From 25b3b994967c6bf8226213f1c00b86970184b03a Mon Sep 17 00:00:00 2001 From: Sujata Roy <61177855+20sr20@users.noreply.github.com> Date: Mon, 26 Sep 2022 15:31:47 -0700 Subject: [PATCH] =?UTF-8?q?create-federation-secret=C2=A0job=20runs=20only?= =?UTF-8?q?=20when=20server.updatePartition=C2=A0is=C2=A00=20(#1512)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * create-federation-secret job runs only when server.updatePartition is 0 * I added a test to check createFederationSecret/Job doesn't run when updatepartition != 0 Co-authored-by: David Yu --- CHANGELOG.md | 3 ++- .../templates/create-federation-secret-job.yaml | 2 ++ .../test/unit/create-federation-secret-job.bats | 15 +++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6bb0faae72..d6fdfc885d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,8 @@ BUG FIXES: * Control plane * Use global ACL auth method to provision ACL tokens for API Gateway in secondary datacenter [[GH-1481](https://github.com/hashicorp/consul-k8s/pull/1481)] * Helm: - * Fixes a typo in the templating of `global.connectInject.disruptionBudget.maxUnavailable`. [[GH-1530](https://github.com/hashicorp/consul-k8s/pull/1530)]. + * Only create Federation Secret Job when server.updatePartition is 0 [[GH-1512](https://github.com/hashicorp/consul-k8s/pull/1512)] + * Fixes a typo in the templating of `global.connectInject.disruptionBudget.maxUnavailable`. [[GH-1530](https://github.com/hashicorp/consul-k8s/pull/1530)] IMPROVEMENTS: * Helm: diff --git a/charts/consul/templates/create-federation-secret-job.yaml b/charts/consul/templates/create-federation-secret-job.yaml index 3b4333a979..6bc2b9f4d8 100644 --- a/charts/consul/templates/create-federation-secret-job.yaml +++ b/charts/consul/templates/create-federation-secret-job.yaml @@ -1,6 +1,7 @@ {{- if .Values.global.federation.createFederationSecret }} {{- if not .Values.global.federation.enabled }}{{ fail "global.federation.enabled must be true when global.federation.createFederationSecret is true" }}{{ end }} {{- if and (not .Values.global.acls.createReplicationToken) .Values.global.acls.manageSystemACLs }}{{ fail "global.acls.createReplicationToken must be true when global.acls.manageSystemACLs is true because the federation secret must include the replication token" }}{{ end }} +{{- if eq (int .Values.server.updatePartition) 0 }} apiVersion: batch/v1 kind: Job metadata: @@ -157,3 +158,4 @@ spec: memory: "50Mi" cpu: "50m" {{- end }} +{{- end }} diff --git a/charts/consul/test/unit/create-federation-secret-job.bats b/charts/consul/test/unit/create-federation-secret-job.bats index acd493ed78..a3343db582 100644 --- a/charts/consul/test/unit/create-federation-secret-job.bats +++ b/charts/consul/test/unit/create-federation-secret-job.bats @@ -61,6 +61,21 @@ load _helpers [[ "$output" =~ "global.acls.createReplicationToken must be true when global.acls.manageSystemACLs is true because the federation secret must include the replication token" ]] } +@test "createFederationSecret/Job: disabled by updatepartition != 0" { + cd `chart_dir` + assert_empty helm template \ + -s templates/create-federation-secret-job.yaml \ + --set 'global.federation.enabled=true' \ + --set 'global.federation.createFederationSecret=true' \ + --set 'global.acls.createReplicationToken=true' \ + --set 'global.acls.manageSystemACLs=true' \ + --set 'global.tls.enabled=true' \ + --set 'meshGateway.enabled=true' \ + --set 'connectInject.enabled=true' \ + --set 'server.updatePartition=1' \ + . +} + @test "createFederationSecret/Job: mounts auto-created ca secrets by default" { cd `chart_dir` local volumes=$(helm template \