encryption

package
v0.0.0-...-307f9dc Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 19, 2024 License: Apache-2.0 Imports: 36 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AssertEncryptionConfig

func AssertEncryptionConfig(t testing.TB, clientSet ClientSet, encryptionConfigSecretName string, namespace string, targetGRs []schema.GroupResource)

AssertEncryptionConfig checks if the encryption config holds only targetGRs, this ensures that only those resources were encrypted, we don't check the keys because e2e tests are run randomly and we would have to consider all encryption secrets to get the right order of the keys. We test the content of the encryption config in more detail in unit and integration tests

func AssertLastMigratedKey

func AssertLastMigratedKey(t testing.TB, kubeClient kubernetes.Interface, targetGRs []schema.GroupResource, namespace, labelSelector string)

func ForceKeyRotation

func ForceKeyRotation(t testing.TB, updateUnsupportedConfig UpdateUnsupportedConfigFunc, reason string) error

func PrintEventsOnFailure

func PrintEventsOnFailure(namespace string) func(*E)

func TestEncryptionRotation

func TestEncryptionRotation(t *testing.T, scenario RotationScenario)

TestEncryptionRotation first encrypts data with aescbc key then it forces a key rotation by setting the "encyrption.Reason" in the operator's configuration file

func TestEncryptionTurnOnAndOff

func TestEncryptionTurnOnAndOff(t *testing.T, scenario OnOffScenario)

func TestEncryptionType

func TestEncryptionType(t *testing.T, scenario BasicScenario, provider configv1.EncryptionType)

func TestEncryptionTypeAESCBC

func TestEncryptionTypeAESCBC(t *testing.T, scenario BasicScenario)

func TestEncryptionTypeAESGCM

func TestEncryptionTypeAESGCM(t *testing.T, scenario BasicScenario)

func TestEncryptionTypeIdentity

func TestEncryptionTypeIdentity(t *testing.T, scenario BasicScenario)

func TestEncryptionTypeUnset

func TestEncryptionTypeUnset(t *testing.T, scenario BasicScenario)

func TestPerfEncryption

func TestPerfEncryption(t *testing.T, scenario PerfScenario)

func VerifyResources

func VerifyResources(t testing.TB, etcdClient EtcdClient, etcdKeyPreifx string, expectedMode string, allowEmpty bool) (int, error)

func WaitForEncryptionKeyBasedOn

func WaitForEncryptionKeyBasedOn(t testing.TB, kubeClient kubernetes.Interface, prevKeyMeta EncryptionKeyMeta, encryptionType configv1.EncryptionType, defaultTargetGRs []schema.GroupResource, namespace, labelSelector string)

func WaitForNextMigratedKey

func WaitForNextMigratedKey(t testing.TB, kubeClient kubernetes.Interface, prevKeyMeta EncryptionKeyMeta, defaultTargetGRs []schema.GroupResource, namespace, labelSelector string)

Types

type BasicScenario

type BasicScenario struct {
	Namespace                       string
	LabelSelector                   string
	EncryptionConfigSecretName      string
	EncryptionConfigSecretNamespace string
	OperatorNamespace               string
	TargetGRs                       []schema.GroupResource
	AssertFunc                      func(t testing.TB, clientSet ClientSet, expectedMode configv1.EncryptionType, namespace, labelSelector string)
}

type ClientSet

type ClientSet struct {
	Etcd            EtcdClient
	ApiServerConfig configv1client.APIServerInterface
	Kube            kubernetes.Interface
}

func GetClients

func GetClients(t testing.TB) ClientSet

func SetAndWaitForEncryptionType

func SetAndWaitForEncryptionType(t testing.TB, encryptionType configv1.EncryptionType, defaultTargetGRs []schema.GroupResource, namespace, labelSelector string) ClientSet

type DBLoaderFuncType

type DBLoaderFuncType func(kubernetes.Interface, string, func(error), func(string)) error

func DBLoaderRepeat

func DBLoaderRepeat(times int, genNamespaceName bool, workToRepeatFunc ...DBLoaderFuncType) DBLoaderFuncType

func DBLoaderRepeatParallel

func DBLoaderRepeatParallel(times int, workers int, genNamespaceName bool, workToRepeatFunc ...DBLoaderFuncType) DBLoaderFuncType

type E

type E struct {
	*testing.T
	// contains filtered or unexported fields
}

E is like testing.T except it overloads some methods to print to stdout when the encryption tests are run from a local machine

func NewE

func NewE(t *testing.T, options ...func(*E)) *E

func (*E) Error

func (e *E) Error(args ...interface{})

func (*E) Errorf

func (e *E) Errorf(format string, args ...interface{})

func (*E) Fatal

func (e *E) Fatal(args ...interface{})

func (*E) Fatalf

func (e *E) Fatalf(format string, args ...interface{})

func (*E) Log

func (e *E) Log(args ...interface{})

func (*E) Logf

func (e *E) Logf(format string, args ...interface{})

type EncryptionKeyMeta

type EncryptionKeyMeta struct {
	Name     string
	Migrated []schema.GroupResource
	Mode     string
}

func GetLastKeyMeta

func GetLastKeyMeta(t testing.TB, kubeClient kubernetes.Interface, namespace, labelSelector string) (EncryptionKeyMeta, error)

type EtcdClient

type EtcdClient interface {
	Get(ctx context.Context, key string, opts ...clientv3.OpOption) (*clientv3.GetResponse, error)
}

func NewEtcdClient

func NewEtcdClient(kubeClient kubernetes.Interface) EtcdClient

type GetOperatorConditionsFuncType

type GetOperatorConditionsFuncType func(t testing.TB) ([]v1.OperatorCondition, error)

type OnOffScenario

type OnOffScenario struct {
	BasicScenario
	CreateResourceFunc             func(t testing.TB, clientSet ClientSet, namespace string) runtime.Object
	AssertResourceEncryptedFunc    func(t testing.TB, clientSet ClientSet, resource runtime.Object)
	AssertResourceNotEncryptedFunc func(t testing.TB, clientSet ClientSet, resource runtime.Object)
	ResourceFunc                   func(t testing.TB, namespace string) runtime.Object
	ResourceName                   string
	EncryptionProvider             configv1.EncryptionType
}

type PerfScenario

type PerfScenario struct {
	BasicScenario
	GetOperatorConditionsFunc GetOperatorConditionsFuncType

	DBLoaderFunc          DBLoaderFuncType
	AssertDBPopulatedFunc func(t testing.TB, errorStore map[string]int, statStore map[string]int)
	AssertMigrationTime   func(t testing.TB, migrationTime time.Duration)
	// DBLoaderWorker is the number of workers that will execute DBLoaderFunc
	DBLoaderWorkers    int
	EncryptionProvider configv1.EncryptionType
}

type RotationScenario

type RotationScenario struct {
	BasicScenario
	CreateResourceFunc    func(t testing.TB, clientSet ClientSet, namespace string) runtime.Object
	GetRawResourceFunc    func(t testing.TB, clientSet ClientSet, namespace string) string
	UnsupportedConfigFunc UpdateUnsupportedConfigFunc
	EncryptionProvider    configv1.EncryptionType
}

type UpdateUnsupportedConfigFunc

type UpdateUnsupportedConfigFunc func(raw []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL