Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: Create Secrets With A Label #835

Merged
merged 18 commits into from
Nov 30, 2021
Merged

cli: Create Secrets With A Label #835

merged 18 commits into from
Nov 30, 2021

Conversation

sadjamz
Copy link
Contributor

@sadjamz sadjamz commented Nov 3, 2021
edited
Loading

Changes proposed in this PR:

  • Every-time a secret is created, add a label "managed-by" which is equal to "consul-k8s".
  • On uninstall, only delete those secrets with said label.

How I've tested this PR:
Changed the uninstall test, and ensured any secret created with this label is deleted, while secrets lacking this label persist. Also some ad-hoc testing, running the consul-k8s install and consul-k8s uninstall command.

How I expect reviewers to test this PR:
Code review.

Checklist:

  • Tests added
  • CHANGELOG entry added

    HashiCorp engineers only, community PRs should not add a changelog entry.
    Entries should use present tense (e.g. Add support for...)

@t-eckert t-eckert self-requested a review November 3, 2021 19:48
ishustava
ishustava reviewed Nov 5, 2021
View reviewed changes
Copy link
Contributor

@ishustava ishustava left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, Saad!

A couple of comments/questions:

  1. Should we also add label if the secret exists? I think some commands already update the secret if it exists (e.g webhook-cert-manager), while others (like server-acl-init) don't. Adding a label if secret exists is nice because if someone runs a helm upgrade, all secrets would get updated with a label.
  2. I think the commands need unit tests to check that the label is added.

cli/cmd/install/install.go Outdated Show resolved Hide resolved
acceptance/framework/consul/consul_cluster.go Outdated Show resolved Hide resolved
t-eckert
t-eckert reviewed Nov 5, 2021
View reviewed changes
cli/cmd/install/install.go Outdated Show resolved Hide resolved
t-eckert
t-eckert reviewed Nov 5, 2021
View reviewed changes
Copy link
Contributor

@t-eckert t-eckert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work! Very clear code. I would echo what @ishustava said and change the "consul-k8s" string in both the CLI and Control Plane to be a constant that is passed around. That will make it easier for us to change later on if we need to.

@sadjamz sadjamz force-pushed the cli-managed-secrets branch 2 times, most recently from 1a71d07 to cb12fe9 Compare November 17, 2021 18:26
ishustava
ishustava approved these changes Nov 18, 2021
View reviewed changes
Copy link
Contributor

@ishustava ishustava left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work Saad! I've left some minor comments, but won't block the merge.

cli/cmd/common/utils.go Outdated Show resolved Hide resolved
cli/cmd/install/install.go Outdated Show resolved Hide resolved
t-eckert
t-eckert reviewed Nov 22, 2021
View reviewed changes
cli/cmd/uninstall/uninstall.go
Comment on lines 395 to +400
for _, secret := range secrets.Items {
if strings.HasPrefix(secret.Name, foundReleaseName) {
err := c.kubernetes.CoreV1().Secrets(foundReleaseNamespace).Delete(c.Ctx, secret.Name, metav1.DeleteOptions{})
if err != nil {
return fmt.Errorf("deleteSecrets: error deleting Secret %q: %s", secret.Name, err)
}
secretNames = append(secretNames, secret.Name)
err := c.kubernetes.CoreV1().Secrets(foundReleaseNamespace).Delete(c.Ctx, secret.Name, metav1.DeleteOptions{})
if err != nil {
return fmt.Errorf("deleteSecrets: error deleting Secret %q: %s", secret.Name, err)
}
secretNames = append(secretNames, secret.Name)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would move the instantiation of secretNames to right above line 394, before you start the iteration. I would also change the name to deletedSecrets so it's more clear what you are listing.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I lean towards secretNames rather than changing it to deletedSecrets because they are the names of secrets to delete, but haven't been deleted yet.

t-eckert
t-eckert approved these changes Nov 22, 2021
View reviewed changes
Copy link
Contributor

@t-eckert t-eckert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work on this, Saad! You should feel very proud of the work you've done in your time here. It's been a pleasure working with you!

@ndhanushkodi ndhanushkodi merged commit e895995 into main Nov 30, 2021
@ndhanushkodi ndhanushkodi deleted the cli-managed-secrets branch November 30, 2021 21:44
ndhanushkodi added a commit that referenced this pull request Dec 3, 2021
@ndhanushkodi
Revert "cli: Create Secrets With A Label (#835)"
4843e3b 
This reverts commit e895995.
ndhanushkodi added a commit that referenced this pull request Dec 3, 2021
@ndhanushkodi
Revert "cli: Create Secrets With A Label (#835)"
72be29f 
This reverts commit e895995.
ndhanushkodi added a commit that referenced this pull request Dec 3, 2021
@ndhanushkodi
only add the install/uninstall changes after having reverted everything
2c50ed3 
else.

the control plane changes are in the image which were fine and passed
the previous cli acceptance tests.

cli: Create Secrets With A Label (#835)

Every-time a secret is created, add a label "managed-by" which is equal to "consul-k8s". On uninstall, only delete those secrets with said label.

Co-authored-by: Thomas Eckert <teckert@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
@ndhanushkodi ndhanushkodi mentioned this pull request Dec 5, 2021
Merged
ndhanushkodi added a commit that referenced this pull request Dec 6, 2021
@ndhanushkodi
Revert go.mod changes in CLI from PR #835 (#900)
9ddce21 
The cloud acceptance tests for the CLI have been failing (but passing in Kind) since merging 835. After reverting the whole PR and testing with several parts of that PR, it looks like the code itself wasn't causing issues, but rather the extensive go.mod updates. Those updates were not necessary for the PR (I was able to run go mod tidy with no changes), so I'm reverting those here so the tests will pass again.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ndhanushkodi ndhanushkodi ndhanushkodi left review comments

@ishustava ishustava ishustava approved these changes

@t-eckert t-eckert t-eckert approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@sadjamz @ndhanushkodi @ishustava @t-eckert