5c1ed41d69
Update etcd client to 3.3.9
...
Kubernetes-commit: 4263c752115c3796ee5715c7de4cbc2e237809d3
2018-10-01 16:53:57 -07:00
d0ea04d52d
Increase time-out of kms-service concurrency tests.
...
Kubernetes-commit: fd64c3bac6f2a611a154c86c93fd77404404aba5
2018-10-05 16:22:00 +00:00
93a015d36a
refactor envelope to use cryptobytes
...
Kubernetes-commit: 36ab52b428f6b87df5bdd85f253758967bf0a240
2018-09-28 23:02:42 -07:00
e9bce895cf
Lazily dial kms-plugin.
...
Kubernetes-commit: 07cbf2545f705d0448631f479a18d0b86b7055dc
2018-09-12 14:56:44 -07:00
164f30a663
use dailcontext
...
Kubernetes-commit: 89f3fa3d62791e756dcbd645818ea03d7c1a86b8
2018-08-24 10:18:21 +08:00
842873f83e
Add support for linux abstract socket namespace.
...
Kubernetes-commit: 01008911687c27b15aee4766a70786684bdb3f01
2018-05-31 14:00:42 -07:00
5ae492efc5
Add metrics for envelop transformer:
...
transformation_operation_count
transformation_failures_count
envelope_transformation_cache_misses_count
data_key_generation_latencies_microseconds
data_key_generation_failures_count
Kubernetes-commit: 695c3e32ad0ff144b36e4deed13a678120f5b6fb
2018-05-29 14:40:39 -07:00
a362c0e81d
apiserver: update tests to use sub-benchmarks (aes_test.go)
...
Kubernetes-commit: 19026bf9620a65ed2edb10cdfe096cd3afb6f87e
2018-05-27 15:52:05 +08:00
7acf498bec
apiserver: update tests to use sub-benchmarks (secretbox_test.go)
...
Kubernetes-commit: 6647b92c86b2dd5dc5c6af457c400b3ee55c7c39
2018-05-27 16:19:11 +08:00
f9ec73e95b
Fix typo in envelope transform error message
...
Kubernetes-commit: 8f87e5c7dab27671e1f68356e825deab879630bf
2018-05-09 09:36:29 -04:00
dfdceff3c6
Instrument transformer.go with latency metrics.
...
Kubernetes-commit: bfcb3cd91f93669b94ea80eadebdff769c88952e
2018-03-16 14:25:26 -07:00
f44ea185da
Instrument transformer.go with latency metrics.
...
Kubernetes-commit: 04a6613fb565a54b6a74e5bfad8844928e98a59b
2018-03-15 14:13:24 -07:00
959ee35394
Instrument transformer.go with latency metrics.
...
Kubernetes-commit: e54864f53de75cd56c0fe94777e1d3de0c559c7f
2018-02-27 17:24:27 -08:00
6ab99203b7
Replace "golang.org/x/net/context" with "context"
...
Kubernetes-commit: 70e45eccf27726f0e63dd1024924ccc7e2cd35a0
2018-02-28 12:20:22 +08:00
716af975eb
regenerated all files and remove all YEAR fields
...
Kubernetes-commit: b49ef6531c11f1c834e0d7591f5c965f6193c711
2018-01-22 20:37:53 +08:00
627fa76a8b
sync: initially remove files BUILD */BUILD BUILD.bazel */BUILD.bazel
2018-03-15 09:38:17 +00:00
43796a9895
Fix build tag for grpc_service_unix_test.go.
...
Kubernetes-commit: 4d2e43f53f3c057e7bddd6f09e5a82b0b97d276f
2018-02-09 12:10:25 -08:00
32fe314a1e
fix some syntax related errors
...
Kubernetes-commit: d065157dd74fa02eec87f5849528b079a3736c3d
2018-02-11 19:50:49 +08:00
3ec7dfbb59
kms: rename KMSService to KeyManagmentService
...
KMSService is redundent.
Kubernetes-commit: fc8ff61eb9e153d9e3f67549b8454cdea89bab30
2018-02-22 19:36:03 -08:00
1ab12b2dc8
Autogenerated: hack/update-bazel.sh
...
Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e
2018-02-16 13:43:01 -08:00
9beeb59216
fix all the typos across the project
...
Kubernetes-commit: 48388fec7eaad4ac8d84fbe20673ffacf41964a1
2018-02-09 14:53:53 +08:00
bed3e4f9ab
Add generated script for kms api pb file
...
Kubernetes-commit: 9825018e4a004523492893433604439b1f2acd22
2018-01-29 06:00:57 +00:00
be4ee1ba37
Remove configfile for kms in encryption config
...
Kubernetes-commit: 5ae61ed386e3fbc3b7e91d343afadadd52ac027d
2018-01-26 11:53:24 +00:00
a32d2bb427
Update for review comments
...
Kubernetes-commit: 2e7af38d6b4c8ed9e1fb23930b98ed8d2ad68aa0
2018-01-25 05:39:48 +00:00
580a800cad
Only support unix socket for kms gRPC, also add Version method
...
Kubernetes-commit: a6368bb04c1100d1dce1c6bf680056882835b395
2017-12-18 09:29:56 +00:00
e4061faec3
Fix verify error and address review comments
...
Signed-off-by: Wu Qiang <qiang.q.wu@oracle.com>
Kubernetes-commit: 16b04d68b1ae180d61ea4ca06d1c8139c25a652f
2017-11-15 11:20:12 +08:00
25a4716f27
Add gRPC client service for envelope transformer
...
Kubernetes-commit: 772fa0f62fe232f24170e2c43afbd7031bfc160f
2017-11-14 09:05:01 +00:00
c8a97ee31a
Autogenerate BUILD files
...
Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c
2017-12-23 13:06:26 -08:00
0d11a9c252
Use []byte in place of string in envelope.Service.
...
Kubernetes-commit: 5005a541d6b5b7d950ed621d9c9fd247abb9b4af
2017-11-07 04:24:53 +05:30
063df5c7b3
fix typos: remove duplicated word in comments
...
Kubernetes-commit: 87c29a08e1f51b2989ff15fc3e5857bc287e401f
2017-06-17 17:17:22 +08:00
f4dbe23125
update BUILD files
...
Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116
2017-10-12 13:52:10 -07:00
c00f087950
remove unused filed
...
Kubernetes-commit: b8100ceec3866119ae7efad602a2ae4aca7e13c6
2017-09-29 14:44:13 +08:00
b274c2ad9a
Fix benchmarks to really test reverse order of the keys.
...
Kubernetes-commit: 734be0c49f3d283ec086c9aef2dc63142b481c19
2017-08-29 13:18:49 +00:00
6c539a43c6
Use buildozer to delete licenses() rules except under third_party/
...
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
2017-08-29 13:15:24 +00:00
6caa2933ae
Use buildozer to remove deprecated automanaged tags
...
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
2017-08-29 13:15:24 +00:00
44942b068a
Run hack/update-bazel.sh to generate BUILD files
...
Kubernetes-commit: 3579017b865ddbc5449d6bba87346f086e4b93ff
2017-08-29 13:13:51 +00:00
c51b2a76ca
Add benchmarks for envelope transformer
...
Kubernetes-commit: 449e811ebe3135a35d04afc84c2e9c9481d637fe
2017-07-28 13:56:11 +00:00
8ca16e584a
Add unit tests for envelope transformer
...
Kubernetes-commit: d23a1f135d694ef315f23299f095fd4b85421670
2017-07-28 13:56:11 +00:00
03bcff8111
Implement Envelope encryption Transformer
...
Kubernetes-commit: 1a92a8aeb3da1df618396f633ec66678ca1ac3a9
2017-07-28 13:56:11 +00:00
a2a05bd86f
ParseEncryptionConfiguration: simplify code.
...
Also improves function name in godoc and many error messages.
Kubernetes-commit: bf51722ffbfa5521b8c516b8751435f004aacacf
2017-07-28 13:56:11 +00:00
5556dcce58
Add an AES-CBC mode for encrypt at rest
...
Kubernetes-commit: 395399ab3d93e004e5f59cea5ded675b15a5f250
2017-06-13 20:47:32 +00:00
8076c4cbf2
Add a secretbox implementation for encryption
...
Uses nacl/secretbox
Kubernetes-commit: 23cd6c52ba4b62e9c333b1fa9e550537f9fd66c2
2017-06-13 20:47:32 +00:00
d7dab9510e
bump(golang.org/x/crypto/nacl):d172538b2cfce0c13cee31e647d0367aa8cd2486
...
Kubernetes-commit: 868cdeca8aee343d3b58107cfb12da5b99b86394
2017-06-13 20:47:32 +00:00
0b1c13686c
Add configuration options for encryption providers
...
Add location transformer, config for transformers
Location transformer helps choose the most specific transformer for
read/write operations depending on the path of resource being accessed.
Configuration allows use of --experimental-encryption-provider-config
to set up encryption providers. Only AEAD is supported at the moment.
Add new files to BUILD, AEAD => k8s-aes-gcm
Use group resources to select encryption provider
Update tests for configuration parsing
Remove location transformer
Allow specifying providers per resource group in configuration
Add IdentityTransformer configuration option
Fix minor issues with initial AEAD implementation
Unified parsing of all configurations
Parse configuration using a union struct
Run configuration parsing in APIserver, refactor parsing
More gdoc, fix minor bugs
Add test coverage for combined transformers
Use table driven tests for encryptionconfig
Kubernetes-commit: 9760d00d08ef0619e30a7b1b90fd290cab960069
2017-06-13 20:47:30 +00:00
0bd7c5925e
generated: bazel
...
Kubernetes-commit: 7827899b1dd22074eb230e241f63e69499046fb6
2017-05-17 17:27:53 +00:00
0fb460572a
Add an AEAD encrypting transformer for storing secrets encrypted at rest
...
Tweak the ValueTransformer interface slightly to support additional
context information (to allow authenticated data to be generated by the
store and passed to the transformer). Add a prefix transformer that
looks for known matching prefixes and uses them. Add an AES GCM
transformer that performs AEAD on the values coming in and out of the
store.
Kubernetes-commit: f418468c87d3071c5d9ed14ce850996c77251080
2017-05-17 17:27:53 +00:00
Joe Betz
immutableT
Mike Danese
fisherxu
Yang Li
Justin Santa Barbara
hzxuzhonghu
Kubernetes Publisher
Ryan Hitchman
Wang Guoliang
Jeff Grafton
Di Xu
Wu Qiang
Wu Qiang
Saksham Sharma
supereagle
Slava Semushin
Clayton Coleman
Saksham Sharma