From 2503fa55ff13e3211e9f17fa97f70f9a67f3f6fc Mon Sep 17 00:00:00 2001 From: Monis Khan Date: Thu, 16 May 2024 12:38:42 -0400 Subject: [PATCH] encryptionconfig: detect typos Signed-off-by: Monis Khan --- .../server/options/encryptionconfig/config.go | 2 +- .../options/encryptionconfig/config_test.go | 6 ++++ .../invalid-configs/invalid-typo.yaml | 33 +++++++++++++++++++ 3 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/testdata/invalid-configs/invalid-typo.yaml diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go index 2dbf335b2bb..40879f78e06 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go @@ -130,7 +130,7 @@ func init() { configScheme := runtime.NewScheme() utilruntime.Must(apiserver.AddToScheme(configScheme)) utilruntime.Must(apiserverv1.AddToScheme(configScheme)) - codecs = serializer.NewCodecFactory(configScheme) + codecs = serializer.NewCodecFactory(configScheme, serializer.EnableStrict) envelopemetrics.RegisterMetrics() storagevalue.RegisterMetrics() metrics.RegisterMetrics() diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config_test.go b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config_test.go index 3c342497860..ec9d9ff9c20 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config_test.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config_test.go @@ -232,6 +232,12 @@ func TestEncryptionProviderConfigCorrect(t *testing.T) { t.Fatalf("should result in error while parsing configuration file: %s.\nThe file was:\n%s", err, invalidConfigWithAesGcm) } + invalidConfigWithTypo := "testdata/invalid-configs/invalid-typo.yaml" + _, err = LoadEncryptionConfig(ctx, invalidConfigWithTypo, false, "") + if got, wantSubString := errString(err), `strict decoding error: unknown field "resources[0].providers[3].kms.pandas"`; !strings.Contains(got, wantSubString) { + t.Fatalf("should result in strict decode error while parsing configuration file %q:\ngot: %q\nwant substring: %q", invalidConfigWithTypo, got, wantSubString) + } + // Math for GracePeriod is explained at - https://github.com/kubernetes/kubernetes/blob/c9ed04762f94a319d7b1fb718dc345491a32bea6/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go#L159-L163 expectedKMSCloseGracePeriod = 26 * time.Second correctConfigWithAesCbcFirst := "testdata/valid-configs/aes-cbc-first.yaml" diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/testdata/invalid-configs/invalid-typo.yaml b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/testdata/invalid-configs/invalid-typo.yaml new file mode 100644 index 00000000000..ebb1274da86 --- /dev/null +++ b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/testdata/invalid-configs/invalid-typo.yaml @@ -0,0 +1,33 @@ +kind: EncryptionConfiguration +apiVersion: apiserver.config.k8s.io/v1 +resources: + - resources: + - secrets + providers: + - aesgcm: + keys: + - name: key1 + secret: c2VjcmV0IGlzIHNlY3VyZQ== + - name: key2 + secret: dGhpcyBpcyBwYXNzd29yZA== + - secretbox: + keys: + - name: key1 + secret: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY= + - kms: + name: testprovider + endpoint: unix:///tmp/testprovider.sock + cachesize: 10 + - kms: + apiVersion: v2 + name: testproviderv2 + endpoint: unix:///tmp/testprovider.sock + timeout: 10s + pandas: are the best # true, but still a typo + - aescbc: + keys: + - name: key1 + secret: c2VjcmV0IGlzIHNlY3VyZQ== + - name: key2 + secret: dGhpcyBpcyBwYXNzd29yZA== + - identity: {}