-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revert annotation handling mechanism to not use the original config map or secret resource name location #522
Revert annotation handling mechanism to not use the original config map or secret resource name location #522
Conversation
…notation data's resulting path
/retest |
1 similar comment
/retest |
@isutton This PR522 is worked for the SBR below after the annotation is added:
But there is error for custom env var as we talked about in issue #475 for the SBR below:
So raised the PR #521 to fix it. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: DhritiShikhar The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Motivation
After #407 an undocumented behavior regarding annotations meant to extract
config map and secret values has been unwillingly changed and needs to be
reverted.
The annotations handling mechanism after #407 extracts the whole contents of
the config map or secret to the same path where the config map or secret name
has been stored (resulting in, for example, .status.secretName.password if
.data.password is present in the associated resource) to workaround
situations where two services might have a password field within different
paths and might get shadowed, whereas before #407 it used to extract the
contents to the root of the resulting object (for example, .password),
imposing no issue whatsoever because there were only one service being
declared in the binding.
Closes #485
Changes
This change reverts the behavior where the source path isn't expected in the
resulting environment variable name; for example, the excerpt below shows
annotations present in a resource CRD, as a JSON object:
Before the changes introduced in this PR, the following environment variables
are generated and encoded in the service binding intermediate secret, where
the issue can be seen where the string
STATUS_EXTERNALCONNECTIONARGUMENTS
and
STATUS_CONNECTIONCREDENTIALS
can be read:After the changes introduced in this PR, the following environment variables
are produced (please observe the absence of the strings mentioned above):
The same behavior can be seen when changing the annotations to include the entire object, secret or config map as well; for example, the three annotations below should produce the same environment variables as above:
As can be observed above, the same extra information is present in the resulting secret:
And, as expected, after the changes in this PR are applied:
For further more details refer the CONTRIBUTING.md