mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-03 01:06:27 +00:00
Merge pull request #124912 from enj/enj/i/enc_config_typos
encryptionconfig: detect typos
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
765e7ef0d2
@ -130,7 +130,7 @@ func init() {
|
|||||||
configScheme := runtime.NewScheme()
|
configScheme := runtime.NewScheme()
|
||||||
utilruntime.Must(apiserver.AddToScheme(configScheme))
|
utilruntime.Must(apiserver.AddToScheme(configScheme))
|
||||||
utilruntime.Must(apiserverv1.AddToScheme(configScheme))
|
utilruntime.Must(apiserverv1.AddToScheme(configScheme))
|
||||||
codecs = serializer.NewCodecFactory(configScheme)
|
codecs = serializer.NewCodecFactory(configScheme, serializer.EnableStrict)
|
||||||
envelopemetrics.RegisterMetrics()
|
envelopemetrics.RegisterMetrics()
|
||||||
storagevalue.RegisterMetrics()
|
storagevalue.RegisterMetrics()
|
||||||
metrics.RegisterMetrics()
|
metrics.RegisterMetrics()
|
||||||
|
|||||||
@ -232,6 +232,12 @@ func TestEncryptionProviderConfigCorrect(t *testing.T) {
|
|||||||
t.Fatalf("should result in error while parsing configuration file: %s.\nThe file was:\n%s", err, invalidConfigWithAesGcm)
|
t.Fatalf("should result in error while parsing configuration file: %s.\nThe file was:\n%s", err, invalidConfigWithAesGcm)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
invalidConfigWithTypo := "testdata/invalid-configs/invalid-typo.yaml"
|
||||||
|
_, err = LoadEncryptionConfig(ctx, invalidConfigWithTypo, false, "")
|
||||||
|
if got, wantSubString := errString(err), `strict decoding error: unknown field "resources[0].providers[3].kms.pandas"`; !strings.Contains(got, wantSubString) {
|
||||||
|
t.Fatalf("should result in strict decode error while parsing configuration file %q:\ngot: %q\nwant substring: %q", invalidConfigWithTypo, got, wantSubString)
|
||||||
|
}
|
||||||
|
|
||||||
// Math for GracePeriod is explained at - https://github.com/kubernetes/kubernetes/blob/c9ed04762f94a319d7b1fb718dc345491a32bea6/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go#L159-L163
|
// Math for GracePeriod is explained at - https://github.com/kubernetes/kubernetes/blob/c9ed04762f94a319d7b1fb718dc345491a32bea6/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go#L159-L163
|
||||||
expectedKMSCloseGracePeriod = 26 * time.Second
|
expectedKMSCloseGracePeriod = 26 * time.Second
|
||||||
correctConfigWithAesCbcFirst := "testdata/valid-configs/aes-cbc-first.yaml"
|
correctConfigWithAesCbcFirst := "testdata/valid-configs/aes-cbc-first.yaml"
|
||||||
|
|||||||
@ -0,0 +1,33 @@
|
|||||||
|
kind: EncryptionConfiguration
|
||||||
|
apiVersion: apiserver.config.k8s.io/v1
|
||||||
|
resources:
|
||||||
|
- resources:
|
||||||
|
- secrets
|
||||||
|
providers:
|
||||||
|
- aesgcm:
|
||||||
|
keys:
|
||||||
|
- name: key1
|
||||||
|
secret: c2VjcmV0IGlzIHNlY3VyZQ==
|
||||||
|
- name: key2
|
||||||
|
secret: dGhpcyBpcyBwYXNzd29yZA==
|
||||||
|
- secretbox:
|
||||||
|
keys:
|
||||||
|
- name: key1
|
||||||
|
secret: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=
|
||||||
|
- kms:
|
||||||
|
name: testprovider
|
||||||
|
endpoint: unix:///tmp/testprovider.sock
|
||||||
|
cachesize: 10
|
||||||
|
- kms:
|
||||||
|
apiVersion: v2
|
||||||
|
name: testproviderv2
|
||||||
|
endpoint: unix:///tmp/testprovider.sock
|
||||||
|
timeout: 10s
|
||||||
|
pandas: are the best # true, but still a typo
|
||||||
|
- aescbc:
|
||||||
|
keys:
|
||||||
|
- name: key1
|
||||||
|
secret: c2VjcmV0IGlzIHNlY3VyZQ==
|
||||||
|
- name: key2
|
||||||
|
secret: dGhpcyBpcyBwYXNzd29yZA==
|
||||||
|
- identity: {}
|
||||||
Loading…
Reference in New Issue
Block a user