diff --git a/broker/volumebroker/server/volume_create.go b/broker/volumebroker/server/volume_create.go index ecaf06911..0db7fc9b7 100644 --- a/broker/volumebroker/server/volume_create.go +++ b/broker/volumebroker/server/volume_create.go @@ -31,8 +31,9 @@ import ( ) type AggregateOnmetalVolume struct { - Volume *storagev1alpha1.Volume - AccessSecret *corev1.Secret + Volume *storagev1alpha1.Volume + EncryptionSecret *corev1.Secret + AccessSecret *corev1.Secret } func (s *Server) getOnmetalVolumeConfig(_ context.Context, volume *ori.Volume) (*AggregateOnmetalVolume, error) { @@ -42,6 +43,28 @@ func (s *Server) getOnmetalVolumeConfig(_ context.Context, volume *ori.Volume) ( Name: s.volumePoolName, } } + + var encryptionSecret *corev1.Secret + if encryption := volume.Spec.Encryption; encryption != nil { + encryptionSecret = &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: s.namespace, + Name: s.idGen.Generate(), + }, + Type: corev1.SecretTypeOpaque, + Data: encryption.SecretData, + } + } + + var encryption *storagev1alpha1.VolumeEncryption + if encryptionSecret != nil { + encryption = &storagev1alpha1.VolumeEncryption{ + SecretRef: corev1.LocalObjectReference{ + Name: encryptionSecret.Name, + }, + } + } + onmetalVolume := &storagev1alpha1.Volume{ ObjectMeta: metav1.ObjectMeta{ Namespace: s.namespace, @@ -49,13 +72,14 @@ func (s *Server) getOnmetalVolumeConfig(_ context.Context, volume *ori.Volume) ( }, Spec: storagev1alpha1.VolumeSpec{ VolumeClassRef: &corev1.LocalObjectReference{Name: volume.Spec.Class}, - VolumePoolRef: volumePoolRef, VolumePoolSelector: s.volumePoolSelector, + VolumePoolRef: volumePoolRef, Resources: corev1alpha1.ResourceList{ corev1alpha1.ResourceStorage: *resource.NewQuantity(int64(volume.Spec.Resources.StorageBytes), resource.DecimalSI), }, Image: volume.Spec.Image, ImagePullSecretRef: nil, // TODO: Fill if necessary + Encryption: encryption, }, } if err := apiutils.SetObjectMetadata(onmetalVolume, volume.Metadata); err != nil { @@ -64,7 +88,8 @@ func (s *Server) getOnmetalVolumeConfig(_ context.Context, volume *ori.Volume) ( apiutils.SetVolumeManagerLabel(onmetalVolume, volumebrokerv1alpha1.VolumeBrokerManager) return &AggregateOnmetalVolume{ - Volume: onmetalVolume, + Volume: onmetalVolume, + EncryptionSecret: encryptionSecret, }, nil } @@ -72,6 +97,19 @@ func (s *Server) createOnmetalVolume(ctx context.Context, log logr.Logger, volum c, cleanup := s.setupCleaner(ctx, log, &retErr) defer cleanup() + if volume.EncryptionSecret != nil { + log.V(1).Info("Creating onmetal encryption secret") + if err := s.client.Create(ctx, volume.EncryptionSecret); err != nil { + return fmt.Errorf("error creating onmetal encryption secret: %w", err) + } + c.Add(func(ctx context.Context) error { + if err := s.client.Delete(ctx, volume.EncryptionSecret); client.IgnoreNotFound(err) != nil { + return fmt.Errorf("error deleting onmetal encryption secret: %w", err) + } + return nil + }) + } + log.V(1).Info("Creating onmetal volume") if err := s.client.Create(ctx, volume.Volume); err != nil { return fmt.Errorf("error creating onmetal volume: %w", err) diff --git a/broker/volumebroker/server/volume_delete.go b/broker/volumebroker/server/volume_delete.go index 2fdfa74b0..9314dcc7f 100644 --- a/broker/volumebroker/server/volume_delete.go +++ b/broker/volumebroker/server/volume_delete.go @@ -21,7 +21,9 @@ import ( ori "github.com/onmetal/onmetal-api/ori/apis/volume/v1alpha1" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" + corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func (s *Server) DeleteVolume(ctx context.Context, req *ori.DeleteVolumeRequest) (*ori.DeleteVolumeResponse, error) { @@ -33,6 +35,19 @@ func (s *Server) DeleteVolume(ctx context.Context, req *ori.DeleteVolumeRequest) return nil, err } + log.V(1).Info("Deleting encryption secret") + if encryption := onmetalVolume.Volume.Spec.Encryption; encryption != nil { + if err := s.client.Delete(ctx, &corev1.Secret{ObjectMeta: metav1.ObjectMeta{ + Name: encryption.SecretRef.Name, + Namespace: s.namespace, + }}); err != nil { + if !apierrors.IsNotFound(err) { + return nil, fmt.Errorf("error deleting onmetal encryption secret: %w", err) + } + return nil, status.Errorf(codes.NotFound, "secret %s not found", encryption.SecretRef.Name) + } + } + log.V(1).Info("Deleting volume") if err := s.client.Delete(ctx, onmetalVolume.Volume); err != nil { if !apierrors.IsNotFound(err) { diff --git a/ori/apis/volume/v1alpha1/api.pb.go b/ori/apis/volume/v1alpha1/api.pb.go index 44b94ab36..b1dd00d55 100644 --- a/ori/apis/volume/v1alpha1/api.pb.go +++ b/ori/apis/volume/v1alpha1/api.pb.go @@ -158,10 +158,56 @@ func (m *VolumeResources) GetStorageBytes() uint64 { return 0 } +type EncryptionSpec struct { + SecretData map[string][]byte `protobuf:"bytes,1,rep,name=secret_data,json=secretData,proto3" json:"secret_data,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *EncryptionSpec) Reset() { *m = EncryptionSpec{} } +func (*EncryptionSpec) ProtoMessage() {} +func (*EncryptionSpec) Descriptor() ([]byte, []int) { + return fileDescriptor_00212fb1f9d3bf1c, []int{2} +} +func (m *EncryptionSpec) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *EncryptionSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_EncryptionSpec.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *EncryptionSpec) XXX_Merge(src proto.Message) { + xxx_messageInfo_EncryptionSpec.Merge(m, src) +} +func (m *EncryptionSpec) XXX_Size() int { + return m.Size() +} +func (m *EncryptionSpec) XXX_DiscardUnknown() { + xxx_messageInfo_EncryptionSpec.DiscardUnknown(m) +} + +var xxx_messageInfo_EncryptionSpec proto.InternalMessageInfo + +func (m *EncryptionSpec) GetSecretData() map[string][]byte { + if m != nil { + return m.SecretData + } + return nil +} + type VolumeSpec struct { Image string `protobuf:"bytes,1,opt,name=image,proto3" json:"image,omitempty"` Class string `protobuf:"bytes,2,opt,name=class,proto3" json:"class,omitempty"` Resources *VolumeResources `protobuf:"bytes,3,opt,name=resources,proto3" json:"resources,omitempty"` + Encryption *EncryptionSpec `protobuf:"bytes,4,opt,name=encryption,proto3" json:"encryption,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_sizecache int32 `json:"-"` } @@ -169,7 +215,7 @@ type VolumeSpec struct { func (m *VolumeSpec) Reset() { *m = VolumeSpec{} } func (*VolumeSpec) ProtoMessage() {} func (*VolumeSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{2} + return fileDescriptor_00212fb1f9d3bf1c, []int{3} } func (m *VolumeSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -219,6 +265,13 @@ func (m *VolumeSpec) GetResources() *VolumeResources { return nil } +func (m *VolumeSpec) GetEncryption() *EncryptionSpec { + if m != nil { + return m.Encryption + } + return nil +} + type VolumeStatus struct { State VolumeState `protobuf:"varint,1,opt,name=state,proto3,enum=volume.v1alpha1.VolumeState" json:"state,omitempty"` Access *VolumeAccess `protobuf:"bytes,2,opt,name=access,proto3" json:"access,omitempty"` @@ -229,7 +282,7 @@ type VolumeStatus struct { func (m *VolumeStatus) Reset() { *m = VolumeStatus{} } func (*VolumeStatus) ProtoMessage() {} func (*VolumeStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{3} + return fileDescriptor_00212fb1f9d3bf1c, []int{4} } func (m *VolumeStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -283,7 +336,7 @@ type Volume struct { func (m *Volume) Reset() { *m = Volume{} } func (*Volume) ProtoMessage() {} func (*Volume) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{4} + return fileDescriptor_00212fb1f9d3bf1c, []int{5} } func (m *Volume) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -343,7 +396,7 @@ type VolumeClassCapabilities struct { func (m *VolumeClassCapabilities) Reset() { *m = VolumeClassCapabilities{} } func (*VolumeClassCapabilities) ProtoMessage() {} func (*VolumeClassCapabilities) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{5} + return fileDescriptor_00212fb1f9d3bf1c, []int{6} } func (m *VolumeClassCapabilities) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -396,7 +449,7 @@ type VolumeClass struct { func (m *VolumeClass) Reset() { *m = VolumeClass{} } func (*VolumeClass) ProtoMessage() {} func (*VolumeClass) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{6} + return fileDescriptor_00212fb1f9d3bf1c, []int{7} } func (m *VolumeClass) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -451,7 +504,7 @@ type VolumeAccess struct { func (m *VolumeAccess) Reset() { *m = VolumeAccess{} } func (*VolumeAccess) ProtoMessage() {} func (*VolumeAccess) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{7} + return fileDescriptor_00212fb1f9d3bf1c, []int{8} } func (m *VolumeAccess) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -517,7 +570,7 @@ type ListVolumesRequest struct { func (m *ListVolumesRequest) Reset() { *m = ListVolumesRequest{} } func (*ListVolumesRequest) ProtoMessage() {} func (*ListVolumesRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{8} + return fileDescriptor_00212fb1f9d3bf1c, []int{9} } func (m *ListVolumesRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -562,7 +615,7 @@ type ListVolumesResponse struct { func (m *ListVolumesResponse) Reset() { *m = ListVolumesResponse{} } func (*ListVolumesResponse) ProtoMessage() {} func (*ListVolumesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{9} + return fileDescriptor_00212fb1f9d3bf1c, []int{10} } func (m *ListVolumesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -607,7 +660,7 @@ type CreateVolumeRequest struct { func (m *CreateVolumeRequest) Reset() { *m = CreateVolumeRequest{} } func (*CreateVolumeRequest) ProtoMessage() {} func (*CreateVolumeRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{10} + return fileDescriptor_00212fb1f9d3bf1c, []int{11} } func (m *CreateVolumeRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -652,7 +705,7 @@ type CreateVolumeResponse struct { func (m *CreateVolumeResponse) Reset() { *m = CreateVolumeResponse{} } func (*CreateVolumeResponse) ProtoMessage() {} func (*CreateVolumeResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{11} + return fileDescriptor_00212fb1f9d3bf1c, []int{12} } func (m *CreateVolumeResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -697,7 +750,7 @@ type DeleteVolumeRequest struct { func (m *DeleteVolumeRequest) Reset() { *m = DeleteVolumeRequest{} } func (*DeleteVolumeRequest) ProtoMessage() {} func (*DeleteVolumeRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{12} + return fileDescriptor_00212fb1f9d3bf1c, []int{13} } func (m *DeleteVolumeRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -741,7 +794,7 @@ type DeleteVolumeResponse struct { func (m *DeleteVolumeResponse) Reset() { *m = DeleteVolumeResponse{} } func (*DeleteVolumeResponse) ProtoMessage() {} func (*DeleteVolumeResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{13} + return fileDescriptor_00212fb1f9d3bf1c, []int{14} } func (m *DeleteVolumeResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -778,7 +831,7 @@ type ListVolumeClassesRequest struct { func (m *ListVolumeClassesRequest) Reset() { *m = ListVolumeClassesRequest{} } func (*ListVolumeClassesRequest) ProtoMessage() {} func (*ListVolumeClassesRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{14} + return fileDescriptor_00212fb1f9d3bf1c, []int{15} } func (m *ListVolumeClassesRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -816,7 +869,7 @@ type ListVolumeClassesResponse struct { func (m *ListVolumeClassesResponse) Reset() { *m = ListVolumeClassesResponse{} } func (*ListVolumeClassesResponse) ProtoMessage() {} func (*ListVolumeClassesResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{15} + return fileDescriptor_00212fb1f9d3bf1c, []int{16} } func (m *ListVolumeClassesResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -857,6 +910,8 @@ func init() { proto.RegisterType((*VolumeFilter)(nil), "volume.v1alpha1.VolumeFilter") proto.RegisterMapType((map[string]string)(nil), "volume.v1alpha1.VolumeFilter.LabelSelectorEntry") proto.RegisterType((*VolumeResources)(nil), "volume.v1alpha1.VolumeResources") + proto.RegisterType((*EncryptionSpec)(nil), "volume.v1alpha1.EncryptionSpec") + proto.RegisterMapType((map[string][]byte)(nil), "volume.v1alpha1.EncryptionSpec.SecretDataEntry") proto.RegisterType((*VolumeSpec)(nil), "volume.v1alpha1.VolumeSpec") proto.RegisterType((*VolumeStatus)(nil), "volume.v1alpha1.VolumeStatus") proto.RegisterType((*Volume)(nil), "volume.v1alpha1.Volume") @@ -878,65 +933,68 @@ func init() { func init() { proto.RegisterFile("api.proto", fileDescriptor_00212fb1f9d3bf1c) } var fileDescriptor_00212fb1f9d3bf1c = []byte{ - // 924 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x56, 0xdd, 0x6e, 0x1b, 0x45, - 0x14, 0xf6, 0xda, 0xa9, 0x69, 0x8e, 0x1d, 0xc7, 0x4c, 0xa2, 0xd6, 0x6c, 0x5b, 0x2b, 0xda, 0x82, - 0x14, 0x2a, 0xc5, 0x4b, 0x8c, 0xf8, 0x95, 0xa0, 0x38, 0x89, 0x5b, 0x22, 0x9c, 0x04, 0x4d, 0xd4, - 0x20, 0x55, 0x42, 0x66, 0x76, 0x3d, 0x75, 0x06, 0xd6, 0xde, 0x65, 0x67, 0xd6, 0x22, 0x77, 0x3c, - 0x02, 0x77, 0x3c, 0x04, 0x4f, 0xc0, 0x1b, 0xf4, 0x92, 0x4b, 0x24, 0x6e, 0x68, 0x78, 0x11, 0x34, - 0x3f, 0xbb, 0x59, 0xc7, 0x3f, 0x4d, 0xaf, 0x3c, 0x73, 0xfc, 0x9d, 0xef, 0xfb, 0xe6, 0x9c, 0x33, - 0xa3, 0x85, 0x55, 0x12, 0xb1, 0x56, 0x14, 0x87, 0x22, 0x44, 0xeb, 0x93, 0x30, 0x48, 0x46, 0xb4, - 0x35, 0xd9, 0x25, 0x41, 0x74, 0x4e, 0x76, 0xed, 0x9d, 0x21, 0x13, 0xe7, 0x89, 0xd7, 0xf2, 0xc3, - 0x91, 0x3b, 0x0c, 0x87, 0xa1, 0xab, 0x70, 0x5e, 0xf2, 0x42, 0xed, 0xd4, 0x46, 0xad, 0x74, 0xbe, - 0xfd, 0x38, 0x07, 0x0f, 0xc7, 0x23, 0x2a, 0x48, 0x90, 0xfe, 0xee, 0x90, 0x88, 0xb9, 0x61, 0xcc, - 0x5c, 0x12, 0x31, 0xee, 0xca, 0x90, 0x9b, 0xaa, 0xb8, 0x99, 0x01, 0xe7, 0x4f, 0x0b, 0xaa, 0x67, - 0xca, 0xc3, 0x13, 0x16, 0x08, 0x1a, 0xa3, 0x1a, 0x14, 0xd9, 0xa0, 0x61, 0x6d, 0x59, 0xdb, 0xab, - 0xb8, 0xc8, 0x06, 0xe8, 0x3b, 0xa8, 0x05, 0xc4, 0xa3, 0x41, 0x9f, 0xd3, 0x80, 0xfa, 0x22, 0x8c, - 0x1b, 0xc5, 0xad, 0xd2, 0x76, 0xa5, 0xfd, 0x41, 0xeb, 0x9a, 0xf5, 0x56, 0x9e, 0xa6, 0xd5, 0x93, - 0x39, 0xa7, 0x26, 0xa5, 0x3b, 0x16, 0xf1, 0x05, 0x5e, 0x0b, 0xf2, 0x31, 0xfb, 0x2b, 0x40, 0xb3, - 0x20, 0x54, 0x87, 0xd2, 0x4f, 0xf4, 0xc2, 0xe8, 0xcb, 0x25, 0xda, 0x84, 0x5b, 0x13, 0x12, 0x24, - 0xb4, 0x51, 0x54, 0x31, 0xbd, 0xf9, 0xbc, 0xf8, 0xa9, 0xe5, 0x7c, 0x0c, 0xeb, 0x5a, 0x13, 0x53, - 0x1e, 0x26, 0xb1, 0x4f, 0x39, 0x7a, 0x08, 0x6b, 0x5c, 0x84, 0x31, 0x19, 0xd2, 0xbe, 0x77, 0x21, - 0x28, 0x57, 0x44, 0x2b, 0xb8, 0x6a, 0x82, 0x7b, 0x32, 0xe6, 0xfc, 0x02, 0xa0, 0xf3, 0x4e, 0x23, - 0xea, 0x4b, 0x7e, 0x36, 0x22, 0x43, 0x6a, 0x34, 0xf5, 0x46, 0x46, 0xfd, 0x80, 0x70, 0x9e, 0xaa, - 0xaa, 0x0d, 0xfa, 0x12, 0x56, 0xe3, 0x54, 0xab, 0x51, 0xda, 0xb2, 0xb6, 0x2b, 0xed, 0xad, 0x05, - 0x75, 0xc8, 0x3c, 0xe1, 0xab, 0x14, 0xe7, 0x22, 0x2d, 0xf6, 0xa9, 0x20, 0x22, 0xe1, 0xa8, 0x0d, - 0xb7, 0xb8, 0x20, 0x42, 0x6b, 0xd7, 0xda, 0xf7, 0x17, 0x70, 0x49, 0x34, 0xc5, 0x1a, 0x8a, 0x3e, - 0x82, 0x32, 0xf1, 0x7d, 0x6a, 0xac, 0x55, 0xda, 0x0f, 0x16, 0x24, 0x75, 0x14, 0x08, 0x1b, 0xb0, - 0xf3, 0x87, 0x05, 0x65, 0xfd, 0x07, 0xfa, 0x0c, 0x6e, 0xcb, 0x71, 0x18, 0x10, 0x41, 0x94, 0xb0, - 0xe4, 0x90, 0x81, 0x2b, 0x86, 0x13, 0xef, 0x47, 0xea, 0x8b, 0x23, 0x03, 0xc2, 0x19, 0x1c, 0xb9, - 0xb0, 0xc2, 0x23, 0xea, 0x1b, 0xe9, 0x7b, 0x8b, 0xfc, 0x46, 0xd4, 0xc7, 0x0a, 0x28, 0xdd, 0x72, - 0x75, 0x56, 0x53, 0xae, 0x07, 0x4b, 0x8e, 0x98, 0x70, 0x6c, 0xc0, 0xce, 0x63, 0xb8, 0xab, 0xe3, - 0xfb, 0xb2, 0xee, 0xfb, 0x24, 0x22, 0x1e, 0x0b, 0x98, 0x60, 0x94, 0xcb, 0x09, 0x11, 0x91, 0x6e, - 0x6c, 0x09, 0xcb, 0x25, 0x42, 0xb0, 0xc2, 0xc2, 0x48, 0xd7, 0xa3, 0x84, 0xd5, 0xda, 0x09, 0xa1, - 0x92, 0x23, 0x90, 0x90, 0x31, 0x19, 0xa5, 0x3d, 0x56, 0x6b, 0xd4, 0x83, 0xaa, 0x9f, 0x23, 0x36, - 0x67, 0xda, 0x5e, 0x60, 0x70, 0xc6, 0x08, 0x9e, 0xca, 0x76, 0xfe, 0x29, 0xa6, 0xbd, 0xd5, 0x85, - 0x47, 0x77, 0xa0, 0x3c, 0x88, 0xd9, 0x84, 0xc6, 0x46, 0xd4, 0xec, 0x64, 0xfc, 0x9c, 0x8c, 0x07, - 0x41, 0x3a, 0xd0, 0x66, 0x87, 0x8e, 0x00, 0x88, 0x10, 0x31, 0xf3, 0x12, 0xa1, 0x86, 0x4b, 0x5e, - 0xb2, 0x9d, 0xa5, 0xbd, 0x6d, 0x75, 0x32, 0xbc, 0xbe, 0x61, 0x39, 0x02, 0x74, 0x0c, 0x15, 0x4e, - 0xfd, 0x98, 0x8a, 0xbe, 0xea, 0xf3, 0xca, 0x4d, 0xf8, 0x4e, 0x55, 0xc2, 0x01, 0x11, 0xc4, 0xf0, - 0xf1, 0x2c, 0x60, 0x7f, 0x01, 0xeb, 0xd7, 0xe4, 0xde, 0xe4, 0xae, 0xca, 0xf4, 0x6b, 0xec, 0xaf, - 0x4b, 0xaf, 0xe6, 0xaf, 0xfa, 0x37, 0x80, 0x7a, 0x8c, 0x0b, 0xed, 0x96, 0x63, 0xfa, 0x73, 0x42, - 0xb9, 0x90, 0xc3, 0xf5, 0x42, 0x3d, 0x37, 0xd9, 0x18, 0x2f, 0x7b, 0x93, 0xb0, 0x01, 0x3b, 0x5f, - 0xc3, 0xc6, 0x14, 0x19, 0x8f, 0xc2, 0x31, 0xa7, 0x68, 0x17, 0xde, 0xd2, 0xe9, 0x72, 0xb8, 0x64, - 0xb5, 0xee, 0x2e, 0xba, 0xda, 0x29, 0xce, 0x79, 0x02, 0x1b, 0xfb, 0x31, 0x25, 0x82, 0xa6, 0x77, - 0x5e, 0xfb, 0x72, 0xa1, 0xac, 0x11, 0xc6, 0xd7, 0x42, 0x22, 0x03, 0x73, 0x9e, 0xc2, 0xe6, 0x34, - 0x8f, 0xb1, 0xf4, 0xc6, 0x44, 0x6d, 0xd8, 0x38, 0xa0, 0x01, 0xbd, 0x6e, 0xe8, 0x1e, 0xac, 0x6a, - 0x40, 0x3f, 0x7b, 0xdb, 0x6f, 0xeb, 0xc0, 0xe1, 0xc0, 0xb9, 0x03, 0x9b, 0xd3, 0x39, 0x5a, 0xdc, - 0xb1, 0xa1, 0x71, 0x55, 0x26, 0x35, 0xfe, 0x59, 0xe5, 0x9d, 0x1f, 0xe0, 0x9d, 0x39, 0xff, 0x19, - 0xd7, 0xfb, 0x50, 0x33, 0x6a, 0xbe, 0xfe, 0xc7, 0xd4, 0xf3, 0xfe, 0xb2, 0xab, 0x85, 0xd7, 0x26, - 0x79, 0xb2, 0x47, 0x87, 0xe9, 0x05, 0x56, 0x8f, 0x1f, 0x42, 0x50, 0x3b, 0x3b, 0xe9, 0x3d, 0x3b, - 0xea, 0xf6, 0xbf, 0xed, 0x1e, 0x1f, 0x1c, 0x1e, 0x3f, 0xad, 0x17, 0xd0, 0x26, 0xd4, 0x4d, 0xac, - 0x73, 0xd6, 0x39, 0xec, 0x75, 0xf6, 0x7a, 0xdd, 0xba, 0x85, 0xea, 0x50, 0x35, 0xd1, 0x2e, 0xc6, - 0x27, 0xb8, 0x5e, 0x6c, 0xff, 0x5e, 0x82, 0x35, 0x73, 0xb6, 0x64, 0x2c, 0xd8, 0x88, 0xa2, 0xe7, - 0x50, 0xc9, 0x4d, 0x00, 0x7a, 0x38, 0x63, 0x6c, 0x76, 0xd8, 0xec, 0x77, 0x97, 0x83, 0x4c, 0xd1, - 0x0a, 0xe8, 0x7b, 0xa8, 0xe6, 0x7b, 0x89, 0x66, 0xf3, 0xe6, 0x8c, 0x8c, 0xfd, 0xde, 0x6b, 0x50, - 0x79, 0xfa, 0x7c, 0xb7, 0xe6, 0xd0, 0xcf, 0x19, 0x80, 0x39, 0xf4, 0x73, 0x5b, 0x5e, 0x40, 0x01, - 0xbc, 0x3d, 0xd3, 0x58, 0xf4, 0xfe, 0x92, 0xa3, 0x4f, 0x0f, 0x86, 0xfd, 0xe8, 0x26, 0xd0, 0x54, - 0x6d, 0xef, 0xd9, 0xcb, 0x57, 0x4d, 0xeb, 0xef, 0x57, 0xcd, 0xc2, 0xaf, 0x97, 0x4d, 0xeb, 0xe5, - 0x65, 0xd3, 0xfa, 0xeb, 0xb2, 0x69, 0xfd, 0x7b, 0xd9, 0xb4, 0x7e, 0xfb, 0xaf, 0x59, 0x78, 0xfe, - 0xc9, 0x4d, 0x3f, 0x6e, 0xb4, 0x64, 0xf6, 0x79, 0xe3, 0x95, 0xd5, 0xb7, 0xcd, 0x87, 0xff, 0x07, - 0x00, 0x00, 0xff, 0xff, 0xe6, 0x8b, 0x5c, 0x26, 0x69, 0x09, 0x00, 0x00, + // 973 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x56, 0xdd, 0x6e, 0x1b, 0x45, + 0x14, 0xf6, 0xda, 0x8e, 0x69, 0x8e, 0x1d, 0xc7, 0x4c, 0xac, 0xd6, 0xb8, 0xad, 0x89, 0xb6, 0x20, + 0x85, 0x4a, 0xf1, 0x12, 0x23, 0x7e, 0x25, 0x08, 0x4e, 0xe2, 0x96, 0x08, 0x27, 0xa9, 0x26, 0x6a, + 0x90, 0x2a, 0x21, 0x33, 0x5e, 0x4f, 0x9d, 0x81, 0xf5, 0xee, 0xb2, 0x33, 0x6b, 0xc9, 0x77, 0x3c, + 0x02, 0x77, 0x5c, 0x73, 0xcd, 0x13, 0xf4, 0x0d, 0x7a, 0xc9, 0x25, 0x12, 0x37, 0x34, 0xbc, 0x08, + 0xda, 0x99, 0xd9, 0xcd, 0x3a, 0xfe, 0x49, 0x22, 0xae, 0x3c, 0x73, 0xe6, 0x3b, 0xdf, 0xf9, 0xce, + 0xcf, 0x8c, 0x17, 0x56, 0x89, 0xcf, 0x9a, 0x7e, 0xe0, 0x09, 0x0f, 0xad, 0x8f, 0x3d, 0x27, 0x1c, + 0xd1, 0xe6, 0x78, 0x87, 0x38, 0xfe, 0x39, 0xd9, 0xa9, 0x6f, 0x0f, 0x99, 0x38, 0x0f, 0xfb, 0x4d, + 0xdb, 0x1b, 0x59, 0x43, 0x6f, 0xe8, 0x59, 0x12, 0xd7, 0x0f, 0x5f, 0xca, 0x9d, 0xdc, 0xc8, 0x95, + 0xf2, 0xaf, 0xef, 0xa6, 0xe0, 0x9e, 0x3b, 0xa2, 0x82, 0x38, 0xf1, 0xef, 0x36, 0xf1, 0x99, 0xe5, + 0x05, 0xcc, 0x22, 0x3e, 0xe3, 0x56, 0x64, 0xb2, 0xe2, 0x28, 0x56, 0x22, 0xc0, 0x7c, 0x65, 0x40, + 0xe9, 0x4c, 0x6a, 0x78, 0xc2, 0x1c, 0x41, 0x03, 0x54, 0x86, 0x2c, 0x1b, 0xd4, 0x8c, 0x4d, 0x63, + 0x6b, 0x15, 0x67, 0xd9, 0x00, 0x7d, 0x07, 0x65, 0x87, 0xf4, 0xa9, 0xd3, 0xe3, 0xd4, 0xa1, 0xb6, + 0xf0, 0x82, 0x5a, 0x76, 0x33, 0xb7, 0x55, 0x6c, 0x7d, 0xd8, 0xbc, 0x22, 0xbd, 0x99, 0xa6, 0x69, + 0x76, 0x23, 0x9f, 0x53, 0xed, 0xd2, 0x71, 0x45, 0x30, 0xc1, 0x6b, 0x4e, 0xda, 0x56, 0xff, 0x1a, + 0xd0, 0x2c, 0x08, 0x55, 0x20, 0xf7, 0x13, 0x9d, 0xe8, 0xf8, 0xd1, 0x12, 0x55, 0x61, 0x65, 0x4c, + 0x9c, 0x90, 0xd6, 0xb2, 0xd2, 0xa6, 0x36, 0x5f, 0x64, 0x3f, 0x33, 0xcc, 0x4f, 0x60, 0x5d, 0xc5, + 0xc4, 0x94, 0x7b, 0x61, 0x60, 0x53, 0x8e, 0x1e, 0xc1, 0x1a, 0x17, 0x5e, 0x40, 0x86, 0xb4, 0xd7, + 0x9f, 0x08, 0xca, 0x25, 0x51, 0x1e, 0x97, 0xb4, 0x71, 0x2f, 0xb2, 0x99, 0xbf, 0x1b, 0x50, 0xee, + 0xb8, 0x76, 0x30, 0xf1, 0x05, 0xf3, 0xdc, 0x53, 0x9f, 0xda, 0xe8, 0x19, 0x14, 0x39, 0xb5, 0x03, + 0x2a, 0x7a, 0x03, 0x22, 0x48, 0xcd, 0x90, 0x29, 0x5a, 0x33, 0x29, 0x4e, 0x7b, 0x35, 0x4f, 0xa5, + 0xcb, 0x01, 0x11, 0x44, 0x65, 0x08, 0x3c, 0x31, 0xd4, 0xbf, 0x84, 0xf5, 0x2b, 0xc7, 0xd7, 0xe5, + 0x56, 0x4a, 0xe7, 0xf6, 0xca, 0x00, 0x50, 0xc9, 0x49, 0x7d, 0x55, 0x58, 0x61, 0x23, 0x32, 0xa4, + 0xda, 0x59, 0x6d, 0x22, 0xab, 0xed, 0x10, 0xce, 0xe3, 0xd2, 0xc8, 0x0d, 0xfa, 0x0a, 0x56, 0x83, + 0xb8, 0x20, 0xb5, 0xdc, 0xa6, 0xb1, 0x55, 0x6c, 0x6d, 0x2e, 0x68, 0x56, 0x52, 0x38, 0x7c, 0xe9, + 0x82, 0x76, 0x01, 0x68, 0x92, 0x67, 0x2d, 0x2f, 0x09, 0xde, 0xbd, 0xa6, 0x14, 0x38, 0xe5, 0x62, + 0x4e, 0xe2, 0x91, 0x3a, 0x15, 0x44, 0x84, 0x1c, 0xb5, 0x60, 0x85, 0x0b, 0x22, 0x94, 0xf8, 0x72, + 0xeb, 0xc1, 0x02, 0x31, 0x11, 0x9a, 0x62, 0x05, 0x45, 0x1f, 0x43, 0x81, 0xd8, 0x36, 0xd5, 0xb9, + 0x15, 0x5b, 0x0f, 0x17, 0x38, 0xb5, 0x25, 0x08, 0x6b, 0xb0, 0xf9, 0x87, 0x01, 0x05, 0x75, 0x80, + 0x3e, 0x87, 0x3b, 0xd1, 0xd0, 0xeb, 0x7e, 0x2a, 0x8e, 0xc8, 0x70, 0xc9, 0x70, 0xd2, 0xff, 0x91, + 0xda, 0xe2, 0x48, 0x83, 0x70, 0x02, 0x47, 0x16, 0xe4, 0xb9, 0x4f, 0x6d, 0x1d, 0xfa, 0xfe, 0x22, + 0xbd, 0x51, 0xde, 0x12, 0x18, 0xa9, 0xe5, 0x32, 0x57, 0x5d, 0xef, 0x87, 0x4b, 0x52, 0x0c, 0x39, + 0xd6, 0x60, 0x73, 0x17, 0xee, 0x29, 0xfb, 0x7e, 0xd4, 0xb8, 0x7d, 0xe2, 0x93, 0x3e, 0x73, 0x98, + 0x60, 0x94, 0x47, 0xb3, 0x22, 0x7c, 0x35, 0xbe, 0x39, 0x1c, 0x2d, 0x11, 0x82, 0x3c, 0xf3, 0x7c, + 0x55, 0x8f, 0x1c, 0x96, 0x6b, 0xd3, 0x83, 0x62, 0x8a, 0x20, 0x82, 0xb8, 0x64, 0x14, 0x0f, 0x89, + 0x5c, 0xa3, 0x2e, 0x94, 0xec, 0x14, 0xb1, 0xce, 0x69, 0x6b, 0x81, 0xc0, 0x19, 0x21, 0x78, 0xca, + 0xdb, 0xfc, 0x3b, 0x1b, 0xf7, 0x56, 0x15, 0x1e, 0xdd, 0x85, 0xc2, 0x20, 0x60, 0x63, 0x1a, 0xe8, + 0xa0, 0x7a, 0x17, 0xd9, 0xcf, 0x89, 0x3b, 0x70, 0xe2, 0x6b, 0xab, 0x77, 0xe8, 0x08, 0x80, 0x08, + 0x11, 0xb0, 0x7e, 0x28, 0xe4, 0x74, 0x46, 0xf7, 0x6c, 0x7b, 0x69, 0x6f, 0x9b, 0xed, 0x04, 0xaf, + 0x6f, 0xd9, 0x25, 0x01, 0x3a, 0x9e, 0xbe, 0xb7, 0xf9, 0x9b, 0xf0, 0x5d, 0x73, 0x6b, 0xaf, 0x84, + 0xbb, 0xcd, 0x8b, 0xf4, 0x7f, 0x2f, 0xfd, 0xb7, 0x80, 0xba, 0x8c, 0x0b, 0xa5, 0x96, 0x63, 0xfa, + 0x73, 0x48, 0xb9, 0x88, 0x86, 0xeb, 0xa5, 0x7c, 0x54, 0x93, 0x31, 0x5e, 0xf6, 0xf2, 0x62, 0x0d, + 0x36, 0xbf, 0x81, 0x8d, 0x29, 0x32, 0xee, 0x7b, 0x2e, 0xa7, 0x68, 0x07, 0xde, 0x52, 0xee, 0x5c, + 0xbf, 0x72, 0xf7, 0x16, 0xbd, 0x0d, 0x31, 0xce, 0x7c, 0x02, 0x1b, 0xfb, 0x01, 0x25, 0x82, 0xc6, + 0x8f, 0x86, 0xd2, 0x65, 0x41, 0x41, 0x21, 0xb4, 0xae, 0x85, 0x44, 0x1a, 0x66, 0x3e, 0x85, 0xea, + 0x34, 0x8f, 0x96, 0x74, 0x6b, 0xa2, 0x16, 0x6c, 0x1c, 0x50, 0x87, 0x5e, 0x15, 0x74, 0x1f, 0x56, + 0x15, 0xa0, 0x97, 0xfc, 0x83, 0xdd, 0x51, 0x86, 0xc3, 0x81, 0x79, 0x17, 0xaa, 0xd3, 0x3e, 0x2a, + 0xb8, 0x59, 0x87, 0xda, 0x65, 0x99, 0xe4, 0xf8, 0x27, 0x95, 0x37, 0x7f, 0x80, 0x77, 0xe6, 0x9c, + 0x69, 0xd5, 0xfb, 0x50, 0xd6, 0xd1, 0x6c, 0x75, 0xa2, 0xeb, 0xf9, 0x60, 0xd9, 0xd5, 0xc2, 0x6b, + 0xe3, 0x34, 0xd9, 0xe3, 0xc3, 0xf8, 0x02, 0xcb, 0xc7, 0x0f, 0x21, 0x28, 0x9f, 0x9d, 0x74, 0x9f, + 0x1f, 0x75, 0x7a, 0xcf, 0x3a, 0xc7, 0x07, 0x87, 0xc7, 0x4f, 0x2b, 0x19, 0x54, 0x85, 0x8a, 0xb6, + 0xb5, 0xcf, 0xda, 0x87, 0xdd, 0xf6, 0x5e, 0xb7, 0x53, 0x31, 0x50, 0x05, 0x4a, 0xda, 0xda, 0xc1, + 0xf8, 0x04, 0x57, 0xb2, 0xad, 0xdf, 0x72, 0xb0, 0xa6, 0x73, 0x0b, 0x5d, 0xc1, 0x46, 0x14, 0xbd, + 0x80, 0x62, 0x6a, 0x02, 0xd0, 0xa3, 0x19, 0x61, 0xb3, 0xc3, 0x56, 0x7f, 0x6f, 0x39, 0x48, 0x17, + 0x2d, 0x83, 0xbe, 0x87, 0x52, 0xba, 0x97, 0x68, 0xd6, 0x6f, 0xce, 0xc8, 0xd4, 0xdf, 0xbf, 0x06, + 0x95, 0xa6, 0x4f, 0x77, 0x6b, 0x0e, 0xfd, 0x9c, 0x01, 0x98, 0x43, 0x3f, 0xb7, 0xe5, 0x19, 0xe4, + 0xc0, 0xdb, 0x33, 0x8d, 0x45, 0x1f, 0x2c, 0x49, 0x7d, 0x7a, 0x30, 0xea, 0x8f, 0x6f, 0x02, 0x8d, + 0xa3, 0xed, 0x3d, 0x7f, 0xfd, 0xa6, 0x61, 0xfc, 0xf5, 0xa6, 0x91, 0xf9, 0xe5, 0xa2, 0x61, 0xbc, + 0xbe, 0x68, 0x18, 0x7f, 0x5e, 0x34, 0x8c, 0x7f, 0x2e, 0x1a, 0xc6, 0xaf, 0xff, 0x36, 0x32, 0x2f, + 0x3e, 0xbd, 0xe9, 0x27, 0x9c, 0x0a, 0x99, 0x7c, 0xc4, 0xf5, 0x0b, 0xf2, 0x0b, 0xee, 0xa3, 0xff, + 0x02, 0x00, 0x00, 0xff, 0xff, 0xbb, 0xc9, 0x91, 0x24, 0x4f, 0x0a, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -1204,6 +1262,50 @@ func (m *VolumeResources) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *EncryptionSpec) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *EncryptionSpec) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *EncryptionSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.SecretData) > 0 { + for k := range m.SecretData { + v := m.SecretData[k] + baseI := i + if len(v) > 0 { + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintApi(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + } + i -= len(k) + copy(dAtA[i:], k) + i = encodeVarintApi(dAtA, i, uint64(len(k))) + i-- + dAtA[i] = 0xa + i = encodeVarintApi(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + func (m *VolumeSpec) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -1224,6 +1326,18 @@ func (m *VolumeSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.Encryption != nil { + { + size, err := m.Encryption.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintApi(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } if m.Resources != nil { { size, err := m.Resources.MarshalToSizedBuffer(dAtA[:i]) @@ -1803,6 +1917,27 @@ func (m *VolumeResources) Size() (n int) { return n } +func (m *EncryptionSpec) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.SecretData) > 0 { + for k, v := range m.SecretData { + _ = k + _ = v + l = 0 + if len(v) > 0 { + l = 1 + len(v) + sovApi(uint64(len(v))) + } + mapEntrySize := 1 + len(k) + sovApi(uint64(len(k))) + l + n += mapEntrySize + 1 + sovApi(uint64(mapEntrySize)) + } + } + return n +} + func (m *VolumeSpec) Size() (n int) { if m == nil { return 0 @@ -1821,6 +1956,10 @@ func (m *VolumeSpec) Size() (n int) { l = m.Resources.Size() n += 1 + l + sovApi(uint64(l)) } + if m.Encryption != nil { + l = m.Encryption.Size() + n += 1 + l + sovApi(uint64(l)) + } return n } @@ -2067,6 +2206,26 @@ func (this *VolumeResources) String() string { }, "") return s } +func (this *EncryptionSpec) String() string { + if this == nil { + return "nil" + } + keysForSecretData := make([]string, 0, len(this.SecretData)) + for k, _ := range this.SecretData { + keysForSecretData = append(keysForSecretData, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForSecretData) + mapStringForSecretData := "map[string][]byte{" + for _, k := range keysForSecretData { + mapStringForSecretData += fmt.Sprintf("%v: %v,", k, this.SecretData[k]) + } + mapStringForSecretData += "}" + s := strings.Join([]string{`&EncryptionSpec{`, + `SecretData:` + mapStringForSecretData + `,`, + `}`, + }, "") + return s +} func (this *VolumeSpec) String() string { if this == nil { return "nil" @@ -2075,6 +2234,7 @@ func (this *VolumeSpec) String() string { `Image:` + fmt.Sprintf("%v", this.Image) + `,`, `Class:` + fmt.Sprintf("%v", this.Class) + `,`, `Resources:` + strings.Replace(this.Resources.String(), "VolumeResources", "VolumeResources", 1) + `,`, + `Encryption:` + strings.Replace(this.Encryption.String(), "EncryptionSpec", "EncryptionSpec", 1) + `,`, `}`, }, "") return s @@ -2531,6 +2691,184 @@ func (m *VolumeResources) Unmarshal(dAtA []byte) error { } return nil } +func (m *EncryptionSpec) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApi + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: EncryptionSpec: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: EncryptionSpec: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SecretData", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApi + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthApi + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthApi + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.SecretData == nil { + m.SecretData = make(map[string][]byte) + } + var mapkey string + mapvalue := []byte{} + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApi + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApi + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthApi + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthApi + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var mapbyteLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApi + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + mapbyteLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intMapbyteLen := int(mapbyteLen) + if intMapbyteLen < 0 { + return ErrInvalidLengthApi + } + postbytesIndex := iNdEx + intMapbyteLen + if postbytesIndex < 0 { + return ErrInvalidLengthApi + } + if postbytesIndex > l { + return io.ErrUnexpectedEOF + } + mapvalue = make([]byte, mapbyteLen) + copy(mapvalue, dAtA[iNdEx:postbytesIndex]) + iNdEx = postbytesIndex + } else { + iNdEx = entryPreIndex + skippy, err := skipApi(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthApi + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.SecretData[mapkey] = mapvalue + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipApi(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthApi + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *VolumeSpec) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -2660,6 +2998,42 @@ func (m *VolumeSpec) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Encryption", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApi + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthApi + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthApi + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Encryption == nil { + m.Encryption = &EncryptionSpec{} + } + if err := m.Encryption.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApi(dAtA[iNdEx:]) diff --git a/ori/apis/volume/v1alpha1/api.proto b/ori/apis/volume/v1alpha1/api.proto index 22af5fc8d..588452191 100644 --- a/ori/apis/volume/v1alpha1/api.proto +++ b/ori/apis/volume/v1alpha1/api.proto @@ -31,10 +31,15 @@ message VolumeResources { uint64 storage_bytes = 1; } +message EncryptionSpec { + map secret_data = 1; +} + message VolumeSpec { string image = 1; string class = 2; VolumeResources resources = 3; + EncryptionSpec encryption = 4; } message VolumeStatus { diff --git a/poollet/volumepoollet/controllers/volume_controller.go b/poollet/volumepoollet/controllers/volume_controller.go index d8ac340e8..042205feb 100644 --- a/poollet/volumepoollet/controllers/volume_controller.go +++ b/poollet/volumepoollet/controllers/volume_controller.go @@ -261,6 +261,27 @@ func (r *VolumeReconciler) prepareORIVolumeClass(ctx context.Context, volume *st return class.Name, true, nil } +func (r *VolumeReconciler) prepareORIVolumeEncryption(ctx context.Context, encryption *storagev1alpha1.VolumeEncryption) (*ori.EncryptionSpec, bool, error) { + if encryption == nil { + return nil, true, nil + } + + encryptionSecret := &corev1.Secret{} + encryptionSecretKey := client.ObjectKey{Name: encryption.SecretRef.Name} + if err := r.Get(ctx, encryptionSecretKey, encryptionSecret); err != nil { + err = fmt.Errorf("error getting volume encryption secret %s: %w", encryptionSecretKey, err) + if !apierrors.IsNotFound(err) { + return nil, false, fmt.Errorf("error getting volume encryption secret %s: %w", encryption.SecretRef.Name, err) + } + return nil, false, nil + } + + return &ori.EncryptionSpec{ + //Todo: null check needed? + SecretData: encryptionSecret.Data, + }, true, nil +} + func (r *VolumeReconciler) prepareORIVolumeResources(_ context.Context, _ *storagev1alpha1.Volume, resources corev1alpha1.ResourceList) (*ori.VolumeResources, bool, error) { storageBytes := resources.Storage().AsDec().UnscaledBig().Uint64() @@ -284,6 +305,15 @@ func (r *VolumeReconciler) prepareORIVolume(ctx context.Context, log logr.Logger ok = false } + log.V(1).Info("Getting encryption secret") + encryption, encryptionOK, err := r.prepareORIVolumeEncryption(ctx, volume.Spec.Encryption) + switch { + case err != nil: + errs = append(errs, fmt.Errorf("error preparing ori volume class: %w", err)) + case !encryptionOK: + ok = false + } + resources, resourcesOK, err := r.prepareORIVolumeResources(ctx, volume, volume.Spec.Resources) switch { case err != nil: @@ -304,9 +334,10 @@ func (r *VolumeReconciler) prepareORIVolume(ctx context.Context, log logr.Logger return &ori.Volume{ Metadata: metadata, Spec: &ori.VolumeSpec{ - Image: volume.Spec.Image, - Class: class, - Resources: resources, + Image: volume.Spec.Image, + Class: class, + Resources: resources, + Encryption: encryption, }, }, true, nil }