mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 02:33:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

rbd: extract kmsID from volumeAttributes in RegenerateJournal()

Browse Source 
This commit adds functionality of extracting encryption kmsID,
owner from volumeAttributes in RegenerateJournal() and adds utility
functions ParseEncryptionOpts and FetchEncryptionKMSID.

Signed-off-by: Rakshith R <rar@redhat.com>
This commit is contained in:
Rakshith R
2021-07-16 15:37:56 +05:30
committed by mergify[bot]
parent b960e3633a
commit f05ac2b25d
3 changed files with 53 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
internal/util/crypto.go
View File

@ -23,6 +23,7 @@ import (
"errors"
"fmt"
"path"
"strconv"
"strings"
)
@ -60,6 +61,25 @@ type VolumeEncryption struct {
id string
}
// FetchEncryptionKMSID returns non-empty kmsID if 'encrypted' parameter is evaluated as true.
func FetchEncryptionKMSID(encrypted, kmsID string) (string, error) {
isEncrypted, err := strconv.ParseBool(encrypted)
if err != nil {
return "", fmt.Errorf(
"invalid value set in 'encrypted': %s (should be \"true\" or \"false\"): %w",
encrypted, err)
}
if !isEncrypted {
return "", nil
}
if kmsID == "" {
kmsID = defaultKMSType
}
return kmsID, nil
}
// NewVolumeEncryption creates a new instance of VolumeEncryption and
// configures the DEKStore. If the KMS does not provide a DEKStore interface,
// the VolumeEncryption will be created *and* a ErrDEKStoreNeeded is returned.