mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 11:00:25 +00:00
util: move getPodNamespace() and getKMSConfigMapName() into its own helpers
These functions can now be re-used easier. The Amazon KMS needs to know the Namespace of the Pod for reading a Secret with more key/values. Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
parent
314fe0e23d
commit
523ac4b975
@ -35,14 +35,15 @@ const (
|
|||||||
// options.
|
// options.
|
||||||
kmsTypeKey = "encryptionKMSType"
|
kmsTypeKey = "encryptionKMSType"
|
||||||
|
|
||||||
// podNamespace ENV should be set in the cephcsi container
|
// podNamespaceEnv ENV should be set in the cephcsi container
|
||||||
podNamespace = "POD_NAMESPACE"
|
podNamespaceEnv = "POD_NAMESPACE"
|
||||||
|
|
||||||
// kmsConfigMapName env to read a ConfigMap by name
|
// kmsConfigMapEnv env to read a ConfigMap by name
|
||||||
kmsConfigMapName = "KMS_CONFIGMAP_NAME"
|
kmsConfigMapEnv = "KMS_CONFIGMAP_NAME"
|
||||||
|
|
||||||
// defaultConfigMapToRead default ConfigMap name to fetch kms connection details
|
// defaultKMSConfigMapName default ConfigMap name to fetch kms
|
||||||
defaultConfigMapToRead = "csi-kms-connection-details"
|
// connection details
|
||||||
|
defaultKMSConfigMapName = "csi-kms-connection-details"
|
||||||
)
|
)
|
||||||
|
|
||||||
// GetKMS returns an instance of Key Management System.
|
// GetKMS returns an instance of Key Management System.
|
||||||
@ -112,19 +113,38 @@ func getKMSConfiguration() (map[string]interface{}, error) {
|
|||||||
return config, nil
|
return config, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// getPodNamespace reads the `podNamespaceEnv` from the environment and returns
|
||||||
|
// its value. In case the namespace can not be detected, an error is returned.
|
||||||
|
func getPodNamespace() (string, error) {
|
||||||
|
ns := os.Getenv(podNamespaceEnv)
|
||||||
|
if ns == "" {
|
||||||
|
return "", fmt.Errorf("%q is not set in the environment",
|
||||||
|
podNamespaceEnv)
|
||||||
|
}
|
||||||
|
|
||||||
|
return ns, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// getKMSConfigMapName reads the `kmsConfigMapEnv` from the environment, or
|
||||||
|
// returns the value of `defaultKMSConfigMapName` if it was not set.
|
||||||
|
func getKMSConfigMapName() string {
|
||||||
|
cmName := os.Getenv(kmsConfigMapEnv)
|
||||||
|
if cmName == "" {
|
||||||
|
cmName = defaultKMSConfigMapName
|
||||||
|
}
|
||||||
|
|
||||||
|
return cmName
|
||||||
|
}
|
||||||
|
|
||||||
// getKMSConfigMap returns the contents of the ConfigMap.
|
// getKMSConfigMap returns the contents of the ConfigMap.
|
||||||
//
|
//
|
||||||
// FIXME: Ceph-CSI should not talk to Kubernetes directly.
|
// FIXME: Ceph-CSI should not talk to Kubernetes directly.
|
||||||
func getKMSConfigMap() (map[string]interface{}, error) {
|
func getKMSConfigMap() (map[string]interface{}, error) {
|
||||||
ns := os.Getenv(podNamespace)
|
ns, err := getPodNamespace()
|
||||||
if ns == "" {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("%q is not set in the environment",
|
return nil, err
|
||||||
podNamespace)
|
|
||||||
}
|
|
||||||
cmName := os.Getenv(kmsConfigMapName)
|
|
||||||
if cmName == "" {
|
|
||||||
cmName = defaultConfigMapToRead
|
|
||||||
}
|
}
|
||||||
|
cmName := getKMSConfigMapName()
|
||||||
|
|
||||||
c := NewK8sClient()
|
c := NewK8sClient()
|
||||||
cm, err := c.CoreV1().ConfigMaps(ns).Get(context.Background(),
|
cm, err := c.CoreV1().ConfigMaps(ns).Get(context.Background(),
|
||||||
@ -244,5 +264,7 @@ func (kf *kmsProviderList) buildKMS(tenant string, config map[string]interface{}
|
|||||||
Tenant: tenant,
|
Tenant: tenant,
|
||||||
Config: config,
|
Config: config,
|
||||||
Secrets: secrets,
|
Secrets: secrets,
|
||||||
|
Namespace: getPodNamespace(),
|
||||||
|
ConfigMap: getKMSConfigMapName(),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user