Update federation domain logic to use status subresource

Signed-off-by: Monis Khan <mok@vmware.com>
This commit is contained in:
Monis Khan 2021-02-10 21:46:03 -05:00
parent 4c304e4224
commit b04fd46319
No known key found for this signature in database
GPG Key ID: 52C90ADA01B269B8
7 changed files with 67 additions and 48 deletions

View File

@ -175,8 +175,8 @@ func startControllers(
secretCache.SetTokenHMACKey(federationDomainIssuer, symmetricKey)
},
),
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
return &fd.Status.Secrets.TokenSigningKey
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
return &fd.Secrets.TokenSigningKey
},
kubeClient,
pinnipedClient,
@ -198,8 +198,8 @@ func startControllers(
secretCache.SetStateEncoderHashKey(federationDomainIssuer, symmetricKey)
},
),
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
return &fd.Status.Secrets.StateSigningKey
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
return &fd.Secrets.StateSigningKey
},
kubeClient,
pinnipedClient,
@ -221,8 +221,8 @@ func startControllers(
secretCache.SetStateEncoderBlockKey(federationDomainIssuer, symmetricKey)
},
),
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
return &fd.Status.Secrets.StateEncryptionKey
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
return &fd.Secrets.StateEncryptionKey
},
kubeClient,
pinnipedClient,

View File

@ -204,7 +204,7 @@ func (c *federationDomainWatcherController) updateStatus(
federationDomain.Status.Status = status
federationDomain.Status.Message = message
federationDomain.Status.LastUpdateTime = timePtr(metav1.NewTime(c.clock.Now()))
_, err = c.client.ConfigV1alpha1().FederationDomains(namespace).Update(ctx, federationDomain, metav1.UpdateOptions{})
_, err = c.client.ConfigV1alpha1().FederationDomains(namespace).UpdateStatus(ctx, federationDomain, metav1.UpdateOptions{})
return err
})
}

View File

@ -222,8 +222,9 @@ func TestSync(t *testing.T) {
federationDomain1.Namespace,
federationDomain1.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomain1.Namespace,
federationDomain1,
),
@ -232,8 +233,9 @@ func TestSync(t *testing.T) {
federationDomain2.Namespace,
federationDomain2.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomain2.Namespace,
federationDomain2,
),
@ -271,8 +273,9 @@ func TestSync(t *testing.T) {
federationDomain2.Namespace,
federationDomain2.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomain2.Namespace,
federationDomain2,
),
@ -356,8 +359,9 @@ func TestSync(t *testing.T) {
federationDomain1.Namespace,
federationDomain1.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomain1.Namespace,
federationDomain1,
),
@ -366,8 +370,9 @@ func TestSync(t *testing.T) {
federationDomain2.Namespace,
federationDomain2.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomain2.Namespace,
federationDomain2,
),
@ -422,8 +427,9 @@ func TestSync(t *testing.T) {
federationDomain.Namespace,
federationDomain.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomain.Namespace,
federationDomain,
),
@ -432,8 +438,9 @@ func TestSync(t *testing.T) {
federationDomain.Namespace,
federationDomain.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomain.Namespace,
federationDomain,
),
@ -468,8 +475,9 @@ func TestSync(t *testing.T) {
federationDomain.Namespace,
federationDomain.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomain.Namespace,
federationDomain,
),
@ -568,8 +576,9 @@ func TestSync(t *testing.T) {
invalidFederationDomain.Namespace,
invalidFederationDomain.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
invalidFederationDomain.Namespace,
invalidFederationDomain,
),
@ -578,8 +587,9 @@ func TestSync(t *testing.T) {
validFederationDomain.Namespace,
validFederationDomain.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
validFederationDomain.Namespace,
validFederationDomain,
),
@ -640,8 +650,9 @@ func TestSync(t *testing.T) {
invalidFederationDomain.Namespace,
invalidFederationDomain.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
invalidFederationDomain.Namespace,
invalidFederationDomain,
),
@ -650,8 +661,9 @@ func TestSync(t *testing.T) {
validFederationDomain.Namespace,
validFederationDomain.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
validFederationDomain.Namespace,
validFederationDomain,
),
@ -732,8 +744,9 @@ func TestSync(t *testing.T) {
federationDomainDuplicate1.Namespace,
federationDomainDuplicate1.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomainDuplicate1.Namespace,
federationDomainDuplicate1,
),
@ -742,8 +755,9 @@ func TestSync(t *testing.T) {
federationDomainDuplicate2.Namespace,
federationDomainDuplicate2.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomainDuplicate2.Namespace,
federationDomainDuplicate2,
),
@ -752,8 +766,9 @@ func TestSync(t *testing.T) {
federationDomain.Namespace,
federationDomain.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomain.Namespace,
federationDomain,
),
@ -906,8 +921,9 @@ func TestSync(t *testing.T) {
federationDomainSameIssuerAddress1.Namespace,
federationDomainSameIssuerAddress1.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomainSameIssuerAddress1.Namespace,
federationDomainSameIssuerAddress1,
),
@ -916,8 +932,9 @@ func TestSync(t *testing.T) {
federationDomainSameIssuerAddress2.Namespace,
federationDomainSameIssuerAddress2.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomainSameIssuerAddress2.Namespace,
federationDomainSameIssuerAddress2,
),
@ -926,8 +943,9 @@ func TestSync(t *testing.T) {
federationDomainDifferentIssuerAddress.Namespace,
federationDomainDifferentIssuerAddress.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomainDifferentIssuerAddress.Namespace,
federationDomainDifferentIssuerAddress,
),
@ -936,8 +954,9 @@ func TestSync(t *testing.T) {
federationDomainWithInvalidIssuerURL.Namespace,
federationDomainWithInvalidIssuerURL.Name,
),
coretesting.NewUpdateAction(
coretesting.NewUpdateSubresourceAction(
federationDomainGVR,
"status",
federationDomainWithInvalidIssuerURL.Namespace,
federationDomainWithInvalidIssuerURL,
),

View File

@ -26,7 +26,7 @@ import (
type federationDomainSecretsController struct {
secretHelper SecretHelper
secretRefFunc func(domain *configv1alpha1.FederationDomain) *corev1.LocalObjectReference
secretRefFunc func(domain *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference
kubeClient kubernetes.Interface
pinnipedClient pinnipedclientset.Interface
federationDomainInformer configinformers.FederationDomainInformer
@ -38,7 +38,7 @@ type federationDomainSecretsController struct {
// provides the parent/child mapping logic.
func NewFederationDomainSecretsController(
secretHelper SecretHelper,
secretRefFunc func(domain *configv1alpha1.FederationDomain) *corev1.LocalObjectReference,
secretRefFunc func(domain *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference,
kubeClient kubernetes.Interface,
pinnipedClient pinnipedclientset.Interface,
secretInformer corev1informers.SecretInformer,
@ -117,7 +117,7 @@ func (c *federationDomainSecretsController) Sync(ctx controllerlib.Context) erro
)
federationDomain = c.secretHelper.ObserveActiveSecretAndUpdateParentFederationDomain(federationDomain, existingSecret)
if err := c.updateFederationDomain(ctx.Context, federationDomain); err != nil {
if err := c.updateFederationDomainStatus(ctx.Context, federationDomain); err != nil {
return fmt.Errorf("failed to update federationdomain: %w", err)
}
plog.Debug("updated federationdomain", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret))
@ -133,7 +133,7 @@ func (c *federationDomainSecretsController) Sync(ctx controllerlib.Context) erro
plog.Debug("created/updated secret", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret))
federationDomain = c.secretHelper.ObserveActiveSecretAndUpdateParentFederationDomain(federationDomain, newSecret)
if err := c.updateFederationDomain(ctx.Context, federationDomain); err != nil {
if err := c.updateFederationDomainStatus(ctx.Context, federationDomain); err != nil {
return fmt.Errorf("failed to update federationdomain: %w", err)
}
plog.Debug("updated federationdomain", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret))
@ -205,7 +205,7 @@ func (c *federationDomainSecretsController) createOrUpdateSecret(
})
}
func (c *federationDomainSecretsController) updateFederationDomain(
func (c *federationDomainSecretsController) updateFederationDomainStatus(
ctx context.Context,
newFederationDomain *configv1alpha1.FederationDomain,
) error {
@ -216,14 +216,14 @@ func (c *federationDomainSecretsController) updateFederationDomain(
return fmt.Errorf("failed to get federationdomain %s/%s: %w", newFederationDomain.Namespace, newFederationDomain.Name, err)
}
oldFederationDomainSecretRef := c.secretRefFunc(oldFederationDomain)
newFederationDomainSecretRef := c.secretRefFunc(newFederationDomain)
oldFederationDomainSecretRef := c.secretRefFunc(&oldFederationDomain.Status)
newFederationDomainSecretRef := c.secretRefFunc(&newFederationDomain.Status)
if reflect.DeepEqual(oldFederationDomainSecretRef, newFederationDomainSecretRef) {
return nil
}
*oldFederationDomainSecretRef = *newFederationDomainSecretRef
_, err = federationDomainClient.Update(ctx, oldFederationDomain, metav1.UpdateOptions{})
_, err = federationDomainClient.UpdateStatus(ctx, oldFederationDomain, metav1.UpdateOptions{})
return err
})
}

View File

@ -393,7 +393,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
},
wantFederationDomainActions: []kubetesting.Action{
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
},
wantSecretActions: []kubetesting.Action{
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
@ -416,7 +416,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
},
wantFederationDomainActions: []kubetesting.Action{
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithJWKSAndTokenSigningKey),
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithJWKSAndTokenSigningKey),
},
wantSecretActions: []kubetesting.Action{
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
@ -457,7 +457,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
},
wantFederationDomainActions: []kubetesting.Action{
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
},
wantSecretActions: []kubetesting.Action{
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
@ -484,7 +484,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
},
wantFederationDomainActions: []kubetesting.Action{
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
},
wantSecretActions: []kubetesting.Action{
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
@ -562,7 +562,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
},
wantFederationDomainActions: []kubetesting.Action{
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
},
wantSecretActions: []kubetesting.Action{
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
@ -615,9 +615,9 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
},
wantFederationDomainActions: []kubetesting.Action{
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
},
wantSecretActions: []kubetesting.Action{
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
@ -677,8 +677,8 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
c := NewFederationDomainSecretsController(
secretHelper,
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
return &fd.Status.Secrets.TokenSigningKey
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
return &fd.Secrets.TokenSigningKey
},
kubeAPIClient,
pinnipedAPIClient,

View File

@ -161,7 +161,7 @@ func (c *jwksWriterController) Sync(ctx controllerlib.Context) error {
// Ensure that the FederationDomain points to the secret.
newFederationDomain := federationDomain.DeepCopy()
newFederationDomain.Status.Secrets.JWKS.Name = secret.Name
if err := c.updateFederationDomain(ctx.Context, newFederationDomain); err != nil {
if err := c.updateFederationDomainStatus(ctx.Context, newFederationDomain); err != nil {
return fmt.Errorf("cannot update FederationDomain: %w", err)
}
plog.Debug("updated FederationDomain", "federationdomain", klog.KObj(newFederationDomain))
@ -283,7 +283,7 @@ func (c *jwksWriterController) createOrUpdateSecret(
})
}
func (c *jwksWriterController) updateFederationDomain(
func (c *jwksWriterController) updateFederationDomainStatus(
ctx context.Context,
newFederationDomain *configv1alpha1.FederationDomain,
) error {
@ -300,7 +300,7 @@ func (c *jwksWriterController) updateFederationDomain(
}
oldFederationDomain.Status.Secrets.JWKS.Name = newFederationDomain.Status.Secrets.JWKS.Name
_, err = federationDomainClient.Update(ctx, oldFederationDomain, metav1.UpdateOptions{})
_, err = federationDomainClient.UpdateStatus(ctx, oldFederationDomain, metav1.UpdateOptions{})
return err
})
}

View File

@ -355,7 +355,7 @@ func TestJWKSWriterControllerSync(t *testing.T) {
},
wantFederationDomainActions: []kubetesting.Action{
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithStatus),
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithStatus),
},
},
{
@ -373,7 +373,7 @@ func TestJWKSWriterControllerSync(t *testing.T) {
},
wantFederationDomainActions: []kubetesting.Action{
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithStatus),
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithStatus),
},
},
{