Merge pull request #4 from ritazh/review-updates

ritazh · ritazh · commit 3355fd127707 · 2022-06-10T14:00:08.000-07:00
address review comments
diff --git a/keps/sig-auth/3299-kms-v2-improvements/README.md b/keps/sig-auth/3299-kms-v2-improvements/README.md
@@ -12,6 +12,10 @@
     - [Encrypt Request](#encrypt-request)
     - [Decrypt Request](#decrypt-request)
   - [Test Plan](#test-plan)
+      - [Prerequisite testing updates](#prerequisite-testing-updates)
+      - [Unit tests](#unit-tests)
+      - [Integration tests](#integration-tests)
+      - [e2e tests](#e2e-tests)
   - [Graduation Criteria](#graduation-criteria)
     - [Alpha](#alpha)
     - [Beta](#beta)
@@ -126,27 +130,9 @@ proposal will be implemented, this is the place to discuss them.
 index d7d68d2584d..84c1fa6546f 100644
 --- a/staging/src/k8s.io/apiserver/pkg/apis/config/v1/types.go
 +++ b/staging/src/k8s.io/apiserver/pkg/apis/config/v1/types.go
-@@ -51,7 +51,8 @@ type ProviderConfiguration struct {
-	 // identity is the (empty) configuration for the identity transformer.
-	 Identity *IdentityConfiguration `json:"identity,omitempty"`
-	 // kms contains the name, cache size and path to configuration file for a KMS based envelope transformer.
--    KMS *KMSConfiguration `json:"kms,omitempty"`
-+    KMS   *KMSConfiguration   `json:"kms,omitempty"`
-+    KMSv2 *KMSv2Configuration `json:"kmsv2,omitempty"`
- }
- 
- // AESConfiguration contains the API configuration for an AES transformer.
 @@ -98,3 +99,10 @@ type KMSConfiguration struct {
-	 // +optional
-	 Timeout *metav1.Duration `json:"timeout,omitempty"`
- }
-+
-+type KMSv2Configuration struct {
-+    // name is the name of the KMSv2 plugin to be used.
-+    Name string `json:"name"`
-+    // endpoint is the gRPC server listening address, for example "unix:///var/run/kmsv2-provider.sock".
-+    Endpoint string `json:"endpoint"`
-+}
++    // apiversion of KeyManagementService
++    APIVersion string `json:"apiVersion"`
 ```
 
 Support key hierarchy in KMS plugin that generates local KEK and add v2alpha1 `KeyManagementService` proto service contract in Kubernetes to include `key_id`, `annotations`, and `status`. 
@@ -225,11 +211,13 @@ The last byte represents the encoding style, with 0 meaning that the rest of the
 type EncryptedObject struct {
     TypeMeta `json:",inline" protobuf:"bytes,1,opt,name=typeMeta"`
 
-    EncryptResponse EncryptResponse `protobuf:"bytes,2,opt,name=encryptResponse"`
+    KeyID string `protobuf:"bytes,2,opt,name=keyID"`
 
     PluginName string `protobuf:"bytes,3,opt,name=pluginName"`
 
     Ciphertext []byte `protobuf:"bytes,4,opt,name=ciphertext"`
+
+    Annotations map[string][]byte `protobuf:"bytes,5,opt,name=annotations"`
 }
 ```
 
@@ -345,37 +333,24 @@ sequenceDiagram
 
 ### Test Plan
 
-This section is incomplete and will be updated before the beta milestone.
-
-Performance:
-
-Unit tests covering:
+[ ] I/we understand the owners of the involved components may require updates to existing tests to make this code solid enough prior to committing the changes necessary to implement this enhancement.
 
-…
+##### Prerequisite testing updates
 
-Integration test covering:
-
-…
-
-Rotation:
-
-Unit tests covering:
-
-…
+This section is incomplete and will be updated before the beta milestone.
 
-Integration test covering:
+##### Unit tests
 
-…
+This section is incomplete and will be updated before the beta milestone.
 
-Observability:
+##### Integration tests
 
-Unit tests covering:
+This section is incomplete and will be updated before the beta milestone.
 
-…
+##### e2e tests
 
-Integration test covering:
+This section is incomplete and will be updated before the beta milestone.
 
-…
 
 ### Graduation Criteria
 
