mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-06-14 10:53:34 +00:00
rebase: update k8s.io packages to v0.29.0
Signed-off-by: Niels de Vos <ndevos@ibm.com>
This commit is contained in:
Niels de Vos
committed by
mergify[bot]
mergify[bot]
parent
328a264202
commit
f080b9e0c9
14
vendor/k8s.io/kms/apis/v2/api.pb.go
generated
vendored
14
vendor/k8s.io/kms/apis/v2/api.pb.go
generated
vendored
@ -71,11 +71,14 @@ func (m *StatusRequest) XXX_DiscardUnknown() {
|
||||
var xxx_messageInfo_StatusRequest proto.InternalMessageInfo
|
||||
|
||||
type StatusResponse struct {
|
||||
// Version of the KMS plugin API. Must match the configured .resources[].providers[].kms.apiVersion
|
||||
// Version of the KMS gRPC plugin API. Must equal v2 to v2beta1 (v2 is recommended, but both are equivalent).
|
||||
Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
|
||||
// Any value other than "ok" is failing healthz. On failure, the associated API server healthz endpoint will contain this value as part of the error message.
|
||||
Healthz string `protobuf:"bytes,2,opt,name=healthz,proto3" json:"healthz,omitempty"`
|
||||
// the current write key, used to determine staleness of data updated via value.Transformer.TransformFromStorage.
|
||||
// keyID must satisfy the following constraints:
|
||||
// 1. The keyID is not empty.
|
||||
// 2. The size of keyID is less than 1 kB.
|
||||
KeyId string `protobuf:"bytes,3,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
|
||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||
XXX_unrecognized []byte `json:"-"`
|
||||
@ -283,12 +286,21 @@ func (m *EncryptRequest) GetUid() string {
|
||||
|
||||
type EncryptResponse struct {
|
||||
// The encrypted data.
|
||||
// ciphertext must satisfy the following constraints:
|
||||
// 1. The ciphertext is not empty.
|
||||
// 2. The ciphertext is less than 1 kB.
|
||||
Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
|
||||
// The KMS key ID used to encrypt the data. This must always refer to the KMS KEK and not any local KEKs that may be in use.
|
||||
// This can be used to inform staleness of data updated via value.Transformer.TransformFromStorage.
|
||||
// keyID must satisfy the following constraints:
|
||||
// 1. The keyID is not empty.
|
||||
// 2. The size of keyID is less than 1 kB.
|
||||
KeyId string `protobuf:"bytes,2,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
|
||||
// Additional metadata to be stored with the encrypted data.
|
||||
// This data is stored in plaintext in etcd. KMS plugin implementations are responsible for pre-encrypting any sensitive data.
|
||||
// Annotations must satisfy the following constraints:
|
||||
// 1. Annotation key must be a fully qualified domain name that conforms to the definition in DNS (RFC 1123).
|
||||
// 2. The size of annotations keys + values is less than 32 kB.
|
||||
Annotations map[string][]byte `protobuf:"bytes,3,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
|
||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||
XXX_unrecognized []byte `json:"-"`
|
||||
|
||||
14
vendor/k8s.io/kms/apis/v2/api.proto
generated
vendored
14
vendor/k8s.io/kms/apis/v2/api.proto
generated
vendored
@ -34,11 +34,14 @@ service KeyManagementService {
|
||||
message StatusRequest {}
|
||||
|
||||
message StatusResponse {
|
||||
// Version of the KMS plugin API. Must match the configured .resources[].providers[].kms.apiVersion
|
||||
// Version of the KMS gRPC plugin API. Must equal v2 to v2beta1 (v2 is recommended, but both are equivalent).
|
||||
string version = 1;
|
||||
// Any value other than "ok" is failing healthz. On failure, the associated API server healthz endpoint will contain this value as part of the error message.
|
||||
string healthz = 2;
|
||||
// the current write key, used to determine staleness of data updated via value.Transformer.TransformFromStorage.
|
||||
// keyID must satisfy the following constraints:
|
||||
// 1. The keyID is not empty.
|
||||
// 2. The size of keyID is less than 1 kB.
|
||||
string key_id = 3;
|
||||
}
|
||||
|
||||
@ -68,11 +71,20 @@ message EncryptRequest {
|
||||
|
||||
message EncryptResponse {
|
||||
// The encrypted data.
|
||||
// ciphertext must satisfy the following constraints:
|
||||
// 1. The ciphertext is not empty.
|
||||
// 2. The ciphertext is less than 1 kB.
|
||||
bytes ciphertext = 1;
|
||||
// The KMS key ID used to encrypt the data. This must always refer to the KMS KEK and not any local KEKs that may be in use.
|
||||
// This can be used to inform staleness of data updated via value.Transformer.TransformFromStorage.
|
||||
// keyID must satisfy the following constraints:
|
||||
// 1. The keyID is not empty.
|
||||
// 2. The size of keyID is less than 1 kB.
|
||||
string key_id = 2;
|
||||
// Additional metadata to be stored with the encrypted data.
|
||||
// This data is stored in plaintext in etcd. KMS plugin implementations are responsible for pre-encrypting any sensitive data.
|
||||
// Annotations must satisfy the following constraints:
|
||||
// 1. Annotation key must be a fully qualified domain name that conforms to the definition in DNS (RFC 1123).
|
||||
// 2. The size of annotations keys + values is less than 32 kB.
|
||||
map<string, bytes> annotations = 3;
|
||||
}
|
||||
|
||||
10
vendor/k8s.io/kms/pkg/service/grpc_service.go
generated
vendored
10
vendor/k8s.io/kms/pkg/service/grpc_service.go
generated
vendored
@ -23,7 +23,6 @@ import (
|
||||
|
||||
"google.golang.org/grpc"
|
||||
|
||||
"k8s.io/klog/v2"
|
||||
kmsapi "k8s.io/kms/apis/v2"
|
||||
)
|
||||
|
||||
@ -45,8 +44,6 @@ func NewGRPCService(
|
||||
|
||||
kmsService Service,
|
||||
) *GRPCService {
|
||||
klog.V(4).InfoS("KMS plugin configured", "address", address, "timeout", timeout)
|
||||
|
||||
return &GRPCService{
|
||||
addr: address,
|
||||
timeout: timeout,
|
||||
@ -70,14 +67,12 @@ func (s *GRPCService) ListenAndServe() error {
|
||||
|
||||
kmsapi.RegisterKeyManagementServiceServer(gs, s)
|
||||
|
||||
klog.V(4).InfoS("kms plugin serving", "address", s.addr)
|
||||
return gs.Serve(ln)
|
||||
}
|
||||
|
||||
// Shutdown performs a graceful shutdown. Doesn't accept new connections and
|
||||
// blocks until all pending RPCs are finished.
|
||||
func (s *GRPCService) Shutdown() {
|
||||
klog.V(4).InfoS("kms plugin shutdown", "address", s.addr)
|
||||
if s.server != nil {
|
||||
s.server.GracefulStop()
|
||||
}
|
||||
@ -86,7 +81,6 @@ func (s *GRPCService) Shutdown() {
|
||||
// Close stops the server by closing all connections immediately and cancels
|
||||
// all active RPCs.
|
||||
func (s *GRPCService) Close() {
|
||||
klog.V(4).InfoS("kms plugin close", "address", s.addr)
|
||||
if s.server != nil {
|
||||
s.server.Stop()
|
||||
}
|
||||
@ -108,8 +102,6 @@ func (s *GRPCService) Status(ctx context.Context, _ *kmsapi.StatusRequest) (*kms
|
||||
|
||||
// Decrypt sends a decryption request to specified kms service.
|
||||
func (s *GRPCService) Decrypt(ctx context.Context, req *kmsapi.DecryptRequest) (*kmsapi.DecryptResponse, error) {
|
||||
klog.V(4).InfoS("decrypt request received", "id", req.Uid)
|
||||
|
||||
plaintext, err := s.kmsService.Decrypt(ctx, req.Uid, &DecryptRequest{
|
||||
Ciphertext: req.Ciphertext,
|
||||
KeyID: req.KeyId,
|
||||
@ -126,8 +118,6 @@ func (s *GRPCService) Decrypt(ctx context.Context, req *kmsapi.DecryptRequest) (
|
||||
|
||||
// Encrypt sends an encryption request to specified kms service.
|
||||
func (s *GRPCService) Encrypt(ctx context.Context, req *kmsapi.EncryptRequest) (*kmsapi.EncryptResponse, error) {
|
||||
klog.V(4).InfoS("encrypt request received", "id", req.Uid)
|
||||
|
||||
encRes, err := s.kmsService.Encrypt(ctx, req.Uid, req.Plaintext)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
Reference in New Issue
Block a user