github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

encryptionconfig: detect typos

Browse Source 
Signed-off-by: Monis Khan <mok@microsoft.com>
This commit is contained in:
Monis Khan
2024-05-16 12:38:42 -04:00
parent 22f3ce5e5e
commit 2503fa55ff
3 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go
View File

@@ -130,7 +130,7 @@ func init() {
configScheme := runtime.NewScheme() configScheme := runtime.NewScheme()
utilruntime.Must(apiserver.AddToScheme(configScheme)) utilruntime.Must(apiserver.AddToScheme(configScheme))
utilruntime.Must(apiserverv1.AddToScheme(configScheme)) utilruntime.Must(apiserverv1.AddToScheme(configScheme))
codecs = serializer.NewCodecFactory(configScheme) codecs = serializer.NewCodecFactory(configScheme, serializer.EnableStrict)
envelopemetrics.RegisterMetrics() envelopemetrics.RegisterMetrics()
storagevalue.RegisterMetrics() storagevalue.RegisterMetrics()
metrics.RegisterMetrics() metrics.RegisterMetrics()

6
staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config_test.go
View File

@@ -232,6 +232,12 @@ func TestEncryptionProviderConfigCorrect(t *testing.T) {
t.Fatalf("should result in error while parsing configuration file: %s.\nThe file was:\n%s", err, invalidConfigWithAesGcm) t.Fatalf("should result in error while parsing configuration file: %s.\nThe file was:\n%s", err, invalidConfigWithAesGcm)
} }
invalidConfigWithTypo := "testdata/invalid-configs/invalid-typo.yaml"
_, err = LoadEncryptionConfig(ctx, invalidConfigWithTypo, false, "")
if got, wantSubString := errString(err), `strict decoding error: unknown field "resources[0].providers[3].kms.pandas"`; !strings.Contains(got, wantSubString) {
t.Fatalf("should result in strict decode error while parsing configuration file %q:\ngot: %q\nwant substring: %q", invalidConfigWithTypo, got, wantSubString)
}
// Math for GracePeriod is explained at - https://github.com/kubernetes/kubernetes/blob/c9ed04762f94a319d7b1fb718dc345491a32bea6/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go#L159-L163 // Math for GracePeriod is explained at - https://github.com/kubernetes/kubernetes/blob/c9ed04762f94a319d7b1fb718dc345491a32bea6/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go#L159-L163
expectedKMSCloseGracePeriod = 26 * time.Second expectedKMSCloseGracePeriod = 26 * time.Second
correctConfigWithAesCbcFirst := "testdata/valid-configs/aes-cbc-first.yaml" correctConfigWithAesCbcFirst := "testdata/valid-configs/aes-cbc-first.yaml"

33
staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/testdata/invalid-configs/invalid-typo.yaml vendored Normal file
View File

@@ -0,0 +1,33 @@
kind: EncryptionConfiguration
apiVersion: apiserver.config.k8s.io/v1
resources:
- resources:
- secrets
providers:
- aesgcm:
keys:
- name: key1
secret: c2VjcmV0IGlzIHNlY3VyZQ==
- name: key2
secret: dGhpcyBpcyBwYXNzd29yZA==
- secretbox:
keys:
- name: key1
secret: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=
- kms:
name: testprovider
endpoint: unix:///tmp/testprovider.sock
cachesize: 10
- kms:
apiVersion: v2
name: testproviderv2
endpoint: unix:///tmp/testprovider.sock
timeout: 10s
pandas: are the best # true, but still a typo
- aescbc:
keys:
- name: key1
secret: c2VjcmV0IGlzIHNlY3VyZQ==
- name: key2
secret: dGhpcyBpcyBwYXNzd29yZA==
- identity: {}