rbd: pass Owner to GetKMS()

Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
Niels de Vos 2020-12-02 15:44:16 +01:00 committed by mergify[bot]
parent 5bbab25a9f
commit f08182e2fc
2 changed files with 9 additions and 3 deletions

View File

@ -740,7 +740,7 @@ func genVolFromVolID(ctx context.Context, volumeID string, cr *util.Credentials,
if imageAttributes.KmsID != "" { if imageAttributes.KmsID != "" {
rbdVol.Encrypted = true rbdVol.Encrypted = true
rbdVol.KMS, err = util.GetKMS(imageAttributes.KmsID, secrets) rbdVol.KMS, err = util.GetKMS(rbdVol.Owner, imageAttributes.KmsID, secrets)
if err != nil { if err != nil {
return rbdVol, err return rbdVol, err
} }
@ -838,7 +838,7 @@ func genVolFromVolumeOptions(ctx context.Context, volOptions, credentials map[st
// deliberately ignore if parsing failed as GetKMS will return default // deliberately ignore if parsing failed as GetKMS will return default
// implementation of kmsID is empty // implementation of kmsID is empty
kmsID := volOptions["encryptionKMSID"] kmsID := volOptions["encryptionKMSID"]
rbdVol.KMS, err = util.GetKMS(kmsID, credentials) rbdVol.KMS, err = util.GetKMS(rbdVol.Owner, kmsID, credentials)
if err != nil { if err != nil {
return nil, fmt.Errorf("invalid encryption kms configuration: %w", err) return nil, fmt.Errorf("invalid encryption kms configuration: %w", err)
} }

View File

@ -97,7 +97,13 @@ func (kms SecretsKMS) GetID() string {
} }
// GetKMS returns an instance of Key Management System. // GetKMS returns an instance of Key Management System.
func GetKMS(kmsID string, secrets map[string]string) (EncryptionKMS, error) { //
// - tenant is the owner of the Volume, used to fetch the Vault Token from the
// Kubernetes Namespace where the PVC lives
// - kmsID is the service name of the KMS configuration
// - secrets contain additional details, like TLS certificates to connect to
// the KMS
func GetKMS(tenant, kmsID string, secrets map[string]string) (EncryptionKMS, error) {
if kmsID == "" || kmsID == defaultKMSType { if kmsID == "" || kmsID == defaultKMSType {
return initSecretsKMS(secrets) return initSecretsKMS(secrets)
} }