Adding commands to get and set encryption configs

Design document: https://docs.google.com/document/d/1EjiCuXoiy8DEEXe15KxVJ4iWrwogCyG113_0LdzcWzQ/edit?usp=drive_web&ouid=102644738301620637153

This is the second of multiple patchsets to support
encryption and decryption in airshipctl

Complete feature: https://review.opendev.org/#/c/742695/

Depends-On: https://review.opendev.org/#/c/749892/
Change-Id: I1a0553622049366977af8c2efbec12012a6fa641

cmd/config/config.go

@@ -40,6 +40,9 @@ func NewConfigCommand(cfgFactory config.Factory) *cobra.Command {
 	configRootCmd.AddCommand(NewGetManifestCommand(cfgFactory))
 	configRootCmd.AddCommand(NewSetManifestCommand(cfgFactory))
 
+	configRootCmd.AddCommand(NewGetEncryptionConfigCommand(cfgFactory))
+	configRootCmd.AddCommand(NewSetEncryptionConfigCommand(cfgFactory))
+
 	// Init will have different factory
 	configRootCmd.AddCommand(NewInitCommand())
 	return configRootCmd

cmd/config/get_encryption_config.go

@@ -0,0 +1,76 @@
+/*
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package config
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+
+	"opendev.org/airship/airshipctl/pkg/config"
+)
+
+const (
+	getEncryptionConfigsLong = `
+Display a specific encryption config information, or all defined encryption configs if no name is provided.
+`
+
+	getEncryptionConfigsExample = `
+# List all the encryption configs airshipctl knows about
+airshipctl config get-encryption-configs
+
+# Display a specific encryption config
+airshipctl config get-encryption-config exampleConfig
+`
+)
+
+// NewGetEncryptionConfigCommand creates a command that enables printing an encryption configuration to stdout.
+func NewGetEncryptionConfigCommand(cfgFactory config.Factory) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:     "get-encryption-config NAME",
+		Short:   "Get an encryption config information from the airshipctl config",
+		Long:    getEncryptionConfigsLong[1:],
+		Example: getEncryptionConfigsExample,
+		Args:    cobra.MaximumNArgs(1),
+		Aliases: []string{"get-encryption-configs"},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			airconfig, err := cfgFactory()
+			if err != nil {
+				return err
+			}
+			if len(args) == 1 {
+				name := args[0]
+				encryptionConfig, exists := airconfig.EncryptionConfigs[name]
+				if !exists {
+					return config.ErrEncryptionConfigurationNotFound{
+						Name: fmt.Sprintf("Encryption Config with name '%s'", name),
+					}
+				}
+				fmt.Fprintln(cmd.OutOrStdout(), encryptionConfig)
+			} else {
+				encryptionConfigs := airconfig.GetEncryptionConfigs()
+				if len(encryptionConfigs) == 0 {
+					fmt.Fprintln(cmd.OutOrStdout(), "No Encryption Config found in the configuration.")
+				}
+				for _, encryptionConfig := range encryptionConfigs {
+					fmt.Fprintln(cmd.OutOrStdout(), encryptionConfig)
+				}
+			}
+			return nil
+		},
+	}
+
+	return cmd
+}

cmd/config/get_encryption_config_test.go

@@ -0,0 +1,67 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package config_test
+
+import (
+	"testing"
+
+	cmd "opendev.org/airship/airshipctl/cmd/config"
+	"opendev.org/airship/airshipctl/pkg/config"
+	"opendev.org/airship/airshipctl/testutil"
+)
+
+func TestGetEncryptionConfigCmd(t *testing.T) {
+	settings := func() (*config.Config, error) {
+		return &config.Config{
+			EncryptionConfigs: map[string]*config.EncryptionConfig{
+				config.AirshipDefaultContext: testutil.DummyEncryptionConfig(),
+			},
+		}, nil
+	}
+
+	emptySettings := func() (*config.Config, error) {
+		return &config.Config{}, nil
+	}
+
+	cmdTests := []*testutil.CmdTest{
+		{
+			Name:    "get-encryption-config-with-help",
+			CmdLine: "--help",
+			Cmd:     cmd.NewGetEncryptionConfigCommand(nil),
+		},
+		{
+			Name:    "get-encryption-config-not-found",
+			CmdLine: "foo",
+			Cmd:     cmd.NewGetEncryptionConfigCommand(emptySettings),
+			Error:   config.ErrEncryptionConfigurationNotFound{Name: "foo"},
+		},
+		{
+			Name:    "get-encryption-config-all",
+			CmdLine: "",
+			Cmd:     cmd.NewGetEncryptionConfigCommand(settings),
+		},
+		{
+			Name:    "get-empty-encryption-config",
+			CmdLine: config.AirshipDefaultContext,
+			Cmd:     cmd.NewGetEncryptionConfigCommand(settings),
+		},
+	}
+
+	for _, tt := range cmdTests {
+		testutil.RunTest(t, tt)
+	}
+}

cmd/config/set_context.go

@@ -36,6 +36,7 @@ airshipctl config set-context exampleContext \
   --manifest=exampleManifest \
   --user=exampleUser
   --cluster-type=target
+  --encryption-config=exampleEncryptionConfig
 
 # Update the manifest of the current-context
 airshipctl config set-context \
@@ -108,6 +109,12 @@ func addSetContextFlags(o *config.ContextOptions, cmd *cobra.Command) {
 		"",
 		"set the manifest for the specified context")
 
+	flags.StringVar(
+		&o.EncryptionConfig,
+		"encryption-config",
+		"",
+		"set the encryption config for the specified context")
+
 	flags.StringVar(
 		&o.Namespace,
 		"namespace",

cmd/config/set_context_test.go

@@ -30,10 +30,11 @@ import (
 )
 
 const (
-	testUser         = "admin@kubernetes"
+	testUser             = "admin@kubernetes"
-	defaultManifest  = "edge_cloud"
+	defaultManifest      = "edge_cloud"
-	defaultNamespace = "kube-system"
+	defaultNamespace     = "kube-system"
-	testManifest     = "test_manifest"
+	testManifest         = "test_manifest"
+	testEncryptionConfig = "test_encryption_config"
 )
 
 type setContextTest struct {
@@ -73,11 +74,12 @@ func TestSetContext(t *testing.T) {
 	defer cleanupGiven(t)
 
 	tests := []struct {
-		testName    string
+		testName         string
-		contextName string
+		contextName      string
-		flags       []string
+		flags            []string
-		givenConfig *config.Config
+		givenConfig      *config.Config
-		manifest    string
+		manifest         string
+		encryptionConfig string
 	}{
 		{
 			testName:    "set-context",
@@ -87,9 +89,11 @@ func TestSetContext(t *testing.T) {
 				"--user=" + testUser,
 				"--manifest=" + defaultManifest,
 				"--namespace=" + defaultNamespace,
+				"--encryption-config=" + testEncryptionConfig,
 			},
-			givenConfig: given,
+			givenConfig:      given,
-			manifest:    defaultManifest,
+			manifest:         defaultManifest,
+			encryptionConfig: testEncryptionConfig,
 		},
 		{
 			testName:    "set-current-context",
@@ -106,6 +110,15 @@ func TestSetContext(t *testing.T) {
 			givenConfig: given,
 			manifest:    testManifest,
 		},
+		{
+			testName:    "modify-context",
+			contextName: "def_target",
+			flags: []string{
+				"--encryption-config=" + testEncryptionConfig,
+			},
+			givenConfig:      given,
+			encryptionConfig: testEncryptionConfig,
+		},
 	}
 
 	for _, tt := range tests {

cmd/config/set_encryption_config.go

@@ -0,0 +1,106 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package config
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+
+	"opendev.org/airship/airshipctl/pkg/config"
+)
+
+const (
+	setEncryptionConfigLong = `
+Create or modify an encryption config in the airshipctl config file.
+
+Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects
+`
+
+	setEncryptionConfigExample = `
+# Create an encryption config with local gpg key source
+airshipctl config set-encryption-config exampleConfig \
+  --encryption-key path-to-encryption-key \
+  --decryption-key path-to-encryption-key
+
+# Create an encryption config with kube api server secret as the store to store encryption keys
+airshipctl config set-encryption-config exampleConfig \
+  --secret-name secretName \
+  --secret-namespace secretNamespace
+`
+)
+
+// NewSetEncryptionConfigCommand creates a command for creating and modifying encryption
+// configs in the airshipctl config file.
+func NewSetEncryptionConfigCommand(cfgFactory config.Factory) *cobra.Command {
+	o := &config.EncryptionConfigOptions{}
+	cmd := &cobra.Command{
+		Use:     "set-encryption-config NAME",
+		Short:   "Manage encryption configs in airship config",
+		Long:    setEncryptionConfigLong[1:],
+		Example: setEncryptionConfigExample,
+		Args:    cobra.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			cfg, err := cfgFactory()
+			if err != nil {
+				return err
+			}
+			o.Name = args[0]
+			modified, err := config.RunSetEncryptionConfig(o, cfg, true)
+			if err != nil {
+				return err
+			}
+			if modified {
+				fmt.Fprintf(cmd.OutOrStdout(), "Encryption Config %q modified.\n", o.Name)
+			} else {
+				fmt.Fprintf(cmd.OutOrStdout(), "Encryption Config %q created.\n", o.Name)
+			}
+			return nil
+		},
+	}
+
+	addSetEncryptionConfigFlags(o, cmd)
+	return cmd
+}
+
+func addSetEncryptionConfigFlags(o *config.EncryptionConfigOptions, cmd *cobra.Command) {
+	flags := cmd.Flags()
+
+	flags.StringVar(
+		&o.EncryptionKeyPath,
+		"encryption-key-path",
+		"",
+		"the path to the encryption key file")
+
+	flags.StringVar(
+		&o.DecryptionKeyPath,
+		"decryption-key-path",
+		"",
+		"the path to the decryption key file")
+
+	flags.StringVar(
+		&o.KeySecretName,
+		"secret-name",
+		"",
+		"name of the secret consisting of the encryption and decryption keys")
+
+	flags.StringVar(
+		&o.KeySecretNamespace,
+		"secret-namespace",
+		"",
+		"namespace of the secret consisting of the encryption and decryption keys")
+}

cmd/config/set_encryption_configuration_test.go

@@ -0,0 +1,179 @@
+/*
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
+package config
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"opendev.org/airship/airshipctl/pkg/config"
+	"opendev.org/airship/airshipctl/testutil"
+)
+
+const (
+	encryptionConfigName  = "encryptionConfig"
+	secretName            = "secretName"
+	secretNamespace       = "secretNamespace"
+	encryptionKeyFilePath = "/tmp/encryption.key"
+	decryptionKeyFilePath = "/tmp/decryption.pub"
+)
+
+func TestConfigSetEncryptionConfigurationCmd(t *testing.T) {
+	cmdTests := []*testutil.CmdTest{
+		{
+			Name:    "config-cmd-set-encryption-config-with-help",
+			CmdLine: "--help",
+			Cmd:     NewSetEncryptionConfigCommand(nil),
+		},
+		{
+			Name:    "config-cmd-set-encryption-config-no-args",
+			CmdLine: "",
+			Cmd:     NewSetEncryptionConfigCommand(nil),
+			Error:   fmt.Errorf("accepts %d arg(s), received %d", 1, 0),
+		},
+		{
+			Name:    "config-cmd-set-encryption-config-excess-args",
+			CmdLine: "arg1 arg2",
+			Cmd:     NewSetEncryptionConfigCommand(nil),
+			Error:   fmt.Errorf("accepts %d arg(s), received %d", 1, 2),
+		},
+	}
+
+	for _, tt := range cmdTests {
+		testutil.RunTest(t, tt)
+	}
+}
+
+func TestSetEncryptionConfig(t *testing.T) {
+	given, cleanupGiven := testutil.InitConfig(t)
+	defer cleanupGiven(t)
+
+	tests := []struct {
+		testName              string
+		encryptionConfigName  string
+		flags                 []string
+		inputConfig           *config.Config
+		secretName            string
+		secretNamespace       string
+		encryptionKeyFilePath string
+		decryptionKeyFilePath string
+		error                 error
+	}{
+		{
+			testName:              "set-encryption-config-error-no-encryption",
+			encryptionKeyFilePath: encryptionKeyFilePath,
+			decryptionKeyFilePath: decryptionKeyFilePath,
+			encryptionConfigName:  encryptionConfigName,
+			flags: []string{
+				"--decryption-key-path " + decryptionKeyFilePath,
+			},
+			error: fmt.Errorf("you must specify both encryption " +
+				"and decryption keys when setting encryption config"),
+			inputConfig: given,
+		},
+		{
+			testName: "set-encryption-config-error-no-decryption",
+			flags: []string{
+				"--encryption-key-path " + encryptionKeyFilePath,
+			},
+			error: fmt.Errorf("you must specify both encryption " +
+				"and decryption keys when setting encryption config"),
+			encryptionConfigName:  encryptionConfigName,
+			encryptionKeyFilePath: encryptionKeyFilePath,
+			decryptionKeyFilePath: decryptionKeyFilePath,
+		},
+		{
+			testName:             "set-encryption-config-error-no-options",
+			encryptionConfigName: encryptionConfigName,
+			error: fmt.Errorf("you must specify both encryption " +
+				"and decryption keys when setting encryption config"),
+			inputConfig: given,
+		},
+		{
+			testName:              "set-encryption-config",
+			encryptionConfigName:  encryptionConfigName,
+			encryptionKeyFilePath: encryptionKeyFilePath,
+			decryptionKeyFilePath: decryptionKeyFilePath,
+			flags: []string{
+				"--decryption-key-path " + decryptionKeyFilePath,
+				"--encryption-key-path " + encryptionKeyFilePath,
+			},
+			inputConfig: given,
+		},
+		{
+			testName:             "set-encryption-config-error-no-namespace",
+			encryptionConfigName: encryptionConfigName,
+			flags: []string{
+				"--secret-name " + secretName,
+			},
+			error: fmt.Errorf("you must specify both secret name and namespace" +
+				" when setting encryption config"),
+		},
+		{
+			testName:             "set-encryption-config-error-no-secret-name",
+			encryptionConfigName: encryptionConfigName,
+			flags: []string{
+				"--secret-namespace " + secretNamespace,
+			},
+			error: fmt.Errorf("you must specify both secret name and namespace" +
+				" when setting encryption config"),
+		},
+		{
+			testName:              "set-encryption-config",
+			encryptionConfigName:  encryptionConfigName,
+			secretName:            secretName,
+			secretNamespace:       secretNamespace,
+			encryptionKeyFilePath: encryptionKeyFilePath,
+			decryptionKeyFilePath: decryptionKeyFilePath,
+			flags: []string{
+				"--secret-name " + secretName,
+				"--secret-namespace " + secretNamespace,
+			},
+			inputConfig: given,
+		},
+	}
+
+	for _, tt := range tests {
+		settings := func() (*config.Config, error) {
+			return tt.inputConfig, nil
+		}
+
+		cmd := &testutil.CmdTest{
+			Name:    tt.testName,
+			CmdLine: fmt.Sprintf("%s %s", tt.encryptionConfigName, strings.Join(tt.flags, " ")),
+			Error:   tt.error,
+			Cmd:     NewSetEncryptionConfigCommand(settings),
+		}
+
+		testutil.RunTest(t, cmd)
+
+		if cmd.Error != nil {
+			return
+		}
+
+		afterRunConf := tt.inputConfig
+		// Find the Encryption Config Created or Modified
+		afterRunEncryptionConfig, _ := afterRunConf.EncryptionConfigs[tt.encryptionConfigName]
+		require.NotNil(t, afterRunEncryptionConfig)
+		assert.EqualValues(t, afterRunEncryptionConfig.KeySecretName, tt.secretName)
+		assert.EqualValues(t, afterRunEncryptionConfig.KeySecretNamespace, tt.secretNamespace)
+		assert.EqualValues(t, afterRunEncryptionConfig.EncryptionKeyPath, tt.encryptionKeyFilePath)
+		assert.EqualValues(t, afterRunEncryptionConfig.DecryptionKeyPath, tt.decryptionKeyFilePath)
+	}
+}

cmd/config/testdata/TestConfigGoldenOutput/config-cmd-with-help.golden

@@ -5,12 +5,14 @@ Usage:
 
 Available Commands:
   get-context           Get context information from the airshipctl config
+  get-encryption-config Get an encryption config information from the airshipctl config
   get-management-config View a management config or all management configs defined in the airshipctl config
   get-manifest          Get a manifest information from the airshipctl config
   help                  Help about any command
   import                Merge information from a kubernetes config file
   init                  Generate initial configuration files for airshipctl
   set-context           Manage contexts
+  set-encryption-config Manage encryption configs in airship config
   set-management-config Modify an out-of-band management configuration
   set-manifest          Manage manifests in airship config
   use-context           Switch to a different context

cmd/config/testdata/TestConfigSetContextGoldenOutput/config-cmd-set-context-too-many-args.golden

@@ -10,6 +10,7 @@ airshipctl config set-context exampleContext \
   --manifest=exampleManifest \
   --user=exampleUser
   --cluster-type=target
+  --encryption-config=exampleEncryptionConfig
 
 # Update the manifest of the current-context
 airshipctl config set-context \
@@ -18,11 +19,12 @@ airshipctl config set-context \
 
 
 Flags:
-      --cluster string        set the cluster for the specified context
+      --cluster string             set the cluster for the specified context
-      --cluster-type string   set the cluster-type for the specified context
+      --cluster-type string        set the cluster-type for the specified context
-      --current               update the current context
+      --current                    update the current context
-  -h, --help                  help for set-context
+      --encryption-config string   set the encryption config for the specified context
-      --manifest string       set the manifest for the specified context
+  -h, --help                       help for set-context
-      --namespace string      set the namespace for the specified context
+      --manifest string            set the manifest for the specified context
-      --user string           set the user for the specified context
+      --namespace string           set the namespace for the specified context
+      --user string                set the user for the specified context
 

cmd/config/testdata/TestConfigSetContextGoldenOutput/config-cmd-set-context-with-help.golden

@@ -11,6 +11,7 @@ airshipctl config set-context exampleContext \
   --manifest=exampleManifest \
   --user=exampleUser
   --cluster-type=target
+  --encryption-config=exampleEncryptionConfig
 
 # Update the manifest of the current-context
 airshipctl config set-context \
@@ -19,10 +20,11 @@ airshipctl config set-context \
 
 
 Flags:
-      --cluster string        set the cluster for the specified context
+      --cluster string             set the cluster for the specified context
-      --cluster-type string   set the cluster-type for the specified context
+      --cluster-type string        set the cluster-type for the specified context
-      --current               update the current context
+      --current                    update the current context
-  -h, --help                  help for set-context
+      --encryption-config string   set the encryption config for the specified context
-      --manifest string       set the manifest for the specified context
+  -h, --help                       help for set-context
-      --namespace string      set the namespace for the specified context
+      --manifest string            set the manifest for the specified context
-      --user string           set the user for the specified context
+      --namespace string           set the namespace for the specified context
+      --user string                set the user for the specified context

cmd/config/testdata/TestConfigSetEncryptionConfigurationCmdGoldenOutput/config-cmd-set-encryption-config-excess-args.golden

@@ -0,0 +1,24 @@
+Error: accepts 1 arg(s), received 2
+Usage:
+  set-encryption-config NAME [flags]
+
+Examples:
+
+# Create an encryption config with local gpg key source
+airshipctl config set-encryption-config exampleConfig \
+  --encryption-key path-to-encryption-key \
+  --decryption-key path-to-encryption-key
+
+# Create an encryption config with kube api server secret as the store to store encryption keys
+airshipctl config set-encryption-config exampleConfig \
+  --secret-name secretName \
+  --secret-namespace secretNamespace
+
+
+Flags:
+      --decryption-key-path string   the path to the decryption key file
+      --encryption-key-path string   the path to the encryption key file
+  -h, --help                         help for set-encryption-config
+      --secret-name string           name of the secret consisting of the encryption and decryption keys
+      --secret-namespace string      namespace of the secret consisting of the encryption and decryption keys
+

cmd/config/testdata/TestConfigSetEncryptionConfigurationCmdGoldenOutput/config-cmd-set-encryption-config-no-args.golden

@@ -0,0 +1,24 @@
+Error: accepts 1 arg(s), received 0
+Usage:
+  set-encryption-config NAME [flags]
+
+Examples:
+
+# Create an encryption config with local gpg key source
+airshipctl config set-encryption-config exampleConfig \
+  --encryption-key path-to-encryption-key \
+  --decryption-key path-to-encryption-key
+
+# Create an encryption config with kube api server secret as the store to store encryption keys
+airshipctl config set-encryption-config exampleConfig \
+  --secret-name secretName \
+  --secret-namespace secretNamespace
+
+
+Flags:
+      --decryption-key-path string   the path to the decryption key file
+      --encryption-key-path string   the path to the encryption key file
+  -h, --help                         help for set-encryption-config
+      --secret-name string           name of the secret consisting of the encryption and decryption keys
+      --secret-namespace string      namespace of the secret consisting of the encryption and decryption keys
+

cmd/config/testdata/TestConfigSetEncryptionConfigurationCmdGoldenOutput/config-cmd-set-encryption-config-with-help.golden

@@ -0,0 +1,26 @@
+Create or modify an encryption config in the airshipctl config file.
+
+Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects
+
+Usage:
+  set-encryption-config NAME [flags]
+
+Examples:
+
+# Create an encryption config with local gpg key source
+airshipctl config set-encryption-config exampleConfig \
+  --encryption-key path-to-encryption-key \
+  --decryption-key path-to-encryption-key
+
+# Create an encryption config with kube api server secret as the store to store encryption keys
+airshipctl config set-encryption-config exampleConfig \
+  --secret-name secretName \
+  --secret-namespace secretNamespace
+
+
+Flags:
+      --decryption-key-path string   the path to the decryption key file
+      --encryption-key-path string   the path to the encryption key file
+  -h, --help                         help for set-encryption-config
+      --secret-name string           name of the secret consisting of the encryption and decryption keys
+      --secret-namespace string      namespace of the secret consisting of the encryption and decryption keys

cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-empty-encryption-config.golden

@@ -0,0 +1,3 @@
+decryptionKeyPath: /tmp/decryption.pub
+encryptionKeyPath: /tmp/encryption.key
+

cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-encryption-config-all.golden

@@ -0,0 +1,3 @@
+decryptionKeyPath: /tmp/decryption.pub
+encryptionKeyPath: /tmp/encryption.key
+

cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-encryption-config-not-found.golden

@@ -0,0 +1,19 @@
+Error: Unknown encryption configuration 'Encryption Config with name 'foo''.
+Usage:
+  get-encryption-config NAME [flags]
+
+Aliases:
+  get-encryption-config, get-encryption-configs
+
+Examples:
+
+# List all the encryption configs airshipctl knows about
+airshipctl config get-encryption-configs
+
+# Display a specific encryption config
+airshipctl config get-encryption-config exampleConfig
+
+
+Flags:
+  -h, --help   help for get-encryption-config
+

cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-encryption-config-with-help.golden

@@ -0,0 +1,19 @@
+Display a specific encryption config information, or all defined encryption configs if no name is provided.
+
+Usage:
+  get-encryption-config NAME [flags]
+
+Aliases:
+  get-encryption-config, get-encryption-configs
+
+Examples:
+
+# List all the encryption configs airshipctl knows about
+airshipctl config get-encryption-configs
+
+# Display a specific encryption config
+airshipctl config get-encryption-config exampleConfig
+
+
+Flags:
+  -h, --help   help for get-encryption-config

cmd/config/testdata/TestSetEncryptionConfigGoldenOutput/set-encryption-config-error-no-encryption.golden

@@ -0,0 +1,24 @@
+Error: Specify both encryption and decryption keys when setting encryption config
+Usage:
+  set-encryption-config NAME [flags]
+
+Examples:
+
+# Create an encryption config with local gpg key source
+airshipctl config set-encryption-config exampleConfig \
+  --encryption-key path-to-encryption-key \
+  --decryption-key path-to-encryption-key
+
+# Create an encryption config with kube api server secret as the store to store encryption keys
+airshipctl config set-encryption-config exampleConfig \
+  --secret-name secretName \
+  --secret-namespace secretNamespace
+
+
+Flags:
+      --decryption-key-path string   the path to the decryption key file
+      --encryption-key-path string   the path to the encryption key file
+  -h, --help                         help for set-encryption-config
+      --secret-name string           name of the secret consisting of the encryption and decryption keys
+      --secret-namespace string      namespace of the secret consisting of the encryption and decryption keys
+

docs/source/cli/airshipctl_config.md

@@ -24,11 +24,13 @@ Manage the airshipctl config file
 
 * [airshipctl](airshipctl.md)	 - A unified entrypoint to various airship components
 * [airshipctl config get-context](airshipctl_config_get-context.md)	 - Get context information from the airshipctl config
+* [airshipctl config get-encryption-config](airshipctl_config_get-encryption-config.md)	 - Get an encryption config information from the airshipctl config
 * [airshipctl config get-management-config](airshipctl_config_get-management-config.md)	 - View a management config or all management configs defined in the airshipctl config
 * [airshipctl config get-manifest](airshipctl_config_get-manifest.md)	 - Get a manifest information from the airshipctl config
 * [airshipctl config import](airshipctl_config_import.md)	 - Merge information from a kubernetes config file
 * [airshipctl config init](airshipctl_config_init.md)	 - Generate initial configuration files for airshipctl
 * [airshipctl config set-context](airshipctl_config_set-context.md)	 - Manage contexts
+* [airshipctl config set-encryption-config](airshipctl_config_set-encryption-config.md)	 - Manage encryption configs in airship config
 * [airshipctl config set-management-config](airshipctl_config_set-management-config.md)	 - Modify an out-of-band management configuration
 * [airshipctl config set-manifest](airshipctl_config_set-manifest.md)	 - Manage manifests in airship config
 * [airshipctl config use-context](airshipctl_config_use-context.md)	 - Switch to a different context

docs/source/cli/airshipctl_config_get-encryption-config.md

@@ -0,0 +1,43 @@
+## airshipctl config get-encryption-config
+
+Get an encryption config information from the airshipctl config
+
+### Synopsis
+
+Display a specific encryption config information, or all defined encryption configs if no name is provided.
+
+
+```
+airshipctl config get-encryption-config NAME [flags]
+```
+
+### Examples
+
+```
+
+# List all the encryption configs airshipctl knows about
+airshipctl config get-encryption-configs
+
+# Display a specific encryption config
+airshipctl config get-encryption-config exampleConfig
+
+```
+
+### Options
+
+```
+  -h, --help   help for get-encryption-config
+```
+
+### Options inherited from parent commands
+
+```
+      --airshipconf string   Path to file for airshipctl configuration. (default "$HOME/.airship/config")
+      --debug                enable verbose output
+      --kubeconfig string    Path to kubeconfig associated with airshipctl configuration. (default "$HOME/.airship/kubeconfig")
+```
+
+### SEE ALSO
+
+* [airshipctl config](airshipctl_config.md)	 - Manage the airshipctl config file
+

docs/source/cli/airshipctl_config_set-context.md

@@ -21,6 +21,7 @@ airshipctl config set-context exampleContext \
   --manifest=exampleManifest \
   --user=exampleUser
   --cluster-type=target
+  --encryption-config=exampleEncryptionConfig
 
 # Update the manifest of the current-context
 airshipctl config set-context \
@@ -32,13 +33,14 @@ airshipctl config set-context \
 ### Options
 
 ```
-      --cluster string        set the cluster for the specified context
+      --cluster string             set the cluster for the specified context
-      --cluster-type string   set the cluster-type for the specified context
+      --cluster-type string        set the cluster-type for the specified context
-      --current               update the current context
+      --current                    update the current context
-  -h, --help                  help for set-context
+      --encryption-config string   set the encryption config for the specified context
-      --manifest string       set the manifest for the specified context
+  -h, --help                       help for set-context
-      --namespace string      set the namespace for the specified context
+      --manifest string            set the manifest for the specified context
-      --user string           set the user for the specified context
+      --namespace string           set the namespace for the specified context
+      --user string                set the user for the specified context
 ```
 
 ### Options inherited from parent commands

docs/source/cli/airshipctl_config_set-encryption-config.md

@@ -0,0 +1,53 @@
+## airshipctl config set-encryption-config
+
+Manage encryption configs in airship config
+
+### Synopsis
+
+Create or modify an encryption config in the airshipctl config file.
+
+Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects
+
+
+```
+airshipctl config set-encryption-config NAME [flags]
+```
+
+### Examples
+
+```
+
+# Create an encryption config with local gpg key source
+airshipctl config set-encryption-config exampleConfig \
+  --encryption-key path-to-encryption-key \
+  --decryption-key path-to-encryption-key
+
+# Create an encryption config with kube api server secret as the store to store encryption keys
+airshipctl config set-encryption-config exampleConfig \
+  --secret-name secretName \
+  --secret-namespace secretNamespace
+
+```
+
+### Options
+
+```
+      --decryption-key-path string   the path to the decryption key file
+      --encryption-key-path string   the path to the encryption key file
+  -h, --help                         help for set-encryption-config
+      --secret-name string           name of the secret consisting of the encryption and decryption keys
+      --secret-namespace string      namespace of the secret consisting of the encryption and decryption keys
+```
+
+### Options inherited from parent commands
+
+```
+      --airshipconf string   Path to file for airshipctl configuration. (default "$HOME/.airship/config")
+      --debug                enable verbose output
+      --kubeconfig string    Path to kubeconfig associated with airshipctl configuration. (default "$HOME/.airship/kubeconfig")
+```
+
+### SEE ALSO
+
+* [airshipctl config](airshipctl_config.md)	 - Manage the airshipctl config file
+