djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update credential issuer logic to use status subresource 

Signed-off-by: Monis Khan <mok@vmware.com>
This commit is contained in:
Monis Khan 2021-02-10 20:59:46 -05:00
parent 96cec59236
commit 0a9f446893
No known key found for this signature in database
GPG Key ID: 52C90ADA01B269B8
9 changed files with 183 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
internal/controller/issuerconfig/create_or_update_credential_issuer_config.go
View File

@ -17,12 +17,12 @@ import (
pinnipedclientset "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned" pinnipedclientset "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned"
) )
func CreateOrUpdateCredentialIssuer( func CreateOrUpdateCredentialIssuerStatus(
ctx context.Context, ctx context.Context,
credentialIssuerResourceName string, credentialIssuerResourceName string,
credentialIssuerLabels map[string]string, credentialIssuerLabels map[string]string,
pinnipedClient pinnipedclientset.Interface, pinnipedClient pinnipedclientset.Interface,
applyUpdatesToCredentialIssuerFunc func(configToUpdate *configv1alpha1.CredentialIssuer), applyUpdatesToCredentialIssuerFunc func(configToUpdate *configv1alpha1.CredentialIssuerStatus),
) error { ) error {
err := retry.RetryOnConflict(retry.DefaultRetry, func() error { err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
existingCredentialIssuer, err := pinnipedClient. existingCredentialIssuer, err := pinnipedClient.
@ -38,29 +38,30 @@ func CreateOrUpdateCredentialIssuer(
credentialIssuersClient := pinnipedClient.ConfigV1alpha1().CredentialIssuers() credentialIssuersClient := pinnipedClient.ConfigV1alpha1().CredentialIssuers()
if notFound { if notFound {
// Create it // create an empty credential issuer
credentialIssuer := minimalValidCredentialIssuer( minCredentialIssuer := minimalValidCredentialIssuer(credentialIssuerResourceName, credentialIssuerLabels)
credentialIssuerResourceName, credentialIssuerLabels,
)
applyUpdatesToCredentialIssuerFunc(credentialIssuer)
if _, err := credentialIssuersClient.Create(ctx, credentialIssuer, metav1.CreateOptions{}); err != nil { newCredentialIssuer, err := credentialIssuersClient.Create(ctx, minCredentialIssuer, metav1.CreateOptions{})
if err != nil {
return fmt.Errorf("create failed: %w", err) return fmt.Errorf("create failed: %w", err)
} }
} else {
// Already exists, so check to see if we need to update it
credentialIssuer := existingCredentialIssuer.DeepCopy()
applyUpdatesToCredentialIssuerFunc(credentialIssuer)
if equality.Semantic.DeepEqual(existingCredentialIssuer, credentialIssuer) { existingCredentialIssuer = newCredentialIssuer
// Nothing interesting would change as a result of this update, so skip it
return nil
}
if _, err := credentialIssuersClient.Update(ctx, credentialIssuer, metav1.UpdateOptions{}); err != nil {
return err
}
} }
// check to see if we need to update the status
credentialIssuer := existingCredentialIssuer.DeepCopy()
applyUpdatesToCredentialIssuerFunc(&credentialIssuer.Status)
if equality.Semantic.DeepEqual(existingCredentialIssuer, credentialIssuer) {
// Nothing interesting would change as a result of this update, so skip it
return nil
}
if _, err := credentialIssuersClient.UpdateStatus(ctx, credentialIssuer, metav1.UpdateOptions{}); err != nil {
return err
}
return nil return nil
}) })
@ -80,9 +81,5 @@ func minimalValidCredentialIssuer(
Name: credentialIssuerName, Name: credentialIssuerName,
Labels: credentialIssuerLabels, Labels: credentialIssuerLabels,
}, },
Status: configv1alpha1.CredentialIssuerStatus{
Strategies: []configv1alpha1.CredentialIssuerStrategy{},
KubeConfigInfo: nil,
},
} }
} }

68
internal/controller/issuerconfig/create_or_update_credential_issuer_config_test.go
View File

@ -23,7 +23,7 @@ import (
pinnipedfake "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/fake" pinnipedfake "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/fake"
) )
func TestCreateOrUpdateCredentialIssuer(t *testing.T) { func TestCreateOrUpdateCredentialIssuerStatus(t *testing.T) {
spec.Run(t, "specs", func(t *testing.T, when spec.G, it spec.S) { spec.Run(t, "specs", func(t *testing.T, when spec.G, it spec.S) {
var r *require.Assertions var r *require.Assertions
var ctx context.Context var ctx context.Context
@ -43,8 +43,8 @@ func TestCreateOrUpdateCredentialIssuer(t *testing.T) {
}) })
when("the config does not exist", func() { when("the config does not exist", func() {
it("creates a new config which includes only the updates made by the func parameter", func() { it("creates a new config and then updates it with the func parameter", func() {
err := CreateOrUpdateCredentialIssuer( err := CreateOrUpdateCredentialIssuerStatus(
ctx, ctx,
credentialIssuerResourceName, credentialIssuerResourceName,
map[string]string{ map[string]string{
@ -52,8 +52,8 @@ func TestCreateOrUpdateCredentialIssuer(t *testing.T) {
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
}, },
pinnipedAPIClient, pinnipedAPIClient,
func(configToUpdate *configv1alpha1.CredentialIssuer) { func(configToUpdate *configv1alpha1.CredentialIssuerStatus) {
configToUpdate.Status.KubeConfigInfo = &configv1alpha1.CredentialIssuerKubeConfigInfo{ configToUpdate.KubeConfigInfo = &configv1alpha1.CredentialIssuerKubeConfigInfo{
CertificateAuthorityData: "some-ca-value", CertificateAuthorityData: "some-ca-value",
} }
}, },
@ -64,6 +64,19 @@ func TestCreateOrUpdateCredentialIssuer(t *testing.T) {
expectedCreateAction := coretesting.NewRootCreateAction( expectedCreateAction := coretesting.NewRootCreateAction(
credentialIssuerGVR, credentialIssuerGVR,
&configv1alpha1.CredentialIssuer{
TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{
Name: credentialIssuerResourceName,
Labels: map[string]string{
"myLabelKey1": "myLabelValue1",
"myLabelKey2": "myLabelValue2",
},
},
},
)
expectedUpdateAction := coretesting.NewRootUpdateSubresourceAction(credentialIssuerGVR, "status",
&configv1alpha1.CredentialIssuer{ &configv1alpha1.CredentialIssuer{
TypeMeta: metav1.TypeMeta{}, TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
@ -74,7 +87,6 @@ func TestCreateOrUpdateCredentialIssuer(t *testing.T) {
}, },
}, },
Status: configv1alpha1.CredentialIssuerStatus{ Status: configv1alpha1.CredentialIssuerStatus{
Strategies: []configv1alpha1.CredentialIssuerStrategy{},
KubeConfigInfo: &configv1alpha1.CredentialIssuerKubeConfigInfo{ KubeConfigInfo: &configv1alpha1.CredentialIssuerKubeConfigInfo{
Server: "", Server: "",
CertificateAuthorityData: "some-ca-value", CertificateAuthorityData: "some-ca-value",
@ -83,7 +95,7 @@ func TestCreateOrUpdateCredentialIssuer(t *testing.T) {
}, },
) )
r.Equal([]coretesting.Action{expectedGetAction, expectedCreateAction}, pinnipedAPIClient.Actions()) r.Equal([]coretesting.Action{expectedGetAction, expectedCreateAction, expectedUpdateAction}, pinnipedAPIClient.Actions())
}) })
when("there is an unexpected error while creating the existing object", func() { when("there is an unexpected error while creating the existing object", func() {
@ -94,12 +106,12 @@ func TestCreateOrUpdateCredentialIssuer(t *testing.T) {
}) })
it("returns an error", func() { it("returns an error", func() {
err := CreateOrUpdateCredentialIssuer( err := CreateOrUpdateCredentialIssuerStatus(
ctx, ctx,
credentialIssuerResourceName, credentialIssuerResourceName,
map[string]string{}, map[string]string{},
pinnipedAPIClient, pinnipedAPIClient,
func(configToUpdate *configv1alpha1.CredentialIssuer) {}, func(configToUpdate *configv1alpha1.CredentialIssuerStatus) {},
) )
r.EqualError(err, "could not create or update credentialissuer: create failed: error on create") r.EqualError(err, "could not create or update credentialissuer: create failed: error on create")
}) })
@ -138,7 +150,7 @@ func TestCreateOrUpdateCredentialIssuer(t *testing.T) {
}) })
it("updates the existing config to only apply the updates made by the func parameter", func() { it("updates the existing config to only apply the updates made by the func parameter", func() {
err := CreateOrUpdateCredentialIssuer( err := CreateOrUpdateCredentialIssuerStatus(
ctx, ctx,
credentialIssuerResourceName, credentialIssuerResourceName,
map[string]string{ map[string]string{
@ -146,8 +158,8 @@ func TestCreateOrUpdateCredentialIssuer(t *testing.T) {
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
}, },
pinnipedAPIClient, pinnipedAPIClient,
func(configToUpdate *configv1alpha1.CredentialIssuer) { func(configToUpdate *configv1alpha1.CredentialIssuerStatus) {
configToUpdate.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value" configToUpdate.KubeConfigInfo.CertificateAuthorityData = "new-ca-value"
}, },
) )
r.NoError(err) r.NoError(err)
@ -157,24 +169,24 @@ func TestCreateOrUpdateCredentialIssuer(t *testing.T) {
// Only the edited field should be changed. // Only the edited field should be changed.
expectedUpdatedConfig := existingConfig.DeepCopy() expectedUpdatedConfig := existingConfig.DeepCopy()
expectedUpdatedConfig.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value" expectedUpdatedConfig.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value"
expectedUpdateAction := coretesting.NewRootUpdateAction(credentialIssuerGVR, expectedUpdatedConfig) expectedUpdateAction := coretesting.NewRootUpdateSubresourceAction(credentialIssuerGVR, "status", expectedUpdatedConfig)
r.Equal([]coretesting.Action{expectedGetAction, expectedUpdateAction}, pinnipedAPIClient.Actions()) r.Equal([]coretesting.Action{expectedGetAction, expectedUpdateAction}, pinnipedAPIClient.Actions())
}) })
it("avoids the cost of an update if the local updates made by the func parameter did not actually change anything", func() { it("avoids the cost of an update if the local updates made by the func parameter did not actually change anything", func() {
err := CreateOrUpdateCredentialIssuer( err := CreateOrUpdateCredentialIssuerStatus(
ctx, ctx,
credentialIssuerResourceName, credentialIssuerResourceName,
map[string]string{}, map[string]string{},
pinnipedAPIClient, pinnipedAPIClient,
func(configToUpdate *configv1alpha1.CredentialIssuer) { func(configToUpdate *configv1alpha1.CredentialIssuerStatus) {
configToUpdate.Status.KubeConfigInfo.CertificateAuthorityData = "initial-ca-value" configToUpdate.KubeConfigInfo.CertificateAuthorityData = "initial-ca-value"
t := configToUpdate.Status.Strategies[0].LastUpdateTime t := configToUpdate.Strategies[0].LastUpdateTime
loc, err := time.LoadLocation("Asia/Shanghai") loc, err := time.LoadLocation("Asia/Shanghai")
r.NoError(err) r.NoError(err)
configToUpdate.Status.Strategies[0].LastUpdateTime = metav1.NewTime(t.In(loc)) configToUpdate.Strategies[0].LastUpdateTime = metav1.NewTime(t.In(loc))
}, },
) )
r.NoError(err) r.NoError(err)
@ -191,12 +203,12 @@ func TestCreateOrUpdateCredentialIssuer(t *testing.T) {
}) })
it("returns an error", func() { it("returns an error", func() {
err := CreateOrUpdateCredentialIssuer( err := CreateOrUpdateCredentialIssuerStatus(
ctx, ctx,
credentialIssuerResourceName, credentialIssuerResourceName,
map[string]string{}, map[string]string{},
pinnipedAPIClient, pinnipedAPIClient,
func(configToUpdate *configv1alpha1.CredentialIssuer) {}, func(configToUpdate *configv1alpha1.CredentialIssuerStatus) {},
) )
r.EqualError(err, "could not create or update credentialissuer: get failed: error on get") r.EqualError(err, "could not create or update credentialissuer: get failed: error on get")
}) })
@ -210,13 +222,13 @@ func TestCreateOrUpdateCredentialIssuer(t *testing.T) {
}) })
it("returns an error", func() { it("returns an error", func() {
err := CreateOrUpdateCredentialIssuer( err := CreateOrUpdateCredentialIssuerStatus(
ctx, ctx,
credentialIssuerResourceName, credentialIssuerResourceName,
map[string]string{}, map[string]string{},
pinnipedAPIClient, pinnipedAPIClient,
func(configToUpdate *configv1alpha1.CredentialIssuer) { func(configToUpdate *configv1alpha1.CredentialIssuerStatus) {
configToUpdate.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value" configToUpdate.KubeConfigInfo.CertificateAuthorityData = "new-ca-value"
}, },
) )
r.EqualError(err, "could not create or update credentialissuer: error on update") r.EqualError(err, "could not create or update credentialissuer: error on update")
@ -248,7 +260,7 @@ func TestCreateOrUpdateCredentialIssuer(t *testing.T) {
}) })
it("retries updates on conflict", func() { it("retries updates on conflict", func() {
err := CreateOrUpdateCredentialIssuer( err := CreateOrUpdateCredentialIssuerStatus(
ctx, ctx,
credentialIssuerResourceName, credentialIssuerResourceName,
map[string]string{ map[string]string{
@ -256,8 +268,8 @@ func TestCreateOrUpdateCredentialIssuer(t *testing.T) {
"myLabelKey2": "myLabelValue2", "myLabelKey2": "myLabelValue2",
}, },
pinnipedAPIClient, pinnipedAPIClient,
func(configToUpdate *configv1alpha1.CredentialIssuer) { func(configToUpdate *configv1alpha1.CredentialIssuerStatus) {
configToUpdate.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value" configToUpdate.KubeConfigInfo.CertificateAuthorityData = "new-ca-value"
}, },
) )
r.NoError(err) r.NoError(err)
@ -267,13 +279,13 @@ func TestCreateOrUpdateCredentialIssuer(t *testing.T) {
// The first attempted update only includes its own edits. // The first attempted update only includes its own edits.
firstExpectedUpdatedConfig := existingConfig.DeepCopy() firstExpectedUpdatedConfig := existingConfig.DeepCopy()
firstExpectedUpdatedConfig.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value" firstExpectedUpdatedConfig.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value"
firstExpectedUpdateAction := coretesting.NewRootUpdateAction(credentialIssuerGVR, firstExpectedUpdatedConfig) firstExpectedUpdateAction := coretesting.NewRootUpdateSubresourceAction(credentialIssuerGVR, "status", firstExpectedUpdatedConfig)
// Both the edits made by this update and the edits made by the conflicting update should be included. // Both the edits made by this update and the edits made by the conflicting update should be included.
secondExpectedUpdatedConfig := existingConfig.DeepCopy() secondExpectedUpdatedConfig := existingConfig.DeepCopy()
secondExpectedUpdatedConfig.Status.KubeConfigInfo.Server = "some-other-server-value-from-conflicting-update" secondExpectedUpdatedConfig.Status.KubeConfigInfo.Server = "some-other-server-value-from-conflicting-update"
secondExpectedUpdatedConfig.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value" secondExpectedUpdatedConfig.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value"
secondExpectedUpdateAction := coretesting.NewRootUpdateAction(credentialIssuerGVR, secondExpectedUpdatedConfig) secondExpectedUpdateAction := coretesting.NewRootUpdateSubresourceAction(credentialIssuerGVR, "status", secondExpectedUpdatedConfig)
expectedActions := []coretesting.Action{ expectedActions := []coretesting.Action{
expectedGetAction, expectedGetAction,

6
internal/controller/issuerconfig/kube_config_info_publisher.go
View File

@ -104,14 +104,14 @@ func (c *kubeConigInfoPublisherController) Sync(ctx controllerlib.Context) error
server = *c.serverOverride server = *c.serverOverride
} }
updateServerAndCAFunc := func(c *configv1alpha1.CredentialIssuer) { updateServerAndCAFunc := func(c *configv1alpha1.CredentialIssuerStatus) {
c.Status.KubeConfigInfo = &configv1alpha1.CredentialIssuerKubeConfigInfo{ c.KubeConfigInfo = &configv1alpha1.CredentialIssuerKubeConfigInfo{
Server: server, Server: server,
CertificateAuthorityData: certificateAuthorityData, CertificateAuthorityData: certificateAuthorityData,
} }
} }
return CreateOrUpdateCredentialIssuer( return CreateOrUpdateCredentialIssuerStatus(
ctx.Context, ctx.Context,
c.credentialIssuerResourceName, c.credentialIssuerResourceName,
c.credentialIssuerLabels, c.credentialIssuerLabels,

43
internal/controller/issuerconfig/kube_config_info_publisher_test.go
View File

@ -115,12 +115,23 @@ func TestSync(t *testing.T) {
var timeoutContextCancel context.CancelFunc var timeoutContextCancel context.CancelFunc
var syncContext *controllerlib.Context var syncContext *controllerlib.Context
var expectedCredentialIssuer = func(expectedServerURL, expectedCAData string) (schema.GroupVersionResource, *configv1alpha1.CredentialIssuer) { var expectedCredentialIssuer = func(expectedServerURL, expectedCAData string) (schema.GroupVersionResource, *configv1alpha1.CredentialIssuer, *configv1alpha1.CredentialIssuer) {
expectedCredentialIssuerGVR := schema.GroupVersionResource{ expectedCredentialIssuerGVR := schema.GroupVersionResource{
Group: configv1alpha1.GroupName, Group: configv1alpha1.GroupName,
Version: "v1alpha1", Version: "v1alpha1",
Resource: "credentialissuers", Resource: "credentialissuers",
} }
expectedCreateCredentialIssuer := &configv1alpha1.CredentialIssuer{
ObjectMeta: metav1.ObjectMeta{
Name: credentialIssuerResourceName,
Labels: map[string]string{
"myLabelKey1": "myLabelValue1",
"myLabelKey2": "myLabelValue2",
},
},
}
expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{ expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: credentialIssuerResourceName, Name: credentialIssuerResourceName,
@ -130,14 +141,13 @@ func TestSync(t *testing.T) {
}, },
}, },
Status: configv1alpha1.CredentialIssuerStatus{ Status: configv1alpha1.CredentialIssuerStatus{
Strategies: []configv1alpha1.CredentialIssuerStrategy{},
KubeConfigInfo: &configv1alpha1.CredentialIssuerKubeConfigInfo{ KubeConfigInfo: &configv1alpha1.CredentialIssuerKubeConfigInfo{
Server: expectedServerURL, Server: expectedServerURL,
CertificateAuthorityData: expectedCAData, CertificateAuthorityData: expectedCAData,
}, },
}, },
} }
return expectedCredentialIssuerGVR, expectedCredentialIssuer return expectedCredentialIssuerGVR, expectedCreateCredentialIssuer, expectedCredentialIssuer
} }
// Defer starting the informers until the last possible moment so that the // Defer starting the informers until the last possible moment so that the
@ -217,16 +227,21 @@ func TestSync(t *testing.T) {
err := controllerlib.TestSync(t, subject, *syncContext) err := controllerlib.TestSync(t, subject, *syncContext)
r.NoError(err) r.NoError(err)
expectedCredentialIssuerGVR, expectedCredentialIssuer := expectedCredentialIssuer( expectedCredentialIssuerGVR, expectedCreateCredentialIssuer, expectedCredentialIssuer := expectedCredentialIssuer(
kubeServerURL, kubeServerURL,
caData, caData,
) )
r.Equal( r.Equal(
[]coretesting.Action{ []coretesting.Action{
coretesting.NewRootGetAction(expectedCredentialIssuerGVR, expectedCredentialIssuer.Name), coretesting.NewRootGetAction(expectedCredentialIssuerGVR, expectedCreateCredentialIssuer.Name),
coretesting.NewRootCreateAction( coretesting.NewRootCreateAction(
expectedCredentialIssuerGVR, expectedCredentialIssuerGVR,
expectedCreateCredentialIssuer,
),
coretesting.NewRootUpdateSubresourceAction(
expectedCredentialIssuerGVR,
"status",
expectedCredentialIssuer, expectedCredentialIssuer,
), ),
}, },
@ -261,7 +276,7 @@ func TestSync(t *testing.T) {
err := controllerlib.TestSync(t, subject, *syncContext) err := controllerlib.TestSync(t, subject, *syncContext)
r.NoError(err) r.NoError(err)
expectedCredentialIssuerGVR, expectedCredentialIssuer := expectedCredentialIssuer( expectedCredentialIssuerGVR, expectedCreateCredentialIssuer, expectedCredentialIssuer := expectedCredentialIssuer(
kubeServerURL, kubeServerURL,
caData, caData,
) )
@ -269,9 +284,14 @@ func TestSync(t *testing.T) {
r.Equal( r.Equal(
[]coretesting.Action{ []coretesting.Action{
coretesting.NewRootGetAction(expectedCredentialIssuerGVR, expectedCredentialIssuer.Name), coretesting.NewRootGetAction(expectedCredentialIssuerGVR, expectedCreateCredentialIssuer.Name),
coretesting.NewRootCreateAction( coretesting.NewRootCreateAction(
expectedCredentialIssuerGVR, expectedCredentialIssuerGVR,
expectedCreateCredentialIssuer,
),
coretesting.NewRootUpdateSubresourceAction(
expectedCredentialIssuerGVR,
"status",
expectedCredentialIssuer, expectedCredentialIssuer,
), ),
}, },
@ -287,7 +307,7 @@ func TestSync(t *testing.T) {
var credentialIssuer *configv1alpha1.CredentialIssuer var credentialIssuer *configv1alpha1.CredentialIssuer
it.Before(func() { it.Before(func() {
credentialIssuerGVR, credentialIssuer = expectedCredentialIssuer( credentialIssuerGVR, _, credentialIssuer = expectedCredentialIssuer(
kubeServerURL, kubeServerURL,
caData, caData,
) )
@ -311,7 +331,7 @@ func TestSync(t *testing.T) {
when("the CredentialIssuer is stale compared to the data in the ConfigMap", func() { when("the CredentialIssuer is stale compared to the data in the ConfigMap", func() {
it.Before(func() { it.Before(func() {
_, expectedCredentialIssuer := expectedCredentialIssuer( _, _, expectedCredentialIssuer := expectedCredentialIssuer(
kubeServerURL, kubeServerURL,
caData, caData,
) )
@ -324,14 +344,15 @@ func TestSync(t *testing.T) {
err := controllerlib.TestSync(t, subject, *syncContext) err := controllerlib.TestSync(t, subject, *syncContext)
r.NoError(err) r.NoError(err)
expectedCredentialIssuerGVR, expectedCredentialIssuer := expectedCredentialIssuer( expectedCredentialIssuerGVR, _, expectedCredentialIssuer := expectedCredentialIssuer(
kubeServerURL, kubeServerURL,
caData, caData,
) )
expectedActions := []coretesting.Action{ expectedActions := []coretesting.Action{
coretesting.NewRootGetAction(expectedCredentialIssuerGVR, expectedCredentialIssuer.Name), coretesting.NewRootGetAction(expectedCredentialIssuerGVR, expectedCredentialIssuer.Name),
coretesting.NewRootUpdateAction( coretesting.NewRootUpdateSubresourceAction(
expectedCredentialIssuerGVR, expectedCredentialIssuerGVR,
"status",
expectedCredentialIssuer, expectedCredentialIssuer,
), ),
} }

16
internal/controller/kubecertagent/annotater_test.go
View File

@ -265,8 +265,9 @@ func TestAnnotaterControllerSync(t *testing.T) {
credentialIssuerGVR, credentialIssuerGVR,
credentialIssuerResourceName, credentialIssuerResourceName,
) )
expectedUpdateAction := coretesting.NewRootUpdateAction( expectedUpdateAction := coretesting.NewRootUpdateSubresourceAction(
credentialIssuerGVR, credentialIssuerGVR,
"status",
expectedCredentialIssuer, expectedCredentialIssuer,
) )
@ -304,6 +305,13 @@ func TestAnnotaterControllerSync(t *testing.T) {
startInformersAndController() startInformersAndController()
err := controllerlib.TestSync(t, subject, *syncContext) err := controllerlib.TestSync(t, subject, *syncContext)
expectedCreateCredentialIssuer := &configv1alpha1.CredentialIssuer{
TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{
Name: credentialIssuerResourceName,
},
}
expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{ expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{
TypeMeta: metav1.TypeMeta{}, TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
@ -327,6 +335,11 @@ func TestAnnotaterControllerSync(t *testing.T) {
) )
expectedCreateAction := coretesting.NewRootCreateAction( expectedCreateAction := coretesting.NewRootCreateAction(
credentialIssuerGVR, credentialIssuerGVR,
expectedCreateCredentialIssuer,
)
expectedUpdateAction := coretesting.NewRootUpdateSubresourceAction(
credentialIssuerGVR,
"status",
expectedCredentialIssuer, expectedCredentialIssuer,
) )
@ -335,6 +348,7 @@ func TestAnnotaterControllerSync(t *testing.T) {
[]coretesting.Action{ []coretesting.Action{
expectedGetAction, expectedGetAction,
expectedCreateAction, expectedCreateAction,
expectedUpdateAction,
}, },
pinnipedAPIClient.Actions(), pinnipedAPIClient.Actions(),
) )

40
internal/controller/kubecertagent/creater_test.go
View File

@ -336,8 +336,9 @@ func TestCreaterControllerSync(t *testing.T) {
credentialIssuerGVR, credentialIssuerGVR,
credentialIssuerResourceName, credentialIssuerResourceName,
) )
expectedUpdateAction := coretesting.NewRootUpdateAction( expectedUpdateAction := coretesting.NewRootUpdateSubresourceAction(
credentialIssuerGVR, credentialIssuerGVR,
"status",
expectedCredentialIssuer, expectedCredentialIssuer,
) )
@ -375,6 +376,17 @@ func TestCreaterControllerSync(t *testing.T) {
startInformersAndController() startInformersAndController()
err := controllerlib.TestSync(t, subject, *syncContext) err := controllerlib.TestSync(t, subject, *syncContext)
expectedCreateCredentialIssuer := &configv1alpha1.CredentialIssuer{
TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{
Name: credentialIssuerResourceName,
Labels: map[string]string{
"myLabelKey1": "myLabelValue1",
"myLabelKey2": "myLabelValue2",
},
},
}
expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{ expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{
TypeMeta: metav1.TypeMeta{}, TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
@ -402,6 +414,11 @@ func TestCreaterControllerSync(t *testing.T) {
) )
expectedCreateAction := coretesting.NewRootCreateAction( expectedCreateAction := coretesting.NewRootCreateAction(
credentialIssuerGVR, credentialIssuerGVR,
expectedCreateCredentialIssuer,
)
expectedUpdateAction := coretesting.NewRootUpdateSubresourceAction(
credentialIssuerGVR,
"status",
expectedCredentialIssuer, expectedCredentialIssuer,
) )
@ -410,6 +427,7 @@ func TestCreaterControllerSync(t *testing.T) {
[]coretesting.Action{ []coretesting.Action{
expectedGetAction, expectedGetAction,
expectedCreateAction, expectedCreateAction,
expectedUpdateAction,
}, },
pinnipedAPIClient.Actions(), pinnipedAPIClient.Actions(),
) )
@ -458,8 +476,9 @@ func TestCreaterControllerSync(t *testing.T) {
credentialIssuerGVR, credentialIssuerGVR,
credentialIssuerResourceName, credentialIssuerResourceName,
) )
expectedUpdateAction := coretesting.NewRootUpdateAction( expectedUpdateAction := coretesting.NewRootUpdateSubresourceAction(
credentialIssuerGVR, credentialIssuerGVR,
"status",
expectedCredentialIssuer, expectedCredentialIssuer,
) )
@ -514,6 +533,17 @@ func TestCreaterControllerSync(t *testing.T) {
startInformersAndController() startInformersAndController()
err := controllerlib.TestSync(t, subject, *syncContext) err := controllerlib.TestSync(t, subject, *syncContext)
expectedCreateCredentialIssuer := &configv1alpha1.CredentialIssuer{
TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{
Name: credentialIssuerResourceName,
Labels: map[string]string{
"myLabelKey1": "myLabelValue1",
"myLabelKey2": "myLabelValue2",
},
},
}
expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{ expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{
TypeMeta: metav1.TypeMeta{}, TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
@ -541,6 +571,11 @@ func TestCreaterControllerSync(t *testing.T) {
) )
expectedCreateAction := coretesting.NewRootCreateAction( expectedCreateAction := coretesting.NewRootCreateAction(
credentialIssuerGVR, credentialIssuerGVR,
expectedCreateCredentialIssuer,
)
expectedUpdateAction := coretesting.NewRootUpdateSubresourceAction(
credentialIssuerGVR,
"status",
expectedCredentialIssuer, expectedCredentialIssuer,
) )
@ -549,6 +584,7 @@ func TestCreaterControllerSync(t *testing.T) {
[]coretesting.Action{ []coretesting.Action{
expectedGetAction, expectedGetAction,
expectedCreateAction, expectedCreateAction,
expectedUpdateAction,
}, },
pinnipedAPIClient.Actions(), pinnipedAPIClient.Actions(),
) )

38
internal/controller/kubecertagent/execer_test.go
View File

@ -358,7 +358,7 @@ func TestManagerControllerSync(t *testing.T) {
}, },
} }
expectedGetAction := coretesting.NewRootGetAction(credentialIssuerGVR, credentialIssuerResourceName) expectedGetAction := coretesting.NewRootGetAction(credentialIssuerGVR, credentialIssuerResourceName)
expectedCreateAction := coretesting.NewRootUpdateAction(credentialIssuerGVR, expectedCredentialIssuer) expectedCreateAction := coretesting.NewRootUpdateSubresourceAction(credentialIssuerGVR, "status", expectedCredentialIssuer)
r.Equal([]coretesting.Action{expectedGetAction, expectedCreateAction}, pinnipedAPIClient.Actions()) r.Equal([]coretesting.Action{expectedGetAction, expectedCreateAction}, pinnipedAPIClient.Actions())
}) })
@ -389,6 +389,13 @@ func TestManagerControllerSync(t *testing.T) {
it("also creates the the CredentialIssuer with the appropriate status field", func() { it("also creates the the CredentialIssuer with the appropriate status field", func() {
r.NoError(controllerlib.TestSync(t, subject, *syncContext)) r.NoError(controllerlib.TestSync(t, subject, *syncContext))
expectedCreateCredentialIssuer := &configv1alpha1.CredentialIssuer{
TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{
Name: credentialIssuerResourceName,
},
}
expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{ expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{
TypeMeta: metav1.TypeMeta{}, TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
@ -407,8 +414,9 @@ func TestManagerControllerSync(t *testing.T) {
}, },
} }
expectedGetAction := coretesting.NewRootGetAction(credentialIssuerGVR, credentialIssuerResourceName) expectedGetAction := coretesting.NewRootGetAction(credentialIssuerGVR, credentialIssuerResourceName)
expectedCreateAction := coretesting.NewRootCreateAction(credentialIssuerGVR, expectedCredentialIssuer) expectedCreateAction := coretesting.NewRootCreateAction(credentialIssuerGVR, expectedCreateCredentialIssuer)
r.Equal([]coretesting.Action{expectedGetAction, expectedCreateAction}, pinnipedAPIClient.Actions()) expectedUpdateAction := coretesting.NewRootUpdateSubresourceAction(credentialIssuerGVR, "status", expectedCredentialIssuer)
r.Equal([]coretesting.Action{expectedGetAction, expectedCreateAction, expectedUpdateAction}, pinnipedAPIClient.Actions())
}) })
}) })
}) })
@ -431,6 +439,13 @@ func TestManagerControllerSync(t *testing.T) {
it("creates or updates the the CredentialIssuer status field with an error", func() { it("creates or updates the the CredentialIssuer status field with an error", func() {
r.EqualError(controllerlib.TestSync(t, subject, *syncContext), podExecErrorMessage) r.EqualError(controllerlib.TestSync(t, subject, *syncContext), podExecErrorMessage)
expectedCreateCredentialIssuer := &configv1alpha1.CredentialIssuer{
TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{
Name: credentialIssuerResourceName,
},
}
expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{ expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{
TypeMeta: metav1.TypeMeta{}, TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
@ -449,8 +464,9 @@ func TestManagerControllerSync(t *testing.T) {
}, },
} }
expectedGetAction := coretesting.NewRootGetAction(credentialIssuerGVR, credentialIssuerResourceName) expectedGetAction := coretesting.NewRootGetAction(credentialIssuerGVR, credentialIssuerResourceName)
expectedCreateAction := coretesting.NewRootCreateAction(credentialIssuerGVR, expectedCredentialIssuer) expectedCreateAction := coretesting.NewRootCreateAction(credentialIssuerGVR, expectedCreateCredentialIssuer)
r.Equal([]coretesting.Action{expectedGetAction, expectedCreateAction}, pinnipedAPIClient.Actions()) expectedUpdateAction := coretesting.NewRootUpdateSubresourceAction(credentialIssuerGVR, "status", expectedCredentialIssuer)
r.Equal([]coretesting.Action{expectedGetAction, expectedCreateAction, expectedUpdateAction}, pinnipedAPIClient.Actions())
}) })
}) })
@ -472,6 +488,13 @@ func TestManagerControllerSync(t *testing.T) {
it("creates or updates the the CredentialIssuer status field with an error", func() { it("creates or updates the the CredentialIssuer status field with an error", func() {
r.EqualError(controllerlib.TestSync(t, subject, *syncContext), podExecErrorMessage) r.EqualError(controllerlib.TestSync(t, subject, *syncContext), podExecErrorMessage)
expectedCreateCredentialIssuer := &configv1alpha1.CredentialIssuer{
TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{
Name: credentialIssuerResourceName,
},
}
expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{ expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{
TypeMeta: metav1.TypeMeta{}, TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
@ -490,8 +513,9 @@ func TestManagerControllerSync(t *testing.T) {
}, },
} }
expectedGetAction := coretesting.NewRootGetAction(credentialIssuerGVR, credentialIssuerResourceName) expectedGetAction := coretesting.NewRootGetAction(credentialIssuerGVR, credentialIssuerResourceName)
expectedCreateAction := coretesting.NewRootCreateAction(credentialIssuerGVR, expectedCredentialIssuer) expectedCreateAction := coretesting.NewRootCreateAction(credentialIssuerGVR, expectedCreateCredentialIssuer)
r.Equal([]coretesting.Action{expectedGetAction, expectedCreateAction}, pinnipedAPIClient.Actions()) expectedUpdateAction := coretesting.NewRootUpdateSubresourceAction(credentialIssuerGVR, "status", expectedCredentialIssuer)
r.Equal([]coretesting.Action{expectedGetAction, expectedCreateAction, expectedUpdateAction}, pinnipedAPIClient.Actions())
}) })
}) })
}) })

6
internal/controller/kubecertagent/kubecertagent.go
View File

@ -287,19 +287,19 @@ func createOrUpdateCredentialIssuer(ctx context.Context,
pinnipedAPIClient pinnipedclientset.Interface, pinnipedAPIClient pinnipedclientset.Interface,
err error, err error,
) error { ) error {
return issuerconfig.CreateOrUpdateCredentialIssuer( return issuerconfig.CreateOrUpdateCredentialIssuerStatus(
ctx, ctx,
ciConfig.Name, ciConfig.Name,
credentialIssuerLabels, credentialIssuerLabels,
pinnipedAPIClient, pinnipedAPIClient,
func(configToUpdate *configv1alpha1.CredentialIssuer) { func(configToUpdate *configv1alpha1.CredentialIssuerStatus) {
var strategyResult configv1alpha1.CredentialIssuerStrategy var strategyResult configv1alpha1.CredentialIssuerStrategy
if err == nil { if err == nil {
strategyResult = strategySuccess(clock) strategyResult = strategySuccess(clock)
} else { } else {
strategyResult = strategyError(clock, err) strategyResult = strategyError(clock, err)
} }
configToUpdate.Status.Strategies = []configv1alpha1.CredentialIssuerStrategy{ configToUpdate.Strategies = []configv1alpha1.CredentialIssuerStrategy{
strategyResult, strategyResult,
} }
}, },

3
test/integration/kubeclient_test.go
View File

@ -220,9 +220,6 @@ func TestKubeClientOwnerRef(t *testing.T) {
GenerateName: "owner-ref-test-", GenerateName: "owner-ref-test-",
OwnerReferences: nil, // no owner refs set OwnerReferences: nil, // no owner refs set
}, },
Status: conciergeconfigv1alpha1.CredentialIssuerStatus{
Strategies: []conciergeconfigv1alpha1.CredentialIssuerStrategy{},
},
}, },
metav1.CreateOptions{}, metav1.CreateOptions{},
) )