mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 02:50:30 +00:00
rbd: add support for VAULT_SKIP_VERIFY in KMS ConfigMap
When the KMS VaultTokens is configured through a Kubernetens ConfigMap, the `VAULT_SKIP_VERIFY` option was not taken into account. The option maps to the `vaultCAVerify` value in the configuration file, but has the reverse meaning. Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
parent
d480eb4bda
commit
df81022349
@ -62,6 +62,7 @@ type standardVault struct {
|
||||
VaultClientCert string `json:"VAULT_CLIENT_CERT"`
|
||||
VaultClientKey string `json:"VAULT_CLIENT_KEY"`
|
||||
VaultNamespace string `json:"VAULT_NAMESPACE"`
|
||||
VaultSkipVerify *bool `json:"VAULT_SKIP_VERIFY"`
|
||||
}
|
||||
|
||||
type vaultTokenConf struct {
|
||||
@ -73,6 +74,7 @@ type vaultTokenConf struct {
|
||||
VaultClientCertFromSecret string `json:"vaultClientCertFromSecret"`
|
||||
VaultClientCertKeyFromSecret string `json:"vaultClientCertKeyFromSecret"`
|
||||
VaultNamespace string `json:"vaultNamespace"`
|
||||
VaultCAVerify bool `json:"vaultCAVerify"`
|
||||
}
|
||||
|
||||
func (v *vaultTokenConf) convertStdVaultToCSIConfig(s *standardVault) {
|
||||
@ -84,6 +86,13 @@ func (v *vaultTokenConf) convertStdVaultToCSIConfig(s *standardVault) {
|
||||
v.VaultClientCertKeyFromSecret = s.VaultClientKey
|
||||
v.VaultNamespace = s.VaultNamespace
|
||||
v.VaultTLSServerName = s.VaultTLSServerName
|
||||
|
||||
// by default the CA should get verified, only when VaultSkipVerify is
|
||||
// set, verification should be disabled
|
||||
v.VaultCAVerify = true
|
||||
if s.VaultSkipVerify != nil {
|
||||
v.VaultCAVerify = *s.VaultSkipVerify
|
||||
}
|
||||
}
|
||||
|
||||
// getVaultConfiguration fetches the vault configuration from the kubernetes
|
||||
|
Loading…
Reference in New Issue
Block a user