encryption

package
v0.0.0-...-ec00d85 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 14, 2024 License: Apache-2.0 Imports: 36 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AssertEncryptionConfig 

func AssertEncryptionConfig(t testing.TB, clientSet ClientSet, encryptionConfigSecretName string, namespace string, targetGRs []schema.GroupResource)

AssertEncryptionConfig checks if the encryption config holds only targetGRs, this ensures that only those resources were encrypted, we don't check the keys because e2e tests are run randomly and we would have to consider all encryption secrets to get the right order of the keys. We test the content of the encryption config in more detail in unit and integration tests

func AssertLastMigratedKey 

func AssertLastMigratedKey(t testing.TB, kubeClient kubernetes.Interface, targetGRs []schema.GroupResource, namespace, labelSelector string)

func ForceKeyRotation 

func ForceKeyRotation(t testing.TB, updateUnsupportedConfig UpdateUnsupportedConfigFunc, reason string) error

func PrintEventsOnFailure 

func PrintEventsOnFailure(namespace string) func(*E)

func TestEncryptionRotation 

func TestEncryptionRotation(t *testing.T, scenario RotationScenario)

TestEncryptionRotation first encrypts data with aescbc key then it forces a key rotation by setting the "encyrption.Reason" in the operator's configuration file

func TestEncryptionTurnOnAndOff 

func TestEncryptionTurnOnAndOff(t *testing.T, scenario OnOffScenario)

func TestEncryptionType 

func TestEncryptionType(t *testing.T, scenario BasicScenario, provider configv1.EncryptionType)

func TestEncryptionTypeAESCBC 

func TestEncryptionTypeAESCBC(t *testing.T, scenario BasicScenario)

func TestEncryptionTypeAESGCM 

func TestEncryptionTypeAESGCM(t *testing.T, scenario BasicScenario)

func TestEncryptionTypeIdentity 

func TestEncryptionTypeIdentity(t *testing.T, scenario BasicScenario)

func TestEncryptionTypeUnset 

func TestEncryptionTypeUnset(t *testing.T, scenario BasicScenario)

func TestPerfEncryption 

func TestPerfEncryption(t *testing.T, scenario PerfScenario)

func VerifyResources 

func VerifyResources(t testing.TB, etcdClient EtcdClient, etcdKeyPreifx string, expectedMode string, allowEmpty bool) (int, error)

func WaitForEncryptionKeyBasedOn 

func WaitForEncryptionKeyBasedOn(t testing.TB, kubeClient kubernetes.Interface, prevKeyMeta EncryptionKeyMeta, encryptionType configv1.EncryptionType, defaultTargetGRs []schema.GroupResource, namespace, labelSelector string)

func WaitForNextMigratedKey 

func WaitForNextMigratedKey(t testing.TB, kubeClient kubernetes.Interface, prevKeyMeta EncryptionKeyMeta, defaultTargetGRs []schema.GroupResource, namespace, labelSelector string)

Types

type BasicScenario 

type BasicScenario struct {
	Namespace                       string
	LabelSelector                   string
	EncryptionConfigSecretName      string
	EncryptionConfigSecretNamespace string
	OperatorNamespace               string
	TargetGRs                       []schema.GroupResource
	AssertFunc                      func(t testing.TB, clientSet ClientSet, expectedMode configv1.EncryptionType, namespace, labelSelector string)
}

type ClientSet 

type ClientSet struct {
	Etcd            EtcdClient
	ApiServerConfig configv1client.APIServerInterface
	Kube            kubernetes.Interface
}

func GetClients 

func GetClients(t testing.TB) ClientSet

func SetAndWaitForEncryptionType 

func SetAndWaitForEncryptionType(t testing.TB, encryptionType configv1.EncryptionType, defaultTargetGRs []schema.GroupResource, namespace, labelSelector string) ClientSet

type DBLoaderFuncType 

type DBLoaderFuncType func(kubernetes.Interface, string, func(error), func(string)) error

func DBLoaderRepeat 

func DBLoaderRepeat(times int, genNamespaceName bool, workToRepeatFunc ...DBLoaderFuncType) DBLoaderFuncType

func DBLoaderRepeatParallel 

func DBLoaderRepeatParallel(times int, workers int, genNamespaceName bool, workToRepeatFunc ...DBLoaderFuncType) DBLoaderFuncType

type E 

type E struct {
	*testing.T
	// contains filtered or unexported fields
}

E is like testing.T except it overloads some methods to print to stdout when the encryption tests are run from a local machine

func NewE 

func NewE(t *testing.T, options ...func(*E)) *E

func (*E) Error 

func (e *E) Error(args ...interface{})

func (*E) Errorf 

func (e *E) Errorf(format string, args ...interface{})

func (*E) Fatal 

func (e *E) Fatal(args ...interface{})

func (*E) Fatalf 

func (e *E) Fatalf(format string, args ...interface{})

func (*E) Log 

func (e *E) Log(args ...interface{})

func (*E) Logf 

func (e *E) Logf(format string, args ...interface{})

type EncryptionKeyMeta 

type EncryptionKeyMeta struct {
	Name     string
	Migrated []schema.GroupResource
	Mode     string
}

func GetLastKeyMeta 

func GetLastKeyMeta(t testing.TB, kubeClient kubernetes.Interface, namespace, labelSelector string) (EncryptionKeyMeta, error)

type EtcdClient 

type EtcdClient interface {
	Get(ctx context.Context, key string, opts ...clientv3.OpOption) (*clientv3.GetResponse, error)
}

func NewEtcdClient 

func NewEtcdClient(kubeClient kubernetes.Interface) EtcdClient

type GetOperatorConditionsFuncType 

type GetOperatorConditionsFuncType func(t testing.TB) ([]v1.OperatorCondition, error)

type OnOffScenario 

type OnOffScenario struct {
	BasicScenario
	CreateResourceFunc             func(t testing.TB, clientSet ClientSet, namespace string) runtime.Object
	AssertResourceEncryptedFunc    func(t testing.TB, clientSet ClientSet, resource runtime.Object)
	AssertResourceNotEncryptedFunc func(t testing.TB, clientSet ClientSet, resource runtime.Object)
	ResourceFunc                   func(t testing.TB, namespace string) runtime.Object
	ResourceName                   string
	EncryptionProvider             configv1.EncryptionType
}

type PerfScenario 

type PerfScenario struct {
	BasicScenario
	GetOperatorConditionsFunc GetOperatorConditionsFuncType

	DBLoaderFunc          DBLoaderFuncType
	AssertDBPopulatedFunc func(t testing.TB, errorStore map[string]int, statStore map[string]int)
	AssertMigrationTime   func(t testing.TB, migrationTime time.Duration)
	// DBLoaderWorker is the number of workers that will execute DBLoaderFunc
	DBLoaderWorkers    int
	EncryptionProvider configv1.EncryptionType
}

type RotationScenario 

type RotationScenario struct {
	BasicScenario
	CreateResourceFunc    func(t testing.TB, clientSet ClientSet, namespace string) runtime.Object
	GetRawResourceFunc    func(t testing.TB, clientSet ClientSet, namespace string) string
	UnsupportedConfigFunc UpdateUnsupportedConfigFunc
	EncryptionProvider    configv1.EncryptionType
}

type UpdateUnsupportedConfigFunc 

type UpdateUnsupportedConfigFunc func(raw []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.