Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test: Verify if secrets are encrypted #1971

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Test: Verify if secrets are encrypted #1971

wants to merge 1 commit into from
+38 −0

Conversation

haskojur
Copy link
Contributor

@haskojur haskojur commented Apr 15, 2024
edited
Loading

Description

By default in kubernetes system, encrypting of data inside object like secret is not enabled, so data in etcd are available for potential attacker.
Encrypting of secret is possible in newer versions of kubernetes. When this configuration is done, all newly created secrets has encrypted data in etcd key-value store.
We can use kubescape test to cover this area.

Issues:

Refs: #1970

How has this been tested:

  • Covered by existing integration testing
  • Added integration testing to cover
  • Verified all A/C passes
    • develop
    • master
    • tag/other branch
  • Test environment
    • Shared Packet K8s cluster
    • New Packet K8s cluster
    • Kind cluster
  • Have not tested

Types of changes:

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

Checklist:

Documentation

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • No updates required.

Code Review

  • Does the test handle fatal exceptions, ie. rescue block

Issue

  • Tasks in issue are checked off

@agentpoyo
Copy link
Collaborator

Please create WIP or DRAFT PRs as DRAFT's when creating, this will prevent any accidental merges as "Draft" status will grey out the "merge" button until they're actually ready for review and merging.

@haskojur haskojur marked this pull request as draft April 17, 2024 06:34
@haskojur haskojur marked this pull request as ready for review April 19, 2024 13:23
@haskojur haskojur changed the title (WIP) Test: Verify if secrets are encrypted Test: Verify if secrets are encrypted Apr 19, 2024
ptacemic
ptacemic reviewed Apr 19, 2024
View reviewed changes
src/tasks/utils/utils.cr Outdated Show resolved Hide resolved
ptacemic
ptacemic reviewed Apr 19, 2024
View reviewed changes
src/tasks/utils/utils.cr Outdated Show resolved Hide resolved
src/tasks/utils/utils.cr Outdated Show resolved Hide resolved
taylor
taylor approved these changes Apr 23, 2024
View reviewed changes
Copy link
Collaborator

@taylor taylor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@haskojur haskojur requested a review from HashNuke as a code owner April 24, 2024 12:03
@taylor taylor requested a review from ptacemic April 30, 2024 18:52
@haskojur
Copy link
Contributor Author

haskojur commented May 3, 2024

@HashNuke I think this one is ready for test

@martin-mat martin-mat requested review from martin-mat and removed request for ptacemic May 14, 2024 13:42
martin-mat
martin-mat requested changes May 14, 2024
View reviewed changes
Copy link
Collaborator

@martin-mat martin-mat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

spec test(s) missing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ptacemic ptacemic ptacemic left review comments

@martin-mat martin-mat martin-mat requested changes

@taylor taylor taylor approved these changes

@denverwilliams denverwilliams Awaiting requested review from denverwilliams denverwilliams is a code owner

@wvwatson wvwatson Awaiting requested review from wvwatson

@agentpoyo agentpoyo Awaiting requested review from agentpoyo agentpoyo is a code owner

@HashNuke HashNuke Awaiting requested review from HashNuke

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@haskojur @agentpoyo @taylor @martin-mat @ptacemic