mirror of
https://github.com/outbackdingo/kubernetes.git
synced 2026-02-26 21:00:35 +00:00
efdc6802b6
Automatic merge from submit-queue (batch tested with PRs 60236, 60332, 57375, 60451, 57408). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding Data Encryption Key (DEK) Key Encryption Key (KEK) integration… … tests via KMS Plugin Mock. **What this PR does / why we need it**: Adding integration tests between KubeAPI and KMS Plugin. Concretely, this test verifies the following integration contracts: 1. Raw records in ETCD that were processed by KMS Provider should be prefixed with k8s:enc:kms:v1:grpc-kms-provider-name: 2. Data Encryption Key (DEK) should be generated by envelopeTransformer and passed to KMS gRPC Plugin 3. KMS gRPC Plugin should encrypt the DEK with a Key Encryption Key (KEK) and pass it back to envelopeTransformer 4. The payload (ex. Secret) should be encrypted via AES CBC transform 5. Prefix-EncryptedDEK-EncryptedPayload structure should be deposited to ETCD **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # **Special notes for your reviewer**: **Release note**: ```release-note NONE ```