Secrets owned by Deployment
have Controller: false
- This is to prevent K8s internal Deployment controller from trying to manage these objects Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
parent
2e784e006c
commit
9d9040944a
@ -64,12 +64,23 @@ func generateSecret(namespace, name string, labels map[string]string, secretData
|
|||||||
Version: appsv1.SchemeGroupVersion.Version,
|
Version: appsv1.SchemeGroupVersion.Version,
|
||||||
Kind: "Deployment",
|
Kind: "Deployment",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
blockOwnerDeletion := true
|
||||||
|
isController := false
|
||||||
|
|
||||||
return &corev1.Secret{
|
return &corev1.Secret{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Name: name,
|
Name: name,
|
||||||
Namespace: namespace,
|
Namespace: namespace,
|
||||||
OwnerReferences: []metav1.OwnerReference{
|
OwnerReferences: []metav1.OwnerReference{
|
||||||
*metav1.NewControllerRef(owner, deploymentGVK),
|
{
|
||||||
|
APIVersion: deploymentGVK.GroupVersion().String(),
|
||||||
|
Kind: deploymentGVK.Kind,
|
||||||
|
Name: owner.GetName(),
|
||||||
|
UID: owner.GetUID(),
|
||||||
|
BlockOwnerDeletion: &blockOwnerDeletion,
|
||||||
|
Controller: &isController,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
Labels: labels,
|
Labels: labels,
|
||||||
},
|
},
|
||||||
|
@ -56,7 +56,13 @@ func NewSupervisorSecretsController(
|
|||||||
withInformer(
|
withInformer(
|
||||||
secretInformer,
|
secretInformer,
|
||||||
pinnipedcontroller.SimpleFilter(func(obj metav1.Object) bool {
|
pinnipedcontroller.SimpleFilter(func(obj metav1.Object) bool {
|
||||||
return metav1.IsControlledBy(obj, owner)
|
ownerReferences := obj.GetOwnerReferences()
|
||||||
|
for i := range obj.GetOwnerReferences() {
|
||||||
|
if ownerReferences[i].UID == owner.GetUID() {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
}, nil),
|
}, nil),
|
||||||
controllerlib.InformerOption{},
|
controllerlib.InformerOption{},
|
||||||
),
|
),
|
||||||
|
@ -46,6 +46,7 @@ var (
|
|||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// TODO want what??
|
||||||
func TestSupervisorSecretsControllerFilterSecret(t *testing.T) {
|
func TestSupervisorSecretsControllerFilterSecret(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
@ -57,56 +58,41 @@ func TestSupervisorSecretsControllerFilterSecret(t *testing.T) {
|
|||||||
wantDelete bool
|
wantDelete bool
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
name: "no owner reference",
|
name: "owner reference is missing",
|
||||||
secret: corev1.Secret{
|
secret: corev1.Secret{
|
||||||
ObjectMeta: metav1.ObjectMeta{},
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Namespace: "some-namespace",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "owner reference without controller set to true",
|
name: "owner reference with incorrect `APIVersion`",
|
||||||
secret: corev1.Secret{
|
secret: corev1.Secret{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Namespace: "some-namespace",
|
Namespace: "some-namespace",
|
||||||
OwnerReferences: []metav1.OwnerReference{
|
OwnerReferences: []metav1.OwnerReference{
|
||||||
{
|
{
|
||||||
APIVersion: ownerGVK.String(),
|
Name: owner.GetName(),
|
||||||
Name: "some-name",
|
|
||||||
Kind: ownerGVK.Kind,
|
Kind: ownerGVK.Kind,
|
||||||
UID: owner.GetUID(),
|
UID: owner.GetUID(),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "owner reference without correct APIVersion",
|
|
||||||
secret: corev1.Secret{
|
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
|
||||||
Namespace: "some-namespace",
|
|
||||||
OwnerReferences: []metav1.OwnerReference{
|
|
||||||
{
|
|
||||||
Name: "some-name",
|
|
||||||
Kind: ownerGVK.Kind,
|
|
||||||
Controller: boolPtr(true),
|
|
||||||
UID: owner.GetUID(),
|
|
||||||
}},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
wantAdd: true,
|
wantAdd: true,
|
||||||
wantUpdate: true,
|
wantUpdate: true,
|
||||||
wantDelete: true,
|
wantDelete: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "owner reference without correct Kind",
|
name: "owner reference with incorrect `Kind`",
|
||||||
secret: corev1.Secret{
|
secret: corev1.Secret{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Namespace: "some-namespace",
|
Namespace: "some-namespace",
|
||||||
OwnerReferences: []metav1.OwnerReference{
|
OwnerReferences: []metav1.OwnerReference{
|
||||||
{
|
{
|
||||||
APIVersion: ownerGVK.String(),
|
APIVersion: ownerGVK.String(),
|
||||||
Name: "some-name",
|
Name: owner.GetName(),
|
||||||
Kind: "IncorrectKind",
|
Kind: "IncorrectKind",
|
||||||
Controller: boolPtr(true),
|
|
||||||
UID: owner.GetUID(),
|
UID: owner.GetUID(),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -117,7 +103,7 @@ func TestSupervisorSecretsControllerFilterSecret(t *testing.T) {
|
|||||||
wantDelete: true,
|
wantDelete: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "correct owner reference",
|
name: "owner reference with `Controller`: true",
|
||||||
secret: corev1.Secret{
|
secret: corev1.Secret{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Namespace: "some-namespace",
|
Namespace: "some-namespace",
|
||||||
@ -131,7 +117,42 @@ func TestSupervisorSecretsControllerFilterSecret(t *testing.T) {
|
|||||||
wantDelete: true,
|
wantDelete: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "multiple owner references",
|
name: "expected owner reference with incorrect `UID`",
|
||||||
|
secret: corev1.Secret{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Namespace: "some-namespace",
|
||||||
|
OwnerReferences: []metav1.OwnerReference{
|
||||||
|
{
|
||||||
|
APIVersion: ownerGVK.String(),
|
||||||
|
Name: owner.GetName(),
|
||||||
|
Kind: ownerGVK.Kind,
|
||||||
|
UID: "DOES_NOT_MATCH",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "expected owner reference - where `Controller`: false",
|
||||||
|
secret: corev1.Secret{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Namespace: "some-namespace",
|
||||||
|
OwnerReferences: []metav1.OwnerReference{
|
||||||
|
{
|
||||||
|
APIVersion: ownerGVK.String(),
|
||||||
|
Name: owner.GetName(),
|
||||||
|
Kind: ownerGVK.Kind,
|
||||||
|
UID: owner.GetUID(),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
wantAdd: true,
|
||||||
|
wantUpdate: true,
|
||||||
|
wantDelete: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "multiple owner references (expected owner reference, and one more)",
|
||||||
secret: corev1.Secret{
|
secret: corev1.Secret{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Namespace: "some-namespace",
|
Namespace: "some-namespace",
|
||||||
@ -139,7 +160,12 @@ func TestSupervisorSecretsControllerFilterSecret(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Kind: "UnrelatedKind",
|
Kind: "UnrelatedKind",
|
||||||
},
|
},
|
||||||
*metav1.NewControllerRef(owner, ownerGVK),
|
{
|
||||||
|
APIVersion: ownerGVK.String(),
|
||||||
|
Name: owner.GetName(),
|
||||||
|
Kind: ownerGVK.Kind,
|
||||||
|
UID: owner.GetUID(),
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -215,12 +241,21 @@ func TestSupervisorSecretsControllerSync(t *testing.T) {
|
|||||||
generatedSymmetricKey = []byte("some-neato-32-byte-generated-key")
|
generatedSymmetricKey = []byte("some-neato-32-byte-generated-key")
|
||||||
otherGeneratedSymmetricKey = []byte("some-funio-32-byte-generated-key")
|
otherGeneratedSymmetricKey = []byte("some-funio-32-byte-generated-key")
|
||||||
|
|
||||||
|
blockOwnerDeletion = true
|
||||||
|
isController = false
|
||||||
generatedSecret = &corev1.Secret{
|
generatedSecret = &corev1.Secret{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Name: generatedSecretName,
|
Name: generatedSecretName,
|
||||||
Namespace: generatedSecretNamespace,
|
Namespace: generatedSecretNamespace,
|
||||||
OwnerReferences: []metav1.OwnerReference{
|
OwnerReferences: []metav1.OwnerReference{
|
||||||
*metav1.NewControllerRef(owner, ownerGVK),
|
{
|
||||||
|
APIVersion: ownerGVK.GroupVersion().String(),
|
||||||
|
Kind: ownerGVK.Kind,
|
||||||
|
Name: owner.GetName(),
|
||||||
|
UID: owner.GetUID(),
|
||||||
|
BlockOwnerDeletion: &blockOwnerDeletion,
|
||||||
|
Controller: &isController,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
Labels: labels,
|
Labels: labels,
|
||||||
},
|
},
|
||||||
@ -235,7 +270,14 @@ func TestSupervisorSecretsControllerSync(t *testing.T) {
|
|||||||
Name: generatedSecretName,
|
Name: generatedSecretName,
|
||||||
Namespace: generatedSecretNamespace,
|
Namespace: generatedSecretNamespace,
|
||||||
OwnerReferences: []metav1.OwnerReference{
|
OwnerReferences: []metav1.OwnerReference{
|
||||||
*metav1.NewControllerRef(owner, ownerGVK),
|
{
|
||||||
|
APIVersion: ownerGVK.GroupVersion().String(),
|
||||||
|
Kind: ownerGVK.Kind,
|
||||||
|
Name: owner.GetName(),
|
||||||
|
UID: owner.GetUID(),
|
||||||
|
BlockOwnerDeletion: &blockOwnerDeletion,
|
||||||
|
Controller: &isController,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
Labels: labels,
|
Labels: labels,
|
||||||
},
|
},
|
||||||
|
Loading…
Reference in New Issue
Block a user