Update federation domain logic to use status subresource
Signed-off-by: Monis Khan <mok@vmware.com>
This commit is contained in:
parent
4c304e4224
commit
b04fd46319
@ -175,8 +175,8 @@ func startControllers(
|
||||
secretCache.SetTokenHMACKey(federationDomainIssuer, symmetricKey)
|
||||
},
|
||||
),
|
||||
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
|
||||
return &fd.Status.Secrets.TokenSigningKey
|
||||
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
|
||||
return &fd.Secrets.TokenSigningKey
|
||||
},
|
||||
kubeClient,
|
||||
pinnipedClient,
|
||||
@ -198,8 +198,8 @@ func startControllers(
|
||||
secretCache.SetStateEncoderHashKey(federationDomainIssuer, symmetricKey)
|
||||
},
|
||||
),
|
||||
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
|
||||
return &fd.Status.Secrets.StateSigningKey
|
||||
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
|
||||
return &fd.Secrets.StateSigningKey
|
||||
},
|
||||
kubeClient,
|
||||
pinnipedClient,
|
||||
@ -221,8 +221,8 @@ func startControllers(
|
||||
secretCache.SetStateEncoderBlockKey(federationDomainIssuer, symmetricKey)
|
||||
},
|
||||
),
|
||||
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
|
||||
return &fd.Status.Secrets.StateEncryptionKey
|
||||
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
|
||||
return &fd.Secrets.StateEncryptionKey
|
||||
},
|
||||
kubeClient,
|
||||
pinnipedClient,
|
||||
|
@ -204,7 +204,7 @@ func (c *federationDomainWatcherController) updateStatus(
|
||||
federationDomain.Status.Status = status
|
||||
federationDomain.Status.Message = message
|
||||
federationDomain.Status.LastUpdateTime = timePtr(metav1.NewTime(c.clock.Now()))
|
||||
_, err = c.client.ConfigV1alpha1().FederationDomains(namespace).Update(ctx, federationDomain, metav1.UpdateOptions{})
|
||||
_, err = c.client.ConfigV1alpha1().FederationDomains(namespace).UpdateStatus(ctx, federationDomain, metav1.UpdateOptions{})
|
||||
return err
|
||||
})
|
||||
}
|
||||
|
@ -222,8 +222,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomain1.Namespace,
|
||||
federationDomain1.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomain1.Namespace,
|
||||
federationDomain1,
|
||||
),
|
||||
@ -232,8 +233,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomain2.Namespace,
|
||||
federationDomain2.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomain2.Namespace,
|
||||
federationDomain2,
|
||||
),
|
||||
@ -271,8 +273,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomain2.Namespace,
|
||||
federationDomain2.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomain2.Namespace,
|
||||
federationDomain2,
|
||||
),
|
||||
@ -356,8 +359,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomain1.Namespace,
|
||||
federationDomain1.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomain1.Namespace,
|
||||
federationDomain1,
|
||||
),
|
||||
@ -366,8 +370,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomain2.Namespace,
|
||||
federationDomain2.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomain2.Namespace,
|
||||
federationDomain2,
|
||||
),
|
||||
@ -422,8 +427,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomain.Namespace,
|
||||
federationDomain.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomain.Namespace,
|
||||
federationDomain,
|
||||
),
|
||||
@ -432,8 +438,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomain.Namespace,
|
||||
federationDomain.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomain.Namespace,
|
||||
federationDomain,
|
||||
),
|
||||
@ -468,8 +475,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomain.Namespace,
|
||||
federationDomain.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomain.Namespace,
|
||||
federationDomain,
|
||||
),
|
||||
@ -568,8 +576,9 @@ func TestSync(t *testing.T) {
|
||||
invalidFederationDomain.Namespace,
|
||||
invalidFederationDomain.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
invalidFederationDomain.Namespace,
|
||||
invalidFederationDomain,
|
||||
),
|
||||
@ -578,8 +587,9 @@ func TestSync(t *testing.T) {
|
||||
validFederationDomain.Namespace,
|
||||
validFederationDomain.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
validFederationDomain.Namespace,
|
||||
validFederationDomain,
|
||||
),
|
||||
@ -640,8 +650,9 @@ func TestSync(t *testing.T) {
|
||||
invalidFederationDomain.Namespace,
|
||||
invalidFederationDomain.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
invalidFederationDomain.Namespace,
|
||||
invalidFederationDomain,
|
||||
),
|
||||
@ -650,8 +661,9 @@ func TestSync(t *testing.T) {
|
||||
validFederationDomain.Namespace,
|
||||
validFederationDomain.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
validFederationDomain.Namespace,
|
||||
validFederationDomain,
|
||||
),
|
||||
@ -732,8 +744,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomainDuplicate1.Namespace,
|
||||
federationDomainDuplicate1.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomainDuplicate1.Namespace,
|
||||
federationDomainDuplicate1,
|
||||
),
|
||||
@ -742,8 +755,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomainDuplicate2.Namespace,
|
||||
federationDomainDuplicate2.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomainDuplicate2.Namespace,
|
||||
federationDomainDuplicate2,
|
||||
),
|
||||
@ -752,8 +766,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomain.Namespace,
|
||||
federationDomain.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomain.Namespace,
|
||||
federationDomain,
|
||||
),
|
||||
@ -906,8 +921,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomainSameIssuerAddress1.Namespace,
|
||||
federationDomainSameIssuerAddress1.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomainSameIssuerAddress1.Namespace,
|
||||
federationDomainSameIssuerAddress1,
|
||||
),
|
||||
@ -916,8 +932,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomainSameIssuerAddress2.Namespace,
|
||||
federationDomainSameIssuerAddress2.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomainSameIssuerAddress2.Namespace,
|
||||
federationDomainSameIssuerAddress2,
|
||||
),
|
||||
@ -926,8 +943,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomainDifferentIssuerAddress.Namespace,
|
||||
federationDomainDifferentIssuerAddress.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomainDifferentIssuerAddress.Namespace,
|
||||
federationDomainDifferentIssuerAddress,
|
||||
),
|
||||
@ -936,8 +954,9 @@ func TestSync(t *testing.T) {
|
||||
federationDomainWithInvalidIssuerURL.Namespace,
|
||||
federationDomainWithInvalidIssuerURL.Name,
|
||||
),
|
||||
coretesting.NewUpdateAction(
|
||||
coretesting.NewUpdateSubresourceAction(
|
||||
federationDomainGVR,
|
||||
"status",
|
||||
federationDomainWithInvalidIssuerURL.Namespace,
|
||||
federationDomainWithInvalidIssuerURL,
|
||||
),
|
||||
|
@ -26,7 +26,7 @@ import (
|
||||
|
||||
type federationDomainSecretsController struct {
|
||||
secretHelper SecretHelper
|
||||
secretRefFunc func(domain *configv1alpha1.FederationDomain) *corev1.LocalObjectReference
|
||||
secretRefFunc func(domain *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference
|
||||
kubeClient kubernetes.Interface
|
||||
pinnipedClient pinnipedclientset.Interface
|
||||
federationDomainInformer configinformers.FederationDomainInformer
|
||||
@ -38,7 +38,7 @@ type federationDomainSecretsController struct {
|
||||
// provides the parent/child mapping logic.
|
||||
func NewFederationDomainSecretsController(
|
||||
secretHelper SecretHelper,
|
||||
secretRefFunc func(domain *configv1alpha1.FederationDomain) *corev1.LocalObjectReference,
|
||||
secretRefFunc func(domain *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference,
|
||||
kubeClient kubernetes.Interface,
|
||||
pinnipedClient pinnipedclientset.Interface,
|
||||
secretInformer corev1informers.SecretInformer,
|
||||
@ -117,7 +117,7 @@ func (c *federationDomainSecretsController) Sync(ctx controllerlib.Context) erro
|
||||
)
|
||||
|
||||
federationDomain = c.secretHelper.ObserveActiveSecretAndUpdateParentFederationDomain(federationDomain, existingSecret)
|
||||
if err := c.updateFederationDomain(ctx.Context, federationDomain); err != nil {
|
||||
if err := c.updateFederationDomainStatus(ctx.Context, federationDomain); err != nil {
|
||||
return fmt.Errorf("failed to update federationdomain: %w", err)
|
||||
}
|
||||
plog.Debug("updated federationdomain", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret))
|
||||
@ -133,7 +133,7 @@ func (c *federationDomainSecretsController) Sync(ctx controllerlib.Context) erro
|
||||
plog.Debug("created/updated secret", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret))
|
||||
|
||||
federationDomain = c.secretHelper.ObserveActiveSecretAndUpdateParentFederationDomain(federationDomain, newSecret)
|
||||
if err := c.updateFederationDomain(ctx.Context, federationDomain); err != nil {
|
||||
if err := c.updateFederationDomainStatus(ctx.Context, federationDomain); err != nil {
|
||||
return fmt.Errorf("failed to update federationdomain: %w", err)
|
||||
}
|
||||
plog.Debug("updated federationdomain", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret))
|
||||
@ -205,7 +205,7 @@ func (c *federationDomainSecretsController) createOrUpdateSecret(
|
||||
})
|
||||
}
|
||||
|
||||
func (c *federationDomainSecretsController) updateFederationDomain(
|
||||
func (c *federationDomainSecretsController) updateFederationDomainStatus(
|
||||
ctx context.Context,
|
||||
newFederationDomain *configv1alpha1.FederationDomain,
|
||||
) error {
|
||||
@ -216,14 +216,14 @@ func (c *federationDomainSecretsController) updateFederationDomain(
|
||||
return fmt.Errorf("failed to get federationdomain %s/%s: %w", newFederationDomain.Namespace, newFederationDomain.Name, err)
|
||||
}
|
||||
|
||||
oldFederationDomainSecretRef := c.secretRefFunc(oldFederationDomain)
|
||||
newFederationDomainSecretRef := c.secretRefFunc(newFederationDomain)
|
||||
oldFederationDomainSecretRef := c.secretRefFunc(&oldFederationDomain.Status)
|
||||
newFederationDomainSecretRef := c.secretRefFunc(&newFederationDomain.Status)
|
||||
if reflect.DeepEqual(oldFederationDomainSecretRef, newFederationDomainSecretRef) {
|
||||
return nil
|
||||
}
|
||||
|
||||
*oldFederationDomainSecretRef = *newFederationDomainSecretRef
|
||||
_, err = federationDomainClient.Update(ctx, oldFederationDomain, metav1.UpdateOptions{})
|
||||
_, err = federationDomainClient.UpdateStatus(ctx, oldFederationDomain, metav1.UpdateOptions{})
|
||||
return err
|
||||
})
|
||||
}
|
||||
|
@ -393,7 +393,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
|
||||
},
|
||||
wantFederationDomainActions: []kubetesting.Action{
|
||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
|
||||
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
|
||||
},
|
||||
wantSecretActions: []kubetesting.Action{
|
||||
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
||||
@ -416,7 +416,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
|
||||
},
|
||||
wantFederationDomainActions: []kubetesting.Action{
|
||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithJWKSAndTokenSigningKey),
|
||||
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithJWKSAndTokenSigningKey),
|
||||
},
|
||||
wantSecretActions: []kubetesting.Action{
|
||||
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
||||
@ -457,7 +457,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
|
||||
},
|
||||
wantFederationDomainActions: []kubetesting.Action{
|
||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
|
||||
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
|
||||
},
|
||||
wantSecretActions: []kubetesting.Action{
|
||||
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
||||
@ -484,7 +484,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
|
||||
},
|
||||
wantFederationDomainActions: []kubetesting.Action{
|
||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
|
||||
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
|
||||
},
|
||||
wantSecretActions: []kubetesting.Action{
|
||||
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
||||
@ -562,7 +562,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
|
||||
},
|
||||
wantFederationDomainActions: []kubetesting.Action{
|
||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
|
||||
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
|
||||
},
|
||||
wantSecretActions: []kubetesting.Action{
|
||||
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
||||
@ -615,9 +615,9 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
|
||||
},
|
||||
wantFederationDomainActions: []kubetesting.Action{
|
||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
|
||||
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
|
||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
|
||||
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
|
||||
},
|
||||
wantSecretActions: []kubetesting.Action{
|
||||
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
||||
@ -677,8 +677,8 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
|
||||
|
||||
c := NewFederationDomainSecretsController(
|
||||
secretHelper,
|
||||
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
|
||||
return &fd.Status.Secrets.TokenSigningKey
|
||||
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
|
||||
return &fd.Secrets.TokenSigningKey
|
||||
},
|
||||
kubeAPIClient,
|
||||
pinnipedAPIClient,
|
||||
|
@ -161,7 +161,7 @@ func (c *jwksWriterController) Sync(ctx controllerlib.Context) error {
|
||||
// Ensure that the FederationDomain points to the secret.
|
||||
newFederationDomain := federationDomain.DeepCopy()
|
||||
newFederationDomain.Status.Secrets.JWKS.Name = secret.Name
|
||||
if err := c.updateFederationDomain(ctx.Context, newFederationDomain); err != nil {
|
||||
if err := c.updateFederationDomainStatus(ctx.Context, newFederationDomain); err != nil {
|
||||
return fmt.Errorf("cannot update FederationDomain: %w", err)
|
||||
}
|
||||
plog.Debug("updated FederationDomain", "federationdomain", klog.KObj(newFederationDomain))
|
||||
@ -283,7 +283,7 @@ func (c *jwksWriterController) createOrUpdateSecret(
|
||||
})
|
||||
}
|
||||
|
||||
func (c *jwksWriterController) updateFederationDomain(
|
||||
func (c *jwksWriterController) updateFederationDomainStatus(
|
||||
ctx context.Context,
|
||||
newFederationDomain *configv1alpha1.FederationDomain,
|
||||
) error {
|
||||
@ -300,7 +300,7 @@ func (c *jwksWriterController) updateFederationDomain(
|
||||
}
|
||||
|
||||
oldFederationDomain.Status.Secrets.JWKS.Name = newFederationDomain.Status.Secrets.JWKS.Name
|
||||
_, err = federationDomainClient.Update(ctx, oldFederationDomain, metav1.UpdateOptions{})
|
||||
_, err = federationDomainClient.UpdateStatus(ctx, oldFederationDomain, metav1.UpdateOptions{})
|
||||
return err
|
||||
})
|
||||
}
|
||||
|
@ -355,7 +355,7 @@ func TestJWKSWriterControllerSync(t *testing.T) {
|
||||
},
|
||||
wantFederationDomainActions: []kubetesting.Action{
|
||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithStatus),
|
||||
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithStatus),
|
||||
},
|
||||
},
|
||||
{
|
||||
@ -373,7 +373,7 @@ func TestJWKSWriterControllerSync(t *testing.T) {
|
||||
},
|
||||
wantFederationDomainActions: []kubetesting.Action{
|
||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithStatus),
|
||||
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithStatus),
|
||||
},
|
||||
},
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user