Beispiel #1
0
def get_encryption_kmsid():
    """
    Get encryption kmsid from 'csi-kms-connection-details'
    configmap resource

    Returns:
        kmsid (list): A list of KMS IDs available

    Raises:
        KMSConnectionDetailsError: if csi kms connection detail doesn't exist

    """

    kmsid = []
    csi_kms_conf = ocp.OCP(
        resource_name=constants.VAULT_KMS_CSI_CONNECTION_DETAILS,
        kind="ConfigMap",
        namespace=constants.OPENSHIFT_STORAGE_NAMESPACE,
    )
    try:
        csi_kms_conf.get()
    except CommandFailed:
        raise KMSConnectionDetailsError("CSI kms resource doesn't exist")

    for key in csi_kms_conf.get().get("data").keys():
        if constants.VAULT_KMS_PROVIDER in key:
            kmsid.append(key)
    return kmsid
Beispiel #2
0
    def get_vault_backend_path(self):
        """
        Fetch the vault backend path used for this deployment
        This can be obtained from kubernetes secret resource
        'ocs-kms-connection-details'

        .. code-block:: none

            apiVersion: v1
            data:
              KMS_PROVIDER: vault
              KMS_SERVICE_NAME: vault
              VAULT_ADDR: https://xx.xx.xx.xx:8200
              VAULT_BACKEND_PATH: ocs

        """
        if not self.vault_backend_path:
            connection_details = ocp.OCP(
                kind="ConfigMap",
                resource_name=constants.VAULT_KMS_CONNECTION_DETAILS_RESOURCE,
                namespace=constants.OPENSHIFT_STORAGE_NAMESPACE,
            )
            try:
                self.vault_backend_path = connection_details.get().get(
                    "data")["VAULT_BACKEND_PATH"]
            except IndexError:
                raise KMSConnectionDetailsError(
                    "KMS connection details not available")
Beispiel #3
0
def update_csi_kms_vault_connection_details(update_config):
    """
    Update the vault connection details in the resource
    csi-kms-connection-details

    Args:
         update_config (dict): A dictionary of vault info to be updated

    """
    # Check if csi-kms-connection-details resource already exists
    # if not we might need to rise an exception because without
    # csi-kms-connection details  we can't proceed with update
    csi_kms_conf = ocp.OCP(
        resource_name=constants.VAULT_KMS_CSI_CONNECTION_DETAILS,
        kind="ConfigMap",
        namespace=constants.OPENSHIFT_STORAGE_NAMESPACE,
    )

    try:
        csi_kms_conf.get()
    except CommandFailed:
        raise KMSConnectionDetailsError(
            "CSI KMS connection details don't exist, can't continue with update"
        )
    if csi_kms_conf.data.get("metadata").get("annotations"):
        csi_kms_conf.data["metadata"].pop("annotations")
    for key in update_config.keys():
        csi_kms_conf.data["data"].update({key: json.dumps(update_config[key])})
    resource_data_yaml = tempfile.NamedTemporaryFile(
        mode="w+", prefix="csikmsconndetailsupdate", delete=False
    )
    templating.dump_data_to_temp_yaml(csi_kms_conf.data, resource_data_yaml.name)
    run_cmd(f"oc apply -f {resource_data_yaml.name}", timeout=300)