From a0553da42f82290e50b5e42a9957eaf91ce44389 Mon Sep 17 00:00:00 2001 From: TommyLike Date: Wed, 13 Sep 2023 14:36:09 +0800 Subject: [PATCH] Fix huaweicloud kms encode/decode error for cluster key --- src/infra/encryption/engine.rs | 2 +- src/infra/kms/huaweicloud.rs | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/infra/encryption/engine.rs b/src/infra/encryption/engine.rs index 1857630..ccb2b02 100644 --- a/src/infra/encryption/engine.rs +++ b/src/infra/encryption/engine.rs @@ -154,7 +154,7 @@ where } async fn rotate_key(&mut self) -> Result { - if Utc::now() < self.latest_cluster_key.read().await.create_at + Duration::days(1) { + if Utc::now() < self.latest_cluster_key.read().await.create_at + Duration::days(self.rotate_in_days) { return Ok(false); } self.generate_new_key().await?; diff --git a/src/infra/kms/huaweicloud.rs b/src/infra/kms/huaweicloud.rs index 1cd8184..e7d9a6f 100644 --- a/src/infra/kms/huaweicloud.rs +++ b/src/infra/kms/huaweicloud.rs @@ -158,7 +158,8 @@ impl HuaweiCloudKMS { .json(json) .send() .await?; - if res.status() == StatusCode::UNAUTHORIZED { + //huaweicloud response with 403 when token expired. + if res.status() == StatusCode::FORBIDDEN { //re authentication again self.auth_token_cache.lock().await.clear(); self.auth_request().await?; @@ -406,7 +407,7 @@ mod test { "fake_attribute": "123", }); let mock_request = server.mock("POST", "/kms/fake_endpoint") - .with_status(401) + .with_status(403) .match_header(SIGN_HEADER, "fake_auth_header") .match_body(mockito::Matcher::Json(fake_request.clone())) .with_body(r#"{"key_id": "123", "plain_text_base64": "456", "plain_text": "1234"}"#) -- Gitee