mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-10-19 21:59:54 +00:00
4f0bb2315b
With Amazon STS and kubernetes cluster is configured with OIDC identity provider, credentials to access Amazon KMS can be fetched using oidc-token(serviceaccount token). Each tenant/namespace needs to create a secret with aws region, role and CMK ARN. Ceph-CSI will assume the given role with oidc token and access aws KMS, with given CMK to encrypt/decrypt DEK which will stored in the image metdata. Refer: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html Resolves: #2879 Signed-off-by: Rakshith R <rar@redhat.com>
49 lines
1.5 KiB
Go
49 lines
1.5 KiB
Go
package presignedurl
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/aws/smithy-go/middleware"
|
|
)
|
|
|
|
// WithIsPresigning adds the isPresigning sentinel value to a context to signal
|
|
// that the middleware stack is using the presign flow.
|
|
//
|
|
// Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
|
|
// to clear all stack values.
|
|
func WithIsPresigning(ctx context.Context) context.Context {
|
|
return middleware.WithStackValue(ctx, isPresigningKey{}, true)
|
|
}
|
|
|
|
// GetIsPresigning returns if the context contains the isPresigning sentinel
|
|
// value for presigning flows.
|
|
//
|
|
// Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
|
|
// to clear all stack values.
|
|
func GetIsPresigning(ctx context.Context) bool {
|
|
v, _ := middleware.GetStackValue(ctx, isPresigningKey{}).(bool)
|
|
return v
|
|
}
|
|
|
|
type isPresigningKey struct{}
|
|
|
|
// AddAsIsPresigingMiddleware adds a middleware to the head of the stack that
|
|
// will update the stack's context to be flagged as being invoked for the
|
|
// purpose of presigning.
|
|
func AddAsIsPresigingMiddleware(stack *middleware.Stack) error {
|
|
return stack.Initialize.Add(asIsPresigningMiddleware{}, middleware.Before)
|
|
}
|
|
|
|
type asIsPresigningMiddleware struct{}
|
|
|
|
func (asIsPresigningMiddleware) ID() string { return "AsIsPresigningMiddleware" }
|
|
|
|
func (asIsPresigningMiddleware) HandleInitialize(
|
|
ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler,
|
|
) (
|
|
out middleware.InitializeOutput, metadata middleware.Metadata, err error,
|
|
) {
|
|
ctx = WithIsPresigning(ctx)
|
|
return next.HandleInitialize(ctx, in)
|
|
}
|