github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-04 09:49:50 +00:00
Code Issues Projects Releases Wiki Activity

kmsv2: enable logging for kmsv2 enc/dec operations

Browse Source
This commit is contained in:
Harsha Narayana 2022-08-31 22:08:55 +05:30
parent cb057985ce
commit 79d741f1f8
No known key found for this signature in database
GPG Key ID: F8A9CDA91E84B86A
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go
View File

@ -31,6 +31,7 @@ import (
"k8s.io/apiserver/pkg/storage/value" "k8s.io/apiserver/pkg/storage/value"
kmstypes "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1" kmstypes "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1"
"k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics" "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics"
"k8s.io/klog/v2"
"k8s.io/utils/lru" "k8s.io/utils/lru"
) )
@ -122,6 +123,7 @@ func (t *envelopeTransformer) TransformFromStorage(ctx context.Context, data []b
value.RecordCacheMiss() value.RecordCacheMiss()
} }
uid := string(uuid.NewUUID()) uid := string(uuid.NewUUID())
klog.V(6).InfoS("Decrypting content using envelope service", "uid", uid, "key", string(dataCtx.AuthenticatedData()))
key, err := t.envelopeService.Decrypt(ctx, uid, &DecryptRequest{ key, err := t.envelopeService.Decrypt(ctx, uid, &DecryptRequest{
Ciphertext: encryptedObject.EncryptedDEK, Ciphertext: encryptedObject.EncryptedDEK,
KeyID: encryptedObject.KeyID, KeyID: encryptedObject.KeyID,
@ -149,6 +151,7 @@ func (t *envelopeTransformer) TransformToStorage(ctx context.Context, data []byt
} }
uid := string(uuid.NewUUID()) uid := string(uuid.NewUUID())
klog.V(6).InfoS("Encrypting content using envelope service", "uid", uid, "key", string(dataCtx.AuthenticatedData()))
resp, err := t.envelopeService.Encrypt(ctx, uid, newKey) resp, err := t.envelopeService.Encrypt(ctx, uid, newKey)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to encrypt DEK, error: %w", err) return nil, fmt.Errorf("failed to encrypt DEK, error: %w", err)