-
Notifications
You must be signed in to change notification settings - Fork 327
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(kuma-cp) global secrets #1603
Conversation
Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
func (s *globalSecretManager) DeleteAll(ctx context.Context, secrets model.ResourceList, fs ...core_store.DeleteAllOptionsFunc) error { | ||
list := &secret_model.SecretResourceList{} | ||
opts := core_store.NewDeleteAllOptions(fs...) | ||
if err := s.secretStore.List(context.Background(), list, core_store.ListByMesh(opts.Mesh)); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm pretty sure it will work, but I'd better get rid of any mentioning of opts.Mesh
in the global secret manager. Maybe we can replace opts.Mesh
with core_model.NoMesh
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good point. Removed ListByMesh
althogether (which is equivalent of ListByMesh(NoMesh)
)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just nits, except that lgtm
if trr, ok := r.(*GlobalSecretResource); ok { | ||
l.Items = append(l.Items, trr) | ||
return nil | ||
} else { | ||
return model.ErrorInvalidItemType((*GlobalSecretResource)(nil), r) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe:
if trr, ok := r.(*GlobalSecretResource); ok { | |
l.Items = append(l.Items, trr) | |
return nil | |
} else { | |
return model.ErrorInvalidItemType((*GlobalSecretResource)(nil), r) | |
} | |
if trr, ok := r.(*GlobalSecretResource); ok { | |
l.Items = append(l.Items, trr) | |
return nil | |
} | |
return model.ErrorInvalidItemType((*GlobalSecretResource)(nil), r) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Those two nits are valid points, but I want this file to be consistent with other Resource files, so I'd prefer to leave it as is
if !ok { | ||
return errors.New("invalid type of spec") | ||
} else { | ||
t.Spec = value | ||
return nil | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe:
if !ok { | |
return errors.New("invalid type of spec") | |
} else { | |
t.Spec = value | |
return nil | |
} | |
if !ok { | |
return errors.New("invalid type of spec") | |
} | |
t.Spec = value | |
return nil |
Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
655f394
to
72dc081
Compare
Summary
Introducing the concept of Global Scoped Secret.
Until now, every secret was a part of a mesh. Now the secret can be either global scoped or mesh scoped.
Global scoped secret cannot be used as mesh scoped (ie. you cannot create a global scoped secret with CA and use it across many meshes).
API
GET /global-secrets/{name} to list single global secret
PUT /global-secrets/{name} to put single global secret
DELETE /global-secrets/{name} to delete single global secret
kumactl
kumactl get global-secrets
kumactl get global-secret sample-global-secret
kumactl delete global-secret sample-global-secret
No breaking changes.
Documentation