Fix typos and misc refactors

Signed-off-by: Niraj Yadav <niryadav@redhat.com>
ceph · Jun 25, 2024 · 1a8fd84 · 1a8fd84
1 parent 84ac4d2
commit 1a8fd84
Show file tree

Hide file tree

Showing 5 changed files with 77 additions and 73 deletions.
diff --git a/internal/rbd/encryption.go b/internal/rbd/encryption.go
@@ -442,3 +442,68 @@ func (ri *rbdImage) RemoveDEK(ctx context.Context, volumeID string) error {
 func GetEncryptionPassphraseSize() int {
 	return encryptionPassphraseSize
 }
+
+// RotateKey processes the key rotation for the RBD Volume
+func (rv *rbdVolume) RotateEncryptionKey(ctx context.Context) error {
+	if !rv.isBlockEncrypted() {
+		return fmt.Errorf("key rotation not supported for the encryption type")
+	}
+
+	// Verify that the underlying device has been setup for encryption
+	currState, err := rv.checkRbdImageEncrypted(ctx)
+	if err != nil {
+		return fmt.Errorf("error: %v while checking encrpytion state", err)
+	}
+
+	if currState != rbdImageEncrypted {
+		return fmt.Errorf("key rotation not supported for unencrypted device")
+	}
+
+	// Get the device path for the underlying image
+	useNbd := rv.Mounter == rbdNbdMounter && hasNBD
+	devicePath, found := waitForPath(ctx, rv.Pool, rv.RadosNamespace, rv.RbdImageName, 1, useNbd)
+	if !found {
+		return fmt.Errorf("unable to get the device path for the image")
+	}
+
+	// Step 1: Get the current passphrase
+	oldPassphrase, err := rv.blockEncryption.GetCryptoPassphrase(ctx, rv.VolID)
+	if err != nil {
+		return fmt.Errorf("error in fetching the current passphrase: %v", err)
+	}
+
+	// Step 2: Add current key to slot 1
+	err = util.LuksAddKey(devicePath, oldPassphrase, oldPassphrase, "1")
+	if err != nil {
+		return fmt.Errorf("error in adding curr key to slot 1: %v", err)
+	}
+
+	// Step 3: Generate new key and add it to slot 0
+	newPassphrase, err := rv.blockEncryption.GetNewCryptoPassphrase(
+		GetEncryptionPassphraseSize())
+	if err != nil {
+		return fmt.Errorf("error in generating a new passphrase: %v", err)
+	}
+
+	err = util.LuksAddKey(devicePath, oldPassphrase, newPassphrase, "0")
+	if err != nil {
+		return fmt.Errorf("error in adding the new key to slot 0: %v", err)
+	}
+
+	// Step 4: Add the new key to KMS
+	err = rv.blockEncryption.StoreCryptoPassphrase(ctx, rv.VolID, newPassphrase)
+	if err != nil {
+		return fmt.Errorf("failed to update the new key into the KMS: %v", err)
+	}
+
+	// Step 5: Remove the old key from slot 1
+	// We use the newPassphrase to authenticate LUKS here
+	err = util.LuksRemoveKey(devicePath, newPassphrase, "1")
+	if err != nil {
+		// FIXME: Discuss if we should return an error here
+		return nil
+	}
+
+	// Return error accordingly.
+	return nil
+}
diff --git a/internal/rbd/rbd_util.go b/internal/rbd/rbd_util.go
@@ -2158,68 +2158,3 @@ func (rv *rbdVolume) unsetAllMetadata(keys []string) error {
 
 	return nil
 }
-
-// RotateKey processes the key rotation for the RBD Volume
-func (rv *rbdVolume) RotateEncryptionKey(ctx context.Context) error {
-	if !rv.isBlockEncrypted() {
-		return fmt.Errorf("key rotation not supported for the encryption type")
-	}
-
-	// Verify that the underlying device has been setup for encryption
-	currState, err := rv.checkRbdImageEncrypted(ctx)
-	if err != nil {
-		return fmt.Errorf("error: %v while checking encrpytion state", err)
-	}
-
-	if currState != rbdImageEncrypted {
-		return fmt.Errorf("key rotation not supported for unencrypted device")
-	}
-
-	// Get the device path for the underlying image
-	useNbd := rv.Mounter == rbdNbdMounter && hasNBD
-	devicePath, found := waitForPath(ctx, rv.Pool, rv.RadosNamespace, rv.RbdImageName, 1, useNbd)
-	if !found {
-		return fmt.Errorf("unable to get the device path for the image")
-	}
-
-	// Step 1: Get the current passphrase
-	oldPassphrase, err := rv.blockEncryption.GetCryptoPassphrase(ctx, rv.VolID)
-	if err != nil {
-		return fmt.Errorf("error in fetching the current passphrase: %v", err)
-	}
-
-	// Step 2: Add current key to slot 1
-	err = util.LuksAddKey(devicePath, oldPassphrase, oldPassphrase, "1")
-	if err != nil {
-		return fmt.Errorf("error in adding curr key to slot 1: %v", err)
-	}
-
-	// Step 3: Generate new key and add it to slot 0
-	newPassphrase, err := rv.blockEncryption.GetNewCryptoPassphrase(
-		GetEncryptionPassphraseSize())
-	if err != nil {
-		return fmt.Errorf("error in generating a new passphrase: %v", err)
-	}
-
-	err = util.LuksAddKey(devicePath, oldPassphrase, newPassphrase, "0")
-	if err != nil {
-		return fmt.Errorf("error in adding the new key to slot 0: %v", err)
-	}
-
-	// Step 4: Add the new key to KMS
-	err = rv.blockEncryption.StoreCryptoPassphrase(ctx, rv.VolID, newPassphrase)
-	if err != nil {
-		return fmt.Errorf("failed to update the new key into the KMS: %v", err)
-	}
-
-	// Step 5: Remove the old key from slot 1
-	// We use the newPassphrase to autheticate LUKS here
-	err = util.LuksRemoveKey(devicePath, newPassphrase, "1")
-	if err != nil {
-		// FIXME: Discuss if we should return an error here
-		return nil
-	}
-
-	// Return error accordingly.
-	return nil
-}
diff --git a/internal/util/crypto.go b/internal/util/crypto.go
@@ -237,7 +237,7 @@ func (ve *VolumeEncryption) GetCryptoPassphrase(ctx context.Context, volumeID st
 	return ve.KMS.DecryptDEK(ctx, volumeID, passphrase)
 }
 
-// GetNewCryptoPassphrase return a random passphrase of given length
+// GetNewCryptoPassphrase returns a random passphrase of given length
 func (ve *VolumeEncryption) GetNewCryptoPassphrase(length int) (string, error) {
 	return generateNewEncryptionPassphrase(length)
 }

diff --git a/internal/util/cryptsetup.go b/internal/util/cryptsetup.go
@@ -132,7 +132,7 @@ func LuksAddKey(devicePath, passphrase, newPassphrase, slot string) error {
 		return nil
 	}
 
-	// The exisitng passphrase is wrong and the slot is empty
+	// The existing passphrase is wrong and the slot is empty
 	return err
 }
 

diff --git a/internal/util/file.go b/internal/util/file.go
@@ -16,17 +16,20 @@ limitations under the License.
 
 package util
 
-import "os"
+import (
+	"fmt"
+	"os"
+)
 
 // CreateTempFile create a temporary file with the given string
 // content and returns the reference to the file.
 // The caller is responsible for disposing the file.
-func CreateTempFile(content string) (*os.File, error) {
+func CreateTempFile(contents string) (*os.File, error) {
 	// Create a temp file
 	// FIXME: Discuss location and prefix..
 	file, err := os.CreateTemp("", "")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to create temporary file: %w", err)
 	}
 
 	// In case of error, remove the file if it was created
@@ -37,13 +40,14 @@ func CreateTempFile(content string) (*os.File, error) {
 	}()
 
 	// Write the contents
-	if _, err = file.WriteString(content); err != nil {
-		return nil, err
+	c, err := file.WriteString(contents)
+	if err != nil || c != len(contents) {
+		return nil, fmt.Errorf("failed to write temporary file: %w", err)
 	}
 
 	// Close the handle
 	if err = file.Close(); err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to close temporary file: %w", err)
 	}
 
 	return file, nil