rbd: change the keyprotect metadata name to ibmkeyprotect

To be consistent with other components and also to explictly
state it belong to `ibm keyprotect` service introducing this
change

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
Humble Chirammal 2022-01-24 14:39:31 +05:30 committed by mergify[bot]
parent 7ff048bf1e
commit f822600689
3 changed files with 22 additions and 6 deletions

View File

@ -60,9 +60,9 @@ data:
"IBM_KP_SECRET_NAME": "ceph-csi-aws-credentials", "IBM_KP_SECRET_NAME": "ceph-csi-aws-credentials",
"AWS_REGION": "us-west-2" "AWS_REGION": "us-west-2"
} }
kp-metadata-test: |- ibmkeyprotect-test: |-
{ {
"KMS_PROVIDER": "kp-metadata", "KMS_PROVIDER": "ibmkeyprotect",
"IBM_KP_SECRET_NAME": "ceph-csi-kp-credentials", "IBM_KP_SECRET_NAME": "ceph-csi-kp-credentials",
"IBM_KP_SERVICE_INSTANCE_ID": "7abef064-01dd-4237-9ea5-8b3890970be3", "IBM_KP_SERVICE_INSTANCE_ID": "7abef064-01dd-4237-9ea5-8b3890970be3",
"IBM_KP_BASE_URL": "https://us-south.kms.cloud.ibm.com", "IBM_KP_BASE_URL": "https://us-south.kms.cloud.ibm.com",

View File

@ -91,8 +91,8 @@ data:
"encryptionKMSType": "metadata", "encryptionKMSType": "metadata",
"secretName": "storage-encryption-secret" "secretName": "storage-encryption-secret"
}, },
"kp-metadata-test": { "ibmkeyprotect-test": {
"encryptionKMSType": "kp-metadata", "encryptionKMSType": "ibmkeyprotect",
"secretName": "ceph-csi-kp-credentials", "secretName": "ceph-csi-kp-credentials",
"keyProtectRegionKey": "us-south-2", "keyProtectRegionKey": "us-south-2",
"keyProtectServiceInstanceID": "7abef064-01dd-4237-9ea5-8b3890970be3" "keyProtectServiceInstanceID": "7abef064-01dd-4237-9ea5-8b3890970be3"

View File

@ -23,14 +23,15 @@ import (
"fmt" "fmt"
"github.com/ceph/ceph-csi/internal/util/k8s" "github.com/ceph/ceph-csi/internal/util/k8s"
"github.com/ceph/ceph-csi/internal/util/log"
kp "github.com/IBM/keyprotect-go-client" kp "github.com/IBM/keyprotect-go-client"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
) )
const ( const (
kmsTypeKeyProtectMetadata = "kp-metadata" kmsTypeKeyProtectMetadata = "ibmkeyprotect"
kmsTypeKeyProtectMetadataOld = "kp-metadata"
// keyProtectMetadataDefaultSecretsName is the default name of the Kubernetes Secret // keyProtectMetadataDefaultSecretsName is the default name of the Kubernetes Secret
// that contains the credentials to access the Key Protect KMS. The name of // that contains the credentials to access the Key Protect KMS. The name of
// the Secret can be configured by setting the `IBM_KP_SECRET_NAME` // the Secret can be configured by setting the `IBM_KP_SECRET_NAME`
@ -62,6 +63,21 @@ var _ = RegisterProvider(Provider{
Initializer: initKeyProtectKMS, Initializer: initKeyProtectKMS,
}) })
// RegisterProvider for kmsTypeKeyProtectMetadataOld is kept here for backward compatibility.
var _ = RegisterProvider(Provider{
UniqueID: kmsTypeKeyProtectMetadataOld,
Initializer: initKeyProtectKMSOld,
})
// initKeyProtectKMSOld is the wrapper with a warning log.
func initKeyProtectKMSOld(args ProviderInitArgs) (EncryptionKMS, error) {
log.WarningLogMsg("%q is deprecated provider for IBM key Protect,"+
"use new provider name %q in the configuration, proceeding with %q",
kmsTypeKeyProtectMetadataOld, kmsTypeKeyProtectMetadata, kmsTypeKeyProtectMetadata)
return initKeyProtectKMS(args)
}
// KeyProtectKMS store the KMS connection information retrieved from the kms configmap. // KeyProtectKMS store the KMS connection information retrieved from the kms configmap.
type KeyProtectKMS struct { type KeyProtectKMS struct {
// basic options to get the secret // basic options to get the secret