djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rename for clarity

Browse Source 
- makes space for OIDCPrivder related controller
This commit is contained in:
aram price 2020-12-11 16:05:08 -08:00 committed by Andrew Keesler
parent 022dcd1909
commit 9e2213cbae
No known key found for this signature in database
GPG Key ID: 27CE0444346F9413
3 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/pinniped-supervisor/main.go
View File

@ -32,7 +32,7 @@ import (
pinnipedinformers "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions" pinnipedinformers "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions"
"go.pinniped.dev/internal/config/supervisor" "go.pinniped.dev/internal/config/supervisor"
"go.pinniped.dev/internal/controller/supervisorconfig" "go.pinniped.dev/internal/controller/supervisorconfig"
"go.pinniped.dev/internal/controller/supervisorconfig/secretgenerator" "go.pinniped.dev/internal/controller/supervisorconfig/generator"
"go.pinniped.dev/internal/controller/supervisorconfig/upstreamwatcher" "go.pinniped.dev/internal/controller/supervisorconfig/upstreamwatcher"
"go.pinniped.dev/internal/controllerlib" "go.pinniped.dev/internal/controllerlib"
"go.pinniped.dev/internal/downward" "go.pinniped.dev/internal/downward"
@ -132,7 +132,7 @@ func startControllers(
singletonWorker, singletonWorker,
). ).
WithController( WithController(
secretgenerator.New( generator.NewSupervisorSecretsController(
supervisorDeployment, supervisorDeployment,
kubeClient, kubeClient,
kubeInformers.Core().V1().Secrets(), kubeInformers.Core().V1().Secrets(),

22
internal/controller/supervisorconfig/secretgenerator/secretgenerator.go → internal/controller/supervisorconfig/generator/supervisor_secrets.go
View File

@ -1,8 +1,8 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved. // Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
// Package secretgenerator provides a controller that can ensure existence of a generated secret. // Package secretgenerator provides a supervisorSecretsController that can ensure existence of a generated secret.
package secretgenerator package generator
import ( import (
"context" "context"
@ -43,15 +43,15 @@ func generateSymmetricKey() ([]byte, error) {
return b, nil return b, nil
} }
type controller struct { type supervisorSecretsController struct {
owner *appsv1.Deployment owner *appsv1.Deployment
client kubernetes.Interface client kubernetes.Interface
secrets corev1informers.SecretInformer secrets corev1informers.SecretInformer
setCache func(secret []byte) setCache func(secret []byte)
} }
// New instantiates a new controllerlib.Controller which will ensure existence of a generated secret. // NewSupervisorSecretsController instantiates a new controllerlib.Controller which will ensure existence of a generated secret.
func New( func NewSupervisorSecretsController(
// TODO: label the generated secret like we do in the JWKSWriterController // TODO: label the generated secret like we do in the JWKSWriterController
// TODO: generate the name for the secret and label the secret with the UID of the owner? So that we don't have naming conflicts if the user has already created a Secret with that name. // TODO: generate the name for the secret and label the secret with the UID of the owner? So that we don't have naming conflicts if the user has already created a Secret with that name.
// TODO: add tests for the filter like we do in the JWKSWriterController? // TODO: add tests for the filter like we do in the JWKSWriterController?
@ -60,7 +60,7 @@ func New(
secrets corev1informers.SecretInformer, secrets corev1informers.SecretInformer,
setCache func(secret []byte), setCache func(secret []byte),
) controllerlib.Controller { ) controllerlib.Controller {
c := controller{ c := supervisorSecretsController{
owner: owner, owner: owner,
client: client, client: client,
secrets: secrets, secrets: secrets,
@ -80,7 +80,7 @@ func New(
} }
// Sync implements controllerlib.Syncer.Sync(). // Sync implements controllerlib.Syncer.Sync().
func (c *controller) Sync(ctx controllerlib.Context) error { func (c *supervisorSecretsController) Sync(ctx controllerlib.Context) error {
secret, err := c.secrets.Lister().Secrets(ctx.Key.Namespace).Get(ctx.Key.Name) secret, err := c.secrets.Lister().Secrets(ctx.Key.Namespace).Get(ctx.Key.Name)
isNotFound := k8serrors.IsNotFound(err) isNotFound := k8serrors.IsNotFound(err)
if !isNotFound && err != nil { if !isNotFound && err != nil {
@ -113,7 +113,7 @@ func (c *controller) Sync(ctx controllerlib.Context) error {
return nil return nil
} }
func (c *controller) isValid(secret *corev1.Secret) bool { func (c *supervisorSecretsController) isValid(secret *corev1.Secret) bool {
if secret.Type != symmetricKeySecretType { if secret.Type != symmetricKeySecretType {
return false return false
} }
@ -129,7 +129,7 @@ func (c *controller) isValid(secret *corev1.Secret) bool {
return true return true
} }
func (c *controller) generateSecret(namespace, name string) (*corev1.Secret, error) { func (c *supervisorSecretsController) generateSecret(namespace, name string) (*corev1.Secret, error) {
symmetricKey, err := generateKey() symmetricKey, err := generateKey()
if err != nil { if err != nil {
return nil, err return nil, err
@ -155,12 +155,12 @@ func (c *controller) generateSecret(namespace, name string) (*corev1.Secret, err
}, nil }, nil
} }
func (c *controller) createSecret(ctx context.Context, newSecret *corev1.Secret) error { func (c *supervisorSecretsController) createSecret(ctx context.Context, newSecret *corev1.Secret) error {
_, err := c.client.CoreV1().Secrets(newSecret.Namespace).Create(ctx, newSecret, metav1.CreateOptions{}) _, err := c.client.CoreV1().Secrets(newSecret.Namespace).Create(ctx, newSecret, metav1.CreateOptions{})
return err return err
} }
func (c *controller) updateSecret(ctx context.Context, newSecret **corev1.Secret, secretName string) error { func (c *supervisorSecretsController) updateSecret(ctx context.Context, newSecret **corev1.Secret, secretName string) error {
secrets := c.client.CoreV1().Secrets((*newSecret).Namespace) secrets := c.client.CoreV1().Secrets((*newSecret).Namespace)
return retry.RetryOnConflict(retry.DefaultBackoff, func() error { return retry.RetryOnConflict(retry.DefaultBackoff, func() error {
currentSecret, err := secrets.Get(ctx, secretName, metav1.GetOptions{}) currentSecret, err := secrets.Get(ctx, secretName, metav1.GetOptions{})

4
internal/controller/supervisorconfig/secretgenerator/secretgenerator_test.go → internal/controller/supervisorconfig/generator/supervisor_secrets_test.go
View File

@ -1,7 +1,7 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved. // Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package secretgenerator package generator
import ( import (
"context" "context"
@ -307,7 +307,7 @@ func TestController(t *testing.T) {
secrets := informers.Core().V1().Secrets() secrets := informers.Core().V1().Secrets()
var callbackSecret []byte var callbackSecret []byte
c := New(owner, apiClient, secrets, func(secret []byte) { c := NewSupervisorSecretsController(owner, apiClient, secrets, func(secret []byte) {
require.Nil(t, callbackSecret, "callback was called twice") require.Nil(t, callbackSecret, "callback was called twice")
callbackSecret = secret callbackSecret = secret
}) })