github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-20 10:20:51 +00:00
Code Issues Projects Releases Wiki Activity

Prime KMS v2 key ID inline with transformer construction

Browse Source 
Signed-off-by: Monis Khan <mok@microsoft.com>
This commit is contained in:
Monis Khan 2023-01-23 09:49:18 -05:00
parent a2785a4960
commit 345f41f8e5
No known key found for this signature in database
2 changed files with 10 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go
View File

@ -582,8 +582,11 @@ func kmsPrefixTransformer(ctx context.Context, config *apiserverconfig.KMSConfig
keyID := "" keyID := ""
probe.keyID.Store(&keyID) probe.keyID.Store(&keyID)
// prime keyID by running the check inline once (this prevents unit tests from flaking)
// ignore the error here since we want to support the plugin starting up async with the API server
_ = probe.check(ctx)
// make sure that the plugin's key ID is reasonably up-to-date // make sure that the plugin's key ID is reasonably up-to-date
go wait.PollImmediateUntilWithContext( go wait.PollUntilWithContext(
ctx, ctx,
kmsPluginHealthzInterval, kmsPluginHealthzInterval,
func(ctx context.Context) (bool, error) { func(ctx context.Context) (bool, error) {

22
staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config_test.go
View File

@ -26,9 +26,9 @@ import (
"time" "time"
"github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/wait"
apiserverconfig "k8s.io/apiserver/pkg/apis/config" apiserverconfig "k8s.io/apiserver/pkg/apis/config"
"k8s.io/apiserver/pkg/features" "k8s.io/apiserver/pkg/features"
"k8s.io/apiserver/pkg/storage/value" "k8s.io/apiserver/pkg/storage/value"
@ -461,7 +461,10 @@ func TestKMSMaxTimeout(t *testing.T) {
} }
} }
_, _, kmsUsed, _ := getTransformerOverridesAndKMSPluginHealthzCheckers(testContext(t), &testCase.config) ctx, cancel := context.WithCancel(context.Background())
cancel() // cancel this upfront so the kms v2 checks do not block
_, _, kmsUsed, _ := getTransformerOverridesAndKMSPluginHealthzCheckers(ctx, &testCase.config)
if kmsUsed == nil { if kmsUsed == nil {
t.Fatal("kmsUsed should not be nil") t.Fatal("kmsUsed should not be nil")
} }
@ -553,7 +556,7 @@ func TestKMSPluginHealthz(t *testing.T) {
} }
ctx, cancel := context.WithCancel(context.Background()) ctx, cancel := context.WithCancel(context.Background())
cancel() // cancel this upfront so the kms v2 healthz check poll only runs once cancel() // cancel this upfront so the kms v2 healthz check poll does not run
_, got, kmsUsed, err := getTransformerOverridesAndKMSPluginProbes(ctx, config) _, got, kmsUsed, err := getTransformerOverridesAndKMSPluginProbes(ctx, config)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
@ -568,7 +571,6 @@ func TestKMSPluginHealthz(t *testing.T) {
p.l = nil p.l = nil
p.lastResponse = nil p.lastResponse = nil
case *kmsv2PluginProbe: case *kmsv2PluginProbe:
waitForOneKMSv2Check(t, p) // make sure the kms v2 healthz check poll is done
p.service = nil p.service = nil
p.l = nil p.l = nil
p.lastResponse = nil p.lastResponse = nil
@ -599,18 +601,6 @@ func TestKMSPluginHealthz(t *testing.T) {
} }
} }
func waitForOneKMSv2Check(t *testing.T, p *kmsv2PluginProbe) {
t.Helper()
if err := wait.PollImmediate(100*time.Millisecond, wait.ForeverTestTimeout, func() (done bool, err error) {
p.l.Lock()
defer p.l.Unlock()
return !p.lastResponse.received.IsZero(), nil
}); err != nil {
t.Fatal(err)
}
}
func TestKMSPluginHealthzTTL(t *testing.T) { func TestKMSPluginHealthzTTL(t *testing.T) {
ctx := testContext(t) ctx := testContext(t)