rbd: pass Owner to GetKMS()

Signed-off-by: Niels de Vos <ndevos@redhat.com>

internal/rbd/rbd_util.go

@@ -740,7 +740,7 @@ func genVolFromVolID(ctx context.Context, volumeID string, cr *util.Credentials,
 
 	if imageAttributes.KmsID != "" {
 		rbdVol.Encrypted = true
-		rbdVol.KMS, err = util.GetKMS(imageAttributes.KmsID, secrets)
+		rbdVol.KMS, err = util.GetKMS(rbdVol.Owner, imageAttributes.KmsID, secrets)
 		if err != nil {
 			return rbdVol, err
 		}
@@ -838,7 +838,7 @@ func genVolFromVolumeOptions(ctx context.Context, volOptions, credentials map[st
 			// deliberately ignore if parsing failed as GetKMS will return default
 			// implementation of kmsID is empty
 			kmsID := volOptions["encryptionKMSID"]
-			rbdVol.KMS, err = util.GetKMS(kmsID, credentials)
+			rbdVol.KMS, err = util.GetKMS(rbdVol.Owner, kmsID, credentials)
 			if err != nil {
 				return nil, fmt.Errorf("invalid encryption kms configuration: %w", err)
 			}

internal/util/crypto.go

@@ -97,7 +97,13 @@ func (kms SecretsKMS) GetID() string {
 }
 
 // GetKMS returns an instance of Key Management System.
-func GetKMS(kmsID string, secrets map[string]string) (EncryptionKMS, error) {
+//
+// - tenant is the owner of the Volume, used to fetch the Vault Token from the
+//   Kubernetes Namespace where the PVC lives
+// - kmsID is the service name of the KMS configuration
+// - secrets contain additional details, like TLS certificates to connect to
+//   the KMS
+func GetKMS(tenant, kmsID string, secrets map[string]string) (EncryptionKMS, error) {
 	if kmsID == "" || kmsID == defaultKMSType {
 		return initSecretsKMS(secrets)
 	}