CLOUDGA-13901-Restrict updating KMS provider during updateCmk (#142)

yugabyte · May 24, 2023 · aa794ec · aa794ec
1 parent ad9bc77
commit aa794ec
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/cmd/cluster/encryption/encryption.go b/cmd/cluster/encryption/encryption.go
@@ -105,6 +105,10 @@ var updateCmk = &cobra.Command{
 			logrus.Fatalf("Unable to parse new CMK spec: %v", err)
 		}
 
+		if newCmkSpec.GetProviderType() != oldCmkSpec.GetProviderType() {
+			logrus.Fatalf("Modifying KMS provider is not allowed.")
+		}
+
 		// Need to copy over the AWS ARNs
 		if newCmkSpec.GetProviderType() == "AWS" {
 			newCmkSpec.AwsCmkSpec.Get().ArnList = oldCmkSpec.AwsCmkSpec.Get().ArnList