Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove references to clustersecret resource namespace #154

Closed
wants to merge 5 commits into from
Closed

remove references to clustersecret resource namespace #154

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
63ef16f
removing references to clustersecret resource namespace
Dec 27, 2024
e2ceec0
remove unused namespace variable
Dec 27, 2024
338f66b
remove namespace from BaseClusterSecret
Kyler-W Dec 30, 2024
16dc195
cache update still needed
Kyler-W Jan 2, 2025
e9e09a9
remove namespace from tests
Kyler-W Jan 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 1 addition & 4 deletions conformance/cluster-secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ apiVersion: clustersecret.io/v1
kind: ClusterSecret
metadata:
name: basic-cluster-secret
namespace: example-1
data:
username: MTIzNDU2Cg==
password: MTIzNDU2Cg==
Expand All @@ -11,7 +10,6 @@ kind: ClusterSecret
apiVersion: clustersecret.io/v1
metadata:
name: typed-secret
namespace: example-1
type: kubernetes.io/tls
data:
tls.crt: MTIzNDU2Cg==
Expand All @@ -21,7 +19,6 @@ apiVersion: clustersecret.io/v1
kind: ClusterSecret
metadata:
name: basic-cluster-secret
namespace: example-1
avoidNamespaces:
- example-3
---
---
3 changes: 1 addition & 2 deletions conformance/k8s_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,8 +153,7 @@ def update_data_cluster_secret(

def delete_cluster_secret(
self,
name: str,
namespace: str
name: str
):
self.custom_objects_api.delete_cluster_custom_object(
name=name,
Expand Down
3 changes: 0 additions & 3 deletions conformance/tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,6 @@ def test_simple_cluster_secret_deleted(self):

self.cluster_secret_manager.delete_cluster_secret(
name=name,
namespace=USER_NAMESPACES[0],
)

# We expect the secret to be in NO namespaces
Expand Down Expand Up @@ -212,7 +211,6 @@ def test_value_from_cluster_secret(self):
name=cluster_secret_name,
secret_key_ref={
'name': secret_name,
'namespace': USER_NAMESPACES[0],
},
)

Expand Down Expand Up @@ -245,7 +243,6 @@ def test_value_from_with_keys_cluster_secret(self):
name=cluster_secret_name,
secret_key_ref={
'name': secret_name,
'namespace': USER_NAMESPACES[0],
'keys': ['username', 'password']
},
)
Expand Down
49 changes: 2 additions & 47 deletions src/handlers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ def on_field_match_namespace(
old: Optional[List[str]],
new: List[str],
name: str,
namespace: str,
body,
uid: str,
logger: logging.Logger,
Expand Down Expand Up @@ -91,7 +90,6 @@ def on_field_match_namespace(
csecs_cache.set_cluster_secret(BaseClusterSecret(
uid=uid,
name=name,
namespace=namespace,
body=body,
synced_namespace=updated_matched,
))
Expand All @@ -113,7 +111,6 @@ def on_field_data(
body: Dict[str, Any],
meta: kopf.Meta,
name: str,
namespace: Optional[str],
uid: str,
logger: logging.Logger,
**_,
Expand All @@ -132,55 +129,16 @@ def on_field_data(
if cached_cluster_secret is None:
logger.error('Received an event for an unknown ClusterSecret.')

updated_syncedns = syncedns.copy()
for ns in syncedns:
logger.info(f'Re Syncing secret {name} in ns {ns}')
ns_sec_body = client.V1Secret(
api_version='v1',
data={str(key): str(value) for key, value in new.items()},
kind='Secret',
metadata=create_secret_metadata(
name=name,
namespace=ns,
annotations={str(key): str(value) for key, value in meta.annotations.items()},
labels={str(key): str(value) for key, value in meta.labels.items()},
),
type=secret_type,
)
logger.debug(f'body: {ns_sec_body}')
# Ensuring the secret still exist.
if secret_exists(logger=logger, name=name, namespace=ns, v1=v1):
response = v1.replace_namespaced_secret(name=name, namespace=ns, body=ns_sec_body)
else:
try:
v1.read_namespace(name=ns)
except client.exceptions.ApiException as e:
if e.status != 404:
raise
response = f'Namespace {ns} not found'
updated_syncedns.remove(ns)
logger.info(f'Namespace {ns} not found while Syncing secret {name}')
else:
response = v1.create_namespaced_secret(namespace=ns, body=ns_sec_body)
logger.debug(response)

if updated_syncedns != syncedns:
# Patch synced_ns field
logger.debug(f'Patching clustersecret {name} in namespace {namespace}')
body = patch_clustersecret_status(
logger=logger,
name=name,
new_status={'create_fn': {'syncedns': updated_syncedns}},
custom_objects_api=custom_objects_api,
)
sync_secret(logger, ns, body, v1)

# Updating the cache
csecs_cache.set_cluster_secret(BaseClusterSecret(
uid=uid,
name=name,
namespace=namespace or "",
body=body,
synced_namespace=updated_syncedns,
synced_namespace=syncedns,
))


Expand All @@ -190,7 +148,6 @@ async def create_fn(
logger: logging.Logger,
uid: str,
name: str,
namespace: str,
body: Dict[str, Any],
**_
):
Expand All @@ -211,7 +168,6 @@ async def create_fn(
csecs_cache.set_cluster_secret(BaseClusterSecret(
uid=uid,
name=name,
namespace=namespace or "",
body=body,
synced_namespace=matchedns,
))
Expand Down Expand Up @@ -283,7 +239,6 @@ async def startup_fn(logger: logging.Logger, **_):
BaseClusterSecret(
uid=metadata.get('uid'),
name=metadata.get('name'),
namespace=metadata.get('namespace', ''),
body=item,
synced_namespace=item.get('status', {}).get('create_fn', {}).get('syncedns', []),
)
Expand Down
1 change: 0 additions & 1 deletion src/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@
class BaseClusterSecret(BaseModel):
uid: str
name: str
namespace: str
body: Dict[str, Any]
synced_namespace: List[str]
70 changes: 0 additions & 70 deletions src/tests/test_handlers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ def test_on_field_data_cache(self):
csec = BaseClusterSecret(
uid="mysecretuid",
name="mysecret",
namespace="",
body={"metadata": {"name": "mysecret", "uid": "mysecretuid"}, "data": {"key": "oldvalue"}},
synced_namespace=[],
)
Expand All @@ -42,7 +41,6 @@ def test_on_field_data_cache(self):
body=new_body,
meta=kopf.Meta({"metadata": {"name": "mysecret"}}),
name="mysecret",
namespace=None,
uid="mysecretuid",
logger=self.logger,
)
Expand Down Expand Up @@ -75,7 +73,6 @@ def test_on_field_data_sync(self):
csec = BaseClusterSecret(
uid="mysecretuid",
name="mysecret",
namespace="",
body={
"metadata": {"name": "mysecret", "uid": "mysecretuid"},
"data": {"key": "oldvalue"},
Expand All @@ -100,7 +97,6 @@ def test_on_field_data_sync(self):
body=new_body,
meta=kopf.Meta({"metadata": {"name": "mysecret"}}),
name="mysecret",
namespace=None,
uid="mysecretuid",
logger=self.logger,
)
Expand Down Expand Up @@ -203,7 +199,6 @@ def read_namespace(name, **kwargs):
csec = BaseClusterSecret(
uid="mysecretuid",
name="mysecret",
namespace="",
body={
"metadata": {"name": "mysecret", "uid": "mysecretuid"},
"data": {"key": "oldvalue"},
Expand All @@ -229,7 +224,6 @@ def read_namespace(name, **kwargs):
body=new_body,
meta=kopf.Meta({"metadata": {"name": "mysecret"}}),
name="mysecret",
namespace=None,
uid="mysecretuid",
logger=self.logger,
)
Expand All @@ -256,44 +250,6 @@ def read_namespace(name, **kwargs):
["myns2"],
)

def test_create_fn(self):
"""Namespace name must be correct in the cache.
"""

mock_v1 = Mock()

body = {
"metadata": {
"name": "mysecret",
"namespace": "myclustersecretnamespace",
"uid": "mysecretuid"
},
"data": {"key": "value"}
}

# Define the predefined list of namespaces you want to use in the test
predefined_nss = [Mock(metadata=V1ObjectMeta(name=ns)) for ns in ["default", "myns"]]

# Configure the mock's behavior to return the predefined namespaces when list_namespace is called
mock_v1.list_namespace.return_value.items = predefined_nss

with patch("handlers.v1", mock_v1), \
patch("handlers.sync_secret"):
asyncio.run(
create_fn(
logger=self.logger,
uid="mysecretuid",
name="mysecret",
namespace="myclustersecretnamespace",
body=body,
)
)

# ClusterSecret with a correct namespace should be in the cache.
self.assertEqual(
csecs_cache.get_cluster_secret("mysecretuid").namespace,
"myclustersecretnamespace",
)

def test_ns_create(self):
"""A new namespace must get the cluster secrets.
Expand All @@ -312,7 +268,6 @@ def test_ns_create(self):
csec = BaseClusterSecret(
uid="mysecretuid",
name="mysecret",
namespace="",
body={"metadata": {"name": "mysecret"}, "data": "mydata"},
synced_namespace=["default"],
)
Expand Down Expand Up @@ -348,28 +303,3 @@ def test_ns_create(self):
csecs_cache.get_cluster_secret("mysecretuid").synced_namespace,
["default", "myns"],
)

def test_startup_fn(self):
"""Must not fail on empty namespace in ClusterSecret metadata (it's cluster-wide after all).
"""

get_custom_objects_by_kind = Mock()

csec = BaseClusterSecret(
uid="mysecretuid",
name="mysecret",
namespace="",
body={"metadata": {"name": "mysecret", "uid": "mysecretuid"}, "data": "mydata"},
synced_namespace=[],
)

get_custom_objects_by_kind.return_value = [csec.body]

with patch("handlers.get_custom_objects_by_kind", get_custom_objects_by_kind):
asyncio.run(startup_fn(logger=self.logger))

# The secret should be in the cache.
self.assertEqual(
csecs_cache.get_cluster_secret("mysecretuid"),
csec,
)