cdh/storage: allow plaintext for mount metadata

Before this commit, the mount metadata of alibaba cloud oss must be a sealed secret. In some scenarios, confidential data hub is not used in kubernetes but CVM. We should allow the users to directly configure the metadata with plaintext. Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
Xynnn007 · Jan 24, 2024 · 2ac098f · 2ac098f
1 parent f1b9088
commit 2ac098f
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/confidential-data-hub/storage/src/volume_type/alibaba_cloud_oss/oss.rs b/confidential-data-hub/storage/src/volume_type/alibaba_cloud_oss/oss.rs
@@ -6,6 +6,7 @@
 use std::os::unix::fs::PermissionsExt;
 
 use base64::{engine::general_purpose::STANDARD, Engine};
+use log::debug;
 use secret::secret::Secret;
 use serde::{Deserialize, Serialize};
 use tokio::{fs, io::AsyncWriteExt, process::Command};
@@ -77,19 +78,19 @@ async fn unseal_secret(secret: Vec<u8>) -> Result<Vec<u8>> {
 
 async fn get_plaintext_secret(secret: &str) -> Result<String> {
     if secret.starts_with("sealed.") {
+        debug!("detected sealed secret");
         let tmp = secret
             .strip_prefix("sealed.")
             .ok_or(Error::SecureMountFailed(
                 "strip_prefix \"sealed.\" failed".to_string(),
             ))?;
         let unsealed = unseal_secret(tmp.into()).await?;
 
-        return String::from_utf8(unsealed)
-            .map_err(|e| Error::SecureMountFailed(format!("convert to String failed: {e}")));
+        String::from_utf8(unsealed)
+            .map_err(|e| Error::SecureMountFailed(format!("convert to String failed: {e}")))
+    } else {
+        Ok(secret.into())
     }
-    Err(Error::SecureMountFailed(
-        "sealed secret format error!".to_string(),
-    ))
 }
 
 impl Oss {