mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 02:50:30 +00:00
rbd: add support for VAULT_SKIP_VERIFY in KMS ConfigMap
When the KMS VaultTokens is configured through a Kubernetens ConfigMap, the `VAULT_SKIP_VERIFY` option was not taken into account. The option maps to the `vaultCAVerify` value in the configuration file, but has the reverse meaning. Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
parent
d480eb4bda
commit
df81022349
@ -62,6 +62,7 @@ type standardVault struct {
|
|||||||
VaultClientCert string `json:"VAULT_CLIENT_CERT"`
|
VaultClientCert string `json:"VAULT_CLIENT_CERT"`
|
||||||
VaultClientKey string `json:"VAULT_CLIENT_KEY"`
|
VaultClientKey string `json:"VAULT_CLIENT_KEY"`
|
||||||
VaultNamespace string `json:"VAULT_NAMESPACE"`
|
VaultNamespace string `json:"VAULT_NAMESPACE"`
|
||||||
|
VaultSkipVerify *bool `json:"VAULT_SKIP_VERIFY"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type vaultTokenConf struct {
|
type vaultTokenConf struct {
|
||||||
@ -73,6 +74,7 @@ type vaultTokenConf struct {
|
|||||||
VaultClientCertFromSecret string `json:"vaultClientCertFromSecret"`
|
VaultClientCertFromSecret string `json:"vaultClientCertFromSecret"`
|
||||||
VaultClientCertKeyFromSecret string `json:"vaultClientCertKeyFromSecret"`
|
VaultClientCertKeyFromSecret string `json:"vaultClientCertKeyFromSecret"`
|
||||||
VaultNamespace string `json:"vaultNamespace"`
|
VaultNamespace string `json:"vaultNamespace"`
|
||||||
|
VaultCAVerify bool `json:"vaultCAVerify"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (v *vaultTokenConf) convertStdVaultToCSIConfig(s *standardVault) {
|
func (v *vaultTokenConf) convertStdVaultToCSIConfig(s *standardVault) {
|
||||||
@ -84,6 +86,13 @@ func (v *vaultTokenConf) convertStdVaultToCSIConfig(s *standardVault) {
|
|||||||
v.VaultClientCertKeyFromSecret = s.VaultClientKey
|
v.VaultClientCertKeyFromSecret = s.VaultClientKey
|
||||||
v.VaultNamespace = s.VaultNamespace
|
v.VaultNamespace = s.VaultNamespace
|
||||||
v.VaultTLSServerName = s.VaultTLSServerName
|
v.VaultTLSServerName = s.VaultTLSServerName
|
||||||
|
|
||||||
|
// by default the CA should get verified, only when VaultSkipVerify is
|
||||||
|
// set, verification should be disabled
|
||||||
|
v.VaultCAVerify = true
|
||||||
|
if s.VaultSkipVerify != nil {
|
||||||
|
v.VaultCAVerify = *s.VaultSkipVerify
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// getVaultConfiguration fetches the vault configuration from the kubernetes
|
// getVaultConfiguration fetches the vault configuration from the kubernetes
|
||||||
|
Loading…
Reference in New Issue
Block a user