kmsv2: validate encrypt response at DEK generation time

Browse Source

Prior to this change, we wait until the DEK is used to perform an
encryption before validating the response.  This means that the
plugin could report healthy but all TransformToStorage calls would
fail.  Now we correctly cause the plugin to become unhealthy and do
not attempt to use the newly generated DEK.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 479fcf0b13f551517801b8677272c73f3f845565

...

This commit is contained in:

Monis Khan 2023-03-22 21:27:47 -04:00 committed by Kubernetes Publisher

parent 90c5f14b70

commit 021e1f7afd

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Show Stats Download Patch File Download Diff File Expand all files Collapse all files

Diff Content Not Available