Allow secrets to be owned by external tools #1428
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
Hi @farodin91. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
size/L
|
@farodin91 Can you create a GH issue to describe the enhancement that you have PR'd in? Would be great to have that context before looking at the implementation itself. |
|
@srm09 I added an issue. |
|
#1431 for easier reference :) |
|
/ok-to-test |
| @@ -120,6 +121,20 @@ func IsSecretIdentity(cluster *infrav1.VSphereCluster) bool { | |||
| return cluster.Spec.IdentityRef.Kind == infrav1.SecretKind | |||
| } | |||
|
|
|||
| func IsOwnedByIdentityOrCluster(ownerReferences []metav1.OwnerReference) bool { | |||
There was a problem hiding this comment.
Can you add unit tests for this function, we are gradually trying to increase the overall test coverage for the project.
- When no onwerRefs are present
- When ownerRefs are present:
- test assumption on line 127 that ownerRef could be set by CAPV objects of different versions
- when OwnerRef.Kind is VSphereCluster
- when OwnerRef.Kind is VSphereClusterIdentity
- specifically test for the APIVersion of the owner ref having type
vmware.infrastructure.cluster.x-k8s.io/v1beta1(this might fail.)
There was a problem hiding this comment.
I added a table test
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
|
@srm09 Shouldn't Kubernetes handle ownerRefs correctly? As, it is currently done for just one ownerRef. |
farodin91
force-pushed
the
allow-secrets-to-owned-by-external-tools
branch
from
d7cacaa
to
2848e1d
Compare
|
@srm09 Would you like to review it again? |
k8s-ci-robot
added
the
needs-rebase
Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
farodin91
force-pushed
the
allow-secrets-to-owned-by-external-tools
branch
from
2848e1d
to
68c43d4
Compare
k8s-ci-robot
removed
the
needs-rebase
|
/retest |
k8s-ci-robot
added
the
lgtm
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: srm09 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/retest |
This change allows that secrets can be owned by external tools such as sealed secret.
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #1431
Special notes for your reviewer:
Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.
Release note: