feat(encryption): fetch secret params from secret source #1833
Conversation
dsharma-dc
force-pushed
the
fetch_secret
branch
2 times, most recently
from
9e4dd98 to
bb2278a
Compare
|
bors try |
tryBuild failed: |
dsharma-dc
force-pushed
the
fetch_secret
branch
from
bb2278a to
a4bdb4d
Compare
Signed-off-by: Diwakar Sharma <diwakar.sharma@datacore.com>
dsharma-dc
force-pushed
the
fetch_secret
branch
from
a4bdb4d to
8c12077
Compare
| @@ -57,6 +68,85 @@ impl From<GrowPoolRequest> for FindPoolArgs { | |||
| } | |||
| } | |||
|
|
|||
| /// Parse and return encryption parameters from a Kubernetes secret or a file. | |||
| async fn _params_get_from_secret_source(secret_source_name: &str) -> Result<PoolEncKey, Status> { | |||
There was a problem hiding this comment.
This should also be placed on a dependencies crate
There was a problem hiding this comment.
This should also be placed on a dependencies crate
I can do that in a separate PR as it will need to be made generic based, currently it's tied to PoolEncKey type.
There was a problem hiding this comment.
I would rather to that first, and not have this repo know anything about "PlatformDeployer" or even "kube" crate
| let enc_key = match params { | ||
| PoolEncryptionParams::Create(enc_arg) => { | ||
| match enc_arg.clone() { | ||
| // Would have been nice to deduplicate the code if we could call secret_data using a |
There was a problem hiding this comment.
Isn't the problem here that we defined the create and import types separately, rather than reusing? (I mean in the protobuf files)
oneof encryption {
EncryptionData data = 5;
EncryptionSecret secret = 6;
}If we put the oneof on a spearate definition, then we can reuse it?
There was a problem hiding this comment.
If we put the oneof on a spearate definition, then we can reuse it?
We had noticed this and tried to put this into common proto. But then, that requires a type to be defined for use as oneof. So that was resulting into again some nested types and complex handling.
There was a problem hiding this comment.
I guess it depends where we want to pay the price. This way we're paying it here by duplicating since we now have 2 different types for the same thing essentially.
Signed-off-by: Diwakar Sharma <diwakar.sharma@datacore.com>
dsharma-dc
force-pushed
the
fetch_secret
branch
from
8c12077 to
7a418d7
Compare
|
bors try |
tryBuild succeeded: |
When no encryption parameters present create pool request => non-encrypted pool created. no parsing required.
When encryption parameters present source in create/import pool request:
Basically if a secret source is provided(either a file or a K8s secret), we should always fail if there is any trouble getting params.