mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 11:00:25 +00:00
rbd: pass Owner to GetKMS()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
parent
5bbab25a9f
commit
f08182e2fc
@ -740,7 +740,7 @@ func genVolFromVolID(ctx context.Context, volumeID string, cr *util.Credentials,
|
|||||||
|
|
||||||
if imageAttributes.KmsID != "" {
|
if imageAttributes.KmsID != "" {
|
||||||
rbdVol.Encrypted = true
|
rbdVol.Encrypted = true
|
||||||
rbdVol.KMS, err = util.GetKMS(imageAttributes.KmsID, secrets)
|
rbdVol.KMS, err = util.GetKMS(rbdVol.Owner, imageAttributes.KmsID, secrets)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return rbdVol, err
|
return rbdVol, err
|
||||||
}
|
}
|
||||||
@ -838,7 +838,7 @@ func genVolFromVolumeOptions(ctx context.Context, volOptions, credentials map[st
|
|||||||
// deliberately ignore if parsing failed as GetKMS will return default
|
// deliberately ignore if parsing failed as GetKMS will return default
|
||||||
// implementation of kmsID is empty
|
// implementation of kmsID is empty
|
||||||
kmsID := volOptions["encryptionKMSID"]
|
kmsID := volOptions["encryptionKMSID"]
|
||||||
rbdVol.KMS, err = util.GetKMS(kmsID, credentials)
|
rbdVol.KMS, err = util.GetKMS(rbdVol.Owner, kmsID, credentials)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("invalid encryption kms configuration: %w", err)
|
return nil, fmt.Errorf("invalid encryption kms configuration: %w", err)
|
||||||
}
|
}
|
||||||
|
@ -97,7 +97,13 @@ func (kms SecretsKMS) GetID() string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// GetKMS returns an instance of Key Management System.
|
// GetKMS returns an instance of Key Management System.
|
||||||
func GetKMS(kmsID string, secrets map[string]string) (EncryptionKMS, error) {
|
//
|
||||||
|
// - tenant is the owner of the Volume, used to fetch the Vault Token from the
|
||||||
|
// Kubernetes Namespace where the PVC lives
|
||||||
|
// - kmsID is the service name of the KMS configuration
|
||||||
|
// - secrets contain additional details, like TLS certificates to connect to
|
||||||
|
// the KMS
|
||||||
|
func GetKMS(tenant, kmsID string, secrets map[string]string) (EncryptionKMS, error) {
|
||||||
if kmsID == "" || kmsID == defaultKMSType {
|
if kmsID == "" || kmsID == defaultKMSType {
|
||||||
return initSecretsKMS(secrets)
|
return initSecretsKMS(secrets)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user