Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP/proof] API-1844: KMS encryption provider #1781

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[WIP/proof] API-1844: KMS encryption provider #1781

wants to merge 3 commits into from

Conversation

swghosh
Copy link
Member

@swghosh swghosh commented Dec 24, 2024
edited
Loading

Updates library-go implementation of encryption controllers with KMS encryption provider support.

The encryption type in apiserver.config.openshift.io resource is backed by a FeatureGate: KMSEncryptionProvider.

For now, with this vendoring I'm just checking the existing AES local encryption e2e(s) for any regressions.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Dec 24, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Dec 24, 2024
edited by openshift-ci bot
Loading

@swghosh: This pull request references API-1844 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.19.0" version, but no target version was set.

In response to this:

Updates library-go implementation of encryption controllers with KMS encryption provider support.

The encryption type in apiserver.config.openshift.io resource is backed by a FeatureGate: KMSEncryptionProvider.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 24, 2024
@openshift-ci openshift-ci bot requested review from tkashem and vrutkovs December 24, 2024 10:32
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Dec 24, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: swghosh
Once this PR has been reviewed and has the lgtm label, please assign dinhxuanvu for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot
Copy link

openshift-ci-robot commented Dec 24, 2024
edited by openshift-ci bot
Loading

@swghosh: This pull request references API-1844 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.19.0" version, but no target version was set.

In response to this:

Updates library-go implementation of encryption controllers with KMS encryption provider support.

The encryption type in apiserver.config.openshift.io resource is backed by a FeatureGate: KMSEncryptionProvider.

For now, with vendoring checking the existing AES local encryption e2e for any regressions.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot
Copy link

openshift-ci-robot commented Dec 24, 2024
edited by openshift-ci bot
Loading

@swghosh: This pull request references API-1844 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.19.0" version, but no target version was set.

In response to this:

Updates library-go implementation of encryption controllers with KMS encryption provider support.

The encryption type in apiserver.config.openshift.io resource is backed by a FeatureGate: KMSEncryptionProvider.

For now, with this vendoring I'm just checking the existing AES local encryption e2e(s) for any regressions.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@swghosh
Revert key_controller changes
cd3da69 
Signed-off-by: Swarup Ghosh <[email protected]>
@swghosh swghosh changed the title [WIP] API-1844: KMS encryption provider [WIP/proof] API-1844: KMS encryption provider Jan 5, 2025
@swghosh
Revert Revert key_controller chaanges
1098c82 
- re-add the key_controller changes per KMS KeyState

Signed-off-by: Swarup Ghosh <[email protected]>
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jan 5, 2025

@swghosh: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-operator-disruptive-single-node 1098c82 link false /test e2e-aws-operator-disruptive-single-node
ci/prow/verify-deps 1098c82 link true /test verify-deps
ci/prow/e2e-gcp-operator-single-node 1098c82 link false /test e2e-gcp-operator-single-node

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@swghosh
Copy link
Member Author

swghosh commented Jan 9, 2025

/testwith openshift/cluster-kube-apiserver-operator/master/e2e-gcp-operator-encryption-aescbc openshift/api#2035 openshift/cluster-openshift-apiserver-operator#610 openshift/cluster-authentication-operator#749
/testwith openshift/cluster-kube-apiserver-operator/master/e2e-gcp-operator-encryption-aesgcm openshift/api#2035 openshift/cluster-openshift-apiserver-operator#610 openshift/cluster-authentication-operator#749
/testwith openshift/cluster-kube-apiserver-operator/master/e2e-gcp-operator-encryption-perf-aescbc openshift/api#2035 openshift/cluster-openshift-apiserver-operator#610 openshift/cluster-authentication-operator#749
/testwith openshift/cluster-kube-apiserver-operator/master/e2e-gcp-operator-encryption-perf-aesgcm openshift/api#2035 openshift/cluster-openshift-apiserver-operator#610 openshift/cluster-authentication-operator#749
/testwith openshift/cluster-kube-apiserver-operator/master/e2e-gcp-operator-encryption-rotation-aescbc openshift/api#2035 openshift/cluster-openshift-apiserver-operator#610 openshift/cluster-authentication-operator#749
/testwith openshift/cluster-kube-apiserver-operator/master/e2e-gcp-operator-encryption-rotation-aesgcm openshift/api#2035 openshift/cluster-openshift-apiserver-operator#610 openshift/cluster-authentication-operator#749

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tkashem tkashem Awaiting requested review from tkashem

@vrutkovs vrutkovs Awaiting requested review from vrutkovs

Assignees
No one assigned
Labels
do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@swghosh @openshift-ci-robot