-
Notifications
You must be signed in to change notification settings - Fork 38.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow StorageFactory to wrap encoders and decoders #40624
Allow StorageFactory to wrap encoders and decoders #40624
Conversation
@enj since you also touched this code recently. This is to enable secret encryption and put the right hook in at the bottom of the stack. |
f7df407
to
d0ccf37
Compare
@@ -95,6 +107,34 @@ type groupResourceOverrides struct { | |||
// of exposing one set of concepts. autoscaling.HPA and extensions.HPA as a for instance | |||
// The order of the slice matters! It is the priority order of lookup for finding a storage location | |||
cohabitatingResources []schema.GroupResource | |||
// encoderChainFn is optional and may wrap the provided encoder prior to being serialized. | |||
encoderChainFn func(runtime.Encoder) runtime.Encoder |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/ChainFn/Decorator/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense
Any other comments? |
d0ccf37
to
9a1df92
Compare
} | ||
|
||
// StorageCodecOptions are the arguments passed to newStorageCodecFn | ||
type StorageCodecOptions struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be called StorageCodecConfig
, compare the other structs in config.go
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have the Options
concept as well inside the options
subfolder.
if len(exactResourceOverride.mediaType) != 0 { | ||
etcdMediaType = exactResourceOverride.mediaType | ||
// operate on copy | ||
config := s.StorageConfig |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
storageConfig
codecConfig
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok
For naming consistency in genericapiserver: Otherwise, lgtm |
Prepares for allowing encryption at rest of resources as well as any other lower level optimization we might chose to implement. Also cleans up a bunch of ugly code.
9a1df92
to
494eeaa
Compare
updated, applying label. |
Seems reasonable. I am assuming sometime in the future we will add a serializer that does encryption and decryption of specific objects? |
There are other issues afloat, but other things that might happen here would be an interceptor for fixes to apiVersion on disk, or potentially fixing issues as they come out of the objects |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED The following people have approved this PR: smarterclayton Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
@k8s-bot gce etcd3 e2e test this |
Automatic merge from submit-queue (batch tested with PRs 39217, 40624) |
Prepares for allowing encryption at rest of resources as well as any
other lower level optimization we might chose to implement.
Also cleans up a bunch of ugly code.