rbd: unexport aws kms structs

At present the KMS structs are exported and ideally we should be
able to work without exporting the same.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
Humble Chirammal 2022-01-24 18:24:33 +05:30 committed by mergify[bot]
parent a553157b15
commit a86121f756

View File

@ -65,7 +65,7 @@ var _ = RegisterProvider(Provider{
Initializer: initAWSMetadataKMS, Initializer: initAWSMetadataKMS,
}) })
type AWSMetadataKMS struct { type awsMetadataKMS struct {
// basic options to get the secret // basic options to get the secret
namespace string namespace string
secretName string secretName string
@ -79,7 +79,7 @@ type AWSMetadataKMS struct {
} }
func initAWSMetadataKMS(args ProviderInitArgs) (EncryptionKMS, error) { func initAWSMetadataKMS(args ProviderInitArgs) (EncryptionKMS, error) {
kms := &AWSMetadataKMS{ kms := &awsMetadataKMS{
namespace: args.Namespace, namespace: args.Namespace,
} }
@ -124,7 +124,7 @@ func initAWSMetadataKMS(args ProviderInitArgs) (EncryptionKMS, error) {
return kms, nil return kms, nil
} }
func (kms *AWSMetadataKMS) getSecrets() (map[string]interface{}, error) { func (kms *awsMetadataKMS) getSecrets() (map[string]interface{}, error) {
c, err := k8s.NewK8sClient() c, err := k8s.NewK8sClient()
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to connect to Kubernetes to "+ return nil, fmt.Errorf("failed to connect to Kubernetes to "+
@ -153,18 +153,18 @@ func (kms *AWSMetadataKMS) getSecrets() (map[string]interface{}, error) {
return config, nil return config, nil
} }
func (kms *AWSMetadataKMS) Destroy() { func (kms *awsMetadataKMS) Destroy() {
// Nothing to do. // Nothing to do.
} }
// RequiresDEKStore indicates that the DEKs should get stored in the metadata // RequiresDEKStore indicates that the DEKs should get stored in the metadata
// of the volumes. This Amazon KMS provider does not support storing DEKs in // of the volumes. This Amazon KMS provider does not support storing DEKs in
// AWS as that adds additional costs. // AWS as that adds additional costs.
func (kms *AWSMetadataKMS) RequiresDEKStore() DEKStoreType { func (kms *awsMetadataKMS) RequiresDEKStore() DEKStoreType {
return DEKStoreMetadata return DEKStoreMetadata
} }
func (kms *AWSMetadataKMS) getService() (*awsKMS.KMS, error) { func (kms *awsMetadataKMS) getService() (*awsKMS.KMS, error) {
creds := awsCreds.NewStaticCredentials(kms.accessKey, creds := awsCreds.NewStaticCredentials(kms.accessKey,
kms.secretAccessKey, kms.sessionToken) kms.secretAccessKey, kms.sessionToken)
@ -183,7 +183,7 @@ func (kms *AWSMetadataKMS) getService() (*awsKMS.KMS, error) {
} }
// EncryptDEK uses the Amazon KMS and the configured CMK to encrypt the DEK. // EncryptDEK uses the Amazon KMS and the configured CMK to encrypt the DEK.
func (kms *AWSMetadataKMS) EncryptDEK(volumeID, plainDEK string) (string, error) { func (kms *awsMetadataKMS) EncryptDEK(volumeID, plainDEK string) (string, error) {
svc, err := kms.getService() svc, err := kms.getService()
if err != nil { if err != nil {
return "", fmt.Errorf("could not get KMS service: %w", err) return "", fmt.Errorf("could not get KMS service: %w", err)
@ -206,7 +206,7 @@ func (kms *AWSMetadataKMS) EncryptDEK(volumeID, plainDEK string) (string, error)
} }
// DecryptDEK uses the Amazon KMS and the configured CMK to decrypt the DEK. // DecryptDEK uses the Amazon KMS and the configured CMK to decrypt the DEK.
func (kms *AWSMetadataKMS) DecryptDEK(volumeID, encryptedDEK string) (string, error) { func (kms *awsMetadataKMS) DecryptDEK(volumeID, encryptedDEK string) (string, error) {
svc, err := kms.getService() svc, err := kms.getService()
if err != nil { if err != nil {
return "", fmt.Errorf("could not get KMS service: %w", err) return "", fmt.Errorf("could not get KMS service: %w", err)