mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 02:33:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

util: add EncryptionKMS.Destroy()

Browse Source 
Add a new method to the EncryptionKMS interface so that resources can be
freed when EncryptionKMS instances get freed.

With the move to using the libopenstorage API, a temporary file needs to
store the optional CA certificate. The Destroy() method of the
vaultConnection type now removes this file.

The rbdVolume uses the EncryptionKMS type now, so call the new Destroy()
method from withing rbdVolume.Destroy().

Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
Niels de Vos
2020-12-03 09:25:52 +01:00
committed by mergify[bot]
parent eb1ef69cfb
commit 8f91c672d4
3 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/util/crypto.go
View File

@ -51,6 +51,7 @@ const (
// EncryptionKMS provides external Key Management System for encryption
// passphrases storage.
type EncryptionKMS interface {
Destroy()
GetPassphrase(key string) (string, error)
SavePassphrase(key, value string) error
DeletePassphrase(key string) error
@ -75,6 +76,11 @@ func initSecretsKMS(secrets map[string]string) (EncryptionKMS, error) {
return SecretsKMS{passphrase: passphraseValue}, nil
}
// Destroy frees all used resources.
func (kms SecretsKMS) Destroy() {
// nothing to do
}
// GetPassphrase returns passphrase from Kubernetes secrets.
func (kms SecretsKMS) GetPassphrase(key string) (string, error) {
return kms.passphrase, nil