github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
b0f8a541fa391310d6649327759310561ef31bc2
kubernetes/staging
History
Kubernetes Submit Queue 4257f7595a Merge pull request #58375 from liggitt/decrypt 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Recheck if transformed data is stale when doing live lookup during update

Fixes #49565

Caching storage can pass in a cached object to `GuaranteedUpdate` as a hint for the current object.

If the hint is identical to the data we want to persist, before short-circuiting as a no-op update, we force a live lookup.

We should check two things on the result of that live lookup before short-circuiting as a no-op update:
1. the bytes we want to persist still match the transformed bytes read from etcd
2. the state read from etcd didn't report itself as stale. this would mean the transformer used to read the data would not be the transformer used to write it, and "no-op" writes should still be performed, since transformation will make the underlying content actually different.

After a live lookup, we checked byte equality, but not the stale indicator. This meant that key rotation or encrypted->decrypted, and decrypted->encrypted updates are broken.

Introduced in #54780 and picked back to 1.8 in #55294

```release-note
Fixed encryption key and encryption provider rotation
```
2018-01-17 12:46:41 -08:00
..
src/k8s.io
Merge pull request #58375 from liggitt/decrypt
2018-01-17 12:46:41 -08:00
BUILD
create auto-gen files
2018-01-17 16:23:03 +08:00
OWNERS
README.md
Add link to k8s.io/sample-controller
2017-10-19 15:46:36 +01:00

README.md

External Repository Staging Area

This directory is the staging area for packages that have been split to their own repository. The content here will be periodically published to respective top-level k8s.io repositories.

Repositories currently staged here:

The code in the staging/ directory is authoritative, i.e. the only copy of the code. You can directly modify such code.

Using staged repositories from Kubernetes code

Kubernetes code uses the repositories in this directory via symlinks in the vendor/k8s.io directory into this staging area. For example, when Kubernetes code imports a package from the k8s.io/client-go repository, that import is resolved to staging/src/k8s.io/client-go relative to the project root:

// pkg/example/some_code.go
package example

import (
  "k8s.io/client-go/dynamic" // resolves to staging/src/k8s.io/client-go/dynamic
)

Once the change-over to external repositories is complete, these repositories will actually be vendored from k8s.io/<package-name>.

Reference in New Issue View Git Blame Copy Permalink