diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/BUILD b/staging/src/k8s.io/apiserver/pkg/server/options/BUILD index 6d41fea41494e..f59e033c15776 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/BUILD +++ b/staging/src/k8s.io/apiserver/pkg/server/options/BUILD @@ -10,7 +10,10 @@ load( go_test( name = "go_default_test", - srcs = ["serving_test.go"], + srcs = [ + "encryption_provider_config_test.go", + "serving_test.go", + ], library = ":go_default_library", tags = ["automanaged"], deps = [ @@ -20,6 +23,7 @@ go_test( "//vendor/k8s.io/apimachinery/pkg/version:go_default_library", "//vendor/k8s.io/apiserver/pkg/endpoints/request:go_default_library", "//vendor/k8s.io/apiserver/pkg/server:go_default_library", + "//vendor/k8s.io/apiserver/pkg/storage/value:go_default_library", "//vendor/k8s.io/apiserver/pkg/util/flag:go_default_library", "//vendor/k8s.io/client-go/discovery:go_default_library", "//vendor/k8s.io/client-go/rest:go_default_library", @@ -35,6 +39,7 @@ go_library( "authentication.go", "authorization.go", "doc.go", + "encryption_provider_config.go", "etcd.go", "feature.go", "recommended.go", @@ -43,6 +48,7 @@ go_library( ], tags = ["automanaged"], deps = [ + "//vendor/github.com/ghodss/yaml:go_default_library", "//vendor/github.com/golang/glog:go_default_library", "//vendor/github.com/pborman/uuid:go_default_library", "//vendor/github.com/spf13/pflag:go_default_library", @@ -62,6 +68,8 @@ go_library( "//vendor/k8s.io/apiserver/pkg/server:go_default_library", "//vendor/k8s.io/apiserver/pkg/server/storage:go_default_library", "//vendor/k8s.io/apiserver/pkg/storage/storagebackend:go_default_library", + "//vendor/k8s.io/apiserver/pkg/storage/value:go_default_library", + "//vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes:go_default_library", "//vendor/k8s.io/apiserver/pkg/util/feature:go_default_library", "//vendor/k8s.io/apiserver/pkg/util/flag:go_default_library", "//vendor/k8s.io/apiserver/plugin/pkg/audit/log:go_default_library", diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/encryption_provider_config.go b/staging/src/k8s.io/apiserver/pkg/server/options/encryption_provider_config.go index c964c768d517e..e7f472b4f878a 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/encryption_provider_config.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/encryption_provider_config.go @@ -52,7 +52,7 @@ func (e EncryptionProviderConfig) Set(filepath string) error { if err != nil { return err } - if providerConfig.Kind == "AEAD" { + if providerConfig.Kind == "k8s-aes-gcm" { aead, err := aestransformer.NewGCMTransformerFromConfig(provider) if err != nil { return err @@ -80,6 +80,7 @@ func (e EncryptionProviderConfig) Type() string { // Stores information common to all encryption providers type providerInfo struct { Kind string + Version string Resource string } @@ -100,5 +101,10 @@ func parseProviderInfo(config map[string]interface{}) (providerInfo, error) { return result, fmt.Errorf("ignoring encryption provider \"%s\" without a valid \"resource\" key specified in configuration", result.Kind) } + // Version can be skipped + if version, ok := config["version"]; ok { + result.Version = "-" + fmt.Sprintf("%v", version) + } + return result, nil } diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/encryption_provider_config_test.go b/staging/src/k8s.io/apiserver/pkg/server/options/encryption_provider_config_test.go index 58f6661162d44..1bd52e408a53d 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/encryption_provider_config_test.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/encryption_provider_config_test.go @@ -26,7 +26,7 @@ import ( ) var correctConfig string = ` -- kind: AEAD +- kind: k8s-aes-gcm version: v1 keys: - name: key1 @@ -34,7 +34,7 @@ var correctConfig string = ` - name: key2 secret: dGhpcyBpcyBwYXNzd29yZA== resource: /registry/namespaces -- kind: AEAD +- kind: k8s-aes-gcm version: v1 keys: - name: key2 @@ -45,7 +45,7 @@ var correctConfig string = ` ` var incorrectConfig1 string = ` -- kind: AEAD +- kind: k8s-aes-gcm version: v1 keys: - name: key1 @@ -55,7 +55,7 @@ var incorrectConfig1 string = ` ` var incorrectConfig2 string = ` -- kind: AEAD +- kind: k8s-aes-gcm version: v1 keys: - name: key2 @@ -63,7 +63,7 @@ var incorrectConfig2 string = ` ` var incorrectConfig3 string = ` -- kind: AEAD +- kind: k8s-aes-gcm version: v1 keys: - name: key1 diff --git a/staging/src/k8s.io/apiserver/pkg/storage/value/BUILD b/staging/src/k8s.io/apiserver/pkg/storage/value/BUILD index ac114674283a0..79b2cce5df579 100644 --- a/staging/src/k8s.io/apiserver/pkg/storage/value/BUILD +++ b/staging/src/k8s.io/apiserver/pkg/storage/value/BUILD @@ -17,6 +17,10 @@ go_test( go_library( name = "go_default_library", - srcs = ["transformer.go"], + srcs = [ + "location_transformer.go", + "transformer.go", + "helpers.go", + ], tags = ["automanaged"], ) diff --git a/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes.go b/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes.go index c9b359c7f7846..8b2eeda27f03d 100644 --- a/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes.go +++ b/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes.go @@ -102,9 +102,9 @@ func NewGCMTransformerFromConfig(config map[string]interface{}) (value.Transform Prefix: []byte("k8s-aes-gcm-v1:"), }), nil - } else { - return nil, fmt.Errorf("no valid keys found in configuration for AEAD transformer") } + + return nil, fmt.Errorf("no valid keys found in configuration for k8s-aes-gcm-v1 transformer") } func (t *gcm) TransformFromStorage(data []byte, context value.Context) ([]byte, bool, error) {