mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-09-19 15:09:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

journal: Store encryptionType in Config struct

Browse Source 
Add encryptionType next to kmsID to support both block and file
encryption.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
Marcel Lauhoff 2022-07-20 21:50:15 +02:00 committed by mergify[bot]
parent ce9fbb3474
commit 2cf8ecc6c7
1 changed files with 28 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
internal/journal/voljournal.go
View File

@ -149,6 +149,9 @@ type Config struct {
// encryptKMS in which encryption passphrase was saved, default is no encryption // encryptKMS in which encryption passphrase was saved, default is no encryption
encryptKMSKey string encryptKMSKey string
// encryptKMS in which encryption passphrase was saved, default is no encryption
encryptionType string
// ownerKey is used to identify the owner of the volume, can be used with some KMS configurations // ownerKey is used to identify the owner of the volume, can be used with some KMS configurations
ownerKey string ownerKey string
@ -172,6 +175,7 @@ func NewCSIVolumeJournal(suffix string) *Config {
namespace: "", namespace: "",
csiImageIDKey: "csi.imageid", csiImageIDKey: "csi.imageid",
encryptKMSKey: "csi.volume.encryptKMS", encryptKMSKey: "csi.volume.encryptKMS",
encryptionType: "csi.volume.encryptionType",
ownerKey: "csi.volume.owner", ownerKey: "csi.volume.owner",
backingSnapshotIDKey: "csi.volume.backingsnapshotid", backingSnapshotIDKey: "csi.volume.backingsnapshotid",
commonPrefix: "csi.", commonPrefix: "csi.",
@ -191,6 +195,7 @@ func NewCSISnapshotJournal(suffix string) *Config {
namespace: "", namespace: "",
csiImageIDKey: "csi.imageid", csiImageIDKey: "csi.imageid",
encryptKMSKey: "csi.volume.encryptKMS", encryptKMSKey: "csi.volume.encryptKMS",
encryptionType: "csi.volume.encryptionType",
ownerKey: "csi.volume.owner", ownerKey: "csi.volume.owner",
commonPrefix: "csi.", commonPrefix: "csi.",
} }
@ -280,6 +285,7 @@ Return values:
*/ */
func (conn *Connection) CheckReservation(ctx context.Context, func (conn *Connection) CheckReservation(ctx context.Context,
journalPool, reqName, namePrefix, snapParentName, kmsConfig string, journalPool, reqName, namePrefix, snapParentName, kmsConfig string,
encryptionType util.EncryptionType,
) (*ImageData, error) { ) (*ImageData, error) {
var ( var (
snapSource bool snapSource bool
@ -377,6 +383,14 @@ func (conn *Connection) CheckReservation(ctx context.Context,
} }
} }
if encryptionType != util.EncryptionTypeInvalid {
if savedImageAttributes.EncryptionType != encryptionType {
return nil, fmt.Errorf("internal state inconsistent, omap encryption type"+
" mismatch, request KMS (%s) volume UUID (%s) volume omap KMS (%d)",
kmsConfig, objUUID, savedImageAttributes.EncryptionType)
}
}
// TODO: skipping due to excessive poolID to poolname call, also this should never happen! // TODO: skipping due to excessive poolID to poolname call, also this should never happen!
// check if journal pool points back to the passed in journal pool // check if journal pool points back to the passed in journal pool
// if savedJournalPoolID != journalPoolID { // if savedJournalPoolID != journalPoolID {
@ -530,6 +544,7 @@ Input arguments:
- namePrefix: Prefix to use when generating the image/subvolume name (suffix is an auto-generated UUID) - namePrefix: Prefix to use when generating the image/subvolume name (suffix is an auto-generated UUID)
- parentName: Name of the parent image/subvolume if reservation is for a snapshot (optional) - parentName: Name of the parent image/subvolume if reservation is for a snapshot (optional)
- kmsConf: Name of the key management service used to encrypt the image (optional) - kmsConf: Name of the key management service used to encrypt the image (optional)
- encryptionType: Type of encryption used when kmsConf is set (optional)
- volUUID: UUID need to be reserved instead of auto-generating one (this is useful for mirroring and metro-DR) - volUUID: UUID need to be reserved instead of auto-generating one (this is useful for mirroring and metro-DR)
- owner: the owner of the volume (optional) - owner: the owner of the volume (optional)
- backingSnapshotID: ID of the snapshot on which the CephFS snapshot-backed volume is based (optional) - backingSnapshotID: ID of the snapshot on which the CephFS snapshot-backed volume is based (optional)
@ -544,6 +559,7 @@ func (conn *Connection) ReserveName(ctx context.Context,
imagePool string, imagePoolID int64, imagePool string, imagePoolID int64,
reqName, namePrefix, parentName, kmsConf, volUUID, owner, reqName, namePrefix, parentName, kmsConf, volUUID, owner,
backingSnapshotID string, backingSnapshotID string,
encryptionType util.EncryptionType,
) (string, string, error) { ) (string, string, error) {
// TODO: Take in-arg as ImageAttributes? // TODO: Take in-arg as ImageAttributes?
var ( var (
@ -624,6 +640,7 @@ func (conn *Connection) ReserveName(ctx context.Context,
// Update UUID directory to store encryption values // Update UUID directory to store encryption values
if kmsConf != "" { if kmsConf != "" {
omapValues[cj.encryptKMSKey] = kmsConf omapValues[cj.encryptKMSKey] = kmsConf
omapValues[cj.encryptionType] = util.EncryptionTypeString(encryptionType)
} }
// if owner is passed, set it in the UUID directory too // if owner is passed, set it in the UUID directory too
@ -660,14 +677,15 @@ func (conn *Connection) ReserveName(ctx context.Context,
// ImageAttributes contains all CSI stored image attributes, typically as OMap keys. // ImageAttributes contains all CSI stored image attributes, typically as OMap keys.
type ImageAttributes struct { type ImageAttributes struct {
RequestName string // Contains the request name for the passed in UUID RequestName string // Contains the request name for the passed in UUID
SourceName string // Contains the parent image name for the passed in UUID, if it is a snapshot SourceName string // Contains the parent image name for the passed in UUID, if it is a snapshot
ImageName string // Contains the image or subvolume name for the passed in UUID ImageName string // Contains the image or subvolume name for the passed in UUID
KmsID string // Contains encryption KMS, if it is an encrypted image KmsID string // Contains encryption KMS, if it is an encrypted image
Owner string // Contains the owner to be used in combination with KmsID (for some KMS) EncryptionType util.EncryptionType // Type of encryption used, if image encrypted
ImageID string // Contains the image id Owner string // Contains the owner to be used in combination with KmsID (for some KMS)
JournalPoolID int64 // Pool ID of the CSI journal pool, stored in big endian format (on-disk data) ImageID string // Contains the image id
BackingSnapshotID string // ID of the snapshot on which the CephFS snapshot-backed volume is based JournalPoolID int64 // Pool ID of the CSI journal pool, stored in big endian format (on-disk data)
BackingSnapshotID string // ID of the snapshot on which the CephFS snapshot-backed volume is based
} }
// GetImageAttributes fetches all keys and their values, from a UUID directory, returning ImageAttributes structure. // GetImageAttributes fetches all keys and their values, from a UUID directory, returning ImageAttributes structure.
@ -692,6 +710,7 @@ func (conn *Connection) GetImageAttributes(
cj.csiNameKey, cj.csiNameKey,
cj.csiImageKey, cj.csiImageKey,
cj.encryptKMSKey, cj.encryptKMSKey,
cj.encryptionType,
cj.csiJournalPool, cj.csiJournalPool,
cj.cephSnapSourceKey, cj.cephSnapSourceKey,
cj.csiImageIDKey, cj.csiImageIDKey,
@ -711,6 +730,7 @@ func (conn *Connection) GetImageAttributes(
var found bool var found bool
imageAttributes.RequestName = values[cj.csiNameKey] imageAttributes.RequestName = values[cj.csiNameKey]
imageAttributes.KmsID = values[cj.encryptKMSKey] imageAttributes.KmsID = values[cj.encryptKMSKey]
imageAttributes.EncryptionType = util.ParseEncryptionType(values[cj.encryptionType])
imageAttributes.Owner = values[cj.ownerKey] imageAttributes.Owner = values[cj.ownerKey]
imageAttributes.ImageID = values[cj.csiImageIDKey] imageAttributes.ImageID = values[cj.csiImageIDKey]
imageAttributes.BackingSnapshotID = values[cj.backingSnapshotIDKey] imageAttributes.BackingSnapshotID = values[cj.backingSnapshotIDKey]