mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-14 18:53:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

rbd: add aws-sts-metdata encryption type

Browse Source 
With Amazon STS and kubernetes cluster is configured with
OIDC identity provider, credentials to access Amazon KMS
can be fetched using oidc-token(serviceaccount token).
Each tenant/namespace needs to create a secret with aws region,
role and CMK ARN.
Ceph-CSI will assume the given role with oidc token and access
aws KMS, with given CMK to encrypt/decrypt DEK which will stored
in the image metdata.

Refer: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html
Resolves: 

Signed-off-by: Rakshith R <rar@redhat.com>
This commit is contained in:
Rakshith R
2022-03-02 16:00:48 +05:30
committed by mergify[bot]
parent 13dcc89ac8
commit 4f0bb2315b
217 changed files with 24757 additions and 72 deletions
charts/ceph-csi-rbd/templates
nodeplugin-daemonset.yamlprovisioner-deployment.yaml
deploy/rbd/kubernetes
csi-rbdplugin-provisioner.yamlcsi-rbdplugin.yaml
docs
deploy-rbd.md
examples/kms/vault
aws-sts-credentials.yamlcsi-kms-connection-details.yamlkms-config.yaml
go.modgo.sum
internal/kms
aws_sts_metadata.goaws_sts_metadata_test.go
vendor
github.com
aws
aws-sdk-go-v2
LICENSE.txtNOTICE.txt
aws
config.gocontext.gocredential_cache.gocredentials.go
defaults
auto.goconfiguration.godefaults.godoc.go
defaultsmode.godoc.goendpoints.goerrors.gofrom_ptr.gogo_module_metadata.gologging.gologging_generate.go
middleware
metadata.gomiddleware.goosname.goosname_go115.gorequest_id.gorequest_id_retriever.gouser_agent.go
protocol
query
array.goencoder.gomap.gomiddleware.goobject.govalue.go
xml
error_utils.go
ratelimit
token_bucket.gotoken_rate_limit.go
request.go
retry
adaptive.goadaptive_ratelimit.goadaptive_token_bucket.godoc.goerrors.gojitter_backoff.gometadata.gomiddleware.goretry.goretryable_error.gostandard.gothrottle_error.gotimeout_error.go
retryer.goruntime.go
signer
internal
v4
cache.goconst.goheader_rules.goheaders.gohmac.gohost.goscope.gotime.goutil.go
v4
middleware.gopresign_middleware.gostream.gov4.go
to_ptr.go
transport
http
client.gocontent_type.goresponse_error.goresponse_error_middleware.gotimeout_read_closer.go
types.goversion.go
internal
configsources
CHANGELOG.mdLICENSE.txtconfig.gogo_module_metadata.go
endpoints
v2
CHANGELOG.mdLICENSE.txtendpoints.gogo_module_metadata.go
rand
rand.go
sdk
interfaces.gotime.go
strings
strings.go
sync
singleflight
LICENSEsingleflight.go
timeconv
duration.go
service
internal
presigned-url
CHANGELOG.mdLICENSE.txtcontext.godoc.gogo_module_metadata.gomiddleware.go
sts
CHANGELOG.mdLICENSE.txtapi_client.goapi_op_AssumeRole.goapi_op_AssumeRoleWithSAML.goapi_op_AssumeRoleWithWebIdentity.goapi_op_DecodeAuthorizationMessage.goapi_op_GetAccessKeyInfo.goapi_op_GetCallerIdentity.goapi_op_GetFederationToken.goapi_op_GetSessionToken.godeserializers.godoc.goendpoints.gogenerated.jsongo_module_metadata.go
internal
endpoints
endpoints.go
serializers.go
types
errors.gotypes.go
validators.go
smithy-go
.gitignore.travis.ymlCHANGELOG.mdCODE_OF_CONDUCT.mdCONTRIBUTING.mdLICENSEMakefileNOTICEREADME.mddoc.godocument.go
document
doc.godocument.goerrors.go
encoding
doc.goencoding.go
httpbinding
encode.goheader.gopath_replace.goquery.gouri.go
xml
array.goconstants.godoc.goelement.goencoder.goerror_utils.goescape.gomap.govalue.goxml_decoder.go
errors.gogo_module_metadata.go
io
byte.godoc.goreader.goringbuffer.go
local-mod-replace.sh
logging
logger.go
middleware
doc.gologging.gometadata.gomiddleware.goordered_group.gostack.gostack_values.gostep_build.gostep_deserialize.gostep_finalize.gostep_initialize.gostep_serialize.go
ptr
doc.gofrom_ptr.gogen_scalars.goto_ptr.go
rand
doc.gorand.gouuid.go
time
time.go
transport
http
checksum_middleware.goclient.godoc.goheaderlist.gohost.go
internal
io
safe.go
md5_checksum.gomiddleware_close_response_body.gomiddleware_content_length.gomiddleware_headers.gomiddleware_http_logging.gomiddleware_metadata.gomiddleware_min_proto.gorequest.goresponse.gotime.gourl.gouser_agent.go
validation.go
google
go-cmp
cmp
compare.goexport_panic.goexport_unsafe.go
internal
diff
debug_disable.godebug_enable.go
flags
toolchain_legacy.gotoolchain_recent.go
value
name.gopointer_purego.gopointer_unsafe.go
path.goreport_reflect.goreport_slices.go
modules.txt

10
vendor/github.com/aws/smithy-go/document.go generated vendored Normal file

@ -0,0 +1,10 @@
package smithy
// Document provides access to loosely structured data in a document-like
// format.
//
// Deprecated: See the github.com/aws/smithy-go/document package.
type Document interface {
UnmarshalDocument(interface{}) error
GetValue() (interface{}, error)
}