diff --git a/cmd/config/config.go b/cmd/config/config.go index cde0dd6b0..278fa9a93 100644 --- a/cmd/config/config.go +++ b/cmd/config/config.go @@ -40,6 +40,9 @@ func NewConfigCommand(cfgFactory config.Factory) *cobra.Command { configRootCmd.AddCommand(NewGetManifestCommand(cfgFactory)) configRootCmd.AddCommand(NewSetManifestCommand(cfgFactory)) + configRootCmd.AddCommand(NewGetEncryptionConfigCommand(cfgFactory)) + configRootCmd.AddCommand(NewSetEncryptionConfigCommand(cfgFactory)) + // Init will have different factory configRootCmd.AddCommand(NewInitCommand()) return configRootCmd diff --git a/cmd/config/get_encryption_config.go b/cmd/config/get_encryption_config.go new file mode 100644 index 000000000..e5ca5f4e3 --- /dev/null +++ b/cmd/config/get_encryption_config.go @@ -0,0 +1,76 @@ +/* + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "fmt" + + "github.com/spf13/cobra" + + "opendev.org/airship/airshipctl/pkg/config" +) + +const ( + getEncryptionConfigsLong = ` +Display a specific encryption config information, or all defined encryption configs if no name is provided. +` + + getEncryptionConfigsExample = ` +# List all the encryption configs airshipctl knows about +airshipctl config get-encryption-configs + +# Display a specific encryption config +airshipctl config get-encryption-config exampleConfig +` +) + +// NewGetEncryptionConfigCommand creates a command that enables printing an encryption configuration to stdout. +func NewGetEncryptionConfigCommand(cfgFactory config.Factory) *cobra.Command { + cmd := &cobra.Command{ + Use: "get-encryption-config NAME", + Short: "Get an encryption config information from the airshipctl config", + Long: getEncryptionConfigsLong[1:], + Example: getEncryptionConfigsExample, + Args: cobra.MaximumNArgs(1), + Aliases: []string{"get-encryption-configs"}, + RunE: func(cmd *cobra.Command, args []string) error { + airconfig, err := cfgFactory() + if err != nil { + return err + } + if len(args) == 1 { + name := args[0] + encryptionConfig, exists := airconfig.EncryptionConfigs[name] + if !exists { + return config.ErrEncryptionConfigurationNotFound{ + Name: fmt.Sprintf("Encryption Config with name '%s'", name), + } + } + fmt.Fprintln(cmd.OutOrStdout(), encryptionConfig) + } else { + encryptionConfigs := airconfig.GetEncryptionConfigs() + if len(encryptionConfigs) == 0 { + fmt.Fprintln(cmd.OutOrStdout(), "No Encryption Config found in the configuration.") + } + for _, encryptionConfig := range encryptionConfigs { + fmt.Fprintln(cmd.OutOrStdout(), encryptionConfig) + } + } + return nil + }, + } + + return cmd +} diff --git a/cmd/config/get_encryption_config_test.go b/cmd/config/get_encryption_config_test.go new file mode 100644 index 000000000..e4aafe39c --- /dev/null +++ b/cmd/config/get_encryption_config_test.go @@ -0,0 +1,67 @@ +/* +Copyright 2014 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package config_test + +import ( + "testing" + + cmd "opendev.org/airship/airshipctl/cmd/config" + "opendev.org/airship/airshipctl/pkg/config" + "opendev.org/airship/airshipctl/testutil" +) + +func TestGetEncryptionConfigCmd(t *testing.T) { + settings := func() (*config.Config, error) { + return &config.Config{ + EncryptionConfigs: map[string]*config.EncryptionConfig{ + config.AirshipDefaultContext: testutil.DummyEncryptionConfig(), + }, + }, nil + } + + emptySettings := func() (*config.Config, error) { + return &config.Config{}, nil + } + + cmdTests := []*testutil.CmdTest{ + { + Name: "get-encryption-config-with-help", + CmdLine: "--help", + Cmd: cmd.NewGetEncryptionConfigCommand(nil), + }, + { + Name: "get-encryption-config-not-found", + CmdLine: "foo", + Cmd: cmd.NewGetEncryptionConfigCommand(emptySettings), + Error: config.ErrEncryptionConfigurationNotFound{Name: "foo"}, + }, + { + Name: "get-encryption-config-all", + CmdLine: "", + Cmd: cmd.NewGetEncryptionConfigCommand(settings), + }, + { + Name: "get-empty-encryption-config", + CmdLine: config.AirshipDefaultContext, + Cmd: cmd.NewGetEncryptionConfigCommand(settings), + }, + } + + for _, tt := range cmdTests { + testutil.RunTest(t, tt) + } +} diff --git a/cmd/config/set_context.go b/cmd/config/set_context.go index 856eec109..4a0d3541b 100644 --- a/cmd/config/set_context.go +++ b/cmd/config/set_context.go @@ -36,6 +36,7 @@ airshipctl config set-context exampleContext \ --manifest=exampleManifest \ --user=exampleUser --cluster-type=target + --encryption-config=exampleEncryptionConfig # Update the manifest of the current-context airshipctl config set-context \ @@ -108,6 +109,12 @@ func addSetContextFlags(o *config.ContextOptions, cmd *cobra.Command) { "", "set the manifest for the specified context") + flags.StringVar( + &o.EncryptionConfig, + "encryption-config", + "", + "set the encryption config for the specified context") + flags.StringVar( &o.Namespace, "namespace", diff --git a/cmd/config/set_context_test.go b/cmd/config/set_context_test.go index 46292d88c..ea33ccefd 100644 --- a/cmd/config/set_context_test.go +++ b/cmd/config/set_context_test.go @@ -30,10 +30,11 @@ import ( ) const ( - testUser = "admin@kubernetes" - defaultManifest = "edge_cloud" - defaultNamespace = "kube-system" - testManifest = "test_manifest" + testUser = "admin@kubernetes" + defaultManifest = "edge_cloud" + defaultNamespace = "kube-system" + testManifest = "test_manifest" + testEncryptionConfig = "test_encryption_config" ) type setContextTest struct { @@ -73,11 +74,12 @@ func TestSetContext(t *testing.T) { defer cleanupGiven(t) tests := []struct { - testName string - contextName string - flags []string - givenConfig *config.Config - manifest string + testName string + contextName string + flags []string + givenConfig *config.Config + manifest string + encryptionConfig string }{ { testName: "set-context", @@ -87,9 +89,11 @@ func TestSetContext(t *testing.T) { "--user=" + testUser, "--manifest=" + defaultManifest, "--namespace=" + defaultNamespace, + "--encryption-config=" + testEncryptionConfig, }, - givenConfig: given, - manifest: defaultManifest, + givenConfig: given, + manifest: defaultManifest, + encryptionConfig: testEncryptionConfig, }, { testName: "set-current-context", @@ -106,6 +110,15 @@ func TestSetContext(t *testing.T) { givenConfig: given, manifest: testManifest, }, + { + testName: "modify-context", + contextName: "def_target", + flags: []string{ + "--encryption-config=" + testEncryptionConfig, + }, + givenConfig: given, + encryptionConfig: testEncryptionConfig, + }, } for _, tt := range tests { diff --git a/cmd/config/set_encryption_config.go b/cmd/config/set_encryption_config.go new file mode 100644 index 000000000..f92989a8e --- /dev/null +++ b/cmd/config/set_encryption_config.go @@ -0,0 +1,106 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package config + +import ( + "fmt" + + "github.com/spf13/cobra" + + "opendev.org/airship/airshipctl/pkg/config" +) + +const ( + setEncryptionConfigLong = ` +Create or modify an encryption config in the airshipctl config file. + +Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects +` + + setEncryptionConfigExample = ` +# Create an encryption config with local gpg key source +airshipctl config set-encryption-config exampleConfig \ + --encryption-key path-to-encryption-key \ + --decryption-key path-to-encryption-key + +# Create an encryption config with kube api server secret as the store to store encryption keys +airshipctl config set-encryption-config exampleConfig \ + --secret-name secretName \ + --secret-namespace secretNamespace +` +) + +// NewSetEncryptionConfigCommand creates a command for creating and modifying encryption +// configs in the airshipctl config file. +func NewSetEncryptionConfigCommand(cfgFactory config.Factory) *cobra.Command { + o := &config.EncryptionConfigOptions{} + cmd := &cobra.Command{ + Use: "set-encryption-config NAME", + Short: "Manage encryption configs in airship config", + Long: setEncryptionConfigLong[1:], + Example: setEncryptionConfigExample, + Args: cobra.ExactArgs(1), + RunE: func(cmd *cobra.Command, args []string) error { + cfg, err := cfgFactory() + if err != nil { + return err + } + o.Name = args[0] + modified, err := config.RunSetEncryptionConfig(o, cfg, true) + if err != nil { + return err + } + if modified { + fmt.Fprintf(cmd.OutOrStdout(), "Encryption Config %q modified.\n", o.Name) + } else { + fmt.Fprintf(cmd.OutOrStdout(), "Encryption Config %q created.\n", o.Name) + } + return nil + }, + } + + addSetEncryptionConfigFlags(o, cmd) + return cmd +} + +func addSetEncryptionConfigFlags(o *config.EncryptionConfigOptions, cmd *cobra.Command) { + flags := cmd.Flags() + + flags.StringVar( + &o.EncryptionKeyPath, + "encryption-key-path", + "", + "the path to the encryption key file") + + flags.StringVar( + &o.DecryptionKeyPath, + "decryption-key-path", + "", + "the path to the decryption key file") + + flags.StringVar( + &o.KeySecretName, + "secret-name", + "", + "name of the secret consisting of the encryption and decryption keys") + + flags.StringVar( + &o.KeySecretNamespace, + "secret-namespace", + "", + "namespace of the secret consisting of the encryption and decryption keys") +} diff --git a/cmd/config/set_encryption_configuration_test.go b/cmd/config/set_encryption_configuration_test.go new file mode 100644 index 000000000..49c86253b --- /dev/null +++ b/cmd/config/set_encryption_configuration_test.go @@ -0,0 +1,179 @@ +/* + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "fmt" + "strings" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "opendev.org/airship/airshipctl/pkg/config" + "opendev.org/airship/airshipctl/testutil" +) + +const ( + encryptionConfigName = "encryptionConfig" + secretName = "secretName" + secretNamespace = "secretNamespace" + encryptionKeyFilePath = "/tmp/encryption.key" + decryptionKeyFilePath = "/tmp/decryption.pub" +) + +func TestConfigSetEncryptionConfigurationCmd(t *testing.T) { + cmdTests := []*testutil.CmdTest{ + { + Name: "config-cmd-set-encryption-config-with-help", + CmdLine: "--help", + Cmd: NewSetEncryptionConfigCommand(nil), + }, + { + Name: "config-cmd-set-encryption-config-no-args", + CmdLine: "", + Cmd: NewSetEncryptionConfigCommand(nil), + Error: fmt.Errorf("accepts %d arg(s), received %d", 1, 0), + }, + { + Name: "config-cmd-set-encryption-config-excess-args", + CmdLine: "arg1 arg2", + Cmd: NewSetEncryptionConfigCommand(nil), + Error: fmt.Errorf("accepts %d arg(s), received %d", 1, 2), + }, + } + + for _, tt := range cmdTests { + testutil.RunTest(t, tt) + } +} + +func TestSetEncryptionConfig(t *testing.T) { + given, cleanupGiven := testutil.InitConfig(t) + defer cleanupGiven(t) + + tests := []struct { + testName string + encryptionConfigName string + flags []string + inputConfig *config.Config + secretName string + secretNamespace string + encryptionKeyFilePath string + decryptionKeyFilePath string + error error + }{ + { + testName: "set-encryption-config-error-no-encryption", + encryptionKeyFilePath: encryptionKeyFilePath, + decryptionKeyFilePath: decryptionKeyFilePath, + encryptionConfigName: encryptionConfigName, + flags: []string{ + "--decryption-key-path " + decryptionKeyFilePath, + }, + error: fmt.Errorf("you must specify both encryption " + + "and decryption keys when setting encryption config"), + inputConfig: given, + }, + { + testName: "set-encryption-config-error-no-decryption", + flags: []string{ + "--encryption-key-path " + encryptionKeyFilePath, + }, + error: fmt.Errorf("you must specify both encryption " + + "and decryption keys when setting encryption config"), + encryptionConfigName: encryptionConfigName, + encryptionKeyFilePath: encryptionKeyFilePath, + decryptionKeyFilePath: decryptionKeyFilePath, + }, + { + testName: "set-encryption-config-error-no-options", + encryptionConfigName: encryptionConfigName, + error: fmt.Errorf("you must specify both encryption " + + "and decryption keys when setting encryption config"), + inputConfig: given, + }, + { + testName: "set-encryption-config", + encryptionConfigName: encryptionConfigName, + encryptionKeyFilePath: encryptionKeyFilePath, + decryptionKeyFilePath: decryptionKeyFilePath, + flags: []string{ + "--decryption-key-path " + decryptionKeyFilePath, + "--encryption-key-path " + encryptionKeyFilePath, + }, + inputConfig: given, + }, + { + testName: "set-encryption-config-error-no-namespace", + encryptionConfigName: encryptionConfigName, + flags: []string{ + "--secret-name " + secretName, + }, + error: fmt.Errorf("you must specify both secret name and namespace" + + " when setting encryption config"), + }, + { + testName: "set-encryption-config-error-no-secret-name", + encryptionConfigName: encryptionConfigName, + flags: []string{ + "--secret-namespace " + secretNamespace, + }, + error: fmt.Errorf("you must specify both secret name and namespace" + + " when setting encryption config"), + }, + { + testName: "set-encryption-config", + encryptionConfigName: encryptionConfigName, + secretName: secretName, + secretNamespace: secretNamespace, + encryptionKeyFilePath: encryptionKeyFilePath, + decryptionKeyFilePath: decryptionKeyFilePath, + flags: []string{ + "--secret-name " + secretName, + "--secret-namespace " + secretNamespace, + }, + inputConfig: given, + }, + } + + for _, tt := range tests { + settings := func() (*config.Config, error) { + return tt.inputConfig, nil + } + + cmd := &testutil.CmdTest{ + Name: tt.testName, + CmdLine: fmt.Sprintf("%s %s", tt.encryptionConfigName, strings.Join(tt.flags, " ")), + Error: tt.error, + Cmd: NewSetEncryptionConfigCommand(settings), + } + + testutil.RunTest(t, cmd) + + if cmd.Error != nil { + return + } + + afterRunConf := tt.inputConfig + // Find the Encryption Config Created or Modified + afterRunEncryptionConfig, _ := afterRunConf.EncryptionConfigs[tt.encryptionConfigName] + require.NotNil(t, afterRunEncryptionConfig) + assert.EqualValues(t, afterRunEncryptionConfig.KeySecretName, tt.secretName) + assert.EqualValues(t, afterRunEncryptionConfig.KeySecretNamespace, tt.secretNamespace) + assert.EqualValues(t, afterRunEncryptionConfig.EncryptionKeyPath, tt.encryptionKeyFilePath) + assert.EqualValues(t, afterRunEncryptionConfig.DecryptionKeyPath, tt.decryptionKeyFilePath) + } +} diff --git a/cmd/config/testdata/TestConfigGoldenOutput/config-cmd-with-help.golden b/cmd/config/testdata/TestConfigGoldenOutput/config-cmd-with-help.golden index 80b46bfc4..6ba799f4d 100644 --- a/cmd/config/testdata/TestConfigGoldenOutput/config-cmd-with-help.golden +++ b/cmd/config/testdata/TestConfigGoldenOutput/config-cmd-with-help.golden @@ -5,12 +5,14 @@ Usage: Available Commands: get-context Get context information from the airshipctl config + get-encryption-config Get an encryption config information from the airshipctl config get-management-config View a management config or all management configs defined in the airshipctl config get-manifest Get a manifest information from the airshipctl config help Help about any command import Merge information from a kubernetes config file init Generate initial configuration files for airshipctl set-context Manage contexts + set-encryption-config Manage encryption configs in airship config set-management-config Modify an out-of-band management configuration set-manifest Manage manifests in airship config use-context Switch to a different context diff --git a/cmd/config/testdata/TestConfigSetContextGoldenOutput/config-cmd-set-context-too-many-args.golden b/cmd/config/testdata/TestConfigSetContextGoldenOutput/config-cmd-set-context-too-many-args.golden index e1ca03cc8..c7c0fd88b 100644 --- a/cmd/config/testdata/TestConfigSetContextGoldenOutput/config-cmd-set-context-too-many-args.golden +++ b/cmd/config/testdata/TestConfigSetContextGoldenOutput/config-cmd-set-context-too-many-args.golden @@ -10,6 +10,7 @@ airshipctl config set-context exampleContext \ --manifest=exampleManifest \ --user=exampleUser --cluster-type=target + --encryption-config=exampleEncryptionConfig # Update the manifest of the current-context airshipctl config set-context \ @@ -18,11 +19,12 @@ airshipctl config set-context \ Flags: - --cluster string set the cluster for the specified context - --cluster-type string set the cluster-type for the specified context - --current update the current context - -h, --help help for set-context - --manifest string set the manifest for the specified context - --namespace string set the namespace for the specified context - --user string set the user for the specified context + --cluster string set the cluster for the specified context + --cluster-type string set the cluster-type for the specified context + --current update the current context + --encryption-config string set the encryption config for the specified context + -h, --help help for set-context + --manifest string set the manifest for the specified context + --namespace string set the namespace for the specified context + --user string set the user for the specified context diff --git a/cmd/config/testdata/TestConfigSetContextGoldenOutput/config-cmd-set-context-with-help.golden b/cmd/config/testdata/TestConfigSetContextGoldenOutput/config-cmd-set-context-with-help.golden index d7123f097..4dab3e1ea 100644 --- a/cmd/config/testdata/TestConfigSetContextGoldenOutput/config-cmd-set-context-with-help.golden +++ b/cmd/config/testdata/TestConfigSetContextGoldenOutput/config-cmd-set-context-with-help.golden @@ -11,6 +11,7 @@ airshipctl config set-context exampleContext \ --manifest=exampleManifest \ --user=exampleUser --cluster-type=target + --encryption-config=exampleEncryptionConfig # Update the manifest of the current-context airshipctl config set-context \ @@ -19,10 +20,11 @@ airshipctl config set-context \ Flags: - --cluster string set the cluster for the specified context - --cluster-type string set the cluster-type for the specified context - --current update the current context - -h, --help help for set-context - --manifest string set the manifest for the specified context - --namespace string set the namespace for the specified context - --user string set the user for the specified context + --cluster string set the cluster for the specified context + --cluster-type string set the cluster-type for the specified context + --current update the current context + --encryption-config string set the encryption config for the specified context + -h, --help help for set-context + --manifest string set the manifest for the specified context + --namespace string set the namespace for the specified context + --user string set the user for the specified context diff --git a/cmd/config/testdata/TestConfigSetEncryptionConfigurationCmdGoldenOutput/config-cmd-set-encryption-config-excess-args.golden b/cmd/config/testdata/TestConfigSetEncryptionConfigurationCmdGoldenOutput/config-cmd-set-encryption-config-excess-args.golden new file mode 100644 index 000000000..071b0076e --- /dev/null +++ b/cmd/config/testdata/TestConfigSetEncryptionConfigurationCmdGoldenOutput/config-cmd-set-encryption-config-excess-args.golden @@ -0,0 +1,24 @@ +Error: accepts 1 arg(s), received 2 +Usage: + set-encryption-config NAME [flags] + +Examples: + +# Create an encryption config with local gpg key source +airshipctl config set-encryption-config exampleConfig \ + --encryption-key path-to-encryption-key \ + --decryption-key path-to-encryption-key + +# Create an encryption config with kube api server secret as the store to store encryption keys +airshipctl config set-encryption-config exampleConfig \ + --secret-name secretName \ + --secret-namespace secretNamespace + + +Flags: + --decryption-key-path string the path to the decryption key file + --encryption-key-path string the path to the encryption key file + -h, --help help for set-encryption-config + --secret-name string name of the secret consisting of the encryption and decryption keys + --secret-namespace string namespace of the secret consisting of the encryption and decryption keys + diff --git a/cmd/config/testdata/TestConfigSetEncryptionConfigurationCmdGoldenOutput/config-cmd-set-encryption-config-no-args.golden b/cmd/config/testdata/TestConfigSetEncryptionConfigurationCmdGoldenOutput/config-cmd-set-encryption-config-no-args.golden new file mode 100644 index 000000000..625793b38 --- /dev/null +++ b/cmd/config/testdata/TestConfigSetEncryptionConfigurationCmdGoldenOutput/config-cmd-set-encryption-config-no-args.golden @@ -0,0 +1,24 @@ +Error: accepts 1 arg(s), received 0 +Usage: + set-encryption-config NAME [flags] + +Examples: + +# Create an encryption config with local gpg key source +airshipctl config set-encryption-config exampleConfig \ + --encryption-key path-to-encryption-key \ + --decryption-key path-to-encryption-key + +# Create an encryption config with kube api server secret as the store to store encryption keys +airshipctl config set-encryption-config exampleConfig \ + --secret-name secretName \ + --secret-namespace secretNamespace + + +Flags: + --decryption-key-path string the path to the decryption key file + --encryption-key-path string the path to the encryption key file + -h, --help help for set-encryption-config + --secret-name string name of the secret consisting of the encryption and decryption keys + --secret-namespace string namespace of the secret consisting of the encryption and decryption keys + diff --git a/cmd/config/testdata/TestConfigSetEncryptionConfigurationCmdGoldenOutput/config-cmd-set-encryption-config-with-help.golden b/cmd/config/testdata/TestConfigSetEncryptionConfigurationCmdGoldenOutput/config-cmd-set-encryption-config-with-help.golden new file mode 100644 index 000000000..290d120a0 --- /dev/null +++ b/cmd/config/testdata/TestConfigSetEncryptionConfigurationCmdGoldenOutput/config-cmd-set-encryption-config-with-help.golden @@ -0,0 +1,26 @@ +Create or modify an encryption config in the airshipctl config file. + +Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects + +Usage: + set-encryption-config NAME [flags] + +Examples: + +# Create an encryption config with local gpg key source +airshipctl config set-encryption-config exampleConfig \ + --encryption-key path-to-encryption-key \ + --decryption-key path-to-encryption-key + +# Create an encryption config with kube api server secret as the store to store encryption keys +airshipctl config set-encryption-config exampleConfig \ + --secret-name secretName \ + --secret-namespace secretNamespace + + +Flags: + --decryption-key-path string the path to the decryption key file + --encryption-key-path string the path to the encryption key file + -h, --help help for set-encryption-config + --secret-name string name of the secret consisting of the encryption and decryption keys + --secret-namespace string namespace of the secret consisting of the encryption and decryption keys diff --git a/cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-empty-encryption-config.golden b/cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-empty-encryption-config.golden new file mode 100644 index 000000000..54c9e0ba9 --- /dev/null +++ b/cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-empty-encryption-config.golden @@ -0,0 +1,3 @@ +decryptionKeyPath: /tmp/decryption.pub +encryptionKeyPath: /tmp/encryption.key + diff --git a/cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-encryption-config-all.golden b/cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-encryption-config-all.golden new file mode 100644 index 000000000..54c9e0ba9 --- /dev/null +++ b/cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-encryption-config-all.golden @@ -0,0 +1,3 @@ +decryptionKeyPath: /tmp/decryption.pub +encryptionKeyPath: /tmp/encryption.key + diff --git a/cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-encryption-config-not-found.golden b/cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-encryption-config-not-found.golden new file mode 100644 index 000000000..e02aa3dad --- /dev/null +++ b/cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-encryption-config-not-found.golden @@ -0,0 +1,19 @@ +Error: Unknown encryption configuration 'Encryption Config with name 'foo''. +Usage: + get-encryption-config NAME [flags] + +Aliases: + get-encryption-config, get-encryption-configs + +Examples: + +# List all the encryption configs airshipctl knows about +airshipctl config get-encryption-configs + +# Display a specific encryption config +airshipctl config get-encryption-config exampleConfig + + +Flags: + -h, --help help for get-encryption-config + diff --git a/cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-encryption-config-with-help.golden b/cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-encryption-config-with-help.golden new file mode 100644 index 000000000..518a742d3 --- /dev/null +++ b/cmd/config/testdata/TestGetEncryptionConfigCmdGoldenOutput/get-encryption-config-with-help.golden @@ -0,0 +1,19 @@ +Display a specific encryption config information, or all defined encryption configs if no name is provided. + +Usage: + get-encryption-config NAME [flags] + +Aliases: + get-encryption-config, get-encryption-configs + +Examples: + +# List all the encryption configs airshipctl knows about +airshipctl config get-encryption-configs + +# Display a specific encryption config +airshipctl config get-encryption-config exampleConfig + + +Flags: + -h, --help help for get-encryption-config diff --git a/cmd/config/testdata/TestSetEncryptionConfigGoldenOutput/set-encryption-config-error-no-encryption.golden b/cmd/config/testdata/TestSetEncryptionConfigGoldenOutput/set-encryption-config-error-no-encryption.golden new file mode 100644 index 000000000..15935ad33 --- /dev/null +++ b/cmd/config/testdata/TestSetEncryptionConfigGoldenOutput/set-encryption-config-error-no-encryption.golden @@ -0,0 +1,24 @@ +Error: Specify both encryption and decryption keys when setting encryption config +Usage: + set-encryption-config NAME [flags] + +Examples: + +# Create an encryption config with local gpg key source +airshipctl config set-encryption-config exampleConfig \ + --encryption-key path-to-encryption-key \ + --decryption-key path-to-encryption-key + +# Create an encryption config with kube api server secret as the store to store encryption keys +airshipctl config set-encryption-config exampleConfig \ + --secret-name secretName \ + --secret-namespace secretNamespace + + +Flags: + --decryption-key-path string the path to the decryption key file + --encryption-key-path string the path to the encryption key file + -h, --help help for set-encryption-config + --secret-name string name of the secret consisting of the encryption and decryption keys + --secret-namespace string namespace of the secret consisting of the encryption and decryption keys + diff --git a/docs/source/cli/airshipctl_config.md b/docs/source/cli/airshipctl_config.md index 43c87a537..81ce4233b 100644 --- a/docs/source/cli/airshipctl_config.md +++ b/docs/source/cli/airshipctl_config.md @@ -24,11 +24,13 @@ Manage the airshipctl config file * [airshipctl](airshipctl.md) - A unified entrypoint to various airship components * [airshipctl config get-context](airshipctl_config_get-context.md) - Get context information from the airshipctl config +* [airshipctl config get-encryption-config](airshipctl_config_get-encryption-config.md) - Get an encryption config information from the airshipctl config * [airshipctl config get-management-config](airshipctl_config_get-management-config.md) - View a management config or all management configs defined in the airshipctl config * [airshipctl config get-manifest](airshipctl_config_get-manifest.md) - Get a manifest information from the airshipctl config * [airshipctl config import](airshipctl_config_import.md) - Merge information from a kubernetes config file * [airshipctl config init](airshipctl_config_init.md) - Generate initial configuration files for airshipctl * [airshipctl config set-context](airshipctl_config_set-context.md) - Manage contexts +* [airshipctl config set-encryption-config](airshipctl_config_set-encryption-config.md) - Manage encryption configs in airship config * [airshipctl config set-management-config](airshipctl_config_set-management-config.md) - Modify an out-of-band management configuration * [airshipctl config set-manifest](airshipctl_config_set-manifest.md) - Manage manifests in airship config * [airshipctl config use-context](airshipctl_config_use-context.md) - Switch to a different context diff --git a/docs/source/cli/airshipctl_config_get-encryption-config.md b/docs/source/cli/airshipctl_config_get-encryption-config.md new file mode 100644 index 000000000..0a7579484 --- /dev/null +++ b/docs/source/cli/airshipctl_config_get-encryption-config.md @@ -0,0 +1,43 @@ +## airshipctl config get-encryption-config + +Get an encryption config information from the airshipctl config + +### Synopsis + +Display a specific encryption config information, or all defined encryption configs if no name is provided. + + +``` +airshipctl config get-encryption-config NAME [flags] +``` + +### Examples + +``` + +# List all the encryption configs airshipctl knows about +airshipctl config get-encryption-configs + +# Display a specific encryption config +airshipctl config get-encryption-config exampleConfig + +``` + +### Options + +``` + -h, --help help for get-encryption-config +``` + +### Options inherited from parent commands + +``` + --airshipconf string Path to file for airshipctl configuration. (default "$HOME/.airship/config") + --debug enable verbose output + --kubeconfig string Path to kubeconfig associated with airshipctl configuration. (default "$HOME/.airship/kubeconfig") +``` + +### SEE ALSO + +* [airshipctl config](airshipctl_config.md) - Manage the airshipctl config file + diff --git a/docs/source/cli/airshipctl_config_set-context.md b/docs/source/cli/airshipctl_config_set-context.md index 855817b72..1fd691010 100644 --- a/docs/source/cli/airshipctl_config_set-context.md +++ b/docs/source/cli/airshipctl_config_set-context.md @@ -21,6 +21,7 @@ airshipctl config set-context exampleContext \ --manifest=exampleManifest \ --user=exampleUser --cluster-type=target + --encryption-config=exampleEncryptionConfig # Update the manifest of the current-context airshipctl config set-context \ @@ -32,13 +33,14 @@ airshipctl config set-context \ ### Options ``` - --cluster string set the cluster for the specified context - --cluster-type string set the cluster-type for the specified context - --current update the current context - -h, --help help for set-context - --manifest string set the manifest for the specified context - --namespace string set the namespace for the specified context - --user string set the user for the specified context + --cluster string set the cluster for the specified context + --cluster-type string set the cluster-type for the specified context + --current update the current context + --encryption-config string set the encryption config for the specified context + -h, --help help for set-context + --manifest string set the manifest for the specified context + --namespace string set the namespace for the specified context + --user string set the user for the specified context ``` ### Options inherited from parent commands diff --git a/docs/source/cli/airshipctl_config_set-encryption-config.md b/docs/source/cli/airshipctl_config_set-encryption-config.md new file mode 100644 index 000000000..623c8db09 --- /dev/null +++ b/docs/source/cli/airshipctl_config_set-encryption-config.md @@ -0,0 +1,53 @@ +## airshipctl config set-encryption-config + +Manage encryption configs in airship config + +### Synopsis + +Create or modify an encryption config in the airshipctl config file. + +Encryption configs are local files or kubernetes secrets that are used to encrypt and decrypt kubernetes objects + + +``` +airshipctl config set-encryption-config NAME [flags] +``` + +### Examples + +``` + +# Create an encryption config with local gpg key source +airshipctl config set-encryption-config exampleConfig \ + --encryption-key path-to-encryption-key \ + --decryption-key path-to-encryption-key + +# Create an encryption config with kube api server secret as the store to store encryption keys +airshipctl config set-encryption-config exampleConfig \ + --secret-name secretName \ + --secret-namespace secretNamespace + +``` + +### Options + +``` + --decryption-key-path string the path to the decryption key file + --encryption-key-path string the path to the encryption key file + -h, --help help for set-encryption-config + --secret-name string name of the secret consisting of the encryption and decryption keys + --secret-namespace string namespace of the secret consisting of the encryption and decryption keys +``` + +### Options inherited from parent commands + +``` + --airshipconf string Path to file for airshipctl configuration. (default "$HOME/.airship/config") + --debug enable verbose output + --kubeconfig string Path to kubeconfig associated with airshipctl configuration. (default "$HOME/.airship/kubeconfig") +``` + +### SEE ALSO + +* [airshipctl config](airshipctl_config.md) - Manage the airshipctl config file +