util: introduce VolumeEncryption type

Prepare for grouping encryption related functions together. The main rbdVolume object should not be cluttered with KMS or DEK procedures. Signed-off-by: Niels de Vos <ndevos@redhat.com>
2025-06-13 10:33:35 +00:00 · 2021-02-22 16:25:35 +01:00
parent aa52afff09
commit d4076d6216
8 changed files with 61 additions and 39 deletions
--- a/internal/rbd/rbd_util.go
+++ b/internal/rbd/rbd_util.go
@ -98,11 +98,10 @@ type rbdVolume struct {
 	MonValueFromSecret  string `json:"monValueFromSecret"`
 	VolSize             int64  `json:"volSize"`
 	DisableInUseChecks  bool   `json:"disableInUseChecks"`
-	Encrypted           bool
 	readOnly            bool
 	Primary             bool
 	ThickProvision      bool
-	KMS                 util.EncryptionKMS
+	encryption          *util.VolumeEncryption
 	// Owner is the creator (tenant, Kubernetes Namespace) of the volume.
 	Owner     string
 	CreatedAt *timestamp.Timestamp
@ -167,8 +166,8 @@ func (rv *rbdVolume) Destroy() {
 	if rv.conn != nil {
 		rv.conn.Destroy()
 	}
-	if rv.KMS != nil {
-		rv.KMS.Destroy()
+	if rv.isEncrypted() {
+		rv.encryption.Destroy()
 	}
 }

@ -834,8 +833,7 @@ func genVolFromVolID(ctx context.Context, volumeID string, cr *util.Credentials,
 	rbdVol.Owner = imageAttributes.Owner

 	if imageAttributes.KmsID != "" {
-		rbdVol.Encrypted = true
-		rbdVol.KMS, err = util.GetKMS(rbdVol.Owner, imageAttributes.KmsID, secrets)
+		err = rbdVol.setKMS(imageAttributes.KmsID, secrets)
 		if err != nil {
 			return rbdVol, err
 		}
@ -1168,7 +1166,7 @@ func stashRBDImageMetadata(volOptions *rbdVolume, path string) error {
 		Pool:           volOptions.Pool,
 		RadosNamespace: volOptions.RadosNamespace,
 		ImageName:      volOptions.RbdImageName,
-		Encrypted:      volOptions.Encrypted,
+		Encrypted:      volOptions.isEncrypted(),
 		UnmapOptions:   volOptions.UnmapOptions,
 	}