Merge "Adding commands to get and set encryption configs"
This commit is contained in:
commit
d87eea6544
@ -40,6 +40,9 @@ func NewConfigCommand(cfgFactory config.Factory) *cobra.Command {
|
||||
configRootCmd.AddCommand(NewGetManifestCommand(cfgFactory))
|
||||
configRootCmd.AddCommand(NewSetManifestCommand(cfgFactory))
|
||||
|
||||
configRootCmd.AddCommand(NewGetEncryptionConfigCommand(cfgFactory))
|
||||
configRootCmd.AddCommand(NewSetEncryptionConfigCommand(cfgFactory))
|
||||
|
||||
// Init will have different factory
|
||||
configRootCmd.AddCommand(NewInitCommand())
|
||||
return configRootCmd
|
||||
|
76
cmd/config/get_encryption_config.go
Normal file
76
cmd/config/get_encryption_config.go
Normal file
@ -0,0 +1,76 @@
|
||||
/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
https://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package config
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
|
||||
"opendev.org/airship/airshipctl/pkg/config"
|
||||
)
|
||||
|
||||
const (
|
||||
getEncryptionConfigsLong = `
|
||||
Display a specific encryption config information, or all defined encryption configs if no name is provided.
|
||||
`
|
||||
|
||||
getEncryptionConfigsExample = `
|
||||
# List all the encryption configs airshipctl knows about
|
||||
airshipctl config get-encryption-configs
|
||||
|
||||
# Display a specific encryption config
|
||||
airshipctl config get-encryption-config exampleConfig
|
||||
`
|
||||
)
|
||||
|
||||
// NewGetEncryptionConfigCommand creates a command that enables printing an encryption configuration to stdout.
|
||||
func NewGetEncryptionConfigCommand(cfgFactory config.Factory) *cobra.Command {
|
||||
cmd := &cobra.Command{
|
||||
Use: "get-encryption-config NAME",
|
||||
Short: "Get an encryption config information from the airshipctl config",
|
||||
Long: getEncryptionConfigsLong[1:],
|
||||
Example: getEncryptionConfigsExample,
|
||||
Args: cobra.MaximumNArgs(1),
|
||||
Aliases: []string{"get-encryption-configs"},
|
||||
RunE: func(cmd *cobra.Command, args []string) error {
|
||||
airconfig, err := cfgFactory()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if len(args) == 1 {
|
||||
name := args[0]
|
||||
encryptionConfig, exists := airconfig.EncryptionConfigs[name]
|
||||
if !exists {
|
||||
return config.ErrEncryptionConfigurationNotFound{
|
||||
Name: fmt.Sprintf("Encryption Config with name '%s'", name),
|
||||
}
|
||||
}
|
||||
fmt.Fprintln(cmd.OutOrStdout(), encryptionConfig)
|
||||
} else {
|
||||
encryptionConfigs := airconfig.GetEncryptionConfigs()
|
||||
if len(encryptionConfigs) == 0 {
|
||||
fmt.Fprintln(cmd.OutOrStdout(), "No Encryption Config found in the configuration.")
|
||||
}
|
||||
for _, encryptionConfig := range encryptionConfigs {
|
||||
fmt.Fprintln(cmd.OutOrStdout(), encryptionConfig)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
},
|
||||
}
|
||||
|
||||
return cmd
|
||||
}
|
67
cmd/config/get_encryption_config_test.go
Normal file
67
cmd/config/get_encryption_config_test.go
Normal file
@ -0,0 +1,67 @@
|
||||
/*
|
||||
Copyright 2014 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package config_test
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
cmd "opendev.org/airship/airshipctl/cmd/config"
|
||||
"opendev.org/airship/airshipctl/pkg/config"
|
||||
"opendev.org/airship/airshipctl/testutil"
|
||||
)
|
||||
|
||||
func TestGetEncryptionConfigCmd(t *testing.T) {
|
||||
settings := func() (*config.Config, error) {
|
||||
return &config.Config{
|
||||
EncryptionConfigs: map[string]*config.EncryptionConfig{
|
||||
config.AirshipDefaultContext: testutil.DummyEncryptionConfig(),
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
emptySettings := func() (*config.Config, error) {
|
||||
return &config.Config{}, nil
|
||||
}
|
||||
|
||||
cmdTests := []*testutil.CmdTest{
|
||||
{
|
||||
Name: "get-encryption-config-with-help",
|
||||
CmdLine: "--help",
|
||||
Cmd: cmd.NewGetEncryptionConfigCommand(nil),
|
||||
},
|
||||
{
|
||||
Name: "get-encryption-config-not-found",
|
||||
CmdLine: "foo",
|
||||
Cmd: cmd.NewGetEncryptionConfigCommand(emptySettings),
|
||||
Error: config.ErrEncryptionConfigurationNotFound{Name: "foo"},
|
||||
},
|
||||
{
|
||||
Name: "get-encryption-config-all",
|
||||
CmdLine: "",
|
||||
Cmd: cmd.NewGetEncryptionConfigCommand(settings),
|
||||
},
|
||||
{
|
||||
Name: "get-empty-encryption-config",
|
||||
CmdLine: config.AirshipDefaultContext,
|
||||
Cmd: cmd.NewGetEncryptionConfigCommand(settings),
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range cmdTests {
|
||||
testutil.RunTest(t, tt)
|
||||
}
|
||||
}
|
@ -36,6 +36,7 @@ airshipctl config set-context exampleContext \
|
||||
--manifest=exampleManifest \
|
||||
--user=exampleUser
|
||||
--cluster-type=target
|
||||
--encryption-config=exampleEncryptionConfig
|
||||
|
||||
# Update the manifest of the current-context
|
||||
airshipctl config set-context \
|
||||
@ -108,6 +109,12 @@ func addSetContextFlags(o *config.ContextOptions, cmd *cobra.Command) {
|
||||
"",
|
||||
"set the manifest for the specified context")
|
||||
|
||||
flags.StringVar(
|
||||
&o.EncryptionConfig,
|
||||
"encryption-config",
|
||||
"",
|
||||
"set the encryption config for the specified context")
|
||||
|
||||
flags.StringVar(
|
||||
&o.Namespace,
|
||||
"namespace",
|
||||
|
@ -30,10 +30,11 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
testUser = "admin@kubernetes"
|
||||
defaultManifest = "edge_cloud"
|
||||
defaultNamespace = "kube-system"
|
||||
testManifest = "test_manifest"
|
||||
testUser = "admin@kubernetes"
|
||||
defaultManifest = "edge_cloud"
|
||||
defaultNamespace = "kube-system"
|
||||
testManifest = "test_manifest"
|
||||
testEncryptionConfig = "test_encryption_config"
|
||||
)
|
||||
|
||||
type setContextTest struct {
|
||||
@ -73,11 +74,12 @@ func TestSetContext(t *testing.T) {
|
||||
defer cleanupGiven(t)
|
||||
|
||||
tests := []struct {
|
||||
testName string
|
||||
contextName string
|
||||
flags []string
|
||||
givenConfig *config.Config
|
||||
manifest string
|
||||
testName string
|
||||
contextName string
|
||||
flags []string
|
||||
givenConfig *config.Config
|
||||
manifest string
|
||||
encryptionConfig string
|
||||
}{
|
||||
{
|
||||
testName: "set-context",
|
||||
@ -87,9 +89,11 @@ func TestSetContext(t *testing.T) {
|
||||
"--user=" + testUser,
|
||||
"--manifest=" + defaultManifest,
|
||||
"--namespace=" + defaultNamespace,
|
||||
"--encryption-config=" + testEncryptionConfig,
|
||||
},
|
||||
givenConfig: given,
|
||||
manifest: defaultManifest,
|
||||
givenConfig: given,
|
||||
manifest: defaultManifest,
|
||||
encryptionConfig: testEncryptionConfig,
|
||||
},
|
||||
{
|
||||
testName: "set-current-context",
|
||||
@ -106,6 +110,15 @@ func TestSetContext(t *testing.T) {
|
||||
givenConfig: given,
|
||||
manifest: testManifest,
|
||||
},
|
||||
{
|
||||
testName: "modify-context",
|
||||
contextName: "def_target",
|
||||
flags: []string{
|
||||
"--encryption-config=" + testEncryptionConfig,
|
||||
},
|
||||
givenConfig: given,
|
||||
encryptionConfig: testEncryptionConfig,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
|
106
cmd/config/set_encryption_config.go
Normal file
106
cmd/config/set_encryption_config.go
Normal file
@ -0,0 +1,106 @@
|
||||
/*
|
||||
Copyright 2016 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package config
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
|
||||
"opendev.org/airship/airshipctl/pkg/config"
|
||||
)
|
||||
|
||||
const (
|
||||
setEncryptionConfigLong = `
|
||||
Create or modify an encryption config in the airshipctl config file.
|
||||
|
||||
Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects
|
||||
`
|
||||
|
||||
setEncryptionConfigExample = `
|
||||
# Create an encryption config with local gpg key source
|
||||
airshipctl config set-encryption-config exampleConfig \
|
||||
--encryption-key path-to-encryption-key \
|
||||
--decryption-key path-to-encryption-key
|
||||
|
||||
# Create an encryption config with kube api server secret as the store to store encryption keys
|
||||
airshipctl config set-encryption-config exampleConfig \
|
||||
--secret-name secretName \
|
||||
--secret-namespace secretNamespace
|
||||
`
|
||||
)
|
||||
|
||||
// NewSetEncryptionConfigCommand creates a command for creating and modifying encryption
|
||||
// configs in the airshipctl config file.
|
||||
func NewSetEncryptionConfigCommand(cfgFactory config.Factory) *cobra.Command {
|
||||
o := &config.EncryptionConfigOptions{}
|
||||
cmd := &cobra.Command{
|
||||
Use: "set-encryption-config NAME",
|
||||
Short: "Manage encryption configs in airship config",
|
||||
Long: setEncryptionConfigLong[1:],
|
||||
Example: setEncryptionConfigExample,
|
||||
Args: cobra.ExactArgs(1),
|
||||
RunE: func(cmd *cobra.Command, args []string) error {
|
||||
cfg, err := cfgFactory()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
o.Name = args[0]
|
||||
modified, err := config.RunSetEncryptionConfig(o, cfg, true)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if modified {
|
||||
fmt.Fprintf(cmd.OutOrStdout(), "Encryption Config %q modified.\n", o.Name)
|
||||
} else {
|
||||
fmt.Fprintf(cmd.OutOrStdout(), "Encryption Config %q created.\n", o.Name)
|
||||
}
|
||||
return nil
|
||||
},
|
||||
}
|
||||
|
||||
addSetEncryptionConfigFlags(o, cmd)
|
||||
return cmd
|
||||
}
|
||||
|
||||
func addSetEncryptionConfigFlags(o *config.EncryptionConfigOptions, cmd *cobra.Command) {
|
||||
flags := cmd.Flags()
|
||||
|
||||
flags.StringVar(
|
||||
&o.EncryptionKeyPath,
|
||||
"encryption-key-path",
|
||||
"",
|
||||
"the path to the encryption key file")
|
||||
|
||||
flags.StringVar(
|
||||
&o.DecryptionKeyPath,
|
||||
"decryption-key-path",
|
||||
"",
|
||||
"the path to the decryption key file")
|
||||
|
||||
flags.StringVar(
|
||||
&o.KeySecretName,
|
||||
"secret-name",
|
||||
"",
|
||||
"name of the secret consisting of the encryption and decryption keys")
|
||||
|
||||
flags.StringVar(
|
||||
&o.KeySecretNamespace,
|
||||
"secret-namespace",
|
||||
"",
|
||||
"namespace of the secret consisting of the encryption and decryption keys")
|
||||
}
|
179
cmd/config/set_encryption_configuration_test.go
Normal file
179
cmd/config/set_encryption_configuration_test.go
Normal file
@ -0,0 +1,179 @@
|
||||
/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package config
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"opendev.org/airship/airshipctl/pkg/config"
|
||||
"opendev.org/airship/airshipctl/testutil"
|
||||
)
|
||||
|
||||
const (
|
||||
encryptionConfigName = "encryptionConfig"
|
||||
secretName = "secretName"
|
||||
secretNamespace = "secretNamespace"
|
||||
encryptionKeyFilePath = "/tmp/encryption.key"
|
||||
decryptionKeyFilePath = "/tmp/decryption.pub"
|
||||
)
|
||||
|
||||
func TestConfigSetEncryptionConfigurationCmd(t *testing.T) {
|
||||
cmdTests := []*testutil.CmdTest{
|
||||
{
|
||||
Name: "config-cmd-set-encryption-config-with-help",
|
||||
CmdLine: "--help",
|
||||
Cmd: NewSetEncryptionConfigCommand(nil),
|
||||
},
|
||||
{
|
||||
Name: "config-cmd-set-encryption-config-no-args",
|
||||
CmdLine: "",
|
||||
Cmd: NewSetEncryptionConfigCommand(nil),
|
||||
Error: fmt.Errorf("accepts %d arg(s), received %d", 1, 0),
|
||||
},
|
||||
{
|
||||
Name: "config-cmd-set-encryption-config-excess-args",
|
||||
CmdLine: "arg1 arg2",
|
||||
Cmd: NewSetEncryptionConfigCommand(nil),
|
||||
Error: fmt.Errorf("accepts %d arg(s), received %d", 1, 2),
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range cmdTests {
|
||||
testutil.RunTest(t, tt)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSetEncryptionConfig(t *testing.T) {
|
||||
given, cleanupGiven := testutil.InitConfig(t)
|
||||
defer cleanupGiven(t)
|
||||
|
||||
tests := []struct {
|
||||
testName string
|
||||
encryptionConfigName string
|
||||
flags []string
|
||||
inputConfig *config.Config
|
||||
secretName string
|
||||
secretNamespace string
|
||||
encryptionKeyFilePath string
|
||||
decryptionKeyFilePath string
|
||||
error error
|
||||
}{
|
||||
{
|
||||
testName: "set-encryption-config-error-no-encryption",
|
||||
encryptionKeyFilePath: encryptionKeyFilePath,
|
||||
decryptionKeyFilePath: decryptionKeyFilePath,
|
||||
encryptionConfigName: encryptionConfigName,
|
||||
flags: []string{
|
||||
"--decryption-key-path " + decryptionKeyFilePath,
|
||||
},
|
||||
error: fmt.Errorf("you must specify both encryption " +
|
||||
"and decryption keys when setting encryption config"),
|
||||
inputConfig: given,
|
||||
},
|
||||
{
|
||||
testName: "set-encryption-config-error-no-decryption",
|
||||
flags: []string{
|
||||
"--encryption-key-path " + encryptionKeyFilePath,
|
||||
},
|
||||
error: fmt.Errorf("you must specify both encryption " +
|
||||
"and decryption keys when setting encryption config"),
|
||||
encryptionConfigName: encryptionConfigName,
|
||||
encryptionKeyFilePath: encryptionKeyFilePath,
|
||||
decryptionKeyFilePath: decryptionKeyFilePath,
|
||||
},
|
||||
{
|
||||
testName: "set-encryption-config-error-no-options",
|
||||
encryptionConfigName: encryptionConfigName,
|
||||
error: fmt.Errorf("you must specify both encryption " +
|
||||
"and decryption keys when setting encryption config"),
|
||||
inputConfig: given,
|
||||
},
|
||||
{
|
||||
testName: "set-encryption-config",
|
||||
encryptionConfigName: encryptionConfigName,
|
||||
encryptionKeyFilePath: encryptionKeyFilePath,
|
||||
decryptionKeyFilePath: decryptionKeyFilePath,
|
||||
flags: []string{
|
||||
"--decryption-key-path " + decryptionKeyFilePath,
|
||||
"--encryption-key-path " + encryptionKeyFilePath,
|
||||
},
|
||||
inputConfig: given,
|
||||
},
|
||||
{
|
||||
testName: "set-encryption-config-error-no-namespace",
|
||||
encryptionConfigName: encryptionConfigName,
|
||||
flags: []string{
|
||||
"--secret-name " + secretName,
|
||||
},
|
||||
error: fmt.Errorf("you must specify both secret name and namespace" +
|
||||
" when setting encryption config"),
|
||||
},
|
||||
{
|
||||
testName: "set-encryption-config-error-no-secret-name",
|
||||
encryptionConfigName: encryptionConfigName,
|
||||
flags: []string{
|
||||
"--secret-namespace " + secretNamespace,
|
||||
},
|
||||
error: fmt.Errorf("you must specify both secret name and namespace" +
|
||||
" when setting encryption config"),
|
||||
},
|
||||
{
|
||||
testName: "set-encryption-config",
|
||||
encryptionConfigName: encryptionConfigName,
|
||||
secretName: secretName,
|
||||
secretNamespace: secretNamespace,
|
||||
encryptionKeyFilePath: encryptionKeyFilePath,
|
||||
decryptionKeyFilePath: decryptionKeyFilePath,
|
||||
flags: []string{
|
||||
"--secret-name " + secretName,
|
||||
"--secret-namespace " + secretNamespace,
|
||||
},
|
||||
inputConfig: given,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
settings := func() (*config.Config, error) {
|
||||
return tt.inputConfig, nil
|
||||
}
|
||||
|
||||
cmd := &testutil.CmdTest{
|
||||
Name: tt.testName,
|
||||
CmdLine: fmt.Sprintf("%s %s", tt.encryptionConfigName, strings.Join(tt.flags, " ")),
|
||||
Error: tt.error,
|
||||
Cmd: NewSetEncryptionConfigCommand(settings),
|
||||
}
|
||||
|
||||
testutil.RunTest(t, cmd)
|
||||
|
||||
if cmd.Error != nil {
|
||||
return
|
||||
}
|
||||
|
||||
afterRunConf := tt.inputConfig
|
||||
// Find the Encryption Config Created or Modified
|
||||
afterRunEncryptionConfig, _ := afterRunConf.EncryptionConfigs[tt.encryptionConfigName]
|
||||
require.NotNil(t, afterRunEncryptionConfig)
|
||||
assert.EqualValues(t, afterRunEncryptionConfig.KeySecretName, tt.secretName)
|
||||
assert.EqualValues(t, afterRunEncryptionConfig.KeySecretNamespace, tt.secretNamespace)
|
||||
assert.EqualValues(t, afterRunEncryptionConfig.EncryptionKeyPath, tt.encryptionKeyFilePath)
|
||||
assert.EqualValues(t, afterRunEncryptionConfig.DecryptionKeyPath, tt.decryptionKeyFilePath)
|
||||
}
|
||||
}
|
@ -5,12 +5,14 @@ Usage:
|
||||
|
||||
Available Commands:
|
||||
get-context Get context information from the airshipctl config
|
||||
get-encryption-config Get an encryption config information from the airshipctl config
|
||||
get-management-config View a management config or all management configs defined in the airshipctl config
|
||||
get-manifest Get a manifest information from the airshipctl config
|
||||
help Help about any command
|
||||
import Merge information from a kubernetes config file
|
||||
init Generate initial configuration files for airshipctl
|
||||
set-context Manage contexts
|
||||
set-encryption-config Manage encryption configs in airship config
|
||||
set-management-config Modify an out-of-band management configuration
|
||||
set-manifest Manage manifests in airship config
|
||||
use-context Switch to a different context
|
||||
|
@ -10,6 +10,7 @@ airshipctl config set-context exampleContext \
|
||||
--manifest=exampleManifest \
|
||||
--user=exampleUser
|
||||
--cluster-type=target
|
||||
--encryption-config=exampleEncryptionConfig
|
||||
|
||||
# Update the manifest of the current-context
|
||||
airshipctl config set-context \
|
||||
@ -18,11 +19,12 @@ airshipctl config set-context \
|
||||
|
||||
|
||||
Flags:
|
||||
--cluster string set the cluster for the specified context
|
||||
--cluster-type string set the cluster-type for the specified context
|
||||
--current update the current context
|
||||
-h, --help help for set-context
|
||||
--manifest string set the manifest for the specified context
|
||||
--namespace string set the namespace for the specified context
|
||||
--user string set the user for the specified context
|
||||
--cluster string set the cluster for the specified context
|
||||
--cluster-type string set the cluster-type for the specified context
|
||||
--current update the current context
|
||||
--encryption-config string set the encryption config for the specified context
|
||||
-h, --help help for set-context
|
||||
--manifest string set the manifest for the specified context
|
||||
--namespace string set the namespace for the specified context
|
||||
--user string set the user for the specified context
|
||||
|
||||
|
@ -11,6 +11,7 @@ airshipctl config set-context exampleContext \
|
||||
--manifest=exampleManifest \
|
||||
--user=exampleUser
|
||||
--cluster-type=target
|
||||
--encryption-config=exampleEncryptionConfig
|
||||
|
||||
# Update the manifest of the current-context
|
||||
airshipctl config set-context \
|
||||
@ -19,10 +20,11 @@ airshipctl config set-context \
|
||||
|
||||
|
||||
Flags:
|
||||
--cluster string set the cluster for the specified context
|
||||
--cluster-type string set the cluster-type for the specified context
|
||||
--current update the current context
|
||||
-h, --help help for set-context
|
||||
--manifest string set the manifest for the specified context
|
||||
--namespace string set the namespace for the specified context
|
||||
--user string set the user for the specified context
|
||||
--cluster string set the cluster for the specified context
|
||||
--cluster-type string set the cluster-type for the specified context
|
||||
--current update the current context
|
||||
--encryption-config string set the encryption config for the specified context
|
||||
-h, --help help for set-context
|
||||
--manifest string set the manifest for the specified context
|
||||
--namespace string set the namespace for the specified context
|
||||
--user string set the user for the specified context
|
||||
|
@ -0,0 +1,24 @@
|
||||
Error: accepts 1 arg(s), received 2
|
||||
Usage:
|
||||
set-encryption-config NAME [flags]
|
||||
|
||||
Examples:
|
||||
|
||||
# Create an encryption config with local gpg key source
|
||||
airshipctl config set-encryption-config exampleConfig \
|
||||
--encryption-key path-to-encryption-key \
|
||||
--decryption-key path-to-encryption-key
|
||||
|
||||
# Create an encryption config with kube api server secret as the store to store encryption keys
|
||||
airshipctl config set-encryption-config exampleConfig \
|
||||
--secret-name secretName \
|
||||
--secret-namespace secretNamespace
|
||||
|
||||
|
||||
Flags:
|
||||
--decryption-key-path string the path to the decryption key file
|
||||
--encryption-key-path string the path to the encryption key file
|
||||
-h, --help help for set-encryption-config
|
||||
--secret-name string name of the secret consisting of the encryption and decryption keys
|
||||
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys
|
||||
|
@ -0,0 +1,24 @@
|
||||
Error: accepts 1 arg(s), received 0
|
||||
Usage:
|
||||
set-encryption-config NAME [flags]
|
||||
|
||||
Examples:
|
||||
|
||||
# Create an encryption config with local gpg key source
|
||||
airshipctl config set-encryption-config exampleConfig \
|
||||
--encryption-key path-to-encryption-key \
|
||||
--decryption-key path-to-encryption-key
|
||||
|
||||
# Create an encryption config with kube api server secret as the store to store encryption keys
|
||||
airshipctl config set-encryption-config exampleConfig \
|
||||
--secret-name secretName \
|
||||
--secret-namespace secretNamespace
|
||||
|
||||
|
||||
Flags:
|
||||
--decryption-key-path string the path to the decryption key file
|
||||
--encryption-key-path string the path to the encryption key file
|
||||
-h, --help help for set-encryption-config
|
||||
--secret-name string name of the secret consisting of the encryption and decryption keys
|
||||
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys
|
||||
|
@ -0,0 +1,26 @@
|
||||
Create or modify an encryption config in the airshipctl config file.
|
||||
|
||||
Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects
|
||||
|
||||
Usage:
|
||||
set-encryption-config NAME [flags]
|
||||
|
||||
Examples:
|
||||
|
||||
# Create an encryption config with local gpg key source
|
||||
airshipctl config set-encryption-config exampleConfig \
|
||||
--encryption-key path-to-encryption-key \
|
||||
--decryption-key path-to-encryption-key
|
||||
|
||||
# Create an encryption config with kube api server secret as the store to store encryption keys
|
||||
airshipctl config set-encryption-config exampleConfig \
|
||||
--secret-name secretName \
|
||||
--secret-namespace secretNamespace
|
||||
|
||||
|
||||
Flags:
|
||||
--decryption-key-path string the path to the decryption key file
|
||||
--encryption-key-path string the path to the encryption key file
|
||||
-h, --help help for set-encryption-config
|
||||
--secret-name string name of the secret consisting of the encryption and decryption keys
|
||||
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys
|
@ -0,0 +1,3 @@
|
||||
decryptionKeyPath: /tmp/decryption.pub
|
||||
encryptionKeyPath: /tmp/encryption.key
|
||||
|
3
cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-encryption-config-all.golden
vendored
Normal file
3
cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-encryption-config-all.golden
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
decryptionKeyPath: /tmp/decryption.pub
|
||||
encryptionKeyPath: /tmp/encryption.key
|
||||
|
@ -0,0 +1,19 @@
|
||||
Error: Unknown encryption configuration 'Encryption Config with name 'foo''.
|
||||
Usage:
|
||||
get-encryption-config NAME [flags]
|
||||
|
||||
Aliases:
|
||||
get-encryption-config, get-encryption-configs
|
||||
|
||||
Examples:
|
||||
|
||||
# List all the encryption configs airshipctl knows about
|
||||
airshipctl config get-encryption-configs
|
||||
|
||||
# Display a specific encryption config
|
||||
airshipctl config get-encryption-config exampleConfig
|
||||
|
||||
|
||||
Flags:
|
||||
-h, --help help for get-encryption-config
|
||||
|
@ -0,0 +1,19 @@
|
||||
Display a specific encryption config information, or all defined encryption configs if no name is provided.
|
||||
|
||||
Usage:
|
||||
get-encryption-config NAME [flags]
|
||||
|
||||
Aliases:
|
||||
get-encryption-config, get-encryption-configs
|
||||
|
||||
Examples:
|
||||
|
||||
# List all the encryption configs airshipctl knows about
|
||||
airshipctl config get-encryption-configs
|
||||
|
||||
# Display a specific encryption config
|
||||
airshipctl config get-encryption-config exampleConfig
|
||||
|
||||
|
||||
Flags:
|
||||
-h, --help help for get-encryption-config
|
@ -0,0 +1,24 @@
|
||||
Error: Specify both encryption and decryption keys when setting encryption config
|
||||
Usage:
|
||||
set-encryption-config NAME [flags]
|
||||
|
||||
Examples:
|
||||
|
||||
# Create an encryption config with local gpg key source
|
||||
airshipctl config set-encryption-config exampleConfig \
|
||||
--encryption-key path-to-encryption-key \
|
||||
--decryption-key path-to-encryption-key
|
||||
|
||||
# Create an encryption config with kube api server secret as the store to store encryption keys
|
||||
airshipctl config set-encryption-config exampleConfig \
|
||||
--secret-name secretName \
|
||||
--secret-namespace secretNamespace
|
||||
|
||||
|
||||
Flags:
|
||||
--decryption-key-path string the path to the decryption key file
|
||||
--encryption-key-path string the path to the encryption key file
|
||||
-h, --help help for set-encryption-config
|
||||
--secret-name string name of the secret consisting of the encryption and decryption keys
|
||||
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys
|
||||
|
@ -24,11 +24,13 @@ Manage the airshipctl config file
|
||||
|
||||
* [airshipctl](airshipctl.md) - A unified entrypoint to various airship components
|
||||
* [airshipctl config get-context](airshipctl_config_get-context.md) - Get context information from the airshipctl config
|
||||
* [airshipctl config get-encryption-config](airshipctl_config_get-encryption-config.md) - Get an encryption config information from the airshipctl config
|
||||
* [airshipctl config get-management-config](airshipctl_config_get-management-config.md) - View a management config or all management configs defined in the airshipctl config
|
||||
* [airshipctl config get-manifest](airshipctl_config_get-manifest.md) - Get a manifest information from the airshipctl config
|
||||
* [airshipctl config import](airshipctl_config_import.md) - Merge information from a kubernetes config file
|
||||
* [airshipctl config init](airshipctl_config_init.md) - Generate initial configuration files for airshipctl
|
||||
* [airshipctl config set-context](airshipctl_config_set-context.md) - Manage contexts
|
||||
* [airshipctl config set-encryption-config](airshipctl_config_set-encryption-config.md) - Manage encryption configs in airship config
|
||||
* [airshipctl config set-management-config](airshipctl_config_set-management-config.md) - Modify an out-of-band management configuration
|
||||
* [airshipctl config set-manifest](airshipctl_config_set-manifest.md) - Manage manifests in airship config
|
||||
* [airshipctl config use-context](airshipctl_config_use-context.md) - Switch to a different context
|
||||
|
43
docs/source/cli/airshipctl_config_get-encryption-config.md
Normal file
43
docs/source/cli/airshipctl_config_get-encryption-config.md
Normal file
@ -0,0 +1,43 @@
|
||||
## airshipctl config get-encryption-config
|
||||
|
||||
Get an encryption config information from the airshipctl config
|
||||
|
||||
### Synopsis
|
||||
|
||||
Display a specific encryption config information, or all defined encryption configs if no name is provided.
|
||||
|
||||
|
||||
```
|
||||
airshipctl config get-encryption-config NAME [flags]
|
||||
```
|
||||
|
||||
### Examples
|
||||
|
||||
```
|
||||
|
||||
# List all the encryption configs airshipctl knows about
|
||||
airshipctl config get-encryption-configs
|
||||
|
||||
# Display a specific encryption config
|
||||
airshipctl config get-encryption-config exampleConfig
|
||||
|
||||
```
|
||||
|
||||
### Options
|
||||
|
||||
```
|
||||
-h, --help help for get-encryption-config
|
||||
```
|
||||
|
||||
### Options inherited from parent commands
|
||||
|
||||
```
|
||||
--airshipconf string Path to file for airshipctl configuration. (default "$HOME/.airship/config")
|
||||
--debug enable verbose output
|
||||
--kubeconfig string Path to kubeconfig associated with airshipctl configuration. (default "$HOME/.airship/kubeconfig")
|
||||
```
|
||||
|
||||
### SEE ALSO
|
||||
|
||||
* [airshipctl config](airshipctl_config.md) - Manage the airshipctl config file
|
||||
|
@ -21,6 +21,7 @@ airshipctl config set-context exampleContext \
|
||||
--manifest=exampleManifest \
|
||||
--user=exampleUser
|
||||
--cluster-type=target
|
||||
--encryption-config=exampleEncryptionConfig
|
||||
|
||||
# Update the manifest of the current-context
|
||||
airshipctl config set-context \
|
||||
@ -32,13 +33,14 @@ airshipctl config set-context \
|
||||
### Options
|
||||
|
||||
```
|
||||
--cluster string set the cluster for the specified context
|
||||
--cluster-type string set the cluster-type for the specified context
|
||||
--current update the current context
|
||||
-h, --help help for set-context
|
||||
--manifest string set the manifest for the specified context
|
||||
--namespace string set the namespace for the specified context
|
||||
--user string set the user for the specified context
|
||||
--cluster string set the cluster for the specified context
|
||||
--cluster-type string set the cluster-type for the specified context
|
||||
--current update the current context
|
||||
--encryption-config string set the encryption config for the specified context
|
||||
-h, --help help for set-context
|
||||
--manifest string set the manifest for the specified context
|
||||
--namespace string set the namespace for the specified context
|
||||
--user string set the user for the specified context
|
||||
```
|
||||
|
||||
### Options inherited from parent commands
|
||||
|
53
docs/source/cli/airshipctl_config_set-encryption-config.md
Normal file
53
docs/source/cli/airshipctl_config_set-encryption-config.md
Normal file
@ -0,0 +1,53 @@
|
||||
## airshipctl config set-encryption-config
|
||||
|
||||
Manage encryption configs in airship config
|
||||
|
||||
### Synopsis
|
||||
|
||||
Create or modify an encryption config in the airshipctl config file.
|
||||
|
||||
Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects
|
||||
|
||||
|
||||
```
|
||||
airshipctl config set-encryption-config NAME [flags]
|
||||
```
|
||||
|
||||
### Examples
|
||||
|
||||
```
|
||||
|
||||
# Create an encryption config with local gpg key source
|
||||
airshipctl config set-encryption-config exampleConfig \
|
||||
--encryption-key path-to-encryption-key \
|
||||
--decryption-key path-to-encryption-key
|
||||
|
||||
# Create an encryption config with kube api server secret as the store to store encryption keys
|
||||
airshipctl config set-encryption-config exampleConfig \
|
||||
--secret-name secretName \
|
||||
--secret-namespace secretNamespace
|
||||
|
||||
```
|
||||
|
||||
### Options
|
||||
|
||||
```
|
||||
--decryption-key-path string the path to the decryption key file
|
||||
--encryption-key-path string the path to the encryption key file
|
||||
-h, --help help for set-encryption-config
|
||||
--secret-name string name of the secret consisting of the encryption and decryption keys
|
||||
--secret-namespace string namespace of the secret consisting of the encryption and decryption keys
|
||||
```
|
||||
|
||||
### Options inherited from parent commands
|
||||
|
||||
```
|
||||
--airshipconf string Path to file for airshipctl configuration. (default "$HOME/.airship/config")
|
||||
--debug enable verbose output
|
||||
--kubeconfig string Path to kubeconfig associated with airshipctl configuration. (default "$HOME/.airship/kubeconfig")
|
||||
```
|
||||
|
||||
### SEE ALSO
|
||||
|
||||
* [airshipctl config](airshipctl_config.md) - Manage the airshipctl config file
|
||||
|
Loading…
Reference in New Issue
Block a user