ROX-18428: implement KMS encryption and decryption #1178
Conversation
|
/retest |
johannes94
force-pushed
the
jmalsam/ROX-18428-kms-cipher
branch
from
9147719 to
d25a2ce
Compare
| # Runs the AWS integration tests. | ||
| test/aws: $(GOTESTSUM_BIN) | ||
| RUN_AWS_INTEGRATION=true \ | ||
| $(GOTESTSUM_BIN) --junitfile data/results/aws-integration-tests.xml --format $(GOTESTSUM_FORMAT) -- -p 1 -v -timeout 45m -count=1 \ |
There was a problem hiding this comment.
Why do we need timeout here if it's specified in the actions job?
There was a problem hiding this comment.
In order to also timeout for local executions of this tests.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: johannes94, kurlov The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
New changes are detected. LGTM label has been removed. |
|
/retest |
|
@kurlov May I ask you to review once again the last 3 commits. I did some changes here, because I noticed that AWS KMS does not support encrypting secrets as large as our central-tls using the API. We have to generate a data key and use that instead. |
|
/retest |
Description
Adding implementation and tests for En/Decryption of data using AWS KMS.
Change "RUN_AWS_RDS_TESTS" to a more generic test suite "RUN_AWS_INTEGRATION". Also changed the github action workflow so that it now executes both KMS and RDS Integration tests.
Checklist (Definition of Done)
Test manualROX-12345: ...[] Add secret to app-interface Vault or Secrets Manager if necessary[ ] RDS changes were e2e tested manually[ ] Check AWS limits are reasonable for changes provisioning new resourcesTest manual
Integration tests are sufficient since this is not yet integrated into fleetshard-sync