ensure optional mount always added to ibmcloud kms pod for appropriat…

…e container build There is a problem in the unmanaged auth path where an optional mount that is necessary for the build out of the container is not getting mounted. It is only getting mounted in the managed auth path. This ensures the volume is added in both paths so unamanged authentication (customer provided authentication) works
gnufied · Jul 28, 2022 · c1537b3 · c1537b3
1 parent 917c954
commit c1537b3
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/control-plane-operator/controllers/hostedcontrolplane/kas/ibmcloud_kms.go b/control-plane-operator/controllers/hostedcontrolplane/kas/ibmcloud_kms.go
@@ -231,7 +231,7 @@ func applyIBMCloudKMSConfig(podSpec *corev1.PodSpec, ibmCloud *hyperv1.IBMCloudK
 	if err != nil {
 		return fmt.Errorf("failed to generate kmsKPInfo env var: %w", err)
 	}
-	podSpec.Volumes = append(podSpec.Volumes, util.BuildVolume(kasVolumeKMSSocket(), buildVolumeKMSSocket))
+	podSpec.Volumes = append(podSpec.Volumes, util.BuildVolume(kasVolumeKMSSocket(), buildVolumeKMSSocket), util.BuildVolume(kasVolumeIBMCloudKMSKP(), buildVolumeIBMCloudKMSKP))
 	var customerAPIKeyReference *corev1.EnvVarSource
 	switch ibmCloud.Auth.Type {
 	case hyperv1.IBMCloudKMSUnmanagedAuth:
@@ -248,7 +248,6 @@ func applyIBMCloudKMSConfig(podSpec *corev1.PodSpec, ibmCloud *hyperv1.IBMCloudK
 		}
 		podSpec.Volumes = append(podSpec.Volumes, util.BuildVolume(kasVolumeIBMCloudKMSCustomerCredentials(), buildVolumeIBMCloudKMSCustomerCredentials(ibmCloud.Auth.Unmanaged.Credentials.Name)))
 	case hyperv1.IBMCloudKMSManagedAuth:
-		podSpec.Volumes = append(podSpec.Volumes, util.BuildVolume(kasVolumeIBMCloudKMSKP(), buildVolumeIBMCloudKMSKP))
 	default:
 		return fmt.Errorf("unrecognized ibmcloud kms auth type %s", ibmCloud.Auth.Type)
 	}