Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

encryption config: no-op refactor to prepare for single loading #112703

Merged
merged 1 commit into from
Sep 26, 2022
Merged

encryption config: no-op refactor to prepare for single loading #112703

merged 1 commit into from
Sep 26, 2022

Conversation

enj
Copy link
Member

@enj enj commented Sep 23, 2022

Signed-off-by: Monis Khan mok@microsoft.com

/kind cleanup
/triage accepted
/assign @aramase
xref #111922 #112685 #112486

NONE

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. triage/accepted Indicates an issue or PR is ready to be actively worked on. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Sep 23, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enj

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver area/test sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/testing Categorizes an issue or PR as relevant to SIG Testing. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Sep 23, 2022
enj
enj commented Sep 23, 2022
View reviewed changes
staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go
Comment on lines 97 to +105
func GetKMSPluginHealthzCheckers(filepath string, stopCh <-chan struct{}) ([]healthz.HealthChecker, error) {
f, err := os.Open(filepath)
_, kmsHealthChecks, err := LoadEncryptionConfig(filepath, stopCh)
return kmsHealthChecks, err
}

func GetTransformerOverrides(filepath string, stopCh <-chan struct{}) (map[schema.GroupResource]value.Transformer, error) {
transformers, _, err := LoadEncryptionConfig(filepath, stopCh)
return transformers, err
}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will handle deleting these in #112685 (i.e. the single loading bit).

@enj
Copy link
Member Author

enj commented Sep 23, 2022

/retest

aramase
aramase reviewed Sep 26, 2022
View reviewed changes
Copy link
Member

@aramase aramase left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one small nit, but otherwise lgtm!

staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go Outdated Show resolved Hide resolved
staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope_test.go
@@ -169,10 +163,7 @@ func TestEnvelopeCacheLimit(t *testing.T) {
}

func BenchmarkEnvelopeCBCRead(b *testing.B) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see these used anywhere. Should we remove these in a follow-up PR?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think benchmarks in k/k are only every manually run (to prove if some change was good/bad for performance).

staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope_test.go
Comment on lines 218 to 219
// remove after 1.13
func TestBackwardsCompatibility(t *testing.T) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove after 1.13? 😄 I can help clean these up in a follow-up.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this comment is wrong because we do not run storage migration automatically so we cannot assume that folks are not using the old non-cryptobyte format.

xref: #69249 (comment)

@enj
encryption config: no-op refactor to prepare for single loading
db85093 
Signed-off-by: Monis Khan <mok@microsoft.com>
aramase
aramase reviewed Sep 26, 2022
View reviewed changes
Copy link
Member

@aramase aramase left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 26, 2022
@k8s-ci-robot k8s-ci-robot merged commit 24377fa into kubernetes:master Sep 26, 2022
@k8s-ci-robot k8s-ci-robot added this to the v1.26 milestone Sep 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aramase aramase aramase left review comments

@lavalamp lavalamp Awaiting requested review from lavalamp

@SataQiu SataQiu Awaiting requested review from SataQiu

Assignees

@aramase aramase

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note-none Denotes a PR that doesn't merit a release note. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Auth: KMS v2
Status: Done
Milestone
v1.26
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@enj @k8s-ci-robot @aramase