rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-08-01 15:19:09 +00:00
Code Issues Releases Wiki Activity

Encryption update

Browse Source
This commit is contained in:
Dan Ramich 2021-05-03 11:12:32 -06:00
parent 421b42a82c
commit d07658cf9b
2 changed files with 6 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cluster/encryption.go
View File

@ -507,16 +507,7 @@ func disabledProviderFileFromKey(keyList interface{}) (string, error) {
}
func (c *Cluster) readEncryptionCustomConfig() (string, error) {
// directly marshalling apiserverconfig.EncryptionConfiguration to yaml breaks things because TypeMeta
// is nested and all fields don't have tags. apiserverconfigv1 has json tags only. So we do this as a work around.
out := apiserverconfigv1.EncryptionConfiguration{}
err := apiserverconfigv1.Convert_config_EncryptionConfiguration_To_v1_EncryptionConfiguration(
c.RancherKubernetesEngineConfig.Services.KubeAPI.SecretsEncryptionConfig.CustomConfig, &out, nil)
if err != nil {
return "", err
}
jsonConfig, err := json.Marshal(out)
jsonConfig, err := json.Marshal(c.RancherKubernetesEngineConfig.Services.KubeAPI.SecretsEncryptionConfig.CustomConfig)
if err != nil {
return "", err
}
@ -529,7 +520,7 @@ func (c *Cluster) readEncryptionCustomConfig() (string, error) {
struct{ CustomConfig string }{CustomConfig: string(yamlConfig)})
}
func resolveCustomEncryptionConfig(clusterFile string) (string, *apiserverconfig.EncryptionConfiguration, error) {
func resolveCustomEncryptionConfig(clusterFile string) (string, *apiserverconfigv1.EncryptionConfiguration, error) {
var err error
var r map[string]interface{}
err = ghodssyaml.Unmarshal([]byte(clusterFile), &r)
@ -559,7 +550,7 @@ func resolveCustomEncryptionConfig(clusterFile string) (string, *apiserverconfig
return clusterFile, nil, nil
}
func parseCustomConfig(customConfig map[string]interface{}) (*apiserverconfig.EncryptionConfiguration, error) {
func parseCustomConfig(customConfig map[string]interface{}) (*apiserverconfigv1.EncryptionConfiguration, error) {
var err error
data, err := json.Marshal(customConfig)
@ -583,7 +574,7 @@ func parseCustomConfig(customConfig map[string]interface{}) (*apiserverconfig.En
return nil, fmt.Errorf("error decoding data: %v", err)
}
decodedConfig, ok := decodedObj.(*apiserverconfig.EncryptionConfiguration)
decodedConfig, ok := decodedObj.(*apiserverconfigv1.EncryptionConfiguration)
if !ok {
return nil, fmt.Errorf("unexpected type: %T", objType)
}

4
types/rke_types.go
View File

@ -5,7 +5,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
apiserverv1alpha1 "k8s.io/apiserver/pkg/apis/apiserver/v1alpha1"
auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
apiserverconfig "k8s.io/apiserver/pkg/apis/config"
configv1 "k8s.io/apiserver/pkg/apis/config/v1"
)
type RancherKubernetesEngineConfig struct {
@ -980,7 +980,7 @@ type SecretsEncryptionConfig struct {
// Enable/disable secrets encryption provider config
Enabled bool `yaml:"enabled" json:"enabled,omitempty"`
// Custom Encryption Provider configuration object
CustomConfig *apiserverconfig.EncryptionConfiguration `yaml:"custom_config" json:"customConfig,omitempty" norman:"type=map[json]"`
CustomConfig *configv1.EncryptionConfiguration `yaml:"custom_config" json:"customConfig,omitempty"`
}
type File struct {