rbd: change key in secret for cert and tls

currently, the keys for kms certificates/keys in a
secret is ca.cert, tls.cert and
tls.key, this commit changes the key from ca.cert
and tls.cert to cert and tls.key to key.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
Madhu Rajanna 2021-02-03 16:50:53 +05:30 committed by mergify[bot]
parent b370d9afb6
commit 22ae4a0b16
2 changed files with 12 additions and 12 deletions

View File

@ -203,7 +203,7 @@ kind: secret
metadata:
name: vault-infosec-ca
stringData:
ca.cert: |
cert: |
MIIC2DCCAcCgAwIBAgIBATANBgkqh...
```
@ -216,7 +216,7 @@ kind: secret
metadata:
name: vault-client-cert
stringData:
tls.cert: |
cert: |
BATANBgkqcCgAwIBAgIBATANBAwI...
```
@ -229,7 +229,7 @@ kind: secret
metadata:
name: vault-client-cert-key
stringData:
tls.key: |
key: |
KNSC2DVVXcCgkqcCgAwIBAgIwewrvx...
```
@ -243,10 +243,10 @@ kind: secret
metadata:
name: vault-certificates
stringData:
ca.cert: |
cert: |
MIIC2DCCAcCgAwIBAgIBATANBgkqh...
tls.cert: |
cert: |
BATANBgkqcCgAwIBAgIBATANBAwI...
tls.key: |
key: |
KNSC2DVVXcCgkqcCgAwIBAgIwewrvx...
```

View File

@ -268,14 +268,14 @@ func (kms *VaultTokensKMS) initCertificates(config map[string]interface{}) error
}
// ignore errConfigOptionMissing, no default was set
if vaultCAFromSecret != "" {
cert, cErr := getCertificate(kms.Tenant, vaultCAFromSecret, "ca.cert")
cert, cErr := getCertificate(kms.Tenant, vaultCAFromSecret, "cert")
if cErr != nil && !apierrs.IsNotFound(err) {
return fmt.Errorf("failed to get CA certificate from secret %s: %w", vaultCAFromSecret, cErr)
}
// if the certificate is not present in tenant namespace get it from
// cephcsi pod namespace
if apierrs.IsNotFound(cErr) {
cert, cErr = getCertificate(csiNamespace, vaultCAFromSecret, "ca.cert")
cert, cErr = getCertificate(csiNamespace, vaultCAFromSecret, "cert")
if cErr != nil {
return fmt.Errorf("failed to get CA certificate from secret %s: %w", vaultCAFromSecret, cErr)
}
@ -293,14 +293,14 @@ func (kms *VaultTokensKMS) initCertificates(config map[string]interface{}) error
}
// ignore errConfigOptionMissing, no default was set
if vaultClientCertFromSecret != "" {
cert, cErr := getCertificate(kms.Tenant, vaultClientCertFromSecret, "tls.cert")
cert, cErr := getCertificate(kms.Tenant, vaultClientCertFromSecret, "cert")
if cErr != nil && !apierrs.IsNotFound(cErr) {
return fmt.Errorf("failed to get client certificate from secret %s: %w", vaultClientCertFromSecret, cErr)
}
// if the certificate is not present in tenant namespace get it from
// cephcsi pod namespace
if apierrs.IsNotFound(cErr) {
cert, cErr = getCertificate(csiNamespace, vaultClientCertFromSecret, "tls.cert")
cert, cErr = getCertificate(csiNamespace, vaultClientCertFromSecret, "cert")
if cErr != nil {
return fmt.Errorf("failed to get client certificate from secret %s: %w", vaultCAFromSecret, cErr)
}
@ -319,14 +319,14 @@ func (kms *VaultTokensKMS) initCertificates(config map[string]interface{}) error
// ignore errConfigOptionMissing, no default was set
if vaultClientCertKeyFromSecret != "" {
certKey, err := getCertificate(kms.Tenant, vaultClientCertKeyFromSecret, "tls.key")
certKey, err := getCertificate(kms.Tenant, vaultClientCertKeyFromSecret, "key")
if err != nil && !apierrs.IsNotFound(err) {
return fmt.Errorf("failed to get client certificate key from secret %s: %w", vaultClientCertKeyFromSecret, err)
}
// if the certificate is not present in tenant namespace get it from
// cephcsi pod namespace
if apierrs.IsNotFound(err) {
certKey, err = getCertificate(csiNamespace, vaultClientCertFromSecret, "tls.key")
certKey, err = getCertificate(csiNamespace, vaultClientCertFromSecret, "key")
if err != nil {
return fmt.Errorf("failed to get client certificate key from secret %s: %w", vaultCAFromSecret, err)
}