mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-10 00:10:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

util: move getPodNamespace() and getKMSConfigMapName() into its own helpers

Browse Source 
These functions can now be re-used easier. The Amazon KMS needs to know
the Namespace of the Pod for reading a Secret with more key/values.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
Niels de Vos 2021-03-24 16:31:26 +01:00 committed by mergify[bot]
parent 314fe0e23d
commit 523ac4b975
1 changed files with 36 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
internal/util/kms.go
View File

@ -35,14 +35,15 @@ const (
// options. // options.
kmsTypeKey = "encryptionKMSType" kmsTypeKey = "encryptionKMSType"
// podNamespace ENV should be set in the cephcsi container // podNamespaceEnv ENV should be set in the cephcsi container
podNamespace = "POD_NAMESPACE" podNamespaceEnv = "POD_NAMESPACE"
// kmsConfigMapName env to read a ConfigMap by name // kmsConfigMapEnv env to read a ConfigMap by name
kmsConfigMapName = "KMS_CONFIGMAP_NAME" kmsConfigMapEnv = "KMS_CONFIGMAP_NAME"
// defaultConfigMapToRead default ConfigMap name to fetch kms connection details // defaultKMSConfigMapName default ConfigMap name to fetch kms
defaultConfigMapToRead = "csi-kms-connection-details" // connection details
defaultKMSConfigMapName = "csi-kms-connection-details"
) )
// GetKMS returns an instance of Key Management System. // GetKMS returns an instance of Key Management System.
@ -112,19 +113,38 @@ func getKMSConfiguration() (map[string]interface{}, error) {
return config, nil return config, nil
} }
// getPodNamespace reads the `podNamespaceEnv` from the environment and returns
// its value. In case the namespace can not be detected, an error is returned.
func getPodNamespace() (string, error) {
ns := os.Getenv(podNamespaceEnv)
if ns == "" {
return "", fmt.Errorf("%q is not set in the environment",
podNamespaceEnv)
}
return ns, nil
}
// getKMSConfigMapName reads the `kmsConfigMapEnv` from the environment, or
// returns the value of `defaultKMSConfigMapName` if it was not set.
func getKMSConfigMapName() string {
cmName := os.Getenv(kmsConfigMapEnv)
if cmName == "" {
cmName = defaultKMSConfigMapName
}
return cmName
}
// getKMSConfigMap returns the contents of the ConfigMap. // getKMSConfigMap returns the contents of the ConfigMap.
// //
// FIXME: Ceph-CSI should not talk to Kubernetes directly. // FIXME: Ceph-CSI should not talk to Kubernetes directly.
func getKMSConfigMap() (map[string]interface{}, error) { func getKMSConfigMap() (map[string]interface{}, error) {
ns := os.Getenv(podNamespace) ns, err := getPodNamespace()
if ns == "" { if err != nil {
return nil, fmt.Errorf("%q is not set in the environment", return nil, err
podNamespace)
}
cmName := os.Getenv(kmsConfigMapName)
if cmName == "" {
cmName = defaultConfigMapToRead
} }
cmName := getKMSConfigMapName()
c := NewK8sClient() c := NewK8sClient()
cm, err := c.CoreV1().ConfigMaps(ns).Get(context.Background(), cm, err := c.CoreV1().ConfigMaps(ns).Get(context.Background(),
@ -244,5 +264,7 @@ func (kf *kmsProviderList) buildKMS(tenant string, config map[string]interface{}
Tenant: tenant, Tenant: tenant,
Config: config, Config: config,
Secrets: secrets, Secrets: secrets,
Namespace: getPodNamespace(),
ConfigMap: getKMSConfigMapName(),
}) })
} }