Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(kuma-cp) global secrets #1603

Merged
merged 2 commits into from
Feb 24, 2021
Merged

feat(kuma-cp) global secrets #1603

merged 2 commits into from
Feb 24, 2021

Conversation

jakubdyszkiewicz
Copy link
Contributor

@jakubdyszkiewicz jakubdyszkiewicz commented Feb 23, 2021
edited

Summary

Introducing the concept of Global Scoped Secret.

Until now, every secret was a part of a mesh. Now the secret can be either global scoped or mesh scoped.
Global scoped secret cannot be used as mesh scoped (ie. you cannot create a global scoped secret with CA and use it across many meshes).

API

GET /global-secrets/{name} to list single global secret
PUT /global-secrets/{name} to put single global secret
DELETE /global-secrets/{name} to delete single global secret

kumactl

kumactl get global-secrets
kumactl get global-secret sample-global-secret
kumactl delete global-secret sample-global-secret

No breaking changes.

Documentation

@jakubdyszkiewicz
feat(kuma-cp) global secrets
5bbcb54 
Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
@jakubdyszkiewicz jakubdyszkiewicz requested a review from a team as a code owner February 23, 2021 13:03
@jakubdyszkiewicz jakubdyszkiewicz mentioned this pull request Feb 23, 2021
Closed
1 task
lobkovilya
lobkovilya reviewed Feb 24, 2021
View reviewed changes
pkg/core/secrets/manager/global_manager.go Outdated
func (s *globalSecretManager) DeleteAll(ctx context.Context, secrets model.ResourceList, fs ...core_store.DeleteAllOptionsFunc) error {
list := &secret_model.SecretResourceList{}
opts := core_store.NewDeleteAllOptions(fs...)
if err := s.secretStore.List(context.Background(), list, core_store.ListByMesh(opts.Mesh)); err != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty sure it will work, but I'd better get rid of any mentioning of opts.Mesh in the global secret manager. Maybe we can replace opts.Mesh with core_model.NoMesh here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good point. Removed ListByMesh althogether (which is equivalent of ListByMesh(NoMesh))

bartsmykla
bartsmykla approved these changes Feb 24, 2021
View reviewed changes
Copy link
Contributor

@bartsmykla bartsmykla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just nits, except that lgtm

pkg/core/resources/apis/system/global_secret.go
Comment on lines +77 to +82
if trr, ok := r.(*GlobalSecretResource); ok {
l.Items = append(l.Items, trr)
return nil
} else {
return model.ErrorInvalidItemType((*GlobalSecretResource)(nil), r)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe:

Suggested change
if trr, ok := r.(*GlobalSecretResource); ok {
l.Items = append(l.Items, trr)
return nil
} else {
return model.ErrorInvalidItemType((*GlobalSecretResource)(nil), r)
}
if trr, ok := r.(*GlobalSecretResource); ok {
l.Items = append(l.Items, trr)
return nil
}
return model.ErrorInvalidItemType((*GlobalSecretResource)(nil), r)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those two nits are valid points, but I want this file to be consistent with other Resource files, so I'd prefer to leave it as is

pkg/core/resources/apis/system/global_secret.go
Comment on lines +42 to +47
if !ok {
return errors.New("invalid type of spec")
} else {
t.Spec = value
return nil
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe:

Suggested change
if !ok {
return errors.New("invalid type of spec")
} else {
t.Spec = value
return nil
}
if !ok {
return errors.New("invalid type of spec")
}
t.Spec = value
return nil

@jakubdyszkiewicz
review remakrs
72dc081 
Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
@jakubdyszkiewicz jakubdyszkiewicz merged commit bc7a105 into master Feb 24, 2021
@jakubdyszkiewicz jakubdyszkiewicz deleted the feat/global-secrets-v2 branch February 24, 2021 10:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lobkovilya lobkovilya lobkovilya left review comments

@nickolaev nickolaev nickolaev approved these changes

@bartsmykla bartsmykla bartsmykla approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jakubdyszkiewicz @nickolaev @bartsmykla @lobkovilya