From 4a18be0f4a48c145da4a76499485a45478fd69aa Mon Sep 17 00:00:00 2001
From: Hans1031 <66713931+h27771420@users.noreply.github.com>
Date: Thu, 12 Oct 2023 01:25:16 +0800
Subject: [PATCH] secrets/awskms: update the example for the AWS ARN use case
 (#3320)

---
 internal/website/data/examples.json | 2 +-
 secrets/awskms/example_test.go      | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/internal/website/data/examples.json b/internal/website/data/examples.json
index 94a29a0328..6b24a6e848 100644
--- a/internal/website/data/examples.json
+++ b/internal/website/data/examples.json
@@ -417,7 +417,7 @@
 	},
 	"gocloud.dev/secrets/awskms.Example_openFromURL": {
 		"imports": "import (\n\t\"context\"\n\n\t\"gocloud.dev/secrets\"\n\t_ \"gocloud.dev/secrets/awskms\"\n)",
-		"code": "// Use one of the following:\n\n// 1. By ID.\nkeeperByID, err := secrets.OpenKeeper(ctx,\n\t\"awskms://1234abcd-12ab-34cd-56ef-1234567890ab?region=us-east-1\")\nif err != nil {\n\treturn err\n}\ndefer keeperByID.Close()\n\n// 2. By alias.\nkeeperByAlias, err := secrets.OpenKeeper(ctx,\n\t\"awskms://alias/ExampleAlias?region=us-east-1\")\nif err != nil {\n\treturn err\n}\ndefer keeperByAlias.Close()\n\n// 3. By ARN.\nconst arn = \"arn:aws:kms:us-east-1:111122223333:key/\" +\n\t\"1234abcd-12ab-34bc-56ef-1234567890ab\"\nkeeperByARN, err := secrets.OpenKeeper(ctx,\n\t\"awskms://\"+arn+\"?region=us-east-1\")\nif err != nil {\n\treturn err\n}\ndefer keeperByARN.Close()\n\n// Use \"awssdk=v1\" or \"v2\" to force a specific AWS SDK version.\nkeeperUsingV2, err := secrets.OpenKeeper(ctx,\n\t\"awskms://1234abcd-12ab-34cd-56ef-1234567890ab?region=us-east-1\u0026awssdk=v2\")\nif err != nil {\n\treturn err\n}\ndefer keeperUsingV2.Close()"
+		"code": "// Use one of the following:\n\n// 1. By ID.\nkeeperByID, err := secrets.OpenKeeper(ctx,\n\t\"awskms://1234abcd-12ab-34cd-56ef-1234567890ab?region=us-east-1\")\nif err != nil {\n\treturn err\n}\ndefer keeperByID.Close()\n\n// 2. By alias.\nkeeperByAlias, err := secrets.OpenKeeper(ctx,\n\t\"awskms://alias/ExampleAlias?region=us-east-1\")\nif err != nil {\n\treturn err\n}\ndefer keeperByAlias.Close()\n\n// 3. By ARN. Note that ARN may contain \":\" characters, which cannot be escaped\n// in the Host part of a URL, so the \"awskms:///\u003cARN\u003e\" form should be used.\nconst arn = \"arn:aws:kms:us-east-1:111122223333:key/\" +\n\t\"1234abcd-12ab-34bc-56ef-1234567890ab\"\nkeeperByARN, err := secrets.OpenKeeper(ctx,\n\t\"awskms:///\"+arn+\"?region=us-east-1\")\nif err != nil {\n\treturn err\n}\ndefer keeperByARN.Close()\n\n// Use \"awssdk=v1\" or \"v2\" to force a specific AWS SDK version.\nkeeperUsingV2, err := secrets.OpenKeeper(ctx,\n\t\"awskms://1234abcd-12ab-34cd-56ef-1234567890ab?region=us-east-1\u0026awssdk=v2\")\nif err != nil {\n\treturn err\n}\ndefer keeperUsingV2.Close()"
 	},
 	"gocloud.dev/secrets/azurekeyvault.ExampleOpenKeeper": {
 		"imports": "import \"gocloud.dev/secrets/azurekeyvault\"",
diff --git a/secrets/awskms/example_test.go b/secrets/awskms/example_test.go
index c324520aa3..156d6bb7a7 100644
--- a/secrets/awskms/example_test.go
+++ b/secrets/awskms/example_test.go
@@ -91,11 +91,12 @@ func Example_openFromURL() {
 	}
 	defer keeperByAlias.Close()
 
-	// 3. By ARN.
+	// 3. By ARN. Note that ARN may contain ":" characters, which cannot be escaped
+	// in the Host part of a URL, so the "awskms:///<ARN>" form should be used.
 	const arn = "arn:aws:kms:us-east-1:111122223333:key/" +
 		"1234abcd-12ab-34bc-56ef-1234567890ab"
 	keeperByARN, err := secrets.OpenKeeper(ctx,
-		"awskms://"+arn+"?region=us-east-1")
+		"awskms:///"+arn+"?region=us-east-1")
 	if err != nil {
 		log.Fatal(err)
 	}