From ebc56887cdfe425844f30b96a7d8bf604179d5c5 Mon Sep 17 00:00:00 2001 From: Niraj Yadav Date: Fri, 21 Jun 2024 15:49:06 +0530 Subject: [PATCH] rbd: implement pv key rotation This patch implements the EncryptionKeyRotation spec for ceph-csi Signed-off-by: Niraj Yadav --- go.mod | 2 +- go.sum | 4 +- .../csi-addons/rbd/encryptionkeyrotation.go | 101 ++++++ internal/csi-addons/rbd/identity.go | 7 + internal/kms/vault.go | 34 +- internal/kms/vault_test.go | 18 - internal/kms/vault_tokens.go | 18 +- internal/rbd/driver/driver.go | 3 + internal/rbd/encryption.go | 73 ++++ internal/util/crypto.go | 5 + internal/util/cryptsetup.go | 133 ++++++++ internal/util/file/file.go | 54 +++ internal/util/file/file_test.go | 100 ++++++ .../encryptionkeyrotation.pb.go | 317 ++++++++++++++++++ .../encryptionkeyrotation_grpc.pb.go | 116 +++++++ vendor/modules.txt | 3 +- 16 files changed, 930 insertions(+), 58 deletions(-) create mode 100644 internal/csi-addons/rbd/encryptionkeyrotation.go create mode 100644 internal/util/file/file.go create mode 100644 internal/util/file/file_test.go create mode 100644 vendor/github.com/csi-addons/spec/lib/go/encryptionkeyrotation/encryptionkeyrotation.pb.go create mode 100644 vendor/github.com/csi-addons/spec/lib/go/encryptionkeyrotation/encryptionkeyrotation_grpc.pb.go diff --git a/go.mod b/go.mod index 7e469a7cc..de27daf50 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000 github.com/ceph/go-ceph v0.28.0 github.com/container-storage-interface/spec v1.10.0 - github.com/csi-addons/spec v0.2.1-0.20240627093359-0dd74d521e67 + github.com/csi-addons/spec v0.2.1-0.20240718113938-dc98b454ba65 github.com/gemalto/kmip-go v0.0.10 github.com/golang/protobuf v1.5.4 github.com/google/fscrypt v0.3.6-0.20240502174735-068b9f8f5dec diff --git a/go.sum b/go.sum index d10fdbd72..6f3afc0d3 100644 --- a/go.sum +++ b/go.sum @@ -911,8 +911,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/csi-addons/spec v0.2.1-0.20240627093359-0dd74d521e67 h1:UAcAhE1pTkWaFBS0kvhHUcUsoEv5fsieD0tl8psQMCs= -github.com/csi-addons/spec v0.2.1-0.20240627093359-0dd74d521e67/go.mod h1:Mwq4iLiUV4s+K1bszcWU6aMsR5KPsbIYzzszJ6+56vI= +github.com/csi-addons/spec v0.2.1-0.20240718113938-dc98b454ba65 h1:i9JGGQTEmRQXSpQQPR96+DV4D4o+V1+gjAWf+bpxQxk= +github.com/csi-addons/spec v0.2.1-0.20240718113938-dc98b454ba65/go.mod h1:Mwq4iLiUV4s+K1bszcWU6aMsR5KPsbIYzzszJ6+56vI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= diff --git a/internal/csi-addons/rbd/encryptionkeyrotation.go b/internal/csi-addons/rbd/encryptionkeyrotation.go new file mode 100644 index 000000000..42ca620e4 --- /dev/null +++ b/internal/csi-addons/rbd/encryptionkeyrotation.go @@ -0,0 +1,101 @@ +/* +Copyright 2024 The Ceph-CSI Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rbd + +import ( + "context" + "errors" + + csicommon "github.com/ceph/ceph-csi/internal/csi-common" + "github.com/ceph/ceph-csi/internal/rbd" + "github.com/ceph/ceph-csi/internal/util" + "github.com/ceph/ceph-csi/internal/util/log" + + "github.com/container-storage-interface/spec/lib/go/csi" + ekr "github.com/csi-addons/spec/lib/go/encryptionkeyrotation" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" +) + +type EncryptionKeyRotationServer struct { + *ekr.UnimplementedEncryptionKeyRotationControllerServer + volLock *util.VolumeLocks +} + +func NewEncryptionKeyRotationServer(volLock *util.VolumeLocks) *EncryptionKeyRotationServer { + return &EncryptionKeyRotationServer{volLock: volLock} +} + +func (ekrs *EncryptionKeyRotationServer) RegisterService(svc grpc.ServiceRegistrar) { + ekr.RegisterEncryptionKeyRotationControllerServer(svc, ekrs) +} + +func (ekrs *EncryptionKeyRotationServer) EncryptionKeyRotate( + ctx context.Context, + req *ekr.EncryptionKeyRotateRequest, +) (*ekr.EncryptionKeyRotateResponse, error) { + // Get the volume ID from the request + volID := req.GetVolumeId() + if volID == "" { + return nil, status.Error(codes.InvalidArgument, "empty volume ID in request") + } + + // Block key rotation for RWX/ROX volumes + _, isMultiNode := csicommon.IsBlockMultiNode([]*csi.VolumeCapability{req.GetVolumeCapability()}) + if isMultiNode { + return nil, status.Error(codes.Unimplemented, "multi-node key rotation is not supported") + } + + if acquired := ekrs.volLock.TryAcquire(volID); !acquired { + return nil, status.Errorf(codes.Aborted, util.VolumeOperationAlreadyExistsFmt, volID) + } + defer ekrs.volLock.Release(volID) + + // Get the credentials required to authenticate + // against a ceph cluster + creds, err := util.NewUserCredentials(req.GetSecrets()) + if err != nil { + return nil, status.Error(codes.Internal, err.Error()) + } + defer creds.DeleteCredentials() + + rbdVol, err := rbd.GenVolFromVolID(ctx, volID, creds, req.GetSecrets()) + if err != nil { + switch { + case errors.Is(err, rbd.ErrImageNotFound): + err = status.Errorf(codes.NotFound, "volume ID %s not found", volID) + case errors.Is(err, util.ErrPoolNotFound): + log.ErrorLog(ctx, "failed to get backend volume for %s: %v", volID, err) + err = status.Errorf(codes.NotFound, err.Error()) + default: + err = status.Errorf(codes.Internal, err.Error()) + } + + return nil, err + } + defer rbdVol.Destroy(ctx) + + err = rbdVol.RotateEncryptionKey(ctx) + if err != nil { + return nil, status.Errorf( + codes.Internal, "failed to rotate the key for volume with ID %q: %s", volID, err.Error()) + } + + // Success + return &ekr.EncryptionKeyRotateResponse{}, nil +} diff --git a/internal/csi-addons/rbd/identity.go b/internal/csi-addons/rbd/identity.go index 65dc39afe..749d708bd 100644 --- a/internal/csi-addons/rbd/identity.go +++ b/internal/csi-addons/rbd/identity.go @@ -133,6 +133,13 @@ func (is *IdentityServer) GetCapabilities( Type: identity.Capability_ReclaimSpace_ONLINE, }, }, + }, + &identity.Capability{ + Type: &identity.Capability_EncryptionKeyRotation_{ + EncryptionKeyRotation: &identity.Capability_EncryptionKeyRotation{ + Type: identity.Capability_EncryptionKeyRotation_ENCRYPTIONKEYROTATION, + }, + }, }) } diff --git a/internal/kms/vault.go b/internal/kms/vault.go index 8735d93c8..66da402cc 100644 --- a/internal/kms/vault.go +++ b/internal/kms/vault.go @@ -28,6 +28,8 @@ import ( "github.com/hashicorp/vault/api" loss "github.com/libopenstorage/secrets" "github.com/libopenstorage/secrets/vault" + + "github.com/ceph/ceph-csi/internal/util/file" ) const ( @@ -269,10 +271,12 @@ func (vc *vaultConnection) initCertificates(config map[string]interface{}, secre return fmt.Errorf("missing vault CA in secret %s", vaultCAFromSecret) } - vaultConfig[api.EnvVaultCACert], err = createTempFile("vault-ca-cert", []byte(caPEM)) + tf, err := file.CreateTempFile("vault-ca-cert", caPEM) if err != nil { return fmt.Errorf("failed to create temporary file for Vault CA: %w", err) } + vaultConfig[api.EnvVaultCACert] = tf.Name() + // update the existing config for key, value := range vaultConfig { vc.vaultConfig[key] = value @@ -480,31 +484,3 @@ func detectAuthMountPath(path string) (string, error) { return authMountPath, nil } - -// createTempFile writes data to a temporary file that contains the pattern in -// the filename (see os.CreateTemp for details). -func createTempFile(pattern string, data []byte) (string, error) { - t, err := os.CreateTemp("", pattern) - if err != nil { - return "", fmt.Errorf("failed to create temporary file: %w", err) - } - - // delete the tmpfile on error - defer func() { - if err != nil { - // ignore error on failure to remove tmpfile (gosec complains) - _ = os.Remove(t.Name()) - } - }() - - s, err := t.Write(data) - if err != nil || s != len(data) { - return "", fmt.Errorf("failed to write temporary file: %w", err) - } - err = t.Close() - if err != nil { - return "", fmt.Errorf("failed to close temporary file: %w", err) - } - - return t.Name(), nil -} diff --git a/internal/kms/vault_test.go b/internal/kms/vault_test.go index 6a059d815..b1408b3b3 100644 --- a/internal/kms/vault_test.go +++ b/internal/kms/vault_test.go @@ -18,7 +18,6 @@ package kms import ( "errors" - "os" "testing" loss "github.com/libopenstorage/secrets" @@ -44,23 +43,6 @@ func TestDetectAuthMountPath(t *testing.T) { } } -func TestCreateTempFile(t *testing.T) { - t.Parallel() - data := []byte("Hello World!") - tmpfile, err := createTempFile("my-file", data) - if err != nil { - t.Errorf("createTempFile() failed: %s", err) - } - if tmpfile == "" { - t.Errorf("createTempFile() returned an empty filename") - } - - err = os.Remove(tmpfile) - if err != nil { - t.Errorf("failed to remove tmpfile (%s): %s", tmpfile, err) - } -} - func TestSetConfigString(t *testing.T) { t.Parallel() const defaultValue = "default-value" diff --git a/internal/kms/vault_tokens.go b/internal/kms/vault_tokens.go index e6a2d3056..c0fcc431e 100644 --- a/internal/kms/vault_tokens.go +++ b/internal/kms/vault_tokens.go @@ -24,6 +24,7 @@ import ( "os" "strconv" + "github.com/ceph/ceph-csi/internal/util/file" "github.com/ceph/ceph-csi/internal/util/k8s" "github.com/hashicorp/vault/api" @@ -378,10 +379,11 @@ func (vtc *vaultTenantConnection) initCertificates(config map[string]interface{} return fmt.Errorf("failed to get CA certificate from secret %s: %w", vaultCAFromSecret, cErr) } } - vaultConfig[api.EnvVaultCACert], err = createTempFile("vault-ca-cert", []byte(cert)) - if err != nil { - return fmt.Errorf("failed to create temporary file for Vault CA: %w", err) + cer, ferr := file.CreateTempFile("vault-ca-cert", cert) + if ferr != nil { + return fmt.Errorf("failed to create temporary file for Vault CA: %w", ferr) } + vaultConfig[api.EnvVaultCACert] = cer.Name() } vaultClientCertFromSecret := "" // optional @@ -403,10 +405,11 @@ func (vtc *vaultTenantConnection) initCertificates(config map[string]interface{} return fmt.Errorf("failed to get client certificate from secret %s: %w", vaultCAFromSecret, cErr) } } - vaultConfig[api.EnvVaultClientCert], err = createTempFile("vault-ca-cert", []byte(cert)) - if err != nil { - return fmt.Errorf("failed to create temporary file for Vault client certificate: %w", err) + cer, ferr := file.CreateTempFile("vault-ca-cert", cert) + if ferr != nil { + return fmt.Errorf("failed to create temporary file for Vault client certificate: %w", ferr) } + vaultConfig[api.EnvVaultClientCert] = cer.Name() } vaultClientCertKeyFromSecret := "" // optional @@ -432,10 +435,11 @@ func (vtc *vaultTenantConnection) initCertificates(config map[string]interface{} return fmt.Errorf("failed to get client certificate key from secret %s: %w", vaultCAFromSecret, err) } } - vaultConfig[api.EnvVaultClientKey], err = createTempFile("vault-client-cert-key", []byte(certKey)) + ckey, err := file.CreateTempFile("vault-client-cert-key", certKey) if err != nil { return fmt.Errorf("failed to create temporary file for Vault client cert key: %w", err) } + vaultConfig[api.EnvVaultClientKey] = ckey.Name() } for key, value := range vaultConfig { diff --git a/internal/rbd/driver/driver.go b/internal/rbd/driver/driver.go index a8bea2e15..e68288428 100644 --- a/internal/rbd/driver/driver.go +++ b/internal/rbd/driver/driver.go @@ -229,6 +229,9 @@ func (r *Driver) setupCSIAddonsServer(conf *util.Config) error { if conf.IsNodeServer { rs := casrbd.NewReclaimSpaceNodeServer() r.cas.RegisterService(rs) + + ekr := casrbd.NewEncryptionKeyRotationServer(r.ns.VolumeLocks) + r.cas.RegisterService(ekr) } // start the server, this does not block, it runs a new go-routine diff --git a/internal/rbd/encryption.go b/internal/rbd/encryption.go index 015c1e564..9cb87cb5d 100644 --- a/internal/rbd/encryption.go +++ b/internal/rbd/encryption.go @@ -63,6 +63,10 @@ const ( // user did not specify an "encryptionType", but set // "encryption": true. rbdDefaultEncryptionType = util.EncryptionTypeBlock + + // Luks slots. + luksSlot0 = "0" + luksSlot1 = "1" ) // checkRbdImageEncrypted verifies if rbd image was encrypted when created. @@ -437,3 +441,72 @@ func (ri *rbdImage) RemoveDEK(ctx context.Context, volumeID string) error { return nil } + +// GetEncryptionPassphraseSize returns the value of `encryptionPassphraseSize`. +func GetEncryptionPassphraseSize() int { + return encryptionPassphraseSize +} + +// RotateEncryptionKey processes the key rotation for the RBD Volume. +func (rv *rbdVolume) RotateEncryptionKey(ctx context.Context) error { + if !rv.isBlockEncrypted() { + return errors.New("key rotation unsupported for non block encrypted device") + } + + // Verify that the underlying device has been setup for encryption + currState, err := rv.checkRbdImageEncrypted(ctx) + if err != nil { + return fmt.Errorf("failed to check encryption state: %w", err) + } + + if currState != rbdImageEncrypted { + return errors.New("key rotation not supported for unencrypted device") + } + + // Get the device path for the underlying image + useNbd := rv.Mounter == rbdNbdMounter && hasNBD + devicePath, found := waitForPath(ctx, rv.Pool, rv.RadosNamespace, rv.RbdImageName, 1, useNbd) + if !found { + return fmt.Errorf("failed to get the device path for %q: %w", rv, err) + } + + // Step 1: Get the current passphrase + oldPassphrase, err := rv.blockEncryption.GetCryptoPassphrase(ctx, rv.VolID) + if err != nil { + return fmt.Errorf("failed to fetch the current passphrase for %q: %w", rv, err) + } + + // Step 2: Add current key to slot 1 + err = util.LuksAddKey(devicePath, oldPassphrase, oldPassphrase, luksSlot1) + if err != nil { + return fmt.Errorf("failed to add curr key to luksSlot1: %w", err) + } + + // Step 3: Generate new key and add it to slot 0 + newPassphrase, err := rv.blockEncryption.GetNewCryptoPassphrase( + GetEncryptionPassphraseSize()) + if err != nil { + return fmt.Errorf("failed to generate a new passphrase: %w", err) + } + + err = util.LuksAddKey(devicePath, oldPassphrase, newPassphrase, luksSlot0) + if err != nil { + return fmt.Errorf("failed to add the new key to luksSlot0: %w", err) + } + + // Step 4: Add the new key to KMS + err = rv.blockEncryption.StoreCryptoPassphrase(ctx, rv.VolID, newPassphrase) + if err != nil { + return fmt.Errorf("failed to update the new key into the KMS: %w", err) + } + + // Step 5: Remove the old key from slot 1 + // We use the newPassphrase to authenticate LUKS here + err = util.LuksRemoveKey(devicePath, newPassphrase, luksSlot1) + if err != nil { + return fmt.Errorf("failed to remove the backup key from luksSlot1: %w", err) + } + + // Return error accordingly. + return nil +} diff --git a/internal/util/crypto.go b/internal/util/crypto.go index 989788cc8..995c8282f 100644 --- a/internal/util/crypto.go +++ b/internal/util/crypto.go @@ -237,6 +237,11 @@ func (ve *VolumeEncryption) GetCryptoPassphrase(ctx context.Context, volumeID st return ve.KMS.DecryptDEK(ctx, volumeID, passphrase) } +// GetNewCryptoPassphrase returns a random passphrase of given length. +func (ve *VolumeEncryption) GetNewCryptoPassphrase(length int) (string, error) { + return generateNewEncryptionPassphrase(length) +} + // generateNewEncryptionPassphrase generates a random passphrase for encryption. func generateNewEncryptionPassphrase(length int) (string, error) { bytesPassphrase := make([]byte, length) diff --git a/internal/util/cryptsetup.go b/internal/util/cryptsetup.go index e5669b425..06e2028f3 100644 --- a/internal/util/cryptsetup.go +++ b/internal/util/cryptsetup.go @@ -19,9 +19,13 @@ package util import ( "bytes" "fmt" + "os" "os/exec" "strconv" "strings" + + "github.com/ceph/ceph-csi/internal/util/file" + "github.com/ceph/ceph-csi/internal/util/log" ) // Limit memory used by Argon2i PBKDF to 32 MiB. @@ -66,6 +70,135 @@ func LuksStatus(mapperFile string) (string, string, error) { return execCryptsetupCommand(nil, "status", mapperFile) } +// LuksAddKey adds a new key to the specified slot. +func LuksAddKey(devicePath, passphrase, newPassphrase, slot string) error { + passFile, err := file.CreateTempFile("luks-", passphrase) + if err != nil { + return err + } + defer os.Remove(passFile.Name()) + + newPassFile, err := file.CreateTempFile("luks-", newPassphrase) + if err != nil { + return err + } + defer os.Remove(newPassFile.Name()) + + _, stderr, err := execCryptsetupCommand( + nil, + "--verbose", + "--key-file="+passFile.Name(), + "--key-slot="+slot, + "luksAddKey", + devicePath, + newPassFile.Name(), + ) + + // Return early if no error to save us some time + if err == nil { + return nil + } + + // Possible scenarios + // 1. The provided passphrase to unlock the disk is wrong + // 2. The key slot is already in use + // If so, check if the key we want to add to the slot is already there + // If not, remove it and then add the new key to the slot + if strings.Contains(stderr, fmt.Sprintf("Key slot %s is full", slot)) { + // The given slot already has a key + // Check if it is the one that we want to update with + exists, fErr := LuksVerifyKey(devicePath, newPassphrase, slot) + if fErr != nil { + return fErr + } + + // Verification passed, return early + if exists { + return nil + } + + // Else, we remove the key from the given slot and add the new one + // Note: we use existing passphrase here as we are not yet sure if + // the newPassphrase is present in the headers + fErr = LuksRemoveKey(devicePath, passphrase, slot) + if fErr != nil { + return fErr + } + + // Now the slot is free, add the new key to it + fErr = LuksAddKey(devicePath, passphrase, newPassphrase, slot) + if fErr != nil { + return fErr + } + + // No errors, we good. + return nil + } + + // The existing passphrase is wrong and the slot is empty + return err +} + +// LuksRemoveKey removes the key by killing the specified slot. +func LuksRemoveKey(devicePath, passphrase, slot string) error { + keyFile, err := file.CreateTempFile("luks-", passphrase) + if err != nil { + return err + } + defer os.Remove(keyFile.Name()) + + _, stderr, err := execCryptsetupCommand( + nil, + "--verbose", + "--key-file="+keyFile.Name(), + "luksKillSlot", + devicePath, + slot, + ) + if err != nil { + // If a slot is not active, don't treat that as an error + if !strings.Contains(stderr, fmt.Sprintf("Keyslot %s is not active.", slot)) { + return fmt.Errorf("failed to kill slot %s for device %s: %w", slot, devicePath, err) + } + } + + return nil +} + +// LuksVerifyKey verifies that a key exists in a given slot. +func LuksVerifyKey(devicePath, passphrase, slot string) (bool, error) { + // Create a temp file that we will use to open the device + keyFile, err := file.CreateTempFile("luks-", passphrase) + if err != nil { + return false, err + } + defer os.Remove(keyFile.Name()) + + _, stderr, err := execCryptsetupCommand( + nil, + "--verbose", + "--key-file="+keyFile.Name(), + "--key-slot="+slot, + "luksChangeKey", + devicePath, + keyFile.Name(), + ) + if err != nil { + // If the passphrase doesn't match the key in given slot + if strings.Contains(stderr, "No key available with this passphrase.") { + // No match, no error + return false, nil + } + + // Otherwise it was something else, return the wrapped error + log.ErrorLogMsg("failed to verify key in slot %s. stderr: %s. err: %v", slot, stderr, err) + + return false, fmt.Errorf("failed to verify key in slot %s for device %s: %w", slot, devicePath, err) + } + + return true, nil +} + func execCryptsetupCommand(stdin *string, args ...string) (string, string, error) { var ( program = "cryptsetup" diff --git a/internal/util/file/file.go b/internal/util/file/file.go new file mode 100644 index 000000000..2f32b8822 --- /dev/null +++ b/internal/util/file/file.go @@ -0,0 +1,54 @@ +/* +Copyright 2024 The Ceph-CSI Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package file + +import ( + "fmt" + "os" +) + +// CreateTempFile create a temporary file with the given string +// content and returns the reference to the file. +// The caller is responsible for disposing the file. +func CreateTempFile(prefix, contents string) (*os.File, error) { + // Create a temp file + file, err := os.CreateTemp("", prefix) + if err != nil { + return nil, fmt.Errorf("failed to create temporary file: %w", err) + } + + // In case of error, remove the file if it was created + defer func() { + if err != nil { + _ = os.Remove(file.Name()) + } + }() + + // Write the contents + var c int + c, err = file.WriteString(contents) + if err != nil || c != len(contents) { + return nil, fmt.Errorf("failed to write temporary file: %w", err) + } + + // Close the handle + if err = file.Close(); err != nil { + return nil, fmt.Errorf("failed to close temporary file: %w", err) + } + + return file, nil +} diff --git a/internal/util/file/file_test.go b/internal/util/file/file_test.go new file mode 100644 index 000000000..9daf142f4 --- /dev/null +++ b/internal/util/file/file_test.go @@ -0,0 +1,100 @@ +/* +Copyright 2024 The Ceph-CSI Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package file + +import ( + "os" + "testing" +) + +func TestCreateTempFile_WithValidContent(t *testing.T) { + t.Parallel() + + content := "Valid Content" + + file, err := CreateTempFile("test-", content) + if err != nil { + t.Fatalf("Unexpected error: %v", err) + } + defer func() { + err = os.Remove(file.Name()) + if err != nil { + t.Fatalf("Unexpected error: %v", err) + } + }() + + readContent, err := os.ReadFile(file.Name()) + if err != nil { + t.Fatalf("Unexpected error: %v", err) + } + + if string(readContent) != content { + t.Fatalf("Content mismatch: got %v, want %v", string(readContent), content) + } +} + +func TestCreateTempFile_WithEmptyContent(t *testing.T) { + t.Parallel() + + content := "" + + file, err := CreateTempFile("test-", content) + if err != nil { + t.Fatalf("Unexpected error: %v", err) + } + defer func() { + err = os.Remove(file.Name()) + if err != nil { + t.Fatalf("Unexpected error: %v", err) + } + }() + + readContent, err := os.ReadFile(file.Name()) + if err != nil { + t.Fatalf("Unexpected error: %v", err) + } + + if string(readContent) != content { + t.Fatalf("Content mismatch: got %v, want %v", string(readContent), content) + } +} + +func TestCreateTempFile_WithLargeContent(t *testing.T) { + t.Parallel() + + content := string(make([]byte, 1<<20)) + + file, err := CreateTempFile("test-", content) + if err != nil { + t.Fatalf("Unexpected error: %v", err) + } + defer func() { + err = os.Remove(file.Name()) + if err != nil { + t.Fatalf("Unexpected error: %v", err) + } + }() + + readContent, err := os.ReadFile(file.Name()) + if err != nil { + t.Fatalf("Unexpected error: %v", err) + } + + if string(readContent) != content { + t.Fatalf("Content mismatch: got %v, want %v", string(readContent), content) + } +} diff --git a/vendor/github.com/csi-addons/spec/lib/go/encryptionkeyrotation/encryptionkeyrotation.pb.go b/vendor/github.com/csi-addons/spec/lib/go/encryptionkeyrotation/encryptionkeyrotation.pb.go new file mode 100644 index 000000000..d060d4a75 --- /dev/null +++ b/vendor/github.com/csi-addons/spec/lib/go/encryptionkeyrotation/encryptionkeyrotation.pb.go @@ -0,0 +1,317 @@ +// Code generated by make; DO NOT EDIT. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.20.2 +// source: encryptionkeyrotation/encryptionkeyrotation.proto + +package encryptionkeyrotation + +import ( + csi "github.com/container-storage-interface/spec/lib/go/csi" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + _ "google.golang.org/protobuf/types/descriptorpb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// EncryptionKeyRotateRequest contains the information needed to identify +// the volume by the SP and access any backend services so that the key can be +// rotated. +type EncryptionKeyRotateRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The ID of the volume for which the key is to be rotated. + // This field is required + VolumeId string `protobuf:"bytes,1,opt,name=volume_id,json=volumeId,proto3" json:"volume_id,omitempty"` + // The path where the volume is available. + // This field is OPTIONAL + // Useful if you are implementing the RPC on CSI Driver NodePlugin + VolumePath string `protobuf:"bytes,2,opt,name=volume_path,json=volumePath,proto3" json:"volume_path,omitempty"` + // Provide the encryption key to be set + // This field is OPTIONAL + EncryptionKey string `protobuf:"bytes,3,opt,name=encryption_key,json=encryptionKey,proto3" json:"encryption_key,omitempty"` + // Plugin specific parameters passed in as opaque key-value pairs. + Parameters map[string]string `protobuf:"bytes,4,rep,name=parameters,proto3" json:"parameters,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Secrets required by the plugin to complete the request. + Secrets map[string]string `protobuf:"bytes,5,rep,name=secrets,proto3" json:"secrets,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Volume capability describing how the CO intends to use this volume. + // This allows SP to determine if volume is being used as a block + // device or mounted file system. This is OPTIONAL. + VolumeCapability *csi.VolumeCapability `protobuf:"bytes,6,opt,name=volume_capability,json=volumeCapability,proto3" json:"volume_capability,omitempty"` +} + +func (x *EncryptionKeyRotateRequest) Reset() { + *x = EncryptionKeyRotateRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EncryptionKeyRotateRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EncryptionKeyRotateRequest) ProtoMessage() {} + +func (x *EncryptionKeyRotateRequest) ProtoReflect() protoreflect.Message { + mi := &file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EncryptionKeyRotateRequest.ProtoReflect.Descriptor instead. +func (*EncryptionKeyRotateRequest) Descriptor() ([]byte, []int) { + return file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescGZIP(), []int{0} +} + +func (x *EncryptionKeyRotateRequest) GetVolumeId() string { + if x != nil { + return x.VolumeId + } + return "" +} + +func (x *EncryptionKeyRotateRequest) GetVolumePath() string { + if x != nil { + return x.VolumePath + } + return "" +} + +func (x *EncryptionKeyRotateRequest) GetEncryptionKey() string { + if x != nil { + return x.EncryptionKey + } + return "" +} + +func (x *EncryptionKeyRotateRequest) GetParameters() map[string]string { + if x != nil { + return x.Parameters + } + return nil +} + +func (x *EncryptionKeyRotateRequest) GetSecrets() map[string]string { + if x != nil { + return x.Secrets + } + return nil +} + +func (x *EncryptionKeyRotateRequest) GetVolumeCapability() *csi.VolumeCapability { + if x != nil { + return x.VolumeCapability + } + return nil +} + +// EncryptionKeyRotateResponse holds the information about the result of the +// EncryptionKeyRotateRequest call. +type EncryptionKeyRotateResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *EncryptionKeyRotateResponse) Reset() { + *x = EncryptionKeyRotateResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EncryptionKeyRotateResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EncryptionKeyRotateResponse) ProtoMessage() {} + +func (x *EncryptionKeyRotateResponse) ProtoReflect() protoreflect.Message { + mi := &file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EncryptionKeyRotateResponse.ProtoReflect.Descriptor instead. +func (*EncryptionKeyRotateResponse) Descriptor() ([]byte, []int) { + return file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescGZIP(), []int{1} +} + +var File_encryptionkeyrotation_encryptionkeyrotation_proto protoreflect.FileDescriptor + +var file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDesc = []byte{ + 0x0a, 0x31, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, + 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, + 0x65, 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x40, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, + 0x2d, 0x73, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x2d, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, + 0x63, 0x65, 0x2f, 0x73, 0x70, 0x65, 0x63, 0x2f, 0x6c, 0x69, 0x62, 0x2f, 0x67, 0x6f, 0x2f, 0x63, + 0x73, 0x69, 0x2f, 0x63, 0x73, 0x69, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, + 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8a, + 0x04, 0x0a, 0x1a, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, + 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b, 0x0a, + 0x09, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x76, 0x6f, + 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0a, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x50, 0x61, 0x74, 0x68, 0x12, 0x2a, 0x0a, 0x0e, 0x65, + 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x42, 0x03, 0x98, 0x42, 0x01, 0x52, 0x0d, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x12, 0x61, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, + 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x65, 0x6e, + 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, + 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x50, + 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, + 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x5d, 0x0a, 0x07, 0x73, 0x65, + 0x63, 0x72, 0x65, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x65, 0x6e, + 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, + 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x53, + 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x03, 0x98, 0x42, 0x01, + 0x52, 0x07, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x12, 0x45, 0x0a, 0x11, 0x76, 0x6f, 0x6c, + 0x75, 0x6d, 0x65, 0x5f, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x06, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x73, 0x69, 0x2e, 0x76, 0x31, 0x2e, 0x56, 0x6f, + 0x6c, 0x75, 0x6d, 0x65, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x52, 0x10, + 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, + 0x1a, 0x3d, 0x0a, 0x0f, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, + 0x3a, 0x0a, 0x0c, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x1d, 0x0a, 0x1b, 0x45, + 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, + 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xa1, 0x01, 0x0a, 0x1f, 0x45, + 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, 0x7e, + 0x0a, 0x13, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, + 0x6f, 0x74, 0x61, 0x74, 0x65, 0x12, 0x31, 0x2e, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, + 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, + 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x65, 0x6e, 0x63, 0x72, 0x79, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, + 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x39, + 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x73, 0x69, + 0x2d, 0x61, 0x64, 0x64, 0x6f, 0x6e, 0x73, 0x2f, 0x73, 0x70, 0x65, 0x63, 0x2f, 0x6c, 0x69, 0x62, + 0x2f, 0x67, 0x6f, 0x2f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, + 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, +} + +var ( + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescOnce sync.Once + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescData = file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDesc +) + +func file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescGZIP() []byte { + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescOnce.Do(func() { + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescData = protoimpl.X.CompressGZIP(file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescData) + }) + return file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescData +} + +var file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_encryptionkeyrotation_encryptionkeyrotation_proto_goTypes = []interface{}{ + (*EncryptionKeyRotateRequest)(nil), // 0: encryptionkeyrotation.EncryptionKeyRotateRequest + (*EncryptionKeyRotateResponse)(nil), // 1: encryptionkeyrotation.EncryptionKeyRotateResponse + nil, // 2: encryptionkeyrotation.EncryptionKeyRotateRequest.ParametersEntry + nil, // 3: encryptionkeyrotation.EncryptionKeyRotateRequest.SecretsEntry + (*csi.VolumeCapability)(nil), // 4: csi.v1.VolumeCapability +} +var file_encryptionkeyrotation_encryptionkeyrotation_proto_depIdxs = []int32{ + 2, // 0: encryptionkeyrotation.EncryptionKeyRotateRequest.parameters:type_name -> encryptionkeyrotation.EncryptionKeyRotateRequest.ParametersEntry + 3, // 1: encryptionkeyrotation.EncryptionKeyRotateRequest.secrets:type_name -> encryptionkeyrotation.EncryptionKeyRotateRequest.SecretsEntry + 4, // 2: encryptionkeyrotation.EncryptionKeyRotateRequest.volume_capability:type_name -> csi.v1.VolumeCapability + 0, // 3: encryptionkeyrotation.EncryptionKeyRotationController.EncryptionKeyRotate:input_type -> encryptionkeyrotation.EncryptionKeyRotateRequest + 1, // 4: encryptionkeyrotation.EncryptionKeyRotationController.EncryptionKeyRotate:output_type -> encryptionkeyrotation.EncryptionKeyRotateResponse + 4, // [4:5] is the sub-list for method output_type + 3, // [3:4] is the sub-list for method input_type + 3, // [3:3] is the sub-list for extension type_name + 3, // [3:3] is the sub-list for extension extendee + 0, // [0:3] is the sub-list for field type_name +} + +func init() { file_encryptionkeyrotation_encryptionkeyrotation_proto_init() } +func file_encryptionkeyrotation_encryptionkeyrotation_proto_init() { + if File_encryptionkeyrotation_encryptionkeyrotation_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EncryptionKeyRotateRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EncryptionKeyRotateResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDesc, + NumEnums: 0, + NumMessages: 4, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_encryptionkeyrotation_encryptionkeyrotation_proto_goTypes, + DependencyIndexes: file_encryptionkeyrotation_encryptionkeyrotation_proto_depIdxs, + MessageInfos: file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes, + }.Build() + File_encryptionkeyrotation_encryptionkeyrotation_proto = out.File + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDesc = nil + file_encryptionkeyrotation_encryptionkeyrotation_proto_goTypes = nil + file_encryptionkeyrotation_encryptionkeyrotation_proto_depIdxs = nil +} diff --git a/vendor/github.com/csi-addons/spec/lib/go/encryptionkeyrotation/encryptionkeyrotation_grpc.pb.go b/vendor/github.com/csi-addons/spec/lib/go/encryptionkeyrotation/encryptionkeyrotation_grpc.pb.go new file mode 100644 index 000000000..63f2afe1b --- /dev/null +++ b/vendor/github.com/csi-addons/spec/lib/go/encryptionkeyrotation/encryptionkeyrotation_grpc.pb.go @@ -0,0 +1,116 @@ +// Code generated by make; DO NOT EDIT. + +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.3.0 +// - protoc v3.20.2 +// source: encryptionkeyrotation/encryptionkeyrotation.proto + +package encryptionkeyrotation + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +const ( + EncryptionKeyRotationController_EncryptionKeyRotate_FullMethodName = "/encryptionkeyrotation.EncryptionKeyRotationController/EncryptionKeyRotate" +) + +// EncryptionKeyRotationControllerClient is the client API for EncryptionKeyRotationController service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type EncryptionKeyRotationControllerClient interface { + // EncryptionKeyRotate is a procedure that is called + // on the CSI ControllerPlugin or NodePlugin + EncryptionKeyRotate(ctx context.Context, in *EncryptionKeyRotateRequest, opts ...grpc.CallOption) (*EncryptionKeyRotateResponse, error) +} + +type encryptionKeyRotationControllerClient struct { + cc grpc.ClientConnInterface +} + +func NewEncryptionKeyRotationControllerClient(cc grpc.ClientConnInterface) EncryptionKeyRotationControllerClient { + return &encryptionKeyRotationControllerClient{cc} +} + +func (c *encryptionKeyRotationControllerClient) EncryptionKeyRotate(ctx context.Context, in *EncryptionKeyRotateRequest, opts ...grpc.CallOption) (*EncryptionKeyRotateResponse, error) { + out := new(EncryptionKeyRotateResponse) + err := c.cc.Invoke(ctx, EncryptionKeyRotationController_EncryptionKeyRotate_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// EncryptionKeyRotationControllerServer is the server API for EncryptionKeyRotationController service. +// All implementations must embed UnimplementedEncryptionKeyRotationControllerServer +// for forward compatibility +type EncryptionKeyRotationControllerServer interface { + // EncryptionKeyRotate is a procedure that is called + // on the CSI ControllerPlugin or NodePlugin + EncryptionKeyRotate(context.Context, *EncryptionKeyRotateRequest) (*EncryptionKeyRotateResponse, error) + mustEmbedUnimplementedEncryptionKeyRotationControllerServer() +} + +// UnimplementedEncryptionKeyRotationControllerServer must be embedded to have forward compatible implementations. +type UnimplementedEncryptionKeyRotationControllerServer struct { +} + +func (UnimplementedEncryptionKeyRotationControllerServer) EncryptionKeyRotate(context.Context, *EncryptionKeyRotateRequest) (*EncryptionKeyRotateResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method EncryptionKeyRotate not implemented") +} +func (UnimplementedEncryptionKeyRotationControllerServer) mustEmbedUnimplementedEncryptionKeyRotationControllerServer() { +} + +// UnsafeEncryptionKeyRotationControllerServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to EncryptionKeyRotationControllerServer will +// result in compilation errors. +type UnsafeEncryptionKeyRotationControllerServer interface { + mustEmbedUnimplementedEncryptionKeyRotationControllerServer() +} + +func RegisterEncryptionKeyRotationControllerServer(s grpc.ServiceRegistrar, srv EncryptionKeyRotationControllerServer) { + s.RegisterService(&EncryptionKeyRotationController_ServiceDesc, srv) +} + +func _EncryptionKeyRotationController_EncryptionKeyRotate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(EncryptionKeyRotateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(EncryptionKeyRotationControllerServer).EncryptionKeyRotate(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: EncryptionKeyRotationController_EncryptionKeyRotate_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(EncryptionKeyRotationControllerServer).EncryptionKeyRotate(ctx, req.(*EncryptionKeyRotateRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// EncryptionKeyRotationController_ServiceDesc is the grpc.ServiceDesc for EncryptionKeyRotationController service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var EncryptionKeyRotationController_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "encryptionkeyrotation.EncryptionKeyRotationController", + HandlerType: (*EncryptionKeyRotationControllerServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "EncryptionKeyRotate", + Handler: _EncryptionKeyRotationController_EncryptionKeyRotate_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "encryptionkeyrotation/encryptionkeyrotation.proto", +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 119aed65e..33d4bebd4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -236,8 +236,9 @@ github.com/coreos/go-semver/semver ## explicit; go 1.12 github.com/coreos/go-systemd/v22/daemon github.com/coreos/go-systemd/v22/journal -# github.com/csi-addons/spec v0.2.1-0.20240627093359-0dd74d521e67 +# github.com/csi-addons/spec v0.2.1-0.20240718113938-dc98b454ba65 ## explicit +github.com/csi-addons/spec/lib/go/encryptionkeyrotation github.com/csi-addons/spec/lib/go/fence github.com/csi-addons/spec/lib/go/identity github.com/csi-addons/spec/lib/go/reclaimspace