Merge pull request #2409 from dramich/encrypt

Update encryption to use JSON tagged structs

cluster/encryption.go

@@ -507,16 +507,7 @@ func disabledProviderFileFromKey(keyList interface{}) (string, error) {
 }
 
 func (c *Cluster) readEncryptionCustomConfig() (string, error) {
-	// directly marshalling apiserverconfig.EncryptionConfiguration to yaml breaks things because TypeMeta
+	jsonConfig, err := json.Marshal(c.RancherKubernetesEngineConfig.Services.KubeAPI.SecretsEncryptionConfig.CustomConfig)
-	// is nested and all fields don't have tags. apiserverconfigv1 has json tags only. So we do this as a work around.
-
-	out := apiserverconfigv1.EncryptionConfiguration{}
-	err := apiserverconfigv1.Convert_config_EncryptionConfiguration_To_v1_EncryptionConfiguration(
-		c.RancherKubernetesEngineConfig.Services.KubeAPI.SecretsEncryptionConfig.CustomConfig, &out, nil)
-	if err != nil {
-		return "", err
-	}
-	jsonConfig, err := json.Marshal(out)
 	if err != nil {
 		return "", err
 	}
@@ -529,7 +520,7 @@ func (c *Cluster) readEncryptionCustomConfig() (string, error) {
 		struct{ CustomConfig string }{CustomConfig: string(yamlConfig)})
 }
 
-func resolveCustomEncryptionConfig(clusterFile string) (string, *apiserverconfig.EncryptionConfiguration, error) {
+func resolveCustomEncryptionConfig(clusterFile string) (string, *apiserverconfigv1.EncryptionConfiguration, error) {
 	var err error
 	var r map[string]interface{}
 	err = ghodssyaml.Unmarshal([]byte(clusterFile), &r)
@@ -559,7 +550,7 @@ func resolveCustomEncryptionConfig(clusterFile string) (string, *apiserverconfig
 	return clusterFile, nil, nil
 }
 
-func parseCustomConfig(customConfig map[string]interface{}) (*apiserverconfig.EncryptionConfiguration, error) {
+func parseCustomConfig(customConfig map[string]interface{}) (*apiserverconfigv1.EncryptionConfiguration, error) {
 	var err error
 
 	data, err := json.Marshal(customConfig)
@@ -583,7 +574,7 @@ func parseCustomConfig(customConfig map[string]interface{}) (*apiserverconfig.En
 		return nil, fmt.Errorf("error decoding data: %v", err)
 	}
 
-	decodedConfig, ok := decodedObj.(*apiserverconfig.EncryptionConfiguration)
+	decodedConfig, ok := decodedObj.(*apiserverconfigv1.EncryptionConfiguration)
 	if !ok {
 		return nil, fmt.Errorf("unexpected type: %T", objType)
 	}

types/rke_types.go

@@ -5,7 +5,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	apiserverv1alpha1 "k8s.io/apiserver/pkg/apis/apiserver/v1alpha1"
 	auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
-	apiserverconfig "k8s.io/apiserver/pkg/apis/config"
+	configv1 "k8s.io/apiserver/pkg/apis/config/v1"
 )
 
 type RancherKubernetesEngineConfig struct {
@@ -980,7 +980,7 @@ type SecretsEncryptionConfig struct {
 	// Enable/disable secrets encryption provider config
 	Enabled bool `yaml:"enabled" json:"enabled,omitempty"`
 	// Custom Encryption Provider configuration object
-	CustomConfig *apiserverconfig.EncryptionConfiguration `yaml:"custom_config" json:"customConfig,omitempty" norman:"type=map[json]"`
+	CustomConfig *configv1.EncryptionConfiguration `yaml:"custom_config" json:"customConfig,omitempty"`
 }
 
 type File struct {

types/zz_generated_deepcopy.go

@@ -26,7 +26,7 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	v1alpha1 "k8s.io/apiserver/pkg/apis/apiserver/v1alpha1"
 	v1 "k8s.io/apiserver/pkg/apis/audit/v1"
-	config "k8s.io/apiserver/pkg/apis/config"
+	configv1 "k8s.io/apiserver/pkg/apis/config/v1"
 )
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@@ -1745,7 +1745,7 @@ func (in *SecretsEncryptionConfig) DeepCopyInto(out *SecretsEncryptionConfig) {
 	*out = *in
 	if in.CustomConfig != nil {
 		in, out := &in.CustomConfig, &out.CustomConfig
-		*out = new(config.EncryptionConfiguration)
+		*out = new(configv1.EncryptionConfiguration)
 		(*in).DeepCopyInto(*out)
 	}
 	return