mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-10-19 05:39:51 +00:00
47b202554e
This commit adds the Azure SDK for Azure key vault KMS integration to the Ceph CSI driver. Signed-off-by: Praveen M <m.praveen@ibm.com>
69 lines
2.2 KiB
Go
69 lines
2.2 KiB
Go
//go:build go1.18
|
|
// +build go1.18
|
|
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
|
// Licensed under the MIT License. See License.txt in the project root for license information.
|
|
|
|
package azsecrets
|
|
|
|
// this file contains handwritten additions to the generated code
|
|
|
|
import (
|
|
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
|
|
"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
|
|
"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
|
|
"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal"
|
|
)
|
|
|
|
// ClientOptions contains optional settings for Client.
|
|
type ClientOptions struct {
|
|
azcore.ClientOptions
|
|
|
|
// DisableChallengeResourceVerification controls whether the policy requires the
|
|
// authentication challenge resource to match the Key Vault or Managed HSM domain.
|
|
// See https://aka.ms/azsdk/blog/vault-uri for more information.
|
|
DisableChallengeResourceVerification bool
|
|
}
|
|
|
|
// NewClient creates a client that accesses a Key Vault's secrets. You should validate that
|
|
// vaultURL references a valid Key Vault. See https://aka.ms/azsdk/blog/vault-uri for details.
|
|
func NewClient(vaultURL string, credential azcore.TokenCredential, options *ClientOptions) (*Client, error) {
|
|
if options == nil {
|
|
options = &ClientOptions{}
|
|
}
|
|
authPolicy := internal.NewKeyVaultChallengePolicy(
|
|
credential,
|
|
&internal.KeyVaultChallengePolicyOptions{
|
|
DisableChallengeResourceVerification: options.DisableChallengeResourceVerification,
|
|
},
|
|
)
|
|
azcoreClient, err := azcore.NewClient(moduleName, version, runtime.PipelineOptions{
|
|
PerRetry: []policy.Policy{authPolicy},
|
|
Tracing: runtime.TracingOptions{
|
|
Namespace: "Microsoft.KeyVault",
|
|
},
|
|
}, &options.ClientOptions)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &Client{endpoint: vaultURL, internal: azcoreClient}, nil
|
|
}
|
|
|
|
// ID is a secret's unique ID, containing its name and version.
|
|
type ID string
|
|
|
|
// Name of the secret.
|
|
func (i *ID) Name() string {
|
|
_, name, _ := internal.ParseID((*string)(i))
|
|
return *name
|
|
}
|
|
|
|
// Version of the secret. This returns an empty string when the ID contains no version.
|
|
func (i *ID) Version() string {
|
|
_, _, version := internal.ParseID((*string)(i))
|
|
if version == nil {
|
|
return ""
|
|
}
|
|
return *version
|
|
}
|