mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-26 00:00:23 +00:00
rbd: change the configmap of HPCS/KP key names to reflect the IBM string
considering IBM has different crypto services (ex: SKLM) in place, its good to keep the configmap key names with below format `IBM_KP_...` instead of `KP_..` so that in future, if we add more crypto services from IBM we can keep similar schema specific to that specific service from IBM. Ex: `IBM_SKLM_...` Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
parent
180f0f660f
commit
5aa1e4d225
@ -15,16 +15,16 @@ service from the CSI driver and to make use of the encryption operations:
|
|||||||
* KMS_SERVICE_NAME=[kms_service_name]
|
* KMS_SERVICE_NAME=[kms_service_name]
|
||||||
A unique name for the key management service within the project.
|
A unique name for the key management service within the project.
|
||||||
|
|
||||||
* KP_SERVICE_INSTANCE_ID=[service_instance_id]
|
* IBM_KP_SERVICE_INSTANCE_ID=[service_instance_id]
|
||||||
The Instance ID of the IBM HPCS service, ex: crn:v1:bluemix:public:hs-crypto:us-south:a/5d19cf8b82874c2dab37e397426fbc42:e2ae65ff-954b-453f-b0d7-fc5064c203ce::
|
The Instance ID of the IBM HPCS service, ex: crn:v1:bluemix:public:hs-crypto:us-south:a/5d19cf8b82874c2dab37e397426fbc42:e2ae65ff-954b-453f-b0d7-fc5064c203ce::
|
||||||
|
|
||||||
* KP_SERVICE_API_KEY=[service_api_key]
|
* IBM_KP_SERVICE_API_KEY=[service_api_key]
|
||||||
Ex: 06x6DbTkVQ-qCRmq9cK-p9xOQpU2UwJMcdjnIDdr0g2R
|
Ex: 06x6DbTkVQ-qCRmq9cK-p9xOQpU2UwJMcdjnIDdr0g2R
|
||||||
|
|
||||||
* KP_CUSTOMER_ROOT_KEY=[customer_root_key]
|
* IBM_KP_CUSTOMER_ROOT_KEY=[customer_root_key]
|
||||||
Ex: c7a9aa91-5cb5-48da-a821-e85c27b99d92
|
Ex: c7a9aa91-5cb5-48da-a821-e85c27b99d92
|
||||||
|
|
||||||
* KP_REGION = [region of the key protect service]
|
* IBM_KP_REGION = [region of the key protect service]
|
||||||
Ex: us-south-2
|
Ex: us-south-2
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -57,15 +57,15 @@ data:
|
|||||||
aws-metadata-test: |-
|
aws-metadata-test: |-
|
||||||
{
|
{
|
||||||
"KMS_PROVIDER": "aws-metadata",
|
"KMS_PROVIDER": "aws-metadata",
|
||||||
"KMS_SECRET_NAME": "ceph-csi-aws-credentials",
|
"IBM_KP_SECRET_NAME": "ceph-csi-aws-credentials",
|
||||||
"AWS_REGION": "us-west-2"
|
"AWS_REGION": "us-west-2"
|
||||||
}
|
}
|
||||||
kp-metadata-test: |-
|
kp-metadata-test: |-
|
||||||
{
|
{
|
||||||
"KMS_PROVIDER": "kp-metadata",
|
"KMS_PROVIDER": "kp-metadata",
|
||||||
"KMS_SECRET_NAME": "ceph-csi-kp-credentials",
|
"IBM_KP_SECRET_NAME": "ceph-csi-kp-credentials",
|
||||||
"KP_SERVICE_INSTANCE_ID": "7abef064-01dd-4237-9ea5-8b3890970be3",
|
"IBM_KP_SERVICE_INSTANCE_ID": "7abef064-01dd-4237-9ea5-8b3890970be3",
|
||||||
"KP_REGION": "us-south-2",
|
"IBM_KP_REGION": "us-south-2",
|
||||||
}
|
}
|
||||||
metadata:
|
metadata:
|
||||||
name: csi-kms-connection-details
|
name: csi-kms-connection-details
|
||||||
|
@ -7,7 +7,7 @@ kind: Secret
|
|||||||
metadata:
|
metadata:
|
||||||
name: ceph-csi-kp-credentials
|
name: ceph-csi-kp-credentials
|
||||||
stringData:
|
stringData:
|
||||||
KP_SERVICE_API_KEY: "UhMN3Jko1pCpDPpFV65N8dYANBv5vF97QuNHqXVHmKa0"
|
IBM_KP_SERVICE_API_KEY: "UhMN3Jko1pCpDPpFV65N8dYANBv5vF97QuNHqXVHmKa0"
|
||||||
KP_CUSTOMER_ROOT_KEY: "c7a9aa91-5cb5-48da-a821-e85c27b99d92"
|
IBM_KP_CUSTOMER_ROOT_KEY: "c7a9aa91-5cb5-48da-a821-e85c27b99d92"
|
||||||
KP_SESSION_TOKEN: ""
|
IBM_KP_SESSION_TOKEN: ""
|
||||||
KP_CRK_ARN: ""
|
IBM_KP_CRK_ARN: ""
|
||||||
|
@ -33,7 +33,7 @@ const (
|
|||||||
|
|
||||||
// keyProtectMetadataDefaultSecretsName is the default name of the Kubernetes Secret
|
// keyProtectMetadataDefaultSecretsName is the default name of the Kubernetes Secret
|
||||||
// that contains the credentials to access the Key Protect KMS. The name of
|
// that contains the credentials to access the Key Protect KMS. The name of
|
||||||
// the Secret can be configured by setting the `KMS_SECRET_NAME`
|
// the Secret can be configured by setting the `IBM_KP_SECRET_NAME`
|
||||||
// option.
|
// option.
|
||||||
//
|
//
|
||||||
// #nosec:G101, value not credential, just references token.
|
// #nosec:G101, value not credential, just references token.
|
||||||
@ -43,17 +43,16 @@ const (
|
|||||||
// the credentials to access the Key ProtectKMS.
|
// the credentials to access the Key ProtectKMS.
|
||||||
//
|
//
|
||||||
// #nosec:G101, no hardcoded secret, this is a configuration key.
|
// #nosec:G101, no hardcoded secret, this is a configuration key.
|
||||||
keyProtectSecretNameKey = "KMS_SECRET_NAME"
|
keyProtectSecretNameKey = "IBM_KP_SECRET_NAME"
|
||||||
keyProtectRegionKey = "KP_REGION"
|
keyProtectRegionKey = "IBM_KP_REGION"
|
||||||
|
|
||||||
keyProtectServiceInstanceID = "KP_SERVICE_INSTANCE_ID"
|
keyProtectServiceInstanceID = "IBM_KP_SERVICE_INSTANCE_ID"
|
||||||
// The following options are part of the Kubernetes Secrets.
|
// The following options are part of the Kubernetes Secrets.
|
||||||
// #nosec:G101, no hardcoded secrets, only configuration keys.
|
// #nosec:G101, no hardcoded secrets, only configuration keys.
|
||||||
keyProtectServiceAPIKey = "KP_SERVICE_API_KEY"
|
keyProtectServiceAPIKey = "IBM_KP_SERVICE_API_KEY"
|
||||||
KeyProtectCustomerRootKey = "KP_CUSTOMER_ROOT_KEY"
|
KeyProtectCustomerRootKey = "IBM_KP_CUSTOMER_ROOT_KEY"
|
||||||
|
keyProtectSessionToken = "IBM_KP_SESSION_TOKEN" //nolint:gosec // only configuration key
|
||||||
keyProtectSessionToken = "KP_SESSION_TOKEN"
|
keyProtectCRK = "IBM_KP_CRK_ARN"
|
||||||
keyProtectCRK = "KP_CRK_ARN"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var _ = RegisterProvider(Provider{
|
var _ = RegisterProvider(Provider{
|
||||||
|
Loading…
Reference in New Issue
Block a user