Revert "Adding commands to get and set encryption configs"
This reverts commit 694067492cfedd5e7b369b396bfce9923c0ca3a1. Reason for revert: Encryption configs inside airship config are no longer required. Encrypt feature was implemented different way. Change-Id: I1c8feec75000402e314e815e4832ce740f0e1254
This commit is contained in:
parent
2351051ffd
commit
e4436ca36d
@ -39,9 +39,6 @@ func NewConfigCommand(cfgFactory config.Factory) *cobra.Command {
|
|||||||
configRootCmd.AddCommand(NewGetManifestCommand(cfgFactory))
|
configRootCmd.AddCommand(NewGetManifestCommand(cfgFactory))
|
||||||
configRootCmd.AddCommand(NewSetManifestCommand(cfgFactory))
|
configRootCmd.AddCommand(NewSetManifestCommand(cfgFactory))
|
||||||
|
|
||||||
configRootCmd.AddCommand(NewGetEncryptionConfigCommand(cfgFactory))
|
|
||||||
configRootCmd.AddCommand(NewSetEncryptionConfigCommand(cfgFactory))
|
|
||||||
|
|
||||||
// Init will have different factory
|
// Init will have different factory
|
||||||
configRootCmd.AddCommand(NewInitCommand())
|
configRootCmd.AddCommand(NewInitCommand())
|
||||||
return configRootCmd
|
return configRootCmd
|
||||||
|
@ -1,76 +0,0 @@
|
|||||||
/*
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
you may not use this file except in compliance with the License.
|
|
||||||
You may obtain a copy of the License at
|
|
||||||
|
|
||||||
https://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
See the License for the specific language governing permissions and
|
|
||||||
limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package config
|
|
||||||
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
|
|
||||||
"github.com/spf13/cobra"
|
|
||||||
|
|
||||||
"opendev.org/airship/airshipctl/pkg/config"
|
|
||||||
)
|
|
||||||
|
|
||||||
const (
|
|
||||||
getEncryptionConfigsLong = `
|
|
||||||
Display a specific encryption config information, or all defined encryption configs if no name is provided.
|
|
||||||
`
|
|
||||||
|
|
||||||
getEncryptionConfigsExample = `
|
|
||||||
# List all the encryption configs airshipctl knows about
|
|
||||||
airshipctl config get-encryption-configs
|
|
||||||
|
|
||||||
# Display a specific encryption config
|
|
||||||
airshipctl config get-encryption-config exampleConfig
|
|
||||||
`
|
|
||||||
)
|
|
||||||
|
|
||||||
// NewGetEncryptionConfigCommand creates a command that enables printing an encryption configuration to stdout.
|
|
||||||
func NewGetEncryptionConfigCommand(cfgFactory config.Factory) *cobra.Command {
|
|
||||||
cmd := &cobra.Command{
|
|
||||||
Use: "get-encryption-config NAME",
|
|
||||||
Short: "Get an encryption config information from the airshipctl config",
|
|
||||||
Long: getEncryptionConfigsLong[1:],
|
|
||||||
Example: getEncryptionConfigsExample,
|
|
||||||
Args: cobra.MaximumNArgs(1),
|
|
||||||
Aliases: []string{"get-encryption-configs"},
|
|
||||||
RunE: func(cmd *cobra.Command, args []string) error {
|
|
||||||
airconfig, err := cfgFactory()
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if len(args) == 1 {
|
|
||||||
name := args[0]
|
|
||||||
encryptionConfig, exists := airconfig.EncryptionConfigs[name]
|
|
||||||
if !exists {
|
|
||||||
return config.ErrEncryptionConfigurationNotFound{
|
|
||||||
Name: fmt.Sprintf("Encryption Config with name '%s'", name),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
fmt.Fprintln(cmd.OutOrStdout(), encryptionConfig)
|
|
||||||
} else {
|
|
||||||
encryptionConfigs := airconfig.GetEncryptionConfigs()
|
|
||||||
if len(encryptionConfigs) == 0 {
|
|
||||||
fmt.Fprintln(cmd.OutOrStdout(), "No Encryption Config found in the configuration.")
|
|
||||||
}
|
|
||||||
for _, encryptionConfig := range encryptionConfigs {
|
|
||||||
fmt.Fprintln(cmd.OutOrStdout(), encryptionConfig)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
return cmd
|
|
||||||
}
|
|
@ -1,65 +0,0 @@
|
|||||||
/*
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
you may not use this file except in compliance with the License.
|
|
||||||
You may obtain a copy of the License at
|
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
See the License for the specific language governing permissions and
|
|
||||||
limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package config_test
|
|
||||||
|
|
||||||
import (
|
|
||||||
"testing"
|
|
||||||
|
|
||||||
cmd "opendev.org/airship/airshipctl/cmd/config"
|
|
||||||
"opendev.org/airship/airshipctl/pkg/config"
|
|
||||||
"opendev.org/airship/airshipctl/testutil"
|
|
||||||
)
|
|
||||||
|
|
||||||
func TestGetEncryptionConfigCmd(t *testing.T) {
|
|
||||||
settings := func() (*config.Config, error) {
|
|
||||||
return &config.Config{
|
|
||||||
EncryptionConfigs: map[string]*config.EncryptionConfig{
|
|
||||||
config.AirshipDefaultContext: testutil.DummyEncryptionConfig(),
|
|
||||||
},
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
emptySettings := func() (*config.Config, error) {
|
|
||||||
return &config.Config{}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
cmdTests := []*testutil.CmdTest{
|
|
||||||
{
|
|
||||||
Name: "get-encryption-config-with-help",
|
|
||||||
CmdLine: "--help",
|
|
||||||
Cmd: cmd.NewGetEncryptionConfigCommand(nil),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "get-encryption-config-not-found",
|
|
||||||
CmdLine: "foo",
|
|
||||||
Cmd: cmd.NewGetEncryptionConfigCommand(emptySettings),
|
|
||||||
Error: config.ErrEncryptionConfigurationNotFound{Name: "Encryption Config with name 'foo'"},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "get-encryption-config-all",
|
|
||||||
CmdLine: "",
|
|
||||||
Cmd: cmd.NewGetEncryptionConfigCommand(settings),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "get-empty-encryption-config",
|
|
||||||
CmdLine: config.AirshipDefaultContext,
|
|
||||||
Cmd: cmd.NewGetEncryptionConfigCommand(settings),
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, tt := range cmdTests {
|
|
||||||
testutil.RunTest(t, tt)
|
|
||||||
}
|
|
||||||
}
|
|
@ -31,7 +31,6 @@ Create or modify a context in the airshipctl config files.
|
|||||||
# Create a new context named "exampleContext"
|
# Create a new context named "exampleContext"
|
||||||
airshipctl config set-context exampleContext \
|
airshipctl config set-context exampleContext \
|
||||||
--manifest=exampleManifest \
|
--manifest=exampleManifest \
|
||||||
--encryption-config=exampleEncryptionConfig
|
|
||||||
|
|
||||||
# Update the manifest of the current-context
|
# Update the manifest of the current-context
|
||||||
airshipctl config set-context \
|
airshipctl config set-context \
|
||||||
@ -92,12 +91,6 @@ func addSetContextFlags(o *config.ContextOptions, cmd *cobra.Command) {
|
|||||||
"",
|
"",
|
||||||
"set the manifest for the specified context")
|
"set the manifest for the specified context")
|
||||||
|
|
||||||
flags.StringVar(
|
|
||||||
&o.EncryptionConfig,
|
|
||||||
"encryption-config",
|
|
||||||
"",
|
|
||||||
"set the encryption config for the specified context")
|
|
||||||
|
|
||||||
flags.BoolVar(
|
flags.BoolVar(
|
||||||
&o.Current,
|
&o.Current,
|
||||||
"current",
|
"current",
|
||||||
|
@ -28,9 +28,8 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
testEncryptionConfig = "test_encryption_config"
|
defaultManifest = "edge_cloud"
|
||||||
defaultManifest = "edge_cloud"
|
testManifest = "test_manifest"
|
||||||
testManifest = "test_manifest"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type setContextTest struct {
|
type setContextTest struct {
|
||||||
@ -70,23 +69,20 @@ func TestSetContext(t *testing.T) {
|
|||||||
defer cleanupGiven(t)
|
defer cleanupGiven(t)
|
||||||
|
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
testName string
|
testName string
|
||||||
contextName string
|
contextName string
|
||||||
flags []string
|
flags []string
|
||||||
givenConfig *config.Config
|
givenConfig *config.Config
|
||||||
manifest string
|
manifest string
|
||||||
encryptionConfig string
|
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
testName: "set-context",
|
testName: "set-context",
|
||||||
contextName: "dummycontext",
|
contextName: "dummycontext",
|
||||||
flags: []string{
|
flags: []string{
|
||||||
"--manifest=" + defaultManifest,
|
"--manifest=" + defaultManifest,
|
||||||
"--encryption-config=" + testEncryptionConfig,
|
|
||||||
},
|
},
|
||||||
givenConfig: given,
|
givenConfig: given,
|
||||||
manifest: defaultManifest,
|
manifest: defaultManifest,
|
||||||
encryptionConfig: testEncryptionConfig,
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
testName: "set-current-context",
|
testName: "set-current-context",
|
||||||
@ -103,15 +99,6 @@ func TestSetContext(t *testing.T) {
|
|||||||
givenConfig: given,
|
givenConfig: given,
|
||||||
manifest: testManifest,
|
manifest: testManifest,
|
||||||
},
|
},
|
||||||
{
|
|
||||||
testName: "modify-context",
|
|
||||||
contextName: "def_target",
|
|
||||||
flags: []string{
|
|
||||||
"--encryption-config=" + testEncryptionConfig,
|
|
||||||
},
|
|
||||||
givenConfig: given,
|
|
||||||
encryptionConfig: testEncryptionConfig,
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
|
@ -1,104 +0,0 @@
|
|||||||
/*
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
you may not use this file except in compliance with the License.
|
|
||||||
You may obtain a copy of the License at
|
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
See the License for the specific language governing permissions and
|
|
||||||
limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package config
|
|
||||||
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
|
|
||||||
"github.com/spf13/cobra"
|
|
||||||
|
|
||||||
"opendev.org/airship/airshipctl/pkg/config"
|
|
||||||
)
|
|
||||||
|
|
||||||
const (
|
|
||||||
setEncryptionConfigLong = `
|
|
||||||
Create or modify an encryption config in the airshipctl config file.
|
|
||||||
|
|
||||||
Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects
|
|
||||||
`
|
|
||||||
|
|
||||||
setEncryptionConfigExample = `
|
|
||||||
# Create an encryption config with local gpg key source
|
|
||||||
airshipctl config set-encryption-config exampleConfig \
|
|
||||||
--encryption-key path-to-encryption-key \
|
|
||||||
--decryption-key path-to-encryption-key
|
|
||||||
|
|
||||||
# Create an encryption config with kube api server secret as the store to store encryption keys
|
|
||||||
airshipctl config set-encryption-config exampleConfig \
|
|
||||||
--secret-name secretName \
|
|
||||||
--secret-namespace secretNamespace
|
|
||||||
`
|
|
||||||
)
|
|
||||||
|
|
||||||
// NewSetEncryptionConfigCommand creates a command for creating and modifying encryption
|
|
||||||
// configs in the airshipctl config file.
|
|
||||||
func NewSetEncryptionConfigCommand(cfgFactory config.Factory) *cobra.Command {
|
|
||||||
o := &config.EncryptionConfigOptions{}
|
|
||||||
cmd := &cobra.Command{
|
|
||||||
Use: "set-encryption-config NAME",
|
|
||||||
Short: "Manage encryption configs in airship config",
|
|
||||||
Long: setEncryptionConfigLong[1:],
|
|
||||||
Example: setEncryptionConfigExample,
|
|
||||||
Args: cobra.ExactArgs(1),
|
|
||||||
RunE: func(cmd *cobra.Command, args []string) error {
|
|
||||||
cfg, err := cfgFactory()
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
o.Name = args[0]
|
|
||||||
modified, err := config.RunSetEncryptionConfig(o, cfg, true)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if modified {
|
|
||||||
fmt.Fprintf(cmd.OutOrStdout(), "Encryption Config %q modified.\n", o.Name)
|
|
||||||
} else {
|
|
||||||
fmt.Fprintf(cmd.OutOrStdout(), "Encryption Config %q created.\n", o.Name)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
addSetEncryptionConfigFlags(o, cmd)
|
|
||||||
return cmd
|
|
||||||
}
|
|
||||||
|
|
||||||
func addSetEncryptionConfigFlags(o *config.EncryptionConfigOptions, cmd *cobra.Command) {
|
|
||||||
flags := cmd.Flags()
|
|
||||||
|
|
||||||
flags.StringVar(
|
|
||||||
&o.EncryptionKeyPath,
|
|
||||||
"encryption-key-path",
|
|
||||||
"",
|
|
||||||
"the path to the encryption key file")
|
|
||||||
|
|
||||||
flags.StringVar(
|
|
||||||
&o.DecryptionKeyPath,
|
|
||||||
"decryption-key-path",
|
|
||||||
"",
|
|
||||||
"the path to the decryption key file")
|
|
||||||
|
|
||||||
flags.StringVar(
|
|
||||||
&o.KeySecretName,
|
|
||||||
"secret-name",
|
|
||||||
"",
|
|
||||||
"name of the secret consisting of the encryption and decryption keys")
|
|
||||||
|
|
||||||
flags.StringVar(
|
|
||||||
&o.KeySecretNamespace,
|
|
||||||
"secret-namespace",
|
|
||||||
"",
|
|
||||||
"namespace of the secret consisting of the encryption and decryption keys")
|
|
||||||
}
|
|
@ -1,179 +0,0 @@
|
|||||||
/*
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
you may not use this file except in compliance with the License.
|
|
||||||
You may obtain a copy of the License at
|
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
See the License for the specific language governing permissions and
|
|
||||||
limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package config
|
|
||||||
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
"strings"
|
|
||||||
"testing"
|
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
|
||||||
"github.com/stretchr/testify/require"
|
|
||||||
|
|
||||||
"opendev.org/airship/airshipctl/pkg/config"
|
|
||||||
"opendev.org/airship/airshipctl/testutil"
|
|
||||||
)
|
|
||||||
|
|
||||||
const (
|
|
||||||
encryptionConfigName = "encryptionConfig"
|
|
||||||
secretName = "secretName"
|
|
||||||
secretNamespace = "secretNamespace"
|
|
||||||
encryptionKeyFilePath = "/tmp/encryption.key"
|
|
||||||
decryptionKeyFilePath = "/tmp/decryption.pub"
|
|
||||||
)
|
|
||||||
|
|
||||||
func TestConfigSetEncryptionConfigurationCmd(t *testing.T) {
|
|
||||||
cmdTests := []*testutil.CmdTest{
|
|
||||||
{
|
|
||||||
Name: "config-cmd-set-encryption-config-with-help",
|
|
||||||
CmdLine: "--help",
|
|
||||||
Cmd: NewSetEncryptionConfigCommand(nil),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "config-cmd-set-encryption-config-no-args",
|
|
||||||
CmdLine: "",
|
|
||||||
Cmd: NewSetEncryptionConfigCommand(nil),
|
|
||||||
Error: fmt.Errorf("accepts %d arg(s), received %d", 1, 0),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "config-cmd-set-encryption-config-excess-args",
|
|
||||||
CmdLine: "arg1 arg2",
|
|
||||||
Cmd: NewSetEncryptionConfigCommand(nil),
|
|
||||||
Error: fmt.Errorf("accepts %d arg(s), received %d", 1, 2),
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, tt := range cmdTests {
|
|
||||||
testutil.RunTest(t, tt)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestSetEncryptionConfig(t *testing.T) {
|
|
||||||
given, cleanupGiven := testutil.InitConfig(t)
|
|
||||||
defer cleanupGiven(t)
|
|
||||||
|
|
||||||
tests := []struct {
|
|
||||||
testName string
|
|
||||||
encryptionConfigName string
|
|
||||||
flags []string
|
|
||||||
inputConfig *config.Config
|
|
||||||
secretName string
|
|
||||||
secretNamespace string
|
|
||||||
encryptionKeyFilePath string
|
|
||||||
decryptionKeyFilePath string
|
|
||||||
error error
|
|
||||||
}{
|
|
||||||
{
|
|
||||||
testName: "set-encryption-config-error-no-encryption",
|
|
||||||
encryptionKeyFilePath: encryptionKeyFilePath,
|
|
||||||
decryptionKeyFilePath: decryptionKeyFilePath,
|
|
||||||
encryptionConfigName: encryptionConfigName,
|
|
||||||
flags: []string{
|
|
||||||
"--decryption-key-path " + decryptionKeyFilePath,
|
|
||||||
},
|
|
||||||
error: fmt.Errorf("specify both encryption " +
|
|
||||||
"and decryption keys when setting encryption config"),
|
|
||||||
inputConfig: given,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
testName: "set-encryption-config-error-no-decryption",
|
|
||||||
flags: []string{
|
|
||||||
"--encryption-key-path " + encryptionKeyFilePath,
|
|
||||||
},
|
|
||||||
error: fmt.Errorf("you must specify both encryption " +
|
|
||||||
"and decryption keys when setting encryption config"),
|
|
||||||
encryptionConfigName: encryptionConfigName,
|
|
||||||
encryptionKeyFilePath: encryptionKeyFilePath,
|
|
||||||
decryptionKeyFilePath: decryptionKeyFilePath,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
testName: "set-encryption-config-error-no-options",
|
|
||||||
encryptionConfigName: encryptionConfigName,
|
|
||||||
error: fmt.Errorf("you must specify both encryption " +
|
|
||||||
"and decryption keys when setting encryption config"),
|
|
||||||
inputConfig: given,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
testName: "set-encryption-config",
|
|
||||||
encryptionConfigName: encryptionConfigName,
|
|
||||||
encryptionKeyFilePath: encryptionKeyFilePath,
|
|
||||||
decryptionKeyFilePath: decryptionKeyFilePath,
|
|
||||||
flags: []string{
|
|
||||||
"--decryption-key-path " + decryptionKeyFilePath,
|
|
||||||
"--encryption-key-path " + encryptionKeyFilePath,
|
|
||||||
},
|
|
||||||
inputConfig: given,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
testName: "set-encryption-config-error-no-namespace",
|
|
||||||
encryptionConfigName: encryptionConfigName,
|
|
||||||
flags: []string{
|
|
||||||
"--secret-name " + secretName,
|
|
||||||
},
|
|
||||||
error: fmt.Errorf("you must specify both secret name and namespace" +
|
|
||||||
" when setting encryption config"),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
testName: "set-encryption-config-error-no-secret-name",
|
|
||||||
encryptionConfigName: encryptionConfigName,
|
|
||||||
flags: []string{
|
|
||||||
"--secret-namespace " + secretNamespace,
|
|
||||||
},
|
|
||||||
error: fmt.Errorf("you must specify both secret name and namespace" +
|
|
||||||
" when setting encryption config"),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
testName: "set-encryption-config",
|
|
||||||
encryptionConfigName: encryptionConfigName,
|
|
||||||
secretName: secretName,
|
|
||||||
secretNamespace: secretNamespace,
|
|
||||||
encryptionKeyFilePath: encryptionKeyFilePath,
|
|
||||||
decryptionKeyFilePath: decryptionKeyFilePath,
|
|
||||||
flags: []string{
|
|
||||||
"--secret-name " + secretName,
|
|
||||||
"--secret-namespace " + secretNamespace,
|
|
||||||
},
|
|
||||||
inputConfig: given,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, tt := range tests {
|
|
||||||
settings := func() (*config.Config, error) {
|
|
||||||
return tt.inputConfig, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
cmd := &testutil.CmdTest{
|
|
||||||
Name: tt.testName,
|
|
||||||
CmdLine: fmt.Sprintf("%s %s", tt.encryptionConfigName, strings.Join(tt.flags, " ")),
|
|
||||||
Error: tt.error,
|
|
||||||
Cmd: NewSetEncryptionConfigCommand(settings),
|
|
||||||
}
|
|
||||||
|
|
||||||
testutil.RunTest(t, cmd)
|
|
||||||
|
|
||||||
if cmd.Error != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
afterRunConf := tt.inputConfig
|
|
||||||
// Find the Encryption Config Created or Modified
|
|
||||||
afterRunEncryptionConfig, _ := afterRunConf.EncryptionConfigs[tt.encryptionConfigName]
|
|
||||||
require.NotNil(t, afterRunEncryptionConfig)
|
|
||||||
assert.EqualValues(t, afterRunEncryptionConfig.KeySecretName, tt.secretName)
|
|
||||||
assert.EqualValues(t, afterRunEncryptionConfig.KeySecretNamespace, tt.secretNamespace)
|
|
||||||
assert.EqualValues(t, afterRunEncryptionConfig.EncryptionKeyPath, tt.encryptionKeyFilePath)
|
|
||||||
assert.EqualValues(t, afterRunEncryptionConfig.DecryptionKeyPath, tt.decryptionKeyFilePath)
|
|
||||||
}
|
|
||||||
}
|
|
@ -5,13 +5,11 @@ Usage:
|
|||||||
|
|
||||||
Available Commands:
|
Available Commands:
|
||||||
get-context Get context information from the airshipctl config
|
get-context Get context information from the airshipctl config
|
||||||
get-encryption-config Get an encryption config information from the airshipctl config
|
|
||||||
get-management-config View a management config or all management configs defined in the airshipctl config
|
get-management-config View a management config or all management configs defined in the airshipctl config
|
||||||
get-manifest Get a manifest information from the airshipctl config
|
get-manifest Get a manifest information from the airshipctl config
|
||||||
help Help about any command
|
help Help about any command
|
||||||
init Generate initial configuration file for airshipctl
|
init Generate initial configuration file for airshipctl
|
||||||
set-context Manage contexts
|
set-context Manage contexts
|
||||||
set-encryption-config Manage encryption configs in airship config
|
|
||||||
set-management-config Modify an out-of-band management configuration
|
set-management-config Modify an out-of-band management configuration
|
||||||
set-manifest Manage manifests in airship config
|
set-manifest Manage manifests in airship config
|
||||||
use-context Switch to a different context
|
use-context Switch to a different context
|
||||||
|
@ -7,7 +7,6 @@ Examples:
|
|||||||
# Create a new context named "exampleContext"
|
# Create a new context named "exampleContext"
|
||||||
airshipctl config set-context exampleContext \
|
airshipctl config set-context exampleContext \
|
||||||
--manifest=exampleManifest \
|
--manifest=exampleManifest \
|
||||||
--encryption-config=exampleEncryptionConfig
|
|
||||||
|
|
||||||
# Update the manifest of the current-context
|
# Update the manifest of the current-context
|
||||||
airshipctl config set-context \
|
airshipctl config set-context \
|
||||||
@ -16,8 +15,7 @@ airshipctl config set-context \
|
|||||||
|
|
||||||
|
|
||||||
Flags:
|
Flags:
|
||||||
--current update the current context
|
--current update the current context
|
||||||
--encryption-config string set the encryption config for the specified context
|
-h, --help help for set-context
|
||||||
-h, --help help for set-context
|
--manifest string set the manifest for the specified context
|
||||||
--manifest string set the manifest for the specified context
|
|
||||||
|
|
||||||
|
@ -8,7 +8,6 @@ Examples:
|
|||||||
# Create a new context named "exampleContext"
|
# Create a new context named "exampleContext"
|
||||||
airshipctl config set-context exampleContext \
|
airshipctl config set-context exampleContext \
|
||||||
--manifest=exampleManifest \
|
--manifest=exampleManifest \
|
||||||
--encryption-config=exampleEncryptionConfig
|
|
||||||
|
|
||||||
# Update the manifest of the current-context
|
# Update the manifest of the current-context
|
||||||
airshipctl config set-context \
|
airshipctl config set-context \
|
||||||
@ -17,7 +16,6 @@ airshipctl config set-context \
|
|||||||
|
|
||||||
|
|
||||||
Flags:
|
Flags:
|
||||||
--current update the current context
|
--current update the current context
|
||||||
--encryption-config string set the encryption config for the specified context
|
-h, --help help for set-context
|
||||||
-h, --help help for set-context
|
--manifest string set the manifest for the specified context
|
||||||
--manifest string set the manifest for the specified context
|
|
||||||
|
@ -1,24 +0,0 @@
|
|||||||
Error: accepts 1 arg(s), received 2
|
|
||||||
Usage:
|
|
||||||
set-encryption-config NAME [flags]
|
|
||||||
|
|
||||||
Examples:
|
|
||||||
|
|
||||||
# Create an encryption config with local gpg key source
|
|
||||||
airshipctl config set-encryption-config exampleConfig \
|
|
||||||
--encryption-key path-to-encryption-key \
|
|
||||||
--decryption-key path-to-encryption-key
|
|
||||||
|
|
||||||
# Create an encryption config with kube api server secret as the store to store encryption keys
|
|
||||||
airshipctl config set-encryption-config exampleConfig \
|
|
||||||
--secret-name secretName \
|
|
||||||
--secret-namespace secretNamespace
|
|
||||||
|
|
||||||
|
|
||||||
Flags:
|
|
||||||
--decryption-key-path string the path to the decryption key file
|
|
||||||
--encryption-key-path string the path to the encryption key file
|
|
||||||
-h, --help help for set-encryption-config
|
|
||||||
--secret-name string name of the secret consisting of the encryption and decryption keys
|
|
||||||
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys
|
|
||||||
|
|
@ -1,24 +0,0 @@
|
|||||||
Error: accepts 1 arg(s), received 0
|
|
||||||
Usage:
|
|
||||||
set-encryption-config NAME [flags]
|
|
||||||
|
|
||||||
Examples:
|
|
||||||
|
|
||||||
# Create an encryption config with local gpg key source
|
|
||||||
airshipctl config set-encryption-config exampleConfig \
|
|
||||||
--encryption-key path-to-encryption-key \
|
|
||||||
--decryption-key path-to-encryption-key
|
|
||||||
|
|
||||||
# Create an encryption config with kube api server secret as the store to store encryption keys
|
|
||||||
airshipctl config set-encryption-config exampleConfig \
|
|
||||||
--secret-name secretName \
|
|
||||||
--secret-namespace secretNamespace
|
|
||||||
|
|
||||||
|
|
||||||
Flags:
|
|
||||||
--decryption-key-path string the path to the decryption key file
|
|
||||||
--encryption-key-path string the path to the encryption key file
|
|
||||||
-h, --help help for set-encryption-config
|
|
||||||
--secret-name string name of the secret consisting of the encryption and decryption keys
|
|
||||||
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
Create or modify an encryption config in the airshipctl config file.
|
|
||||||
|
|
||||||
Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects
|
|
||||||
|
|
||||||
Usage:
|
|
||||||
set-encryption-config NAME [flags]
|
|
||||||
|
|
||||||
Examples:
|
|
||||||
|
|
||||||
# Create an encryption config with local gpg key source
|
|
||||||
airshipctl config set-encryption-config exampleConfig \
|
|
||||||
--encryption-key path-to-encryption-key \
|
|
||||||
--decryption-key path-to-encryption-key
|
|
||||||
|
|
||||||
# Create an encryption config with kube api server secret as the store to store encryption keys
|
|
||||||
airshipctl config set-encryption-config exampleConfig \
|
|
||||||
--secret-name secretName \
|
|
||||||
--secret-namespace secretNamespace
|
|
||||||
|
|
||||||
|
|
||||||
Flags:
|
|
||||||
--decryption-key-path string the path to the decryption key file
|
|
||||||
--encryption-key-path string the path to the encryption key file
|
|
||||||
-h, --help help for set-encryption-config
|
|
||||||
--secret-name string name of the secret consisting of the encryption and decryption keys
|
|
||||||
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys
|
|
@ -1,3 +0,0 @@
|
|||||||
decryptionKeyPath: /tmp/decryption.pub
|
|
||||||
encryptionKeyPath: /tmp/encryption.key
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
decryptionKeyPath: /tmp/decryption.pub
|
|
||||||
encryptionKeyPath: /tmp/encryption.key
|
|
||||||
|
|
@ -1,19 +0,0 @@
|
|||||||
Error: Unknown encryption configuration 'Encryption Config with name 'foo''.
|
|
||||||
Usage:
|
|
||||||
get-encryption-config NAME [flags]
|
|
||||||
|
|
||||||
Aliases:
|
|
||||||
get-encryption-config, get-encryption-configs
|
|
||||||
|
|
||||||
Examples:
|
|
||||||
|
|
||||||
# List all the encryption configs airshipctl knows about
|
|
||||||
airshipctl config get-encryption-configs
|
|
||||||
|
|
||||||
# Display a specific encryption config
|
|
||||||
airshipctl config get-encryption-config exampleConfig
|
|
||||||
|
|
||||||
|
|
||||||
Flags:
|
|
||||||
-h, --help help for get-encryption-config
|
|
||||||
|
|
@ -1,19 +0,0 @@
|
|||||||
Display a specific encryption config information, or all defined encryption configs if no name is provided.
|
|
||||||
|
|
||||||
Usage:
|
|
||||||
get-encryption-config NAME [flags]
|
|
||||||
|
|
||||||
Aliases:
|
|
||||||
get-encryption-config, get-encryption-configs
|
|
||||||
|
|
||||||
Examples:
|
|
||||||
|
|
||||||
# List all the encryption configs airshipctl knows about
|
|
||||||
airshipctl config get-encryption-configs
|
|
||||||
|
|
||||||
# Display a specific encryption config
|
|
||||||
airshipctl config get-encryption-config exampleConfig
|
|
||||||
|
|
||||||
|
|
||||||
Flags:
|
|
||||||
-h, --help help for get-encryption-config
|
|
@ -1,24 +0,0 @@
|
|||||||
Error: specify both encryption and decryption keys when setting encryption config
|
|
||||||
Usage:
|
|
||||||
set-encryption-config NAME [flags]
|
|
||||||
|
|
||||||
Examples:
|
|
||||||
|
|
||||||
# Create an encryption config with local gpg key source
|
|
||||||
airshipctl config set-encryption-config exampleConfig \
|
|
||||||
--encryption-key path-to-encryption-key \
|
|
||||||
--decryption-key path-to-encryption-key
|
|
||||||
|
|
||||||
# Create an encryption config with kube api server secret as the store to store encryption keys
|
|
||||||
airshipctl config set-encryption-config exampleConfig \
|
|
||||||
--secret-name secretName \
|
|
||||||
--secret-namespace secretNamespace
|
|
||||||
|
|
||||||
|
|
||||||
Flags:
|
|
||||||
--decryption-key-path string the path to the decryption key file
|
|
||||||
--encryption-key-path string the path to the encryption key file
|
|
||||||
-h, --help help for set-encryption-config
|
|
||||||
--secret-name string name of the secret consisting of the encryption and decryption keys
|
|
||||||
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys
|
|
||||||
|
|
@ -23,12 +23,10 @@ Manage the airshipctl config file
|
|||||||
|
|
||||||
* [airshipctl](airshipctl.md) - A unified entrypoint to various airship components
|
* [airshipctl](airshipctl.md) - A unified entrypoint to various airship components
|
||||||
* [airshipctl config get-context](airshipctl_config_get-context.md) - Get context information from the airshipctl config
|
* [airshipctl config get-context](airshipctl_config_get-context.md) - Get context information from the airshipctl config
|
||||||
* [airshipctl config get-encryption-config](airshipctl_config_get-encryption-config.md) - Get an encryption config information from the airshipctl config
|
|
||||||
* [airshipctl config get-management-config](airshipctl_config_get-management-config.md) - View a management config or all management configs defined in the airshipctl config
|
* [airshipctl config get-management-config](airshipctl_config_get-management-config.md) - View a management config or all management configs defined in the airshipctl config
|
||||||
* [airshipctl config get-manifest](airshipctl_config_get-manifest.md) - Get a manifest information from the airshipctl config
|
* [airshipctl config get-manifest](airshipctl_config_get-manifest.md) - Get a manifest information from the airshipctl config
|
||||||
* [airshipctl config init](airshipctl_config_init.md) - Generate initial configuration file for airshipctl
|
* [airshipctl config init](airshipctl_config_init.md) - Generate initial configuration file for airshipctl
|
||||||
* [airshipctl config set-context](airshipctl_config_set-context.md) - Manage contexts
|
* [airshipctl config set-context](airshipctl_config_set-context.md) - Manage contexts
|
||||||
* [airshipctl config set-encryption-config](airshipctl_config_set-encryption-config.md) - Manage encryption configs in airship config
|
|
||||||
* [airshipctl config set-management-config](airshipctl_config_set-management-config.md) - Modify an out-of-band management configuration
|
* [airshipctl config set-management-config](airshipctl_config_set-management-config.md) - Modify an out-of-band management configuration
|
||||||
* [airshipctl config set-manifest](airshipctl_config_set-manifest.md) - Manage manifests in airship config
|
* [airshipctl config set-manifest](airshipctl_config_set-manifest.md) - Manage manifests in airship config
|
||||||
* [airshipctl config use-context](airshipctl_config_use-context.md) - Switch to a different context
|
* [airshipctl config use-context](airshipctl_config_use-context.md) - Switch to a different context
|
||||||
|
@ -1,42 +0,0 @@
|
|||||||
## airshipctl config get-encryption-config
|
|
||||||
|
|
||||||
Get an encryption config information from the airshipctl config
|
|
||||||
|
|
||||||
### Synopsis
|
|
||||||
|
|
||||||
Display a specific encryption config information, or all defined encryption configs if no name is provided.
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
airshipctl config get-encryption-config NAME [flags]
|
|
||||||
```
|
|
||||||
|
|
||||||
### Examples
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
# List all the encryption configs airshipctl knows about
|
|
||||||
airshipctl config get-encryption-configs
|
|
||||||
|
|
||||||
# Display a specific encryption config
|
|
||||||
airshipctl config get-encryption-config exampleConfig
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
### Options
|
|
||||||
|
|
||||||
```
|
|
||||||
-h, --help help for get-encryption-config
|
|
||||||
```
|
|
||||||
|
|
||||||
### Options inherited from parent commands
|
|
||||||
|
|
||||||
```
|
|
||||||
--airshipconf string Path to file for airshipctl configuration. (default "$HOME/.airship/config")
|
|
||||||
--debug enable verbose output
|
|
||||||
```
|
|
||||||
|
|
||||||
### SEE ALSO
|
|
||||||
|
|
||||||
* [airshipctl config](airshipctl_config.md) - Manage the airshipctl config file
|
|
||||||
|
|
@ -18,7 +18,6 @@ airshipctl config set-context NAME [flags]
|
|||||||
# Create a new context named "exampleContext"
|
# Create a new context named "exampleContext"
|
||||||
airshipctl config set-context exampleContext \
|
airshipctl config set-context exampleContext \
|
||||||
--manifest=exampleManifest \
|
--manifest=exampleManifest \
|
||||||
--encryption-config=exampleEncryptionConfig
|
|
||||||
|
|
||||||
# Update the manifest of the current-context
|
# Update the manifest of the current-context
|
||||||
airshipctl config set-context \
|
airshipctl config set-context \
|
||||||
@ -30,10 +29,9 @@ airshipctl config set-context \
|
|||||||
### Options
|
### Options
|
||||||
|
|
||||||
```
|
```
|
||||||
--current update the current context
|
--current update the current context
|
||||||
--encryption-config string set the encryption config for the specified context
|
-h, --help help for set-context
|
||||||
-h, --help help for set-context
|
--manifest string set the manifest for the specified context
|
||||||
--manifest string set the manifest for the specified context
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### Options inherited from parent commands
|
### Options inherited from parent commands
|
||||||
|
@ -1,52 +0,0 @@
|
|||||||
## airshipctl config set-encryption-config
|
|
||||||
|
|
||||||
Manage encryption configs in airship config
|
|
||||||
|
|
||||||
### Synopsis
|
|
||||||
|
|
||||||
Create or modify an encryption config in the airshipctl config file.
|
|
||||||
|
|
||||||
Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
airshipctl config set-encryption-config NAME [flags]
|
|
||||||
```
|
|
||||||
|
|
||||||
### Examples
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
# Create an encryption config with local gpg key source
|
|
||||||
airshipctl config set-encryption-config exampleConfig \
|
|
||||||
--encryption-key path-to-encryption-key \
|
|
||||||
--decryption-key path-to-encryption-key
|
|
||||||
|
|
||||||
# Create an encryption config with kube api server secret as the store to store encryption keys
|
|
||||||
airshipctl config set-encryption-config exampleConfig \
|
|
||||||
--secret-name secretName \
|
|
||||||
--secret-namespace secretNamespace
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
### Options
|
|
||||||
|
|
||||||
```
|
|
||||||
--decryption-key-path string the path to the decryption key file
|
|
||||||
--encryption-key-path string the path to the encryption key file
|
|
||||||
-h, --help help for set-encryption-config
|
|
||||||
--secret-name string name of the secret consisting of the encryption and decryption keys
|
|
||||||
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys
|
|
||||||
```
|
|
||||||
|
|
||||||
### Options inherited from parent commands
|
|
||||||
|
|
||||||
```
|
|
||||||
--airshipconf string Path to file for airshipctl configuration. (default "$HOME/.airship/config")
|
|
||||||
--debug enable verbose output
|
|
||||||
```
|
|
||||||
|
|
||||||
### SEE ALSO
|
|
||||||
|
|
||||||
* [airshipctl config](airshipctl_config.md) - Manage the airshipctl config file
|
|
||||||
|
|
@ -28,5 +28,5 @@ such as getting list and applying specific one.
|
|||||||
* [airshipctl phase render](airshipctl_phase_render.md) - Render phase documents from model
|
* [airshipctl phase render](airshipctl_phase_render.md) - Render phase documents from model
|
||||||
* [airshipctl phase run](airshipctl_phase_run.md) - Run phase
|
* [airshipctl phase run](airshipctl_phase_run.md) - Run phase
|
||||||
* [airshipctl phase tree](airshipctl_phase_tree.md) - Tree view of kustomize entrypoints of phase
|
* [airshipctl phase tree](airshipctl_phase_tree.md) - Tree view of kustomize entrypoints of phase
|
||||||
* [airshipctl phase validate](airshipctl_phase_validate.md) - Validate phase
|
* [airshipctl phase validate](airshipctl_phase_validate.md) - Assert that a phase is valid
|
||||||
|
|
||||||
|
@ -4,7 +4,8 @@ Assert that a phase is valid
|
|||||||
|
|
||||||
### Synopsis
|
### Synopsis
|
||||||
|
|
||||||
Command which would validate that the phase contains the required documents to run the phase
|
Command which would validate that the phase contains the required documents to run the phase.
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
airshipctl phase validate PHASE_NAME [flags]
|
airshipctl phase validate PHASE_NAME [flags]
|
||||||
@ -22,7 +23,7 @@ airshipctl phase validate initinfra
|
|||||||
### Options
|
### Options
|
||||||
|
|
||||||
```
|
```
|
||||||
-h, --help help for run
|
-h, --help help for validate
|
||||||
```
|
```
|
||||||
|
|
||||||
### Options inherited from parent commands
|
### Options inherited from parent commands
|
||||||
|
Loading…
x
Reference in New Issue
Block a user