-
Notifications
You must be signed in to change notification settings - Fork 288
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow secrets to be owned by external tools #1428
Allow secrets to be owned by external tools #1428
Conversation
Hi @farodin91. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@farodin91 Can you create a GH issue to describe the enhancement that you have PR'd in? Would be great to have that context before looking at the implementation itself. |
@srm09 I added an issue. |
#1431 for easier reference :) |
/ok-to-test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR needs to handle the deletion flow for the identity/secret. To be more explicit, checking for ownerRefs and either removing the ownerRef and/or deleting the secret depending on the owners.
@@ -120,6 +121,20 @@ func IsSecretIdentity(cluster *infrav1.VSphereCluster) bool { | |||
return cluster.Spec.IdentityRef.Kind == infrav1.SecretKind | |||
} | |||
|
|||
func IsOwnedByIdentityOrCluster(ownerReferences []metav1.OwnerReference) bool { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add unit tests for this function, we are gradually trying to increase the overall test coverage for the project.
- When no onwerRefs are present
- When ownerRefs are present:
- test assumption on line 127 that ownerRef could be set by CAPV objects of different versions
- when OwnerRef.Kind is VSphereCluster
- when OwnerRef.Kind is VSphereClusterIdentity
- specifically test for the APIVersion of the owner ref having type
vmware.infrastructure.cluster.x-k8s.io/v1beta1
(this might fail.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a table test
/ok-to-test |
@srm09 Shouldn't Kubernetes handle ownerRefs correctly? As, it is currently done for just one ownerRef. |
d7cacaa
to
2848e1d
Compare
@srm09 Would you like to review it again? |
Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
2848e1d
to
68c43d4
Compare
/retest |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: srm09 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
This change allows that secrets can be owned by external tools such as sealed secret.
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #1431
Special notes for your reviewer:
Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.
Release note: