mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 02:50:30 +00:00
rbd: Unexport IntegratedDEK struct from kms
This commit unexport IntegratedDEK struct from KMS implementation Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
parent
6141aabcd2
commit
3f18d6e4b4
@ -359,20 +359,20 @@ type DEKStore interface {
|
||||
RemoveDEK(volumeID string) error
|
||||
}
|
||||
|
||||
// IntegratedDEK is a DEKStore that can not be configured. Either the KMS does
|
||||
// integratedDEK is a DEKStore that can not be configured. Either the KMS does
|
||||
// not use a DEK, or the DEK is stored in the KMS without additional
|
||||
// configuration options.
|
||||
type IntegratedDEK struct{}
|
||||
type integratedDEK struct{}
|
||||
|
||||
func (i IntegratedDEK) RequiresDEKStore() DEKStoreType {
|
||||
func (i integratedDEK) RequiresDEKStore() DEKStoreType {
|
||||
return DEKStoreIntegrated
|
||||
}
|
||||
|
||||
func (i IntegratedDEK) EncryptDEK(volumeID, plainDEK string) (string, error) {
|
||||
func (i integratedDEK) EncryptDEK(volumeID, plainDEK string) (string, error) {
|
||||
return plainDEK, nil
|
||||
}
|
||||
|
||||
func (i IntegratedDEK) DecryptDEK(volumeID, encyptedDEK string) (string, error) {
|
||||
func (i integratedDEK) DecryptDEK(volumeID, encyptedDEK string) (string, error) {
|
||||
return encyptedDEK, nil
|
||||
}
|
||||
|
||||
|
@ -50,7 +50,7 @@ const (
|
||||
|
||||
// SecretsKMS is default KMS implementation that means no KMS is in use.
|
||||
type SecretsKMS struct {
|
||||
IntegratedDEK
|
||||
integratedDEK
|
||||
|
||||
passphrase string
|
||||
}
|
||||
|
@ -87,9 +87,9 @@ type vaultConnection struct {
|
||||
vaultDestroyKeys bool
|
||||
}
|
||||
|
||||
type VaultKMS struct {
|
||||
type vaultKMS struct {
|
||||
vaultConnection
|
||||
IntegratedDEK
|
||||
integratedDEK
|
||||
|
||||
// vaultPassphrasePath (VPP) used to be added before the "key" of the
|
||||
// secret (like /v1/secret/data/<VPP>/key)
|
||||
@ -329,7 +329,7 @@ var _ = RegisterProvider(Provider{
|
||||
|
||||
// InitVaultKMS returns an interface to HashiCorp Vault KMS.
|
||||
func initVaultKMS(args ProviderInitArgs) (EncryptionKMS, error) {
|
||||
kms := &VaultKMS{}
|
||||
kms := &vaultKMS{}
|
||||
err := kms.initConnection(args.Config)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to initialize Vault connection: %w", err)
|
||||
@ -392,7 +392,7 @@ func initVaultKMS(args ProviderInitArgs) (EncryptionKMS, error) {
|
||||
|
||||
// FetchDEK returns passphrase from Vault. The passphrase is stored in a
|
||||
// data.data.passphrase structure.
|
||||
func (kms *VaultKMS) FetchDEK(key string) (string, error) {
|
||||
func (kms *vaultKMS) FetchDEK(key string) (string, error) {
|
||||
s, err := kms.secrets.GetSecret(filepath.Join(kms.vaultPassphrasePath, key), kms.keyContext)
|
||||
if err != nil {
|
||||
return "", err
|
||||
@ -411,7 +411,7 @@ func (kms *VaultKMS) FetchDEK(key string) (string, error) {
|
||||
}
|
||||
|
||||
// StoreDEK saves new passphrase in Vault.
|
||||
func (kms *VaultKMS) StoreDEK(key, value string) error {
|
||||
func (kms *vaultKMS) StoreDEK(key, value string) error {
|
||||
data := map[string]interface{}{
|
||||
"data": map[string]string{
|
||||
"passphrase": value,
|
||||
@ -428,7 +428,7 @@ func (kms *VaultKMS) StoreDEK(key, value string) error {
|
||||
}
|
||||
|
||||
// RemoveDEK deletes passphrase from Vault.
|
||||
func (kms *VaultKMS) RemoveDEK(key string) error {
|
||||
func (kms *vaultKMS) RemoveDEK(key string) error {
|
||||
pathKey := filepath.Join(kms.vaultPassphrasePath, key)
|
||||
err := kms.secrets.DeleteSecret(pathKey, kms.getDeleteKeyContext())
|
||||
if err != nil {
|
||||
|
@ -186,7 +186,7 @@ Example JSON structure in the KMS config is,
|
||||
*/
|
||||
type vaultTenantConnection struct {
|
||||
vaultConnection
|
||||
IntegratedDEK
|
||||
integratedDEK
|
||||
|
||||
client *kubernetes.Clientset
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user