mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-09 16:00:22 +00:00
rbd: Unexport IntegratedDEK struct from kms
This commit unexport IntegratedDEK struct from KMS implementation Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
parent
6141aabcd2
commit
3f18d6e4b4
@ -359,20 +359,20 @@ type DEKStore interface {
|
|||||||
RemoveDEK(volumeID string) error
|
RemoveDEK(volumeID string) error
|
||||||
}
|
}
|
||||||
|
|
||||||
// IntegratedDEK is a DEKStore that can not be configured. Either the KMS does
|
// integratedDEK is a DEKStore that can not be configured. Either the KMS does
|
||||||
// not use a DEK, or the DEK is stored in the KMS without additional
|
// not use a DEK, or the DEK is stored in the KMS without additional
|
||||||
// configuration options.
|
// configuration options.
|
||||||
type IntegratedDEK struct{}
|
type integratedDEK struct{}
|
||||||
|
|
||||||
func (i IntegratedDEK) RequiresDEKStore() DEKStoreType {
|
func (i integratedDEK) RequiresDEKStore() DEKStoreType {
|
||||||
return DEKStoreIntegrated
|
return DEKStoreIntegrated
|
||||||
}
|
}
|
||||||
|
|
||||||
func (i IntegratedDEK) EncryptDEK(volumeID, plainDEK string) (string, error) {
|
func (i integratedDEK) EncryptDEK(volumeID, plainDEK string) (string, error) {
|
||||||
return plainDEK, nil
|
return plainDEK, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (i IntegratedDEK) DecryptDEK(volumeID, encyptedDEK string) (string, error) {
|
func (i integratedDEK) DecryptDEK(volumeID, encyptedDEK string) (string, error) {
|
||||||
return encyptedDEK, nil
|
return encyptedDEK, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -50,7 +50,7 @@ const (
|
|||||||
|
|
||||||
// SecretsKMS is default KMS implementation that means no KMS is in use.
|
// SecretsKMS is default KMS implementation that means no KMS is in use.
|
||||||
type SecretsKMS struct {
|
type SecretsKMS struct {
|
||||||
IntegratedDEK
|
integratedDEK
|
||||||
|
|
||||||
passphrase string
|
passphrase string
|
||||||
}
|
}
|
||||||
|
@ -87,9 +87,9 @@ type vaultConnection struct {
|
|||||||
vaultDestroyKeys bool
|
vaultDestroyKeys bool
|
||||||
}
|
}
|
||||||
|
|
||||||
type VaultKMS struct {
|
type vaultKMS struct {
|
||||||
vaultConnection
|
vaultConnection
|
||||||
IntegratedDEK
|
integratedDEK
|
||||||
|
|
||||||
// vaultPassphrasePath (VPP) used to be added before the "key" of the
|
// vaultPassphrasePath (VPP) used to be added before the "key" of the
|
||||||
// secret (like /v1/secret/data/<VPP>/key)
|
// secret (like /v1/secret/data/<VPP>/key)
|
||||||
@ -329,7 +329,7 @@ var _ = RegisterProvider(Provider{
|
|||||||
|
|
||||||
// InitVaultKMS returns an interface to HashiCorp Vault KMS.
|
// InitVaultKMS returns an interface to HashiCorp Vault KMS.
|
||||||
func initVaultKMS(args ProviderInitArgs) (EncryptionKMS, error) {
|
func initVaultKMS(args ProviderInitArgs) (EncryptionKMS, error) {
|
||||||
kms := &VaultKMS{}
|
kms := &vaultKMS{}
|
||||||
err := kms.initConnection(args.Config)
|
err := kms.initConnection(args.Config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to initialize Vault connection: %w", err)
|
return nil, fmt.Errorf("failed to initialize Vault connection: %w", err)
|
||||||
@ -392,7 +392,7 @@ func initVaultKMS(args ProviderInitArgs) (EncryptionKMS, error) {
|
|||||||
|
|
||||||
// FetchDEK returns passphrase from Vault. The passphrase is stored in a
|
// FetchDEK returns passphrase from Vault. The passphrase is stored in a
|
||||||
// data.data.passphrase structure.
|
// data.data.passphrase structure.
|
||||||
func (kms *VaultKMS) FetchDEK(key string) (string, error) {
|
func (kms *vaultKMS) FetchDEK(key string) (string, error) {
|
||||||
s, err := kms.secrets.GetSecret(filepath.Join(kms.vaultPassphrasePath, key), kms.keyContext)
|
s, err := kms.secrets.GetSecret(filepath.Join(kms.vaultPassphrasePath, key), kms.keyContext)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
@ -411,7 +411,7 @@ func (kms *VaultKMS) FetchDEK(key string) (string, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// StoreDEK saves new passphrase in Vault.
|
// StoreDEK saves new passphrase in Vault.
|
||||||
func (kms *VaultKMS) StoreDEK(key, value string) error {
|
func (kms *vaultKMS) StoreDEK(key, value string) error {
|
||||||
data := map[string]interface{}{
|
data := map[string]interface{}{
|
||||||
"data": map[string]string{
|
"data": map[string]string{
|
||||||
"passphrase": value,
|
"passphrase": value,
|
||||||
@ -428,7 +428,7 @@ func (kms *VaultKMS) StoreDEK(key, value string) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// RemoveDEK deletes passphrase from Vault.
|
// RemoveDEK deletes passphrase from Vault.
|
||||||
func (kms *VaultKMS) RemoveDEK(key string) error {
|
func (kms *vaultKMS) RemoveDEK(key string) error {
|
||||||
pathKey := filepath.Join(kms.vaultPassphrasePath, key)
|
pathKey := filepath.Join(kms.vaultPassphrasePath, key)
|
||||||
err := kms.secrets.DeleteSecret(pathKey, kms.getDeleteKeyContext())
|
err := kms.secrets.DeleteSecret(pathKey, kms.getDeleteKeyContext())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -186,7 +186,7 @@ Example JSON structure in the KMS config is,
|
|||||||
*/
|
*/
|
||||||
type vaultTenantConnection struct {
|
type vaultTenantConnection struct {
|
||||||
vaultConnection
|
vaultConnection
|
||||||
IntegratedDEK
|
integratedDEK
|
||||||
|
|
||||||
client *kubernetes.Clientset
|
client *kubernetes.Clientset
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user