Skip to content

Commit

Permalink
Add validation checks for config option amazon_web_services.eks_kms_a…
Browse files Browse the repository at this point in the history 
…rn to ensure KMS-key ARN available
  • Loading branch information
@joneszc
joneszc committed Sep 27, 2024
1 parent e13fdb3 commit a89989c
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions src/_nebari/stages/infrastructure/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -565,8 +565,13 @@ def _check_input(cls, data: Any) -> Any:
# check if kms key is valid
available_kms_keys = amazon_web_services.kms_key_arns(data["region"])
if "eks_kms_arn" in data:
key_id = [id for id in available_kms_keys.keys() if id in data["eks_kms_arn"]]
if len(key_id) == 1 and available_kms_keys[key_id[0]]["Arn"] == data["eks_kms_arn"]:
key_id = [
id for id in available_kms_keys.keys() if id in data["eks_kms_arn"]
]
if (
len(key_id) == 1
and available_kms_keys[key_id[0]]["Arn"] == data["eks_kms_arn"]
):
key_id = key_id[0]
if available_kms_keys[key_id]["KeyUsage"] != "ENCRYPT_DECRYPT":
raise ValueError(
Expand Down

0 comments on commit a89989c

Please sign in to comment.