mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-01-17 18:29:30 +00:00
rbd: change the keyprotect metadata name to ibmkeyprotect
To be consistent with other components and also to explictly state it belong to `ibm keyprotect` service introducing this change Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
parent
7ff048bf1e
commit
f822600689
@ -60,9 +60,9 @@ data:
|
|||||||
"IBM_KP_SECRET_NAME": "ceph-csi-aws-credentials",
|
"IBM_KP_SECRET_NAME": "ceph-csi-aws-credentials",
|
||||||
"AWS_REGION": "us-west-2"
|
"AWS_REGION": "us-west-2"
|
||||||
}
|
}
|
||||||
kp-metadata-test: |-
|
ibmkeyprotect-test: |-
|
||||||
{
|
{
|
||||||
"KMS_PROVIDER": "kp-metadata",
|
"KMS_PROVIDER": "ibmkeyprotect",
|
||||||
"IBM_KP_SECRET_NAME": "ceph-csi-kp-credentials",
|
"IBM_KP_SECRET_NAME": "ceph-csi-kp-credentials",
|
||||||
"IBM_KP_SERVICE_INSTANCE_ID": "7abef064-01dd-4237-9ea5-8b3890970be3",
|
"IBM_KP_SERVICE_INSTANCE_ID": "7abef064-01dd-4237-9ea5-8b3890970be3",
|
||||||
"IBM_KP_BASE_URL": "https://us-south.kms.cloud.ibm.com",
|
"IBM_KP_BASE_URL": "https://us-south.kms.cloud.ibm.com",
|
||||||
|
@ -91,8 +91,8 @@ data:
|
|||||||
"encryptionKMSType": "metadata",
|
"encryptionKMSType": "metadata",
|
||||||
"secretName": "storage-encryption-secret"
|
"secretName": "storage-encryption-secret"
|
||||||
},
|
},
|
||||||
"kp-metadata-test": {
|
"ibmkeyprotect-test": {
|
||||||
"encryptionKMSType": "kp-metadata",
|
"encryptionKMSType": "ibmkeyprotect",
|
||||||
"secretName": "ceph-csi-kp-credentials",
|
"secretName": "ceph-csi-kp-credentials",
|
||||||
"keyProtectRegionKey": "us-south-2",
|
"keyProtectRegionKey": "us-south-2",
|
||||||
"keyProtectServiceInstanceID": "7abef064-01dd-4237-9ea5-8b3890970be3"
|
"keyProtectServiceInstanceID": "7abef064-01dd-4237-9ea5-8b3890970be3"
|
||||||
|
@ -23,14 +23,15 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"github.com/ceph/ceph-csi/internal/util/k8s"
|
"github.com/ceph/ceph-csi/internal/util/k8s"
|
||||||
|
"github.com/ceph/ceph-csi/internal/util/log"
|
||||||
|
|
||||||
kp "github.com/IBM/keyprotect-go-client"
|
kp "github.com/IBM/keyprotect-go-client"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
kmsTypeKeyProtectMetadata = "kp-metadata"
|
kmsTypeKeyProtectMetadata = "ibmkeyprotect"
|
||||||
|
kmsTypeKeyProtectMetadataOld = "kp-metadata"
|
||||||
// keyProtectMetadataDefaultSecretsName is the default name of the Kubernetes Secret
|
// keyProtectMetadataDefaultSecretsName is the default name of the Kubernetes Secret
|
||||||
// that contains the credentials to access the Key Protect KMS. The name of
|
// that contains the credentials to access the Key Protect KMS. The name of
|
||||||
// the Secret can be configured by setting the `IBM_KP_SECRET_NAME`
|
// the Secret can be configured by setting the `IBM_KP_SECRET_NAME`
|
||||||
@ -62,6 +63,21 @@ var _ = RegisterProvider(Provider{
|
|||||||
Initializer: initKeyProtectKMS,
|
Initializer: initKeyProtectKMS,
|
||||||
})
|
})
|
||||||
|
|
||||||
|
// RegisterProvider for kmsTypeKeyProtectMetadataOld is kept here for backward compatibility.
|
||||||
|
var _ = RegisterProvider(Provider{
|
||||||
|
UniqueID: kmsTypeKeyProtectMetadataOld,
|
||||||
|
Initializer: initKeyProtectKMSOld,
|
||||||
|
})
|
||||||
|
|
||||||
|
// initKeyProtectKMSOld is the wrapper with a warning log.
|
||||||
|
func initKeyProtectKMSOld(args ProviderInitArgs) (EncryptionKMS, error) {
|
||||||
|
log.WarningLogMsg("%q is deprecated provider for IBM key Protect,"+
|
||||||
|
"use new provider name %q in the configuration, proceeding with %q",
|
||||||
|
kmsTypeKeyProtectMetadataOld, kmsTypeKeyProtectMetadata, kmsTypeKeyProtectMetadata)
|
||||||
|
|
||||||
|
return initKeyProtectKMS(args)
|
||||||
|
}
|
||||||
|
|
||||||
// KeyProtectKMS store the KMS connection information retrieved from the kms configmap.
|
// KeyProtectKMS store the KMS connection information retrieved from the kms configmap.
|
||||||
type KeyProtectKMS struct {
|
type KeyProtectKMS struct {
|
||||||
// basic options to get the secret
|
// basic options to get the secret
|
||||||
|
Loading…
Reference in New Issue
Block a user