kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,924 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

15 Commits

Author SHA1 Message Date
immutablet 209aff3d4b Hide methods in the encryption config that are not used outside the package. 
Kubernetes-commit: 922e0bfaec0a8b25fdb04e559ac454c416f8c2e8
 2020-03-05 16:54:27 -08:00
Shihang Zhang 6207833539 ping kmsplugin gentely when in good state 
Change-Id: I50ce249d7996e5c51dcbb00e53d67300aa72a87f

Kubernetes-commit: c084d57b18a7c90c14bc13dc2daa256e84037a74
 2019-12-02 16:38:03 -08:00
immutablet 5cec6b4746 Add defaulting logic for EncryptionConfiguration. 
Kubernetes-commit: a151aa35dc21881d178e498141e5f58df13fb400
 2019-11-14 22:53:18 -08:00
immutablet 6e01b8c8f3 Move test inputs for EncryptionConfiguration tests into testdata. 
Kubernetes-commit: 883e9a0b502b787a9454e10c26e324ffaa30eb29
 2019-11-13 16:38:20 -08:00
chenyaqi01 4f9778fb9d replace bytes.Compare() with bytes.Equal() 
Kubernetes-commit: 66be69bb0e7fd147be650385d272ae14ee2857c8
 2019-09-27 10:06:50 +08:00
Monis Khan 298cf1beec Encryption config: correctly handle overlapping providers 
This change updates NewPrefixTransformers to not short-circuit on
the first transformer that has a matching prefix.  If the same type
of encryption ProviderConfiguration is used more than once, they
will share the same prefix.  A failure in the first one should not
prevent a later match from being attempted.

Added TestCBCKeyRotationWithOverlappingProviders unit test to
prevent regressions.  Note that this test explicitly exercises this
flow using an EncryptionConfiguration object as the structure of the
resulting transformer is an important part of the check.

Signed-off-by: Monis Khan <mkhan@redhat.com>

Kubernetes-commit: 4dc16f29a7285a4bcaff1915728953d8a55e1b6e
 2019-09-06 12:09:43 -04:00
immutablet 5faffb9123 Allow kube-apiserver to test the status of kms-plugin. 
Kubernetes-commit: 05fdbb201ffbaff4e92f0899f9e2ca038febb88d
 2019-05-30 11:15:35 -07:00
immutableT 9c474d9c53 require timeout to be greater than zero. 
add unit test to cover timeout behaviour.

Kubernetes-commit: 39aca564749cd92ed1cfec7129eb3f6593549137
 2019-01-04 17:06:07 -08:00
immutableT d9414ee2ab Expose kms timeout value via encryption config. 
Kubernetes-commit: a4dc53cfeb91ee07cedcc6959e88e30cb0c3cca8
 2019-01-03 14:26:57 -08:00
Slava Semushin e2bc8e4617 Introduce kubeapiserver.config.k8s.io/v1 with EncryptionConfiguration and use a standard method for parsing config file. 
Co-authored-by: Stanislav Laznicka <slaznick@redhat.com>

Kubernetes-commit: c21cb548e6c7d4ab019fce8a35c9b99c035c2071
 2018-05-02 18:21:38 +02:00
immutablet e9bce895cf Lazily dial kms-plugin. 
Kubernetes-commit: 07cbf2545f705d0448631f479a18d0b86b7055dc
 2018-09-12 14:56:44 -07:00
Wu Qiang 43cefec1d0 Update endpoint value in test code 
Kubernetes-commit: 31f74303fc48df5d88105c9742a103eae742f478
 2018-02-09 01:23:25 +00:00
Wu Qiang be4ee1ba37 Remove configfile for kms in encryption config 
Kubernetes-commit: 5ae61ed386e3fbc3b7e91d343afadadd52ac027d
 2018-01-26 11:53:24 +00:00
Saksham Sharma 0d11a9c252 Use []byte in place of string in envelope.Service. 
Kubernetes-commit: 5005a541d6b5b7d950ed621d9c9fd247abb9b4af
 2017-11-07 04:24:53 +05:30
hzxuzhonghu 670d5651ed rename test file name 
Kubernetes-commit: 81d87466c89772c11b460cdb02df488ffb58d770
 2017-09-29 14:51:55 +08:00