encryption

package
v0.0.0-...-0597a29 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 12, 2019 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AssertEncryptionConfig 

func AssertEncryptionConfig(t testing.TB, clientSet ClientSet, encryptionConfigSecretName string, namespace string, targetGRs []schema.GroupResource)

AssertEncryptionConfig checks if the encryption config holds only targetGRs, this ensures that only those resources were encrypted, we don't check the keys because e2e tests are run randomly and we would have to consider all encryption secrets to get the right order of the keys. We test the content of the encryption config in more detail in unit and integration tests

func AssertLastMigratedKey 

func AssertLastMigratedKey(t testing.TB, kubeClient kubernetes.Interface, targetGRs []schema.GroupResource, namespace, labelSelector string)

func ForceKeyRotation 

func ForceKeyRotation(t testing.TB, updateUnsupportedConfig UpdateUnsupportedConfigFunc, reason string) error

func PrintEventsOnFailure 

func PrintEventsOnFailure(namespace string) func(*E)

func TestEncryptionRotation 

func TestEncryptionRotation(t *testing.T, scenario RotationScenario)

TestEncryptionRotation first encrypts data with aescbc key then it forces a key rotation by setting the "encyrption.Reason" in the operator's configuration file

func TestEncryptionTurnOnAndOff 

func TestEncryptionTurnOnAndOff(t *testing.T, scenario OnOffScenario)

func TestEncryptionTypeAESCBC 

func TestEncryptionTypeAESCBC(t *testing.T, scenario BasicScenario)

func TestEncryptionTypeIdentity 

func TestEncryptionTypeIdentity(t *testing.T, scenario BasicScenario)

func TestEncryptionTypeUnset 

func TestEncryptionTypeUnset(t *testing.T, scenario BasicScenario)

func VerifyResources 

func VerifyResources(t testing.TB, etcdClient EtcdClient, etcdKeyPreifx string, expectedMode string, allowEmpty bool) (int, error)

func WaitForEncryptionKeyBasedOn 

func WaitForEncryptionKeyBasedOn(t testing.TB, kubeClient kubernetes.Interface, prevKeyMeta EncryptionKeyMeta, encryptionType configv1.EncryptionType, defaultTargetGRs []schema.GroupResource, namespace, labelSelector string)

func WaitForNextMigratedKey 

func WaitForNextMigratedKey(t testing.TB, kubeClient kubernetes.Interface, prevKeyMeta EncryptionKeyMeta, defaultTargetGRs []schema.GroupResource, namespace, labelSelector string)

Types

type BasicScenario 

type BasicScenario struct {
	Namespace                       string
	LabelSelector                   string
	EncryptionConfigSecretName      string
	EncryptionConfigSecretNamespace string
	OperatorNamespace               string
	TargetGRs                       []schema.GroupResource
	AssertFunc                      func(t testing.TB, clientSet ClientSet, expectedMode configv1.EncryptionType, namespace, labelSelector string)
}

type ClientSet 

type ClientSet struct {
	Etcd            EtcdClient
	ApiServerConfig configv1client.APIServerInterface
	Kube            kubernetes.Interface
}

func GetClients 

func GetClients(t testing.TB) ClientSet

func SetAndWaitForEncryptionType 

func SetAndWaitForEncryptionType(t testing.TB, encryptionType configv1.EncryptionType, defaultTargetGRs []schema.GroupResource, namespace, labelSelector string) ClientSet

type E 

type E struct {
	*testing.T
	// contains filtered or unexported fields
}

E is like testing.T except it overloads some methods to print to stdout when the encryption tests are run from a local machine

func NewE 

func NewE(t *testing.T, options ...func(*E)) *E

func (*E) Error 

func (e *E) Error(args ...interface{})

func (*E) Errorf 

func (e *E) Errorf(format string, args ...interface{})

func (*E) Fatal 

func (e *E) Fatal(args ...interface{})

func (*E) Fatalf 

func (e *E) Fatalf(format string, args ...interface{})

func (*E) Log 

func (e *E) Log(args ...interface{})

func (*E) Logf 

func (e *E) Logf(format string, args ...interface{})

type EncryptionKeyMeta 

type EncryptionKeyMeta struct {
	Name     string
	Migrated []schema.GroupResource
	Mode     string
}

func GetLastKeyMeta 

func GetLastKeyMeta(kubeClient kubernetes.Interface, namespace, labelSelector string) (EncryptionKeyMeta, error)

type EtcdClient 

type EtcdClient interface {
	Get(ctx context.Context, key string, opts ...clientv3.OpOption) (*clientv3.GetResponse, error)
}

func NewEtcdClient 

func NewEtcdClient(kubeClient kubernetes.Interface) EtcdClient

type OnOffScenario 

type OnOffScenario struct {
	BasicScenario
	CreateResourceFunc             func(t testing.TB, clientSet ClientSet, namespace string) runtime.Object
	AssertResourceEncryptedFunc    func(t testing.TB, clientSet ClientSet, resource runtime.Object)
	AssertResourceNotEncryptedFunc func(t testing.TB, clientSet ClientSet, resource runtime.Object)
	ResourceFunc                   func(t testing.TB, namespace string) runtime.Object
	ResourceName                   string
}

type RotationScenario 

type RotationScenario struct {
	BasicScenario
	CreateResourceFunc    func(t testing.TB, clientSet ClientSet, namespace string) runtime.Object
	GetRawResourceFunc    func(t testing.TB, clientSet ClientSet, namespace string) string
	UnsupportedConfigFunc UpdateUnsupportedConfigFunc
}

type UpdateUnsupportedConfigFunc 

type UpdateUnsupportedConfigFunc func(raw []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.