github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-11 06:02:18 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #112703 from enj/enj/r/kms_cleanup

Browse Source 
encryption config: no-op refactor to prepare for single loading
This commit is contained in:
Kubernetes Prow Robot
2022-09-26 14:50:26 -07:00
committed by GitHub
parent a54d8d8add db850931a8
commit 24377fa7a1
7 changed files with 269 additions and 314 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/integration/controlplane/transformation/kmsv2_transformation_test.go
View File

@@ -98,7 +98,7 @@ func (r envelopekmsv2) plainTextPayload(secretETCDPath string) ([]byte, error) {
// TestKMSv2Provider is an integration test between KubeAPI, ETCD and KMSv2 Plugin
// Concretely, this test verifies the following integration contracts:
// 1. Raw records in ETCD that were processed by KMSv2 Provider should be prefixed with []byte{'e', 'k', '8', 's', 0}
// 1. Raw records in ETCD that were processed by KMSv2 Provider should be prefixed with k8s:enc:kms:v2:<plugin name>:
// 2. Data Encryption Key (DEK) should be generated by envelopeTransformer and passed to KMS gRPC Plugin
// 3. KMS gRPC Plugin should encrypt the DEK with a Key Encryption Key (KEK) and pass it back to envelopeTransformer
// 4. The cipherTextPayload (ex. Secret) should be encrypted via AES GCM transform