mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-11-06 11:21:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: properly set up tls for KMS endpoint

Browse Source 
The condition was inverted 🤦

Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
This commit is contained in:
Artem Chernyshev 2023-07-10 21:08:02 +03:00
parent cb226eec46
commit 936111ce06
No known key found for this signature in database
GPG Key ID: 9B9D0328B57B443F
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/talosctl/cmd/mgmt/cluster/create.go
View File

@ -455,7 +455,7 @@ func create(ctx context.Context, flags *pflag.FlagSet) (err error) {
keys = append(keys, &v1alpha1.EncryptionKey{ keys = append(keys, &v1alpha1.EncryptionKey{
KeyKMS: &v1alpha1.EncryptionKeyKMS{ KeyKMS: &v1alpha1.EncryptionKeyKMS{
KMSEndpoint: "http://" + nethelpers.JoinHostPort(ip.String(), port), KMSEndpoint: "grpc://" + nethelpers.JoinHostPort(ip.String(), port),
}, },
KeySlot: i, KeySlot: i,
}) })

4
internal/pkg/encryption/keys/kms.go
View File

@ -128,9 +128,9 @@ func (h *KMSKeyHandler) getConn(ctx context.Context) (*grpc.ClientConn, error) {
} }
if endpoint.Insecure { if endpoint.Insecure {
transportCredentials = credentials.NewTLS(&tls.Config{})
} else {
transportCredentials = insecure.NewCredentials() transportCredentials = insecure.NewCredentials()
} else {
transportCredentials = credentials.NewTLS(&tls.Config{})
} }
return grpc.DialContext(ctx, endpoint.Host, grpc.WithTransportCredentials(transportCredentials)) return grpc.DialContext(ctx, endpoint.Host, grpc.WithTransportCredentials(transportCredentials))