mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-06-13 10:33:35 +00:00
util: move EncryptionType(s) to pkg/util/crypto
Signed-off-by: Niels de Vos <ndevos@ibm.com>
This commit is contained in:
Niels de Vos
committed by
mergify[bot]
mergify[bot]
parent
ac38963cbf
commit
542ed3de63
@ -24,6 +24,8 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/ceph/ceph-csi/pkg/util/crypto"
|
||||
|
||||
kmsapi "github.com/ceph/ceph-csi/internal/kms"
|
||||
"github.com/ceph/ceph-csi/internal/util"
|
||||
"github.com/ceph/ceph-csi/internal/util/cryptsetup"
|
||||
@ -65,7 +67,7 @@ const (
|
||||
// rbdDefaultEncryptionType is the default to use when the
|
||||
// user did not specify an "encryptionType", but set
|
||||
// "encryption": true.
|
||||
rbdDefaultEncryptionType = util.EncryptionTypeBlock
|
||||
rbdDefaultEncryptionType = crypto.EncryptionTypeBlock
|
||||
|
||||
// Luks slots.
|
||||
luksSlot0 = "0"
|
||||
@ -111,12 +113,12 @@ func (ri *rbdImage) isFileEncrypted() bool {
|
||||
}
|
||||
|
||||
func IsFileEncrypted(ctx context.Context, volOptions map[string]string) (bool, error) {
|
||||
_, encType, err := ParseEncryptionOpts(volOptions, util.EncryptionTypeInvalid)
|
||||
_, encType, err := ParseEncryptionOpts(volOptions, crypto.EncryptionTypeInvalid)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
return encType == util.EncryptionTypeFile, nil
|
||||
return encType == crypto.EncryptionTypeFile, nil
|
||||
}
|
||||
|
||||
// setupBlockEncryption configures the metadata of the RBD image for encryption:
|
||||
@ -314,13 +316,13 @@ func (ri *rbdImage) initKMS(ctx context.Context, volOptions, credentials map[str
|
||||
}
|
||||
|
||||
switch encType {
|
||||
case util.EncryptionTypeBlock:
|
||||
case crypto.EncryptionTypeBlock:
|
||||
err = ri.configureBlockEncryption(kmsID, credentials)
|
||||
case util.EncryptionTypeFile:
|
||||
case crypto.EncryptionTypeFile:
|
||||
err = ri.configureFileEncryption(ctx, kmsID, credentials)
|
||||
case util.EncryptionTypeInvalid:
|
||||
case crypto.EncryptionTypeInvalid:
|
||||
return errors.New("invalid encryption type")
|
||||
case util.EncryptionTypeNone:
|
||||
case crypto.EncryptionTypeNone:
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -334,8 +336,8 @@ func (ri *rbdImage) initKMS(ctx context.Context, volOptions, credentials map[str
|
||||
// ParseEncryptionOpts returns kmsID and sets Owner attribute.
|
||||
func ParseEncryptionOpts(
|
||||
volOptions map[string]string,
|
||||
fallbackEncType util.EncryptionType,
|
||||
) (string, util.EncryptionType, error) {
|
||||
fallbackEncType crypto.EncryptionType,
|
||||
) (string, crypto.EncryptionType, error) {
|
||||
var (
|
||||
err error
|
||||
ok bool
|
||||
@ -343,18 +345,18 @@ func ParseEncryptionOpts(
|
||||
)
|
||||
encrypted, ok = volOptions["encrypted"]
|
||||
if !ok {
|
||||
return "", util.EncryptionTypeNone, nil
|
||||
return "", crypto.EncryptionTypeNone, nil
|
||||
}
|
||||
ok, err = strconv.ParseBool(encrypted)
|
||||
if err != nil {
|
||||
return "", util.EncryptionTypeInvalid, err
|
||||
return "", crypto.EncryptionTypeInvalid, err
|
||||
}
|
||||
if !ok {
|
||||
return "", util.EncryptionTypeNone, nil
|
||||
return "", crypto.EncryptionTypeNone, nil
|
||||
}
|
||||
kmsID, err = util.FetchEncryptionKMSID(encrypted, volOptions["encryptionKMSID"])
|
||||
if err != nil {
|
||||
return "", util.EncryptionTypeInvalid, err
|
||||
return "", crypto.EncryptionTypeInvalid, err
|
||||
}
|
||||
|
||||
encType := util.FetchEncryptionType(volOptions, fallbackEncType)
|
||||
|
||||
@ -19,7 +19,7 @@ package rbd
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/ceph/ceph-csi/internal/util"
|
||||
"github.com/ceph/ceph-csi/pkg/util/crypto"
|
||||
)
|
||||
|
||||
func TestParseEncryptionOpts(t *testing.T) {
|
||||
@ -27,9 +27,9 @@ func TestParseEncryptionOpts(t *testing.T) {
|
||||
tests := []struct {
|
||||
testName string
|
||||
volOptions map[string]string
|
||||
fallbackType util.EncryptionType
|
||||
fallbackType crypto.EncryptionType
|
||||
expectedKMS string
|
||||
expectedEnc util.EncryptionType
|
||||
expectedEnc crypto.EncryptionType
|
||||
expectedErr bool
|
||||
}{
|
||||
{
|
||||
@ -37,9 +37,9 @@ func TestParseEncryptionOpts(t *testing.T) {
|
||||
volOptions: map[string]string{
|
||||
"foo": "bar",
|
||||
},
|
||||
fallbackType: util.EncryptionTypeBlock,
|
||||
fallbackType: crypto.EncryptionTypeBlock,
|
||||
expectedKMS: "",
|
||||
expectedEnc: util.EncryptionTypeNone,
|
||||
expectedEnc: crypto.EncryptionTypeNone,
|
||||
expectedErr: false,
|
||||
},
|
||||
{
|
||||
@ -47,9 +47,9 @@ func TestParseEncryptionOpts(t *testing.T) {
|
||||
volOptions: map[string]string{
|
||||
"encrypted": "false",
|
||||
},
|
||||
fallbackType: util.EncryptionTypeBlock,
|
||||
fallbackType: crypto.EncryptionTypeBlock,
|
||||
expectedKMS: "",
|
||||
expectedEnc: util.EncryptionTypeNone,
|
||||
expectedEnc: crypto.EncryptionTypeNone,
|
||||
expectedErr: false,
|
||||
},
|
||||
{
|
||||
@ -57,9 +57,9 @@ func TestParseEncryptionOpts(t *testing.T) {
|
||||
volOptions: map[string]string{
|
||||
"encrypted": "notbool",
|
||||
},
|
||||
fallbackType: util.EncryptionTypeBlock,
|
||||
fallbackType: crypto.EncryptionTypeBlock,
|
||||
expectedKMS: "",
|
||||
expectedEnc: util.EncryptionTypeInvalid,
|
||||
expectedEnc: crypto.EncryptionTypeInvalid,
|
||||
expectedErr: true,
|
||||
},
|
||||
{
|
||||
@ -68,9 +68,9 @@ func TestParseEncryptionOpts(t *testing.T) {
|
||||
"encrypted": "true",
|
||||
"encryptionKMSID": "valid-kms-id",
|
||||
},
|
||||
fallbackType: util.EncryptionTypeBlock,
|
||||
fallbackType: crypto.EncryptionTypeBlock,
|
||||
expectedKMS: "valid-kms-id",
|
||||
expectedEnc: util.EncryptionTypeBlock,
|
||||
expectedEnc: crypto.EncryptionTypeBlock,
|
||||
expectedErr: false,
|
||||
},
|
||||
}
|
||||
|
||||
@ -21,6 +21,8 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"github.com/ceph/ceph-csi/pkg/util/crypto"
|
||||
|
||||
"github.com/ceph/ceph-csi/internal/journal"
|
||||
"github.com/ceph/ceph-csi/internal/util"
|
||||
"github.com/ceph/ceph-csi/internal/util/k8s"
|
||||
@ -91,14 +93,14 @@ func validateRbdVol(rbdVol *rbdVolume) error {
|
||||
return err
|
||||
}
|
||||
|
||||
func getEncryptionConfig(rbdVol *rbdVolume) (string, util.EncryptionType) {
|
||||
func getEncryptionConfig(rbdVol *rbdVolume) (string, crypto.EncryptionType) {
|
||||
switch {
|
||||
case rbdVol.isBlockEncrypted():
|
||||
return rbdVol.blockEncryption.GetID(), util.EncryptionTypeBlock
|
||||
return rbdVol.blockEncryption.GetID(), crypto.EncryptionTypeBlock
|
||||
case rbdVol.isFileEncrypted():
|
||||
return rbdVol.fileEncryption.GetID(), util.EncryptionTypeFile
|
||||
return rbdVol.fileEncryption.GetID(), crypto.EncryptionTypeFile
|
||||
default:
|
||||
return "", util.EncryptionTypeNone
|
||||
return "", crypto.EncryptionTypeNone
|
||||
}
|
||||
}
|
||||
|
||||
@ -145,7 +147,7 @@ func checkSnapCloneExists(
|
||||
defer j.Destroy()
|
||||
|
||||
snapData, err := j.CheckReservation(ctx, rbdSnap.JournalPool,
|
||||
rbdSnap.RequestName, rbdSnap.NamePrefix, rbdSnap.RbdImageName, "", util.EncryptionTypeNone)
|
||||
rbdSnap.RequestName, rbdSnap.NamePrefix, rbdSnap.RbdImageName, "", crypto.EncryptionTypeNone)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
@ -585,7 +587,7 @@ func RegenerateJournal(
|
||||
vi util.CSIIdentifier
|
||||
rbdVol *rbdVolume
|
||||
kmsID string
|
||||
encryptionType util.EncryptionType
|
||||
encryptionType crypto.EncryptionType
|
||||
err error
|
||||
ok bool
|
||||
)
|
||||
|
||||
@ -28,6 +28,8 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/ceph/ceph-csi/pkg/util/crypto"
|
||||
|
||||
"github.com/ceph/ceph-csi/internal/rbd/types"
|
||||
"github.com/ceph/ceph-csi/internal/util"
|
||||
"github.com/ceph/ceph-csi/internal/util/log"
|
||||
@ -1078,14 +1080,14 @@ func genSnapFromSnapID(
|
||||
}
|
||||
}()
|
||||
|
||||
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeBlock {
|
||||
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == crypto.EncryptionTypeBlock {
|
||||
err = rbdSnap.configureBlockEncryption(imageAttributes.KmsID, secrets)
|
||||
if err != nil {
|
||||
return rbdSnap, fmt.Errorf("failed to configure block encryption for "+
|
||||
"%q: %w", rbdSnap, err)
|
||||
}
|
||||
}
|
||||
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeFile {
|
||||
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == crypto.EncryptionTypeFile {
|
||||
err = rbdSnap.configureFileEncryption(ctx, imageAttributes.KmsID, secrets)
|
||||
if err != nil {
|
||||
return rbdSnap, fmt.Errorf("failed to configure file encryption for "+
|
||||
@ -1180,13 +1182,13 @@ func generateVolumeFromVolumeID(
|
||||
rbdVol.ImageID = imageAttributes.ImageID
|
||||
rbdVol.Owner = imageAttributes.Owner
|
||||
|
||||
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeBlock {
|
||||
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == crypto.EncryptionTypeBlock {
|
||||
err = rbdVol.configureBlockEncryption(imageAttributes.KmsID, secrets)
|
||||
if err != nil {
|
||||
return rbdVol, err
|
||||
}
|
||||
}
|
||||
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeFile {
|
||||
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == crypto.EncryptionTypeFile {
|
||||
err = rbdVol.configureFileEncryption(ctx, imageAttributes.KmsID, secrets)
|
||||
if err != nil {
|
||||
return rbdVol, err
|
||||
|
||||
Reference in New Issue
Block a user