kms: refactor RemoveDEK method to accept a context parameter

Signed-off-by: Praveen M <m.praveen@ibm.com>
ceph · Mar 4, 2024 · 4305ca1 · 4305ca1
1 parent 7649c8c
commit 4305ca1
Show file tree

Hide file tree

Showing 9 changed files with 13 additions and 12 deletions.
diff --git a/internal/cephfs/controllerserver.go b/internal/cephfs/controllerserver.go
@@ -596,7 +596,7 @@ func (cs *ControllerServer) cleanUpBackingVolume(
 		// GetSecret enabled KMS the DEKs are stored by
 		// fscrypt on the volume that is going to be deleted anyway.
 		log.DebugLog(ctx, "going to remove DEK for integrated store %q (fscrypt)", volOptions.Encryption.GetID())
-		if err := volOptions.Encryption.RemoveDEK(volID.VolumeID); err != nil {
+		if err := volOptions.Encryption.RemoveDEK(ctx, volID.VolumeID); err != nil {
 			log.WarningLog(ctx, "failed to clean the passphrase for volume %q (file encryption): %s",
 				volOptions.VolID, err)
 		}

diff --git a/internal/kms/azure_vault.go b/internal/kms/azure_vault.go
@@ -195,13 +195,13 @@ func (kms *azureKMS) StoreDEK(key, value string) error {
 }
 
 // RemoveDEK deletes passphrase from Azure key vault.
-func (kms *azureKMS) RemoveDEK(key string) error {
+func (kms *azureKMS) RemoveDEK(ctx context.Context, key string) error {
 	svc, err := kms.getService()
 	if err != nil {
 		return fmt.Errorf("failed to get KMS service: %w", err)
 	}
 
-	_, err = svc.DeleteSecret(context.TODO(), key, nil)
+	_, err = svc.DeleteSecret(ctx, key, nil)
 	if err != nil {
 		return fmt.Errorf("failed to delete seceret %w", err)
 	}

diff --git a/internal/kms/kms.go b/internal/kms/kms.go
@@ -368,7 +368,7 @@ type DEKStore interface {
 	// FetchDEK reads the DEK from the configured store and returns it.
 	FetchDEK(volumeID string) (string, error)
 	// RemoveDEK deletes the DEK from the configured store.
-	RemoveDEK(volumeID string) error
+	RemoveDEK(ctx context.Context, volumeID string) error
 }
 
 // integratedDEK is a DEKStore that can not be configured. Either the KMS does

diff --git a/internal/kms/secretskms.go b/internal/kms/secretskms.go
@@ -90,7 +90,7 @@ func (kms secretsKMS) StoreDEK(key, value string) error {
 
 // RemoveDEK is doing nothing as no new passphrases are saved with
 // secretsKMS.
-func (kms secretsKMS) RemoveDEK(key string) error {
+func (kms secretsKMS) RemoveDEK(ctx context.Context, key string) error {
 	return nil
 }
 

diff --git a/internal/kms/vault.go b/internal/kms/vault.go
@@ -17,6 +17,7 @@ limitations under the License.
 package kms
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"os"
@@ -433,7 +434,7 @@ func (kms *vaultKMS) StoreDEK(key, value string) error {
 }
 
 // RemoveDEK deletes passphrase from Vault.
-func (kms *vaultKMS) RemoveDEK(key string) error {
+func (kms *vaultKMS) RemoveDEK(ctx context.Context, key string) error {
 	pathKey := filepath.Join(kms.vaultPassphrasePath, key)
 	err := kms.secrets.DeleteSecret(pathKey, kms.getDeleteKeyContext())
 	if err != nil {

diff --git a/internal/kms/vault_tokens.go b/internal/kms/vault_tokens.go
@@ -496,7 +496,7 @@ func (vtc *vaultTenantConnection) StoreDEK(key, value string) error {
 }
 
 // RemoveDEK deletes passphrase from Vault.
-func (vtc *vaultTenantConnection) RemoveDEK(key string) error {
+func (vtc *vaultTenantConnection) RemoveDEK(ctx context.Context, key string) error {
 	err := vtc.secrets.DeleteSecret(key, vtc.getDeleteKeyContext())
 	if err != nil {
 		return fmt.Errorf("delete passphrase at %s request to vault failed: %w", key, err)

diff --git a/internal/rbd/encryption.go b/internal/rbd/encryption.go
@@ -426,7 +426,7 @@ func (ri *rbdImage) FetchDEK(volumeID string) (string, error) {
 
 // RemoveDEK does not need to remove the DEK from the metadata, the image is
 // most likely getting removed.
-func (ri *rbdImage) RemoveDEK(volumeID string) error {
+func (ri *rbdImage) RemoveDEK(ctx context.Context, volumeID string) error {
 	if ri.VolID == "" {
 		return fmt.Errorf("BUG: %q does not have VolID set, call "+
 			"stack: %s", ri, util.CallStack())

diff --git a/internal/rbd/rbd_util.go b/internal/rbd/rbd_util.go
@@ -635,14 +635,14 @@ func (ri *rbdImage) deleteImage(ctx context.Context) error {
 
 	if ri.isBlockEncrypted() {
 		log.DebugLog(ctx, "rbd: going to remove DEK for %q (block encryption)", ri)
-		if err = ri.blockEncryption.RemoveDEK(ri.VolID); err != nil {
+		if err = ri.blockEncryption.RemoveDEK(ctx, ri.VolID); err != nil {
 			log.WarningLog(ctx, "failed to clean the passphrase for volume %s (block encryption): %s", ri.VolID, err)
 		}
 	}
 
 	if ri.isFileEncrypted() {
 		log.DebugLog(ctx, "rbd: going to remove DEK for %q (file encryption)", ri)
-		if err = ri.fileEncryption.RemoveDEK(ri.VolID); err != nil {
+		if err = ri.fileEncryption.RemoveDEK(ctx, ri.VolID); err != nil {
 			log.WarningLog(ctx, "failed to clean the passphrase for volume %s (file encryption): %s", ri.VolID, err)
 		}
 	}

diff --git a/internal/util/crypto.go b/internal/util/crypto.go
@@ -189,12 +189,12 @@ func (ve *VolumeEncryption) Destroy() {
 
 // RemoveDEK deletes the DEK for a particular volumeID from the DEKStore linked
 // with this VolumeEncryption instance.
-func (ve *VolumeEncryption) RemoveDEK(volumeID string) error {
+func (ve *VolumeEncryption) RemoveDEK(ctx context.Context, volumeID string) error {
 	if ve.dekStore == nil {
 		return ErrDEKStoreNotFound
 	}
 
-	return ve.dekStore.RemoveDEK(volumeID)
+	return ve.dekStore.RemoveDEK(ctx, volumeID)
 }
 
 func (ve *VolumeEncryption) GetID() string {