Skip to content

Commit 4f265c3

Browse files
ritazhritazh
committed
address review comments
- remove KMSv2Configuration - separate EncryptResponse from EncryptedObject Signed-off-by: Rita Zhang <[email protected]>
1 parent b9e2436 commit 4f265c3

File tree

1 file changed

+3
-21
lines changed
  • keps/sig-auth/3299-kms-v2-improvements

1 file changed

+3
-21
lines changed

keps/sig-auth/3299-kms-v2-improvements/README.md

Lines changed: 3 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -126,27 +126,9 @@ proposal will be implemented, this is the place to discuss them.
126126
index d7d68d2584d..84c1fa6546f 100644
127127
--- a/staging/src/k8s.io/apiserver/pkg/apis/config/v1/types.go
128128
+++ b/staging/src/k8s.io/apiserver/pkg/apis/config/v1/types.go
129-
@@ -51,7 +51,8 @@ type ProviderConfiguration struct {
130-
// identity is the (empty) configuration for the identity transformer.
131-
Identity *IdentityConfiguration `json:"identity,omitempty"`
132-
// kms contains the name, cache size and path to configuration file for a KMS based envelope transformer.
133-
- KMS *KMSConfiguration `json:"kms,omitempty"`
134-
+ KMS *KMSConfiguration `json:"kms,omitempty"`
135-
+ KMSv2 *KMSv2Configuration `json:"kmsv2,omitempty"`
136-
}
137-
138-
// AESConfiguration contains the API configuration for an AES transformer.
139129
@@ -98,3 +99,10 @@ type KMSConfiguration struct {
140-
// +optional
141-
Timeout *metav1.Duration `json:"timeout,omitempty"`
142-
}
143-
+
144-
+type KMSv2Configuration struct {
145-
+ // name is the name of the KMSv2 plugin to be used.
146-
+ Name string `json:"name"`
147-
+ // endpoint is the gRPC server listening address, for example "unix:///var/run/kmsv2-provider.sock".
148-
+ Endpoint string `json:"endpoint"`
149-
+}
130+
+ // apiversion of KeyManagementService
131+
+ APIVersion string `json:"apiversion"`
150132
```
151133

152134
Support key hierarchy in KMS plugin that generates local KEK and add v2alpha1 `KeyManagementService` proto service contract in Kubernetes to include `key_id`, `annotations`, and `status`.
@@ -225,7 +207,7 @@ The last byte represents the encoding style, with 0 meaning that the rest of the
225207
type EncryptedObject struct {
226208
TypeMeta `json:",inline" protobuf:"bytes,1,opt,name=typeMeta"`
227209

228-
EncryptResponse EncryptResponse `protobuf:"bytes,2,opt,name=encryptResponse"`
210+
KeyId string `protobuf:"bytes,2,opt,name=keyId"`
229211

230212
PluginName string `protobuf:"bytes,3,opt,name=pluginName"`
231213

0 commit comments

Comments
 (0)