rbd: Unexport IntegratedDEK struct from kms

This commit unexport IntegratedDEK struct from KMS
implementation

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
Humble Chirammal 2022-01-24 18:27:54 +05:30 committed by mergify[bot]
parent 6141aabcd2
commit 3f18d6e4b4
4 changed files with 13 additions and 13 deletions

View File

@ -359,20 +359,20 @@ type DEKStore interface {
RemoveDEK(volumeID string) error RemoveDEK(volumeID string) error
} }
// IntegratedDEK is a DEKStore that can not be configured. Either the KMS does // integratedDEK is a DEKStore that can not be configured. Either the KMS does
// not use a DEK, or the DEK is stored in the KMS without additional // not use a DEK, or the DEK is stored in the KMS without additional
// configuration options. // configuration options.
type IntegratedDEK struct{} type integratedDEK struct{}
func (i IntegratedDEK) RequiresDEKStore() DEKStoreType { func (i integratedDEK) RequiresDEKStore() DEKStoreType {
return DEKStoreIntegrated return DEKStoreIntegrated
} }
func (i IntegratedDEK) EncryptDEK(volumeID, plainDEK string) (string, error) { func (i integratedDEK) EncryptDEK(volumeID, plainDEK string) (string, error) {
return plainDEK, nil return plainDEK, nil
} }
func (i IntegratedDEK) DecryptDEK(volumeID, encyptedDEK string) (string, error) { func (i integratedDEK) DecryptDEK(volumeID, encyptedDEK string) (string, error) {
return encyptedDEK, nil return encyptedDEK, nil
} }

View File

@ -50,7 +50,7 @@ const (
// SecretsKMS is default KMS implementation that means no KMS is in use. // SecretsKMS is default KMS implementation that means no KMS is in use.
type SecretsKMS struct { type SecretsKMS struct {
IntegratedDEK integratedDEK
passphrase string passphrase string
} }

View File

@ -87,9 +87,9 @@ type vaultConnection struct {
vaultDestroyKeys bool vaultDestroyKeys bool
} }
type VaultKMS struct { type vaultKMS struct {
vaultConnection vaultConnection
IntegratedDEK integratedDEK
// vaultPassphrasePath (VPP) used to be added before the "key" of the // vaultPassphrasePath (VPP) used to be added before the "key" of the
// secret (like /v1/secret/data/<VPP>/key) // secret (like /v1/secret/data/<VPP>/key)
@ -329,7 +329,7 @@ var _ = RegisterProvider(Provider{
// InitVaultKMS returns an interface to HashiCorp Vault KMS. // InitVaultKMS returns an interface to HashiCorp Vault KMS.
func initVaultKMS(args ProviderInitArgs) (EncryptionKMS, error) { func initVaultKMS(args ProviderInitArgs) (EncryptionKMS, error) {
kms := &VaultKMS{} kms := &vaultKMS{}
err := kms.initConnection(args.Config) err := kms.initConnection(args.Config)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to initialize Vault connection: %w", err) return nil, fmt.Errorf("failed to initialize Vault connection: %w", err)
@ -392,7 +392,7 @@ func initVaultKMS(args ProviderInitArgs) (EncryptionKMS, error) {
// FetchDEK returns passphrase from Vault. The passphrase is stored in a // FetchDEK returns passphrase from Vault. The passphrase is stored in a
// data.data.passphrase structure. // data.data.passphrase structure.
func (kms *VaultKMS) FetchDEK(key string) (string, error) { func (kms *vaultKMS) FetchDEK(key string) (string, error) {
s, err := kms.secrets.GetSecret(filepath.Join(kms.vaultPassphrasePath, key), kms.keyContext) s, err := kms.secrets.GetSecret(filepath.Join(kms.vaultPassphrasePath, key), kms.keyContext)
if err != nil { if err != nil {
return "", err return "", err
@ -411,7 +411,7 @@ func (kms *VaultKMS) FetchDEK(key string) (string, error) {
} }
// StoreDEK saves new passphrase in Vault. // StoreDEK saves new passphrase in Vault.
func (kms *VaultKMS) StoreDEK(key, value string) error { func (kms *vaultKMS) StoreDEK(key, value string) error {
data := map[string]interface{}{ data := map[string]interface{}{
"data": map[string]string{ "data": map[string]string{
"passphrase": value, "passphrase": value,
@ -428,7 +428,7 @@ func (kms *VaultKMS) StoreDEK(key, value string) error {
} }
// RemoveDEK deletes passphrase from Vault. // RemoveDEK deletes passphrase from Vault.
func (kms *VaultKMS) RemoveDEK(key string) error { func (kms *vaultKMS) RemoveDEK(key string) error {
pathKey := filepath.Join(kms.vaultPassphrasePath, key) pathKey := filepath.Join(kms.vaultPassphrasePath, key)
err := kms.secrets.DeleteSecret(pathKey, kms.getDeleteKeyContext()) err := kms.secrets.DeleteSecret(pathKey, kms.getDeleteKeyContext())
if err != nil { if err != nil {

View File

@ -186,7 +186,7 @@ Example JSON structure in the KMS config is,
*/ */
type vaultTenantConnection struct { type vaultTenantConnection struct {
vaultConnection vaultConnection
IntegratedDEK integratedDEK
client *kubernetes.Clientset client *kubernetes.Clientset