20:37.237165598Z       /acra/cmd/acra-keymaker/acra-keymaker.go:241 +0x1e39

Means the AWS needs some time to create alise on key to be active. This PR contains simple waiter logic.

Checklist