From 324d898afcfc6cd0b220c696667f985725bee5bb Mon Sep 17 00:00:00 2001 From: Fabian von Feilitzsch Date: Mon, 13 Apr 2020 15:33:03 -0400 Subject: [PATCH 1/2] Resources without generation will not skip events Fixes #2108 If the `metadata.generation` is `0`, the event will now still trigger a reconciliation. --- pkg/predicate/predicate.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/predicate/predicate.go b/pkg/predicate/predicate.go index 1b72c62c8e1..aac626ebb48 100644 --- a/pkg/predicate/predicate.go +++ b/pkg/predicate/predicate.go @@ -46,7 +46,7 @@ func (GenerationChangedPredicate) Update(e event.UpdateEvent) bool { log.Error(nil, "Update event has no new metadata", "event", e) return false } - if e.MetaNew.GetGeneration() == e.MetaOld.GetGeneration() { + if e.MetaNew.GetGeneration() == e.MetaOld.GetGeneration() && e.MetaNew.GetGeneration() != 0 { return false } return true From 0b0f00dc62b5bb45e853d0fdac94d2805d899b32 Mon Sep 17 00:00:00 2001 From: Fabian von Feilitzsch Date: Mon, 13 Apr 2020 18:49:07 -0400 Subject: [PATCH 2/2] Add test --- .../molecule/cluster/tasks/secrets_test.yml | 56 +++++++++++++++++++ test/ansible/playbooks/secret.yml | 23 ++++++++ test/ansible/watches.yaml | 6 ++ 3 files changed, 85 insertions(+) create mode 100644 test/ansible/molecule/cluster/tasks/secrets_test.yml create mode 100644 test/ansible/playbooks/secret.yml diff --git a/test/ansible/molecule/cluster/tasks/secrets_test.yml b/test/ansible/molecule/cluster/tasks/secrets_test.yml new file mode 100644 index 00000000000..1b6888c001c --- /dev/null +++ b/test/ansible/molecule/cluster/tasks/secrets_test.yml @@ -0,0 +1,56 @@ +--- +- name: Create the v1.Secret + k8s: + state: present + definition: + apiVersion: v1 + kind: Secret + metadata: + name: test-secret + namespace: '{{ namespace }}' + labels: + reconcile: "yes" + data: + test: '{{ "test" | b64encode }}' + +- name: Wait for the corresponding configmap to be created + k8s_info: + api_version: v1 + kind: ConfigMap + name: test-secret + namespace: '{{ namespace }}' + register: result + until: result.resources + retries: 10 + +- name: Assert that the configmap has the proper content + assert: + that: result.resources.0.data.test == "test" + +- name: Update the v1.Secret + k8s: + state: present + definition: + apiVersion: v1 + kind: Secret + metadata: + name: test-secret + namespace: '{{ namespace }}' + labels: + reconcile: "yes" + data: + new: '{{ "content" | b64encode }}' + +- name: Wait for the corresponding key to be created + k8s_facts: + api_version: v1 + kind: ConfigMap + name: test-secret + namespace: '{{ namespace }}' + register: result + until: result.resources.0.data.new is defined + retries: 10 + +- name: Assert that the configmap has the proper content + assert: + that: result.resources.0.data.new == 'content' diff --git a/test/ansible/playbooks/secret.yml b/test/ansible/playbooks/secret.yml new file mode 100644 index 00000000000..b18fc342400 --- /dev/null +++ b/test/ansible/playbooks/secret.yml @@ -0,0 +1,23 @@ +--- +- hosts: localhost + gather_facts: no + collections: + - community.kubernetes + + tasks: + - meta: end_play + when: not (__secret.metadata.get('labels', {}).reconcile|default(false)|bool) + + # This is for testing, but never do this with real secrets + - name: Populate configmap with contents of secret + k8s: + definition: | + apiVersion: v1 + kind: ConfigMap + metadata: + name: '{{ meta.name }}' + namespace: '{{ meta.namespace }}' + data: + '{{ item.key }}': '{{ item.value | b64decode }}' + with_dict: '{{ __secret.data }}' + diff --git a/test/ansible/watches.yaml b/test/ansible/watches.yaml index 444788791a0..0cbce004a52 100644 --- a/test/ansible/watches.yaml +++ b/test/ansible/watches.yaml @@ -13,3 +13,9 @@ group: test.example.com kind: ExecTest playbook: playbooks/exec.yml + +- version: v1 + group: "" + kind: Secret + playbook: playbooks/secret.yml + manageStatus: false