Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial plumbing to support Encrypt, and KeyID (KMS Encryption) #166

Merged
merged 1 commit into from
Feb 8, 2019
Merged

Initial plumbing to support Encrypt, and KeyID (KMS Encryption) #166

merged 1 commit into from
Feb 8, 2019

Conversation

coreydaley
Copy link
Member

@coreydaley coreydaley commented Jan 18, 2019
edited by bparees

Initial plumbing to support the following options on S3:

  • Encrypt - Enable or disable KMS encryption on S3
  • KeyID - The KMS Key ID for the S3 bucket

fixes #161

@openshift-ci-robot openshift-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 18, 2019
@openshift-ci-robot openshift-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jan 18, 2019
@bparees
Copy link
Contributor

bparees commented Jan 18, 2019

/hold

i think we need to have some discussions about exactly how deep we want to get into the s3 bucket management business.

@openshift-ci-robot openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 18, 2019
@coreydaley coreydaley changed the title [WIP] Initial plumbing to support additional security options on S3 [WIP] Initial plumbing to support Secure, Encrypt, and KeyID (KMS Encryption) Jan 18, 2019
coreydaley
coreydaley commented Jan 18, 2019
View reviewed changes
pkg/storage/s3/s3.go Outdated Show resolved Hide resolved
@openshift-ci-robot openshift-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jan 18, 2019
@coreydaley
Copy link
Member Author

@bparees Do I need to find a way to automate testing this KMS setup?

@bparees
Copy link
Contributor

bparees commented Jan 19, 2019

@bparees Do I need to find a way to automate testing this KMS setup?

i think it's sufficient to confirm we propagate the config to the registry successfully, we don't need to actually do a full bucket setup and test.

@openshift-ci-robot openshift-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jan 21, 2019
@coreydaley coreydaley changed the title [WIP] Initial plumbing to support Secure, Encrypt, and KeyID (KMS Encryption) Initial plumbing to support Secure, Encrypt, and KeyID (KMS Encryption) Jan 21, 2019
@openshift-ci-robot openshift-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 21, 2019
@coreydaley
Copy link
Member Author

/hold cancel

@openshift-ci-robot openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 21, 2019
@coreydaley
Copy link
Member Author

@bparees @dmage @legionus ptal

@coreydaley coreydaley changed the title Initial plumbing to support Secure, Encrypt, and KeyID (KMS Encryption) Initial plumbing to support Encrypt, and KeyID (KMS Encryption) Jan 22, 2019
@bparees bparees mentioned this pull request Jan 22, 2019
Closed
@openshift-ci-robot openshift-ci-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Jan 29, 2019
@bparees
Copy link
Contributor

bparees commented Feb 6, 2019

AWS limit issues

/retest

@bparees
Copy link
Contributor

bparees commented Feb 6, 2019

@coreydaley squash and lgtm
/approve

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 6, 2019
@coreydaley
Copy link
Member Author

@bparees squashed.

@bparees
Copy link
Contributor

bparees commented Feb 6, 2019

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Feb 6, 2019
@coreydaley
Copy link
Member Author

/retest

@openshift-ci-robot openshift-ci-robot removed the lgtm Indicates that a PR is ready to be merged. label Feb 7, 2019
@coreydaley coreydaley added the lgtm Indicates that a PR is ready to be merged. label Feb 7, 2019
@coreydaley
Copy link
Member Author

had to rename testframework to framework in aws_test.go, weird

@coreydaley
Copy link
Member Author

/retest

6 similar comments
@coreydaley
Copy link
Member Author

/retest

@coreydaley
Copy link
Member Author

/retest

@coreydaley
Copy link
Member Author

/retest

@coreydaley
Copy link
Member Author

/retest

@coreydaley
Copy link
Member Author

/retest

@coreydaley
Copy link
Member Author

/retest

@openshift-ci-robot openshift-ci-robot removed the lgtm Indicates that a PR is ready to be merged. label Feb 8, 2019
@coreydaley
Copy link
Member Author

coreydaley commented Feb 8, 2019
edited

Forgot that these only exist if set now, fixed in current push:

aws_test.go:307: unable to find environment variable: wanted REGISTRY_STORAGE_S3_REGIONENDPOINT
aws_test.go:307: unable to find environment variable: wanted REGISTRY_STORAGE_S3_KEYID

@coreydaley
Initial plumbing to support the following options on S3:
6dbe16a 
    Encrypt - Enable or disable KMS encryption on S3
    KeyID - The KMS Key ID for the S3 bucket

fixes #161
@bparees
Copy link
Contributor

bparees commented Feb 8, 2019

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Feb 8, 2019
@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bparees, coreydaley

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coreydaley
Copy link
Member Author

@bparees thanks, i was going to tag you after the tests passed

@coreydaley
Copy link
Member Author

/retest

3 similar comments
@coreydaley
Copy link
Member Author

/retest

@coreydaley
Copy link
Member Author

/retest

@coreydaley
Copy link
Member Author

/retest

@openshift-merge-robot openshift-merge-robot merged commit 8b05d6b into openshift:master Feb 8, 2019
@coreydaley coreydaley deleted the add_secure_and_keyid_for_s3 branch August 14, 2019 15:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bparees bparees bparees left review comments

@dmage dmage Awaiting requested review from dmage

@smarterclayton smarterclayton Awaiting requested review from smarterclayton

Assignees

@dmage dmage

@legionus legionus

@bparees bparees

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support user KMS key
6 participants
@coreydaley @bparees @openshift-ci-robot @openshift-merge-robot @dmage @legionus