encryptionconfig

package

v0.0.0-...-f1541d6 Latest Latest Go to latest Published: Apr 19, 2024 License: Apache-2.0 Imports: 14 Imported by: 17

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/openshift/library-go

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func FromEncryptionState(encryptionState map[schema.GroupResource]state.GroupResourceState) *apiserverconfigv1.EncryptionConfiguration
func FromSecret(encryptionConfigSecret *corev1.Secret) (*apiserverconfigv1.EncryptionConfiguration, error)
func ToEncryptionState(encryptionConfig *apiserverconfigv1.EncryptionConfiguration, ...) (map[schema.GroupResource]state.GroupResourceState, []state.KeyState)
func ToSecret(ns, name string, encryptionCfg *apiserverconfigv1.EncryptionConfiguration) (*corev1.Secret, error)

Constants ¶

View Source

const EncryptionConfSecretKey = "encryption-config"

EncryptionConfSecretKey is the map data key used to store the raw bytes of the final encryption config.

View Source

const EncryptionConfSecretName = "encryption-config"

EncryptionConfSecretName is the name of the final encryption config secret that is revisioned per apiserver rollout.

Variables ¶

This section is empty.

Functions ¶

func FromEncryptionState ¶

func FromEncryptionState(encryptionState map[schema.GroupResource]state.GroupResourceState) *apiserverconfigv1.EncryptionConfiguration

FromEncryptionState converts state to config.

func FromSecret ¶

func FromSecret(encryptionConfigSecret *corev1.Secret) (*apiserverconfigv1.EncryptionConfiguration, error)

func ToEncryptionState ¶

func ToEncryptionState(encryptionConfig *apiserverconfigv1.EncryptionConfiguration, keySecrets []*corev1.Secret) (map[schema.GroupResource]state.GroupResourceState, []state.KeyState)

ToEncryptionState converts config to state. Read keys contain a potential write key. Read keys are sorted, recent first.

It assumes: - the first provider provides the write key - the structure of the encryptionConfig matches the output generated by FromEncryptionState:

one resource per provider
one key per provider
each resource has a distinct configuration with zero or more key based providers and the identity provider.
the last providers might be of type aesgcm. Then it carries the names of identity keys, recent first. We never use aesgcm as a real key because it is unsafe.

func ToSecret ¶

func ToSecret(ns, name string, encryptionCfg *apiserverconfigv1.EncryptionConfiguration) (*corev1.Secret, error)

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL