-
Notifications
You must be signed in to change notification settings - Fork 275
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: use namespace for spc lookup + unit tests #264
fix: use namespace for spc lookup + unit tests #264
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aramase The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
836c715
to
2b5e7e9
Compare
/test pull-secrets-store-csi-driver-unit |
136a827
to
076583c
Compare
@@ -96,5 +98,13 @@ func main() { | |||
|
|||
func handle() { | |||
driver := secretsstore.GetDriver() | |||
driver.Run(*driverName, *nodeID, *endpoint, *providerVolumePath, *minProviderVersion) | |||
cfg, err := config.GetConfig() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I recall we had to call getClient()
to get the latest client to prevent from reading from cache. Is this no longer a concern?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/kubernetes-sigs/controller-runtime/blob/master/pkg/client/client.go#L42-L52
// New returns a new Client using the provided config and Options.
// The returned client reads *and* writes directly from the server
// (it doesn't use object caches). It understands how to work with
// normal types (both custom resources and aggregated/built-in resources),
// as well as unstructured types.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking about this one kubernetes-sigs/controller-runtime#403
But I dont think we have multiple controllers updating the same objects now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, we don't have any update operations on spc
. There is only GET
for spc
and CREATE
for spcpodstatus
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding the links here for future ref
newResource always creates a new client - https://github.com/kubernetes-sigs/controller-runtime/blob/cea989b02ed02254d751ad30471c40bacd5888fc/pkg/client/client_cache.go#L51-L68
aa01e6c
to
b06260d
Compare
/test pull-secrets-store-csi-driver-e2e-windows |
@ritazh Updated the PR, PTAL! |
b06260d
to
04b05ee
Compare
04b05ee
to
d2802c5
Compare
@test "Test Namespaced scope SecretProviderClass - Sync with K8s secrets - read secret from pod, read K8s secret, read env var, check secret ownerReferences" { | ||
POD=$(kubectl get pod -l app=nginx -n test-ns -o jsonpath="{.items[0].metadata.name}") | ||
result=$(kubectl exec -n test-ns -it $POD -- cat /mnt/secrets-store/foo) | ||
[[ "$result" == "hello" ]] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you pls update all these ==
to -eq
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should use ==
for string comparisons. Using -eq
returns 0 even when the strings don't match.
#!/usr/bin/env bats
export result="hel"
@test "testing with eq" {
[[ "$result" -eq "hello" ]]
}
@test "testing with other" {
[[ "$result" == *"hello"* ]]
}
➜ bats test.bats -t
1..2
ok 1 testing with eq
not ok 2 testing with other
# (in test file /Users/anishramasekar/Desktop/test.bats, line 9)
# `@test "testing with other" {' failed
WDYT?
test/bats/vault.bats
Outdated
|
||
run kubectl delete -f $BATS_TESTS_DIR/vault_synck8s_v1alpha1_secretproviderclass.yaml | ||
assert_success | ||
|
||
sleep 20 | ||
result=$(kubectl get secret | grep foosecret | wc -l) | ||
[[ "$result" == "0" ]] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As discussed, lets use -eq
for numeric and ==
for string.
d2802c5
to
eef29c1
Compare
eef29c1
to
00129f7
Compare
00129f7
to
86e95c3
Compare
/test pull-secrets-store-csi-driver-e2e-windows |
/hold (for windows tests to pass) |
/hold cancel |
/lgtm |
What this PR does / why we need it:
podNamespace
env var for strict namespace enforcementNodePublishVolume
to add more unit test for theNodePublish
code pathWhich issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when the PR gets merged):Fixes #263
Special notes for your reviewer: