mirror of
				https://git.mirrors.martin98.com/https://github.com/ceph/ceph-csi.git
				synced 2025-10-21 05:31:05 +08:00 
			
		
		
		
	 4f0bb2315b
			
		
	
	
		4f0bb2315b
		
	
	
	
	
		
			
			With Amazon STS and kubernetes cluster is configured with OIDC identity provider, credentials to access Amazon KMS can be fetched using oidc-token(serviceaccount token). Each tenant/namespace needs to create a secret with aws region, role and CMK ARN. Ceph-CSI will assume the given role with oidc token and access aws KMS, with given CMK to encrypt/decrypt DEK which will stored in the image metdata. Refer: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html Resolves: #2879 Signed-off-by: Rakshith R <rar@redhat.com>
		
			
				
	
	
		
			11 lines
		
	
	
		
			269 B
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			11 lines
		
	
	
		
			269 B
		
	
	
	
		
			Go
		
	
	
	
	
	
| package smithy
 | |
| 
 | |
| // Document provides access to loosely structured data in a document-like
 | |
| // format.
 | |
| //
 | |
| // Deprecated: See the github.com/aws/smithy-go/document package.
 | |
| type Document interface {
 | |
| 	UnmarshalDocument(interface{}) error
 | |
| 	GetValue() (interface{}, error)
 | |
| }
 |