def get_encryption_kmsid(): """ Get encryption kmsid from 'csi-kms-connection-details' configmap resource Returns: kmsid (list): A list of KMS IDs available Raises: KMSConnectionDetailsError: if csi kms connection detail doesn't exist """ kmsid = [] csi_kms_conf = ocp.OCP( resource_name=constants.VAULT_KMS_CSI_CONNECTION_DETAILS, kind="ConfigMap", namespace=constants.OPENSHIFT_STORAGE_NAMESPACE, ) try: csi_kms_conf.get() except CommandFailed: raise KMSConnectionDetailsError("CSI kms resource doesn't exist") for key in csi_kms_conf.get().get("data").keys(): if constants.VAULT_KMS_PROVIDER in key: kmsid.append(key) return kmsid
def get_vault_backend_path(self): """ Fetch the vault backend path used for this deployment This can be obtained from kubernetes secret resource 'ocs-kms-connection-details' .. code-block:: none apiVersion: v1 data: KMS_PROVIDER: vault KMS_SERVICE_NAME: vault VAULT_ADDR: https://xx.xx.xx.xx:8200 VAULT_BACKEND_PATH: ocs """ if not self.vault_backend_path: connection_details = ocp.OCP( kind="ConfigMap", resource_name=constants.VAULT_KMS_CONNECTION_DETAILS_RESOURCE, namespace=constants.OPENSHIFT_STORAGE_NAMESPACE, ) try: self.vault_backend_path = connection_details.get().get( "data")["VAULT_BACKEND_PATH"] except IndexError: raise KMSConnectionDetailsError( "KMS connection details not available")
def update_csi_kms_vault_connection_details(update_config): """ Update the vault connection details in the resource csi-kms-connection-details Args: update_config (dict): A dictionary of vault info to be updated """ # Check if csi-kms-connection-details resource already exists # if not we might need to rise an exception because without # csi-kms-connection details we can't proceed with update csi_kms_conf = ocp.OCP( resource_name=constants.VAULT_KMS_CSI_CONNECTION_DETAILS, kind="ConfigMap", namespace=constants.OPENSHIFT_STORAGE_NAMESPACE, ) try: csi_kms_conf.get() except CommandFailed: raise KMSConnectionDetailsError( "CSI KMS connection details don't exist, can't continue with update" ) if csi_kms_conf.data.get("metadata").get("annotations"): csi_kms_conf.data["metadata"].pop("annotations") for key in update_config.keys(): csi_kms_conf.data["data"].update({key: json.dumps(update_config[key])}) resource_data_yaml = tempfile.NamedTemporaryFile( mode="w+", prefix="csikmsconndetailsupdate", delete=False ) templating.dump_data_to_temp_yaml(csi_kms_conf.data, resource_data_yaml.name) run_cmd(f"oc apply -f {resource_data_yaml.name}", timeout=300)