mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-09 16:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

rbd: unexport KeyProtect kms struct

Browse Source 
At present the KMS structs are exported and ideally we should be
able to work without exporting the same.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
Humble Chirammal 2022-01-24 18:25:42 +05:30 committed by mergify[bot]
parent a86121f756
commit 6141aabcd2
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
internal/kms/keyprotect.go
View File

@ -79,7 +79,7 @@ func initKeyProtectKMSOld(args ProviderInitArgs) (EncryptionKMS, error) {
} }
// KeyProtectKMS store the KMS connection information retrieved from the kms configmap. // KeyProtectKMS store the KMS connection information retrieved from the kms configmap.
type KeyProtectKMS struct { type keyProtectKMS struct {
// basic options to get the secret // basic options to get the secret
namespace string namespace string
secretName string secretName string
@ -97,7 +97,7 @@ type KeyProtectKMS struct {
} }
func initKeyProtectKMS(args ProviderInitArgs) (EncryptionKMS, error) { func initKeyProtectKMS(args ProviderInitArgs) (EncryptionKMS, error) {
kms := &KeyProtectKMS{ kms := &keyProtectKMS{
namespace: args.Namespace, namespace: args.Namespace,
} }
// required options for further configuration (getting secrets) // required options for further configuration (getting secrets)
@ -164,7 +164,7 @@ func initKeyProtectKMS(args ProviderInitArgs) (EncryptionKMS, error) {
return kms, nil return kms, nil
} }
func (kms *KeyProtectKMS) getSecrets() (map[string]interface{}, error) { func (kms *keyProtectKMS) getSecrets() (map[string]interface{}, error) {
c, err := k8s.NewK8sClient() c, err := k8s.NewK8sClient()
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to connect to Kubernetes to "+ return nil, fmt.Errorf("failed to connect to Kubernetes to "+
@ -193,16 +193,16 @@ func (kms *KeyProtectKMS) getSecrets() (map[string]interface{}, error) {
return config, nil return config, nil
} }
func (kms *KeyProtectKMS) Destroy() { func (kms *keyProtectKMS) Destroy() {
// Nothing to do. // Nothing to do.
} }
func (kms *KeyProtectKMS) RequiresDEKStore() DEKStoreType { func (kms *keyProtectKMS) RequiresDEKStore() DEKStoreType {
return DEKStoreMetadata return DEKStoreMetadata
} }
func (kms *KeyProtectKMS) getService() error { func (kms *keyProtectKMS) getService() error {
// Use Service API Key and KeyProtect Service Instance ID to create a ClientConfig // Use your Service API Key and your KeyProtect Service Instance ID to create a ClientConfig
cc := kp.ClientConfig{ cc := kp.ClientConfig{
BaseURL: kms.baseURL, BaseURL: kms.baseURL,
TokenURL: kms.tokenURL, TokenURL: kms.tokenURL,
@ -221,7 +221,7 @@ func (kms *KeyProtectKMS) getService() error {
} }
// EncryptDEK uses the KeyProtect KMS and the configured CRK to encrypt the DEK. // EncryptDEK uses the KeyProtect KMS and the configured CRK to encrypt the DEK.
func (kms *KeyProtectKMS) EncryptDEK(volumeID, plainDEK string) (string, error) { func (kms *keyProtectKMS) EncryptDEK(volumeID, plainDEK string) (string, error) {
if err := kms.getService(); err != nil { if err := kms.getService(); err != nil {
return "", fmt.Errorf("could not get KMS service: %w", err) return "", fmt.Errorf("could not get KMS service: %w", err)
} }
@ -240,7 +240,7 @@ func (kms *KeyProtectKMS) EncryptDEK(volumeID, plainDEK string) (string, error)
} }
// DecryptDEK uses the Key protect KMS and the configured CRK to decrypt the DEK. // DecryptDEK uses the Key protect KMS and the configured CRK to decrypt the DEK.
func (kms *KeyProtectKMS) DecryptDEK(volumeID, encryptedDEK string) (string, error) { func (kms *keyProtectKMS) DecryptDEK(volumeID, encryptedDEK string) (string, error) {
if err := kms.getService(); err != nil { if err := kms.getService(); err != nil {
return "", fmt.Errorf("could not get KMS service: %w", err) return "", fmt.Errorf("could not get KMS service: %w", err)
} }