mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-22 22:30:23 +00:00
rbd: change key in secret for cert and tls
currently, the keys for kms certificates/keys in a secret is ca.cert, tls.cert and tls.key, this commit changes the key from ca.cert and tls.cert to cert and tls.key to key. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
parent
b370d9afb6
commit
22ae4a0b16
@ -203,7 +203,7 @@ kind: secret
|
|||||||
metadata:
|
metadata:
|
||||||
name: vault-infosec-ca
|
name: vault-infosec-ca
|
||||||
stringData:
|
stringData:
|
||||||
ca.cert: |
|
cert: |
|
||||||
MIIC2DCCAcCgAwIBAgIBATANBgkqh...
|
MIIC2DCCAcCgAwIBAgIBATANBgkqh...
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -216,7 +216,7 @@ kind: secret
|
|||||||
metadata:
|
metadata:
|
||||||
name: vault-client-cert
|
name: vault-client-cert
|
||||||
stringData:
|
stringData:
|
||||||
tls.cert: |
|
cert: |
|
||||||
BATANBgkqcCgAwIBAgIBATANBAwI...
|
BATANBgkqcCgAwIBAgIBATANBAwI...
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -229,7 +229,7 @@ kind: secret
|
|||||||
metadata:
|
metadata:
|
||||||
name: vault-client-cert-key
|
name: vault-client-cert-key
|
||||||
stringData:
|
stringData:
|
||||||
tls.key: |
|
key: |
|
||||||
KNSC2DVVXcCgkqcCgAwIBAgIwewrvx...
|
KNSC2DVVXcCgkqcCgAwIBAgIwewrvx...
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -243,10 +243,10 @@ kind: secret
|
|||||||
metadata:
|
metadata:
|
||||||
name: vault-certificates
|
name: vault-certificates
|
||||||
stringData:
|
stringData:
|
||||||
ca.cert: |
|
cert: |
|
||||||
MIIC2DCCAcCgAwIBAgIBATANBgkqh...
|
MIIC2DCCAcCgAwIBAgIBATANBgkqh...
|
||||||
tls.cert: |
|
cert: |
|
||||||
BATANBgkqcCgAwIBAgIBATANBAwI...
|
BATANBgkqcCgAwIBAgIBATANBAwI...
|
||||||
tls.key: |
|
key: |
|
||||||
KNSC2DVVXcCgkqcCgAwIBAgIwewrvx...
|
KNSC2DVVXcCgkqcCgAwIBAgIwewrvx...
|
||||||
```
|
```
|
||||||
|
@ -268,14 +268,14 @@ func (kms *VaultTokensKMS) initCertificates(config map[string]interface{}) error
|
|||||||
}
|
}
|
||||||
// ignore errConfigOptionMissing, no default was set
|
// ignore errConfigOptionMissing, no default was set
|
||||||
if vaultCAFromSecret != "" {
|
if vaultCAFromSecret != "" {
|
||||||
cert, cErr := getCertificate(kms.Tenant, vaultCAFromSecret, "ca.cert")
|
cert, cErr := getCertificate(kms.Tenant, vaultCAFromSecret, "cert")
|
||||||
if cErr != nil && !apierrs.IsNotFound(err) {
|
if cErr != nil && !apierrs.IsNotFound(err) {
|
||||||
return fmt.Errorf("failed to get CA certificate from secret %s: %w", vaultCAFromSecret, cErr)
|
return fmt.Errorf("failed to get CA certificate from secret %s: %w", vaultCAFromSecret, cErr)
|
||||||
}
|
}
|
||||||
// if the certificate is not present in tenant namespace get it from
|
// if the certificate is not present in tenant namespace get it from
|
||||||
// cephcsi pod namespace
|
// cephcsi pod namespace
|
||||||
if apierrs.IsNotFound(cErr) {
|
if apierrs.IsNotFound(cErr) {
|
||||||
cert, cErr = getCertificate(csiNamespace, vaultCAFromSecret, "ca.cert")
|
cert, cErr = getCertificate(csiNamespace, vaultCAFromSecret, "cert")
|
||||||
if cErr != nil {
|
if cErr != nil {
|
||||||
return fmt.Errorf("failed to get CA certificate from secret %s: %w", vaultCAFromSecret, cErr)
|
return fmt.Errorf("failed to get CA certificate from secret %s: %w", vaultCAFromSecret, cErr)
|
||||||
}
|
}
|
||||||
@ -293,14 +293,14 @@ func (kms *VaultTokensKMS) initCertificates(config map[string]interface{}) error
|
|||||||
}
|
}
|
||||||
// ignore errConfigOptionMissing, no default was set
|
// ignore errConfigOptionMissing, no default was set
|
||||||
if vaultClientCertFromSecret != "" {
|
if vaultClientCertFromSecret != "" {
|
||||||
cert, cErr := getCertificate(kms.Tenant, vaultClientCertFromSecret, "tls.cert")
|
cert, cErr := getCertificate(kms.Tenant, vaultClientCertFromSecret, "cert")
|
||||||
if cErr != nil && !apierrs.IsNotFound(cErr) {
|
if cErr != nil && !apierrs.IsNotFound(cErr) {
|
||||||
return fmt.Errorf("failed to get client certificate from secret %s: %w", vaultClientCertFromSecret, cErr)
|
return fmt.Errorf("failed to get client certificate from secret %s: %w", vaultClientCertFromSecret, cErr)
|
||||||
}
|
}
|
||||||
// if the certificate is not present in tenant namespace get it from
|
// if the certificate is not present in tenant namespace get it from
|
||||||
// cephcsi pod namespace
|
// cephcsi pod namespace
|
||||||
if apierrs.IsNotFound(cErr) {
|
if apierrs.IsNotFound(cErr) {
|
||||||
cert, cErr = getCertificate(csiNamespace, vaultClientCertFromSecret, "tls.cert")
|
cert, cErr = getCertificate(csiNamespace, vaultClientCertFromSecret, "cert")
|
||||||
if cErr != nil {
|
if cErr != nil {
|
||||||
return fmt.Errorf("failed to get client certificate from secret %s: %w", vaultCAFromSecret, cErr)
|
return fmt.Errorf("failed to get client certificate from secret %s: %w", vaultCAFromSecret, cErr)
|
||||||
}
|
}
|
||||||
@ -319,14 +319,14 @@ func (kms *VaultTokensKMS) initCertificates(config map[string]interface{}) error
|
|||||||
|
|
||||||
// ignore errConfigOptionMissing, no default was set
|
// ignore errConfigOptionMissing, no default was set
|
||||||
if vaultClientCertKeyFromSecret != "" {
|
if vaultClientCertKeyFromSecret != "" {
|
||||||
certKey, err := getCertificate(kms.Tenant, vaultClientCertKeyFromSecret, "tls.key")
|
certKey, err := getCertificate(kms.Tenant, vaultClientCertKeyFromSecret, "key")
|
||||||
if err != nil && !apierrs.IsNotFound(err) {
|
if err != nil && !apierrs.IsNotFound(err) {
|
||||||
return fmt.Errorf("failed to get client certificate key from secret %s: %w", vaultClientCertKeyFromSecret, err)
|
return fmt.Errorf("failed to get client certificate key from secret %s: %w", vaultClientCertKeyFromSecret, err)
|
||||||
}
|
}
|
||||||
// if the certificate is not present in tenant namespace get it from
|
// if the certificate is not present in tenant namespace get it from
|
||||||
// cephcsi pod namespace
|
// cephcsi pod namespace
|
||||||
if apierrs.IsNotFound(err) {
|
if apierrs.IsNotFound(err) {
|
||||||
certKey, err = getCertificate(csiNamespace, vaultClientCertFromSecret, "tls.key")
|
certKey, err = getCertificate(csiNamespace, vaultClientCertFromSecret, "key")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to get client certificate key from secret %s: %w", vaultCAFromSecret, err)
|
return fmt.Errorf("failed to get client certificate key from secret %s: %w", vaultCAFromSecret, err)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user