mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 02:50:30 +00:00
rbd: unexport KeyProtect kms struct
At present the KMS structs are exported and ideally we should be able to work without exporting the same. Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
parent
a86121f756
commit
6141aabcd2
@ -79,7 +79,7 @@ func initKeyProtectKMSOld(args ProviderInitArgs) (EncryptionKMS, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// KeyProtectKMS store the KMS connection information retrieved from the kms configmap.
|
// KeyProtectKMS store the KMS connection information retrieved from the kms configmap.
|
||||||
type KeyProtectKMS struct {
|
type keyProtectKMS struct {
|
||||||
// basic options to get the secret
|
// basic options to get the secret
|
||||||
namespace string
|
namespace string
|
||||||
secretName string
|
secretName string
|
||||||
@ -97,7 +97,7 @@ type KeyProtectKMS struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func initKeyProtectKMS(args ProviderInitArgs) (EncryptionKMS, error) {
|
func initKeyProtectKMS(args ProviderInitArgs) (EncryptionKMS, error) {
|
||||||
kms := &KeyProtectKMS{
|
kms := &keyProtectKMS{
|
||||||
namespace: args.Namespace,
|
namespace: args.Namespace,
|
||||||
}
|
}
|
||||||
// required options for further configuration (getting secrets)
|
// required options for further configuration (getting secrets)
|
||||||
@ -164,7 +164,7 @@ func initKeyProtectKMS(args ProviderInitArgs) (EncryptionKMS, error) {
|
|||||||
return kms, nil
|
return kms, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (kms *KeyProtectKMS) getSecrets() (map[string]interface{}, error) {
|
func (kms *keyProtectKMS) getSecrets() (map[string]interface{}, error) {
|
||||||
c, err := k8s.NewK8sClient()
|
c, err := k8s.NewK8sClient()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to connect to Kubernetes to "+
|
return nil, fmt.Errorf("failed to connect to Kubernetes to "+
|
||||||
@ -193,16 +193,16 @@ func (kms *KeyProtectKMS) getSecrets() (map[string]interface{}, error) {
|
|||||||
return config, nil
|
return config, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (kms *KeyProtectKMS) Destroy() {
|
func (kms *keyProtectKMS) Destroy() {
|
||||||
// Nothing to do.
|
// Nothing to do.
|
||||||
}
|
}
|
||||||
|
|
||||||
func (kms *KeyProtectKMS) RequiresDEKStore() DEKStoreType {
|
func (kms *keyProtectKMS) RequiresDEKStore() DEKStoreType {
|
||||||
return DEKStoreMetadata
|
return DEKStoreMetadata
|
||||||
}
|
}
|
||||||
|
|
||||||
func (kms *KeyProtectKMS) getService() error {
|
func (kms *keyProtectKMS) getService() error {
|
||||||
// Use Service API Key and KeyProtect Service Instance ID to create a ClientConfig
|
// Use your Service API Key and your KeyProtect Service Instance ID to create a ClientConfig
|
||||||
cc := kp.ClientConfig{
|
cc := kp.ClientConfig{
|
||||||
BaseURL: kms.baseURL,
|
BaseURL: kms.baseURL,
|
||||||
TokenURL: kms.tokenURL,
|
TokenURL: kms.tokenURL,
|
||||||
@ -221,7 +221,7 @@ func (kms *KeyProtectKMS) getService() error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// EncryptDEK uses the KeyProtect KMS and the configured CRK to encrypt the DEK.
|
// EncryptDEK uses the KeyProtect KMS and the configured CRK to encrypt the DEK.
|
||||||
func (kms *KeyProtectKMS) EncryptDEK(volumeID, plainDEK string) (string, error) {
|
func (kms *keyProtectKMS) EncryptDEK(volumeID, plainDEK string) (string, error) {
|
||||||
if err := kms.getService(); err != nil {
|
if err := kms.getService(); err != nil {
|
||||||
return "", fmt.Errorf("could not get KMS service: %w", err)
|
return "", fmt.Errorf("could not get KMS service: %w", err)
|
||||||
}
|
}
|
||||||
@ -240,7 +240,7 @@ func (kms *KeyProtectKMS) EncryptDEK(volumeID, plainDEK string) (string, error)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// DecryptDEK uses the Key protect KMS and the configured CRK to decrypt the DEK.
|
// DecryptDEK uses the Key protect KMS and the configured CRK to decrypt the DEK.
|
||||||
func (kms *KeyProtectKMS) DecryptDEK(volumeID, encryptedDEK string) (string, error) {
|
func (kms *keyProtectKMS) DecryptDEK(volumeID, encryptedDEK string) (string, error) {
|
||||||
if err := kms.getService(); err != nil {
|
if err := kms.getService(); err != nil {
|
||||||
return "", fmt.Errorf("could not get KMS service: %w", err)
|
return "", fmt.Errorf("could not get KMS service: %w", err)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user