diff --git a/docs/design/proposals/encryption-with-vault-tokens.md b/docs/design/proposals/encryption-with-vault-tokens.md index 7ae74a1a3..906e05c9b 100644 --- a/docs/design/proposals/encryption-with-vault-tokens.md +++ b/docs/design/proposals/encryption-with-vault-tokens.md @@ -203,7 +203,7 @@ kind: secret metadata: name: vault-infosec-ca stringData: - ca.cert: | + cert: | MIIC2DCCAcCgAwIBAgIBATANBgkqh... ``` @@ -216,7 +216,7 @@ kind: secret metadata: name: vault-client-cert stringData: - tls.cert: | + cert: | BATANBgkqcCgAwIBAgIBATANBAwI... ``` @@ -229,7 +229,7 @@ kind: secret metadata: name: vault-client-cert-key stringData: - tls.key: | + key: | KNSC2DVVXcCgkqcCgAwIBAgIwewrvx... ``` @@ -243,10 +243,10 @@ kind: secret metadata: name: vault-certificates stringData: - ca.cert: | + cert: | MIIC2DCCAcCgAwIBAgIBATANBgkqh... - tls.cert: | + cert: | BATANBgkqcCgAwIBAgIBATANBAwI... - tls.key: | + key: | KNSC2DVVXcCgkqcCgAwIBAgIwewrvx... ``` diff --git a/internal/util/vault_tokens.go b/internal/util/vault_tokens.go index 2e80a0264..672e5335b 100644 --- a/internal/util/vault_tokens.go +++ b/internal/util/vault_tokens.go @@ -268,14 +268,14 @@ func (kms *VaultTokensKMS) initCertificates(config map[string]interface{}) error } // ignore errConfigOptionMissing, no default was set if vaultCAFromSecret != "" { - cert, cErr := getCertificate(kms.Tenant, vaultCAFromSecret, "ca.cert") + cert, cErr := getCertificate(kms.Tenant, vaultCAFromSecret, "cert") if cErr != nil && !apierrs.IsNotFound(err) { return fmt.Errorf("failed to get CA certificate from secret %s: %w", vaultCAFromSecret, cErr) } // if the certificate is not present in tenant namespace get it from // cephcsi pod namespace if apierrs.IsNotFound(cErr) { - cert, cErr = getCertificate(csiNamespace, vaultCAFromSecret, "ca.cert") + cert, cErr = getCertificate(csiNamespace, vaultCAFromSecret, "cert") if cErr != nil { return fmt.Errorf("failed to get CA certificate from secret %s: %w", vaultCAFromSecret, cErr) } @@ -293,14 +293,14 @@ func (kms *VaultTokensKMS) initCertificates(config map[string]interface{}) error } // ignore errConfigOptionMissing, no default was set if vaultClientCertFromSecret != "" { - cert, cErr := getCertificate(kms.Tenant, vaultClientCertFromSecret, "tls.cert") + cert, cErr := getCertificate(kms.Tenant, vaultClientCertFromSecret, "cert") if cErr != nil && !apierrs.IsNotFound(cErr) { return fmt.Errorf("failed to get client certificate from secret %s: %w", vaultClientCertFromSecret, cErr) } // if the certificate is not present in tenant namespace get it from // cephcsi pod namespace if apierrs.IsNotFound(cErr) { - cert, cErr = getCertificate(csiNamespace, vaultClientCertFromSecret, "tls.cert") + cert, cErr = getCertificate(csiNamespace, vaultClientCertFromSecret, "cert") if cErr != nil { return fmt.Errorf("failed to get client certificate from secret %s: %w", vaultCAFromSecret, cErr) } @@ -319,14 +319,14 @@ func (kms *VaultTokensKMS) initCertificates(config map[string]interface{}) error // ignore errConfigOptionMissing, no default was set if vaultClientCertKeyFromSecret != "" { - certKey, err := getCertificate(kms.Tenant, vaultClientCertKeyFromSecret, "tls.key") + certKey, err := getCertificate(kms.Tenant, vaultClientCertKeyFromSecret, "key") if err != nil && !apierrs.IsNotFound(err) { return fmt.Errorf("failed to get client certificate key from secret %s: %w", vaultClientCertKeyFromSecret, err) } // if the certificate is not present in tenant namespace get it from // cephcsi pod namespace if apierrs.IsNotFound(err) { - certKey, err = getCertificate(csiNamespace, vaultClientCertFromSecret, "tls.key") + certKey, err = getCertificate(csiNamespace, vaultClientCertFromSecret, "key") if err != nil { return fmt.Errorf("failed to get client certificate key from secret %s: %w", vaultCAFromSecret, err) }