From 421b42a82c7834cf7c1e4ea37ae101967f1ccd23 Mon Sep 17 00:00:00 2001 From: Dan Ramich Date: Mon, 3 May 2021 11:12:22 -0600 Subject: [PATCH 1/2] Generated changes --- types/zz_generated_deepcopy.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/types/zz_generated_deepcopy.go b/types/zz_generated_deepcopy.go index d80a79bd..7f6e18ce 100644 --- a/types/zz_generated_deepcopy.go +++ b/types/zz_generated_deepcopy.go @@ -26,7 +26,7 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" v1alpha1 "k8s.io/apiserver/pkg/apis/apiserver/v1alpha1" v1 "k8s.io/apiserver/pkg/apis/audit/v1" - config "k8s.io/apiserver/pkg/apis/config" + configv1 "k8s.io/apiserver/pkg/apis/config/v1" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. @@ -1745,7 +1745,7 @@ func (in *SecretsEncryptionConfig) DeepCopyInto(out *SecretsEncryptionConfig) { *out = *in if in.CustomConfig != nil { in, out := &in.CustomConfig, &out.CustomConfig - *out = new(config.EncryptionConfiguration) + *out = new(configv1.EncryptionConfiguration) (*in).DeepCopyInto(*out) } return From d07658cf9b5a4b9a1891a5477b9919ecc121e1e6 Mon Sep 17 00:00:00 2001 From: Dan Ramich Date: Mon, 3 May 2021 11:12:32 -0600 Subject: [PATCH 2/2] Encryption update --- cluster/encryption.go | 17 ++++------------- types/rke_types.go | 4 ++-- 2 files changed, 6 insertions(+), 15 deletions(-) diff --git a/cluster/encryption.go b/cluster/encryption.go index 0bf355d2..fd36960f 100644 --- a/cluster/encryption.go +++ b/cluster/encryption.go @@ -507,16 +507,7 @@ func disabledProviderFileFromKey(keyList interface{}) (string, error) { } func (c *Cluster) readEncryptionCustomConfig() (string, error) { - // directly marshalling apiserverconfig.EncryptionConfiguration to yaml breaks things because TypeMeta - // is nested and all fields don't have tags. apiserverconfigv1 has json tags only. So we do this as a work around. - - out := apiserverconfigv1.EncryptionConfiguration{} - err := apiserverconfigv1.Convert_config_EncryptionConfiguration_To_v1_EncryptionConfiguration( - c.RancherKubernetesEngineConfig.Services.KubeAPI.SecretsEncryptionConfig.CustomConfig, &out, nil) - if err != nil { - return "", err - } - jsonConfig, err := json.Marshal(out) + jsonConfig, err := json.Marshal(c.RancherKubernetesEngineConfig.Services.KubeAPI.SecretsEncryptionConfig.CustomConfig) if err != nil { return "", err } @@ -529,7 +520,7 @@ func (c *Cluster) readEncryptionCustomConfig() (string, error) { struct{ CustomConfig string }{CustomConfig: string(yamlConfig)}) } -func resolveCustomEncryptionConfig(clusterFile string) (string, *apiserverconfig.EncryptionConfiguration, error) { +func resolveCustomEncryptionConfig(clusterFile string) (string, *apiserverconfigv1.EncryptionConfiguration, error) { var err error var r map[string]interface{} err = ghodssyaml.Unmarshal([]byte(clusterFile), &r) @@ -559,7 +550,7 @@ func resolveCustomEncryptionConfig(clusterFile string) (string, *apiserverconfig return clusterFile, nil, nil } -func parseCustomConfig(customConfig map[string]interface{}) (*apiserverconfig.EncryptionConfiguration, error) { +func parseCustomConfig(customConfig map[string]interface{}) (*apiserverconfigv1.EncryptionConfiguration, error) { var err error data, err := json.Marshal(customConfig) @@ -583,7 +574,7 @@ func parseCustomConfig(customConfig map[string]interface{}) (*apiserverconfig.En return nil, fmt.Errorf("error decoding data: %v", err) } - decodedConfig, ok := decodedObj.(*apiserverconfig.EncryptionConfiguration) + decodedConfig, ok := decodedObj.(*apiserverconfigv1.EncryptionConfiguration) if !ok { return nil, fmt.Errorf("unexpected type: %T", objType) } diff --git a/types/rke_types.go b/types/rke_types.go index f30ecebd..b5dd7b13 100644 --- a/types/rke_types.go +++ b/types/rke_types.go @@ -5,7 +5,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" apiserverv1alpha1 "k8s.io/apiserver/pkg/apis/apiserver/v1alpha1" auditv1 "k8s.io/apiserver/pkg/apis/audit/v1" - apiserverconfig "k8s.io/apiserver/pkg/apis/config" + configv1 "k8s.io/apiserver/pkg/apis/config/v1" ) type RancherKubernetesEngineConfig struct { @@ -980,7 +980,7 @@ type SecretsEncryptionConfig struct { // Enable/disable secrets encryption provider config Enabled bool `yaml:"enabled" json:"enabled,omitempty"` // Custom Encryption Provider configuration object - CustomConfig *apiserverconfig.EncryptionConfiguration `yaml:"custom_config" json:"customConfig,omitempty" norman:"type=map[json]"` + CustomConfig *configv1.EncryptionConfiguration `yaml:"custom_config" json:"customConfig,omitempty"` } type File struct {