Documentation ¶
Index ¶
- Constants
- func ConfigEnvsToMapString() map[string]string
- func GenerateOSDEncryptionSecretName(pvcName string) string
- func GetParam(kmsConfig map[string]string, param string) string
- func InitVault(context *clusterd.Context, namespace string, config map[string]string) (secrets.Secrets, error)
- func SetTokenToEnvVar(clusterdContext *clusterd.Context, tokenSecretName, provider, namespace string) error
- func TLSSecretVolumeAndMount(config map[string]string) []v1.VolumeProjection
- func ValidateConnectionDetails(clusterdContext *clusterd.Context, securitySpec cephv1.SecuritySpec, ns string) error
- func VaultConfigToEnvVar(spec cephv1.ClusterSpec) []v1.EnvVar
- func VaultTokenFileVolume(tokenSecretName string) v1.Volume
- func VaultVolumeAndMount(config map[string]string) (v1.Volume, v1.VolumeMount)
- type Config
Constants ¶
const ( // OsdEncryptionSecretNameKeyName is the key name of the Secret that contains the OSD encryption key // #nosec G101 since this is not leaking any hardcoded credentials, it's just the secret key name OsdEncryptionSecretNameKeyName = "dmcrypt-key" // KMSTokenSecretNameKey is the key name of the Secret that contains the KMS authentication token KMSTokenSecretNameKey = "token" )
const ( // EtcVaultDir is vault config dir EtcVaultDir = "/etc/vault" // VaultSecretEngineKey is the type of secret engine used (kv, transit) VaultSecretEngineKey = "VAULT_SECRET_ENGINE" // VaultKVSecretEngineKey is a kv secret engine type VaultKVSecretEngineKey = "kv" // VaultTransitSecretEngineKey is a transit secret engine type VaultTransitSecretEngineKey = "transit" )
const (
// Provider is the config name for the KMS provider type
Provider = "KMS_PROVIDER"
)
const (
// File name for token file
VaultFileName = "vault.token"
)
Variables ¶
This section is empty.
Functions ¶
func ConfigEnvsToMapString ¶
ConfigEnvsToMapString returns all the env variables in map from a known KMS
func GenerateOSDEncryptionSecretName ¶
GenerateOSDEncryptionSecretName generate the Kubernetes Secret name of the encrypted key
func InitVault ¶
func InitVault(context *clusterd.Context, namespace string, config map[string]string) (secrets.Secrets, error)
InitVault inits the secret store
func SetTokenToEnvVar ¶
func SetTokenToEnvVar(clusterdContext *clusterd.Context, tokenSecretName, provider, namespace string) error
SetTokenToEnvVar sets a KMS token as an env variable
func TLSSecretVolumeAndMount ¶
func TLSSecretVolumeAndMount(config map[string]string) []v1.VolumeProjection
TLSSecretVolumeAndMount return the volume and matching volume mount for mounting the secrets into /etc/vault
func ValidateConnectionDetails ¶
func ValidateConnectionDetails(clusterdContext *clusterd.Context, securitySpec cephv1.SecuritySpec, ns string) error
ValidateConnectionDetails validates mandatory KMS connection details
func VaultConfigToEnvVar ¶
func VaultConfigToEnvVar(spec cephv1.ClusterSpec) []v1.EnvVar
VaultConfigToEnvVar populates the kms config as env variables
func VaultTokenFileVolume ¶ added in v1.6.0
VaultTokenFileVolume save token from secret as volume mount
func VaultVolumeAndMount ¶
VaultVolumeAndMount returns Vault volume and volume mount
Types ¶
type Config ¶
type Config struct { Provider string // contains filtered or unexported fields }
Config is the generic configuration for the KMS
func NewConfig ¶
func NewConfig(context *clusterd.Context, clusterSpec *cephv1.ClusterSpec, clusterInfo *cephclient.ClusterInfo) *Config
NewConfig returns the selected KMS
func (*Config) DeleteSecret ¶
DeleteSecret deletes an encrypted key from a KMS