From b989e5a514bf8c11299f4d0e9f841060d2ef6cfd Mon Sep 17 00:00:00 2001
From: Andreas Auernhammer <aead@mail.de>
Date: Thu, 13 May 2021 18:11:10 +0200
Subject: [PATCH] kms: KES client should return non-nil error when GenerateKey
 fails (#12290)

This commit fixes a bug in the KMS KES client integration.
The client should return a non-nil error when the key generation
fails.

Signed-off-by: Andreas Auernhammer <aead@mail.de>
---
 pkg/kms/kes.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/kms/kes.go b/pkg/kms/kes.go
index 7d6312533..e21712d11 100644
--- a/pkg/kms/kes.go
+++ b/pkg/kms/kes.go
@@ -115,7 +115,7 @@ func (c *kesClient) GenerateKey(keyID string, ctx Context) (DEK, error) {
 	}
 	dek, err := c.client.GenerateKey(context.Background(), keyID, ctxBytes)
 	if err != nil {
-		return DEK{}, nil
+		return DEK{}, err
 	}
 	return DEK{
 		KeyID:      keyID,