kubernetes/test/integration/controlplane/transformation/secrets_transformation_test.go

const aesGCMPrefix

const aesCBCPrefix

const aesGCMConfigYAML

const aesCBCConfigYAML

const identityConfigYAML

// TestSecretsShouldBeEnveloped is an integration test between KubeAPI and etcd that checks:
// 1. Secrets are encrypted on write
// 2. Secrets are decrypted on read
// when EncryptionConfiguration is passed to KubeAPI server.
func TestSecretsShouldBeTransformed(t *testing.T) {}

// Baseline (no enveloping) - use to contrast with enveloping benchmarks.
func BenchmarkBase(b *testing.B) {}

// Identity transformer is a NOOP (crypto-wise) - use to contrast with AESGCM and AESCBC benchmark results.
func BenchmarkIdentityWrite(b *testing.B) {}

func BenchmarkAESGCMEnvelopeWrite(b *testing.B) {}

func BenchmarkAESCBCEnvelopeWrite(b *testing.B) {}

func runBenchmark(b *testing.B, transformerConfig string) {}

func unSealWithGCMTransformer(ctx context.Context, cipherText []byte, dataCtx value.Context,
	transformerConfig apiserverv1.ProviderConfiguration) ([]byte, error) {}

func unSealWithCBCTransformer(ctx context.Context, cipherText []byte, dataCtx value.Context,
	transformerConfig apiserverv1.ProviderConfiguration) ([]byte, error) {}

func newAESCipher(key string) (cipher.Block, error) {}