Implement KMS v2alpha1

- add feature gate - add encrypted object and run generated_files - generate protobuf for encrypted object and add unit tests - move parse endpoint to util and refactor - refactor interface and remove unused interceptor - add protobuf generate to update-generated-kms.sh - add integration tests - add defaulting for apiVersion in kmsConfiguration - handle v1/v2 and default in encryption config parsing - move metrics to own pkg and reuse for v2 - use Marshal and Unmarshal instead of serializer - add context for all service methods - check version and keyid for healthz Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2022-06-29 20:51:35 +00:00
parent 448e48b8a6
commit f19f3f4099
40 changed files with 2446 additions and 103 deletions
--- a/hack/update-generated-kms-dockerized.sh
+++ b/hack/update-generated-kms-dockerized.sh
@@ -21,7 +21,9 @@ set -o pipefail
 KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
 KUBE_KMS_V1BETA1="${KUBE_ROOT}/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1/"
 KUBE_KMS_V2ALPHA1="${KUBE_ROOT}/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v2alpha1/"
+KUBE_KMS_V2="${KUBE_ROOT}/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1/"

 source "${KUBE_ROOT}/hack/lib/protoc.sh"
 kube::protoc::generate_proto "${KUBE_KMS_V1BETA1}"
 kube::protoc::generate_proto "${KUBE_KMS_V2ALPHA1}"
+kube::protoc::generate_proto "${KUBE_KMS_V2}"
--- a/hack/verify-generated-kms.sh
+++ b/hack/verify-generated-kms.sh
@@ -26,6 +26,7 @@ KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
 ERROR="KMS gRPC is out of date. Please run hack/update-generated-kms.sh"
 KUBE_KMS_V1BETA1="${KUBE_ROOT}/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1/"
 KUBE_KMS_V2ALPHA1="${KUBE_ROOT}/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v2alpha1/"
+KUBE_KMS_V2="${KUBE_ROOT}/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1/"

 source "${KUBE_ROOT}/hack/lib/protoc.sh"
 kube::golang::setup_env
@@ -33,6 +34,7 @@ kube::golang::setup_env
 function cleanup {
 	rm -rf "${KUBE_KMS_V1BETA1}/_tmp/"
 	rm -rf "${KUBE_KMS_V2ALPHA1}/_tmp/"
+	rm -rf "${KUBE_KMS_V2}/_tmp/"
 }

 trap cleanup EXIT
@@ -41,9 +43,13 @@ mkdir -p "${KUBE_KMS_V1BETA1}/_tmp"
 cp "${KUBE_KMS_V1BETA1}/api.pb.go" "${KUBE_KMS_V1BETA1}/_tmp/"
 mkdir -p "${KUBE_KMS_V2ALPHA1}/_tmp"
 cp "${KUBE_KMS_V2ALPHA1}/api.pb.go" "${KUBE_KMS_V2ALPHA1}/_tmp/"
+mkdir -p "${KUBE_KMS_V2}/_tmp"
+cp "${KUBE_KMS_V2}/api.pb.go" "${KUBE_KMS_V2}/_tmp/"

 KUBE_VERBOSE=3 "${KUBE_ROOT}/hack/update-generated-kms.sh"
 kube::protoc::diff "${KUBE_KMS_V1BETA1}/api.pb.go" "${KUBE_KMS_V1BETA1}/_tmp/api.pb.go" "${ERROR}"
 echo "Generated kms v1beta1 api is up to date."
 kube::protoc::diff "${KUBE_KMS_V2ALPHA1}/api.pb.go" "${KUBE_KMS_V2ALPHA1}/_tmp/api.pb.go" "${ERROR}"
 echo "Generated kms v2alpha1 api is up to date."
+kube::protoc::diff "${KUBE_KMS_V2}/api.pb.go" "${KUBE_KMS_V2}/_tmp/api.pb.go" "${ERROR}"
+echo "Generated kms v2 api is up to date."