Documentation
¶
Index ¶
- Constants
- func BackendVersion(clusterdContext *clusterd.Context, namespace string, ...) (string, error)
- func ConfigEnvsToMapString() map[string]string
- func GenerateOSDEncryptionSecretName(pvcName string) string
- func GetParam(kmsConfig map[string]string, param string) string
- func InitVault(context *clusterd.Context, namespace string, config map[string]string) (secrets.Secrets, error)
- func SetTokenToEnvVar(clusterdContext *clusterd.Context, tokenSecretName, provider, namespace string) error
- func ValidateConnectionDetails(clusterdContext *clusterd.Context, securitySpec *cephv1.SecuritySpec, ...) error
- func VaultConfigToEnvVar(spec cephv1.ClusterSpec) []v1.EnvVar
- func VaultSecretVolumeAndMount(kmsVaultConfigFiles map[string]string, tokenSecretName string) []v1.VolumeProjection
- func VaultVolumeAndMount(kmsVaultConfigFiles map[string]string, tokenSecretName string) (v1.Volume, v1.VolumeMount)
- type Config
Constants ¶
View Source
const ( // OsdEncryptionSecretNameKeyName is the key name of the Secret that contains the OSD encryption key // #nosec G101 since this is not leaking any hardcoded credentials, it's just the secret key name OsdEncryptionSecretNameKeyName = "dmcrypt-key" // KMSTokenSecretNameKey is the key name of the Secret that contains the KMS authentication token KMSTokenSecretNameKey = "token" )
View Source
const ( // EtcVaultDir is vault config dir EtcVaultDir = "/etc/vault" // VaultSecretEngineKey is the type of secret engine used (kv, transit) VaultSecretEngineKey = "VAULT_SECRET_ENGINE" // VaultKVSecretEngineKey is a kv secret engine type VaultKVSecretEngineKey = "kv" // VaultTransitSecretEngineKey is a transit secret engine type VaultTransitSecretEngineKey = "transit" )
View Source
const ( // File names of the Secret value when mapping on the filesystem VaultCAFileName = "vault.ca" VaultCertFileName = "vault.crt" VaultKeyFileName = "vault.key" // File name for token file VaultFileName = "vault.token" )
View Source
const (
// Provider is the config name for the KMS provider type
Provider = "KMS_PROVIDER"
)
Variables ¶
This section is empty.
Functions ¶
func BackendVersion ¶ added in v1.7.1
func ConfigEnvsToMapString ¶
ConfigEnvsToMapString returns all the env variables in map from a known KMS
func GenerateOSDEncryptionSecretName ¶
GenerateOSDEncryptionSecretName generate the Kubernetes Secret name of the encrypted key
func InitVault ¶
func InitVault(context *clusterd.Context, namespace string, config map[string]string) (secrets.Secrets, error)
InitVault inits the secret store
func SetTokenToEnvVar ¶
func SetTokenToEnvVar(clusterdContext *clusterd.Context, tokenSecretName, provider, namespace string) error
SetTokenToEnvVar sets a KMS token as an env variable
func ValidateConnectionDetails ¶
func ValidateConnectionDetails(clusterdContext *clusterd.Context, securitySpec *cephv1.SecuritySpec, ns string) error
ValidateConnectionDetails validates mandatory KMS connection details
func VaultConfigToEnvVar ¶
func VaultConfigToEnvVar(spec cephv1.ClusterSpec) []v1.EnvVar
VaultConfigToEnvVar populates the kms config as env variables
func VaultSecretVolumeAndMount ¶ added in v1.8.0
func VaultSecretVolumeAndMount(kmsVaultConfigFiles map[string]string, tokenSecretName string) []v1.VolumeProjection
VaultSecretVolumeAndMount return the volume and matching volume mount for mounting the vault secrets into /etc/vault
func VaultVolumeAndMount ¶
func VaultVolumeAndMount(kmsVaultConfigFiles map[string]string, tokenSecretName string) (v1.Volume, v1.VolumeMount)
VaultVolumeAndMount returns Vault volume and volume mount
Types ¶
type Config ¶
type Config struct {
Provider string
// contains filtered or unexported fields
}
Config is the generic configuration for the KMS
func NewConfig ¶
func NewConfig(context *clusterd.Context, clusterSpec *cephv1.ClusterSpec, clusterInfo *cephclient.ClusterInfo) *Config
NewConfig returns the selected KMS
func (*Config) DeleteSecret ¶
DeleteSecret deletes an encrypted key from a KMS
Source Files
Click to show internal directories.
Click to hide internal directories.