Update federation domain logic to use status subresource
Signed-off-by: Monis Khan <mok@vmware.com>
This commit is contained in:
Monis Khan
parent
4c304e4224
commit
b04fd46319
@ -175,8 +175,8 @@ func startControllers(
|
|||||||
secretCache.SetTokenHMACKey(federationDomainIssuer, symmetricKey)
|
secretCache.SetTokenHMACKey(federationDomainIssuer, symmetricKey)
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
|
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
|
||||||
return &fd.Status.Secrets.TokenSigningKey
|
return &fd.Secrets.TokenSigningKey
|
||||||
},
|
},
|
||||||
kubeClient,
|
kubeClient,
|
||||||
pinnipedClient,
|
pinnipedClient,
|
||||||
@ -198,8 +198,8 @@ func startControllers(
|
|||||||
secretCache.SetStateEncoderHashKey(federationDomainIssuer, symmetricKey)
|
secretCache.SetStateEncoderHashKey(federationDomainIssuer, symmetricKey)
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
|
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
|
||||||
return &fd.Status.Secrets.StateSigningKey
|
return &fd.Secrets.StateSigningKey
|
||||||
},
|
},
|
||||||
kubeClient,
|
kubeClient,
|
||||||
pinnipedClient,
|
pinnipedClient,
|
||||||
@ -221,8 +221,8 @@ func startControllers(
|
|||||||
secretCache.SetStateEncoderBlockKey(federationDomainIssuer, symmetricKey)
|
secretCache.SetStateEncoderBlockKey(federationDomainIssuer, symmetricKey)
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
|
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
|
||||||
return &fd.Status.Secrets.StateEncryptionKey
|
return &fd.Secrets.StateEncryptionKey
|
||||||
},
|
},
|
||||||
kubeClient,
|
kubeClient,
|
||||||
pinnipedClient,
|
pinnipedClient,
|
||||||
|
|||||||
@ -204,7 +204,7 @@ func (c *federationDomainWatcherController) updateStatus(
|
|||||||
federationDomain.Status.Status = status
|
federationDomain.Status.Status = status
|
||||||
federationDomain.Status.Message = message
|
federationDomain.Status.Message = message
|
||||||
federationDomain.Status.LastUpdateTime = timePtr(metav1.NewTime(c.clock.Now()))
|
federationDomain.Status.LastUpdateTime = timePtr(metav1.NewTime(c.clock.Now()))
|
||||||
_, err = c.client.ConfigV1alpha1().FederationDomains(namespace).Update(ctx, federationDomain, metav1.UpdateOptions{})
|
_, err = c.client.ConfigV1alpha1().FederationDomains(namespace).UpdateStatus(ctx, federationDomain, metav1.UpdateOptions{})
|
||||||
return err
|
return err
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|||||||
@ -222,8 +222,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomain1.Namespace,
|
federationDomain1.Namespace,
|
||||||
federationDomain1.Name,
|
federationDomain1.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomain1.Namespace,
|
federationDomain1.Namespace,
|
||||||
federationDomain1,
|
federationDomain1,
|
||||||
),
|
),
|
||||||
@ -232,8 +233,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomain2.Namespace,
|
federationDomain2.Namespace,
|
||||||
federationDomain2.Name,
|
federationDomain2.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomain2.Namespace,
|
federationDomain2.Namespace,
|
||||||
federationDomain2,
|
federationDomain2,
|
||||||
),
|
),
|
||||||
@ -271,8 +273,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomain2.Namespace,
|
federationDomain2.Namespace,
|
||||||
federationDomain2.Name,
|
federationDomain2.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomain2.Namespace,
|
federationDomain2.Namespace,
|
||||||
federationDomain2,
|
federationDomain2,
|
||||||
),
|
),
|
||||||
@ -356,8 +359,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomain1.Namespace,
|
federationDomain1.Namespace,
|
||||||
federationDomain1.Name,
|
federationDomain1.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomain1.Namespace,
|
federationDomain1.Namespace,
|
||||||
federationDomain1,
|
federationDomain1,
|
||||||
),
|
),
|
||||||
@ -366,8 +370,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomain2.Namespace,
|
federationDomain2.Namespace,
|
||||||
federationDomain2.Name,
|
federationDomain2.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomain2.Namespace,
|
federationDomain2.Namespace,
|
||||||
federationDomain2,
|
federationDomain2,
|
||||||
),
|
),
|
||||||
@ -422,8 +427,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomain.Namespace,
|
federationDomain.Namespace,
|
||||||
federationDomain.Name,
|
federationDomain.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomain.Namespace,
|
federationDomain.Namespace,
|
||||||
federationDomain,
|
federationDomain,
|
||||||
),
|
),
|
||||||
@ -432,8 +438,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomain.Namespace,
|
federationDomain.Namespace,
|
||||||
federationDomain.Name,
|
federationDomain.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomain.Namespace,
|
federationDomain.Namespace,
|
||||||
federationDomain,
|
federationDomain,
|
||||||
),
|
),
|
||||||
@ -468,8 +475,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomain.Namespace,
|
federationDomain.Namespace,
|
||||||
federationDomain.Name,
|
federationDomain.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomain.Namespace,
|
federationDomain.Namespace,
|
||||||
federationDomain,
|
federationDomain,
|
||||||
),
|
),
|
||||||
@ -568,8 +576,9 @@ func TestSync(t *testing.T) {
|
|||||||
invalidFederationDomain.Namespace,
|
invalidFederationDomain.Namespace,
|
||||||
invalidFederationDomain.Name,
|
invalidFederationDomain.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
invalidFederationDomain.Namespace,
|
invalidFederationDomain.Namespace,
|
||||||
invalidFederationDomain,
|
invalidFederationDomain,
|
||||||
),
|
),
|
||||||
@ -578,8 +587,9 @@ func TestSync(t *testing.T) {
|
|||||||
validFederationDomain.Namespace,
|
validFederationDomain.Namespace,
|
||||||
validFederationDomain.Name,
|
validFederationDomain.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
validFederationDomain.Namespace,
|
validFederationDomain.Namespace,
|
||||||
validFederationDomain,
|
validFederationDomain,
|
||||||
),
|
),
|
||||||
@ -640,8 +650,9 @@ func TestSync(t *testing.T) {
|
|||||||
invalidFederationDomain.Namespace,
|
invalidFederationDomain.Namespace,
|
||||||
invalidFederationDomain.Name,
|
invalidFederationDomain.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
invalidFederationDomain.Namespace,
|
invalidFederationDomain.Namespace,
|
||||||
invalidFederationDomain,
|
invalidFederationDomain,
|
||||||
),
|
),
|
||||||
@ -650,8 +661,9 @@ func TestSync(t *testing.T) {
|
|||||||
validFederationDomain.Namespace,
|
validFederationDomain.Namespace,
|
||||||
validFederationDomain.Name,
|
validFederationDomain.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
validFederationDomain.Namespace,
|
validFederationDomain.Namespace,
|
||||||
validFederationDomain,
|
validFederationDomain,
|
||||||
),
|
),
|
||||||
@ -732,8 +744,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomainDuplicate1.Namespace,
|
federationDomainDuplicate1.Namespace,
|
||||||
federationDomainDuplicate1.Name,
|
federationDomainDuplicate1.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomainDuplicate1.Namespace,
|
federationDomainDuplicate1.Namespace,
|
||||||
federationDomainDuplicate1,
|
federationDomainDuplicate1,
|
||||||
),
|
),
|
||||||
@ -742,8 +755,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomainDuplicate2.Namespace,
|
federationDomainDuplicate2.Namespace,
|
||||||
federationDomainDuplicate2.Name,
|
federationDomainDuplicate2.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomainDuplicate2.Namespace,
|
federationDomainDuplicate2.Namespace,
|
||||||
federationDomainDuplicate2,
|
federationDomainDuplicate2,
|
||||||
),
|
),
|
||||||
@ -752,8 +766,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomain.Namespace,
|
federationDomain.Namespace,
|
||||||
federationDomain.Name,
|
federationDomain.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomain.Namespace,
|
federationDomain.Namespace,
|
||||||
federationDomain,
|
federationDomain,
|
||||||
),
|
),
|
||||||
@ -906,8 +921,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomainSameIssuerAddress1.Namespace,
|
federationDomainSameIssuerAddress1.Namespace,
|
||||||
federationDomainSameIssuerAddress1.Name,
|
federationDomainSameIssuerAddress1.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomainSameIssuerAddress1.Namespace,
|
federationDomainSameIssuerAddress1.Namespace,
|
||||||
federationDomainSameIssuerAddress1,
|
federationDomainSameIssuerAddress1,
|
||||||
),
|
),
|
||||||
@ -916,8 +932,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomainSameIssuerAddress2.Namespace,
|
federationDomainSameIssuerAddress2.Namespace,
|
||||||
federationDomainSameIssuerAddress2.Name,
|
federationDomainSameIssuerAddress2.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomainSameIssuerAddress2.Namespace,
|
federationDomainSameIssuerAddress2.Namespace,
|
||||||
federationDomainSameIssuerAddress2,
|
federationDomainSameIssuerAddress2,
|
||||||
),
|
),
|
||||||
@ -926,8 +943,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomainDifferentIssuerAddress.Namespace,
|
federationDomainDifferentIssuerAddress.Namespace,
|
||||||
federationDomainDifferentIssuerAddress.Name,
|
federationDomainDifferentIssuerAddress.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomainDifferentIssuerAddress.Namespace,
|
federationDomainDifferentIssuerAddress.Namespace,
|
||||||
federationDomainDifferentIssuerAddress,
|
federationDomainDifferentIssuerAddress,
|
||||||
),
|
),
|
||||||
@ -936,8 +954,9 @@ func TestSync(t *testing.T) {
|
|||||||
federationDomainWithInvalidIssuerURL.Namespace,
|
federationDomainWithInvalidIssuerURL.Namespace,
|
||||||
federationDomainWithInvalidIssuerURL.Name,
|
federationDomainWithInvalidIssuerURL.Name,
|
||||||
),
|
),
|
||||||
coretesting.NewUpdateAction(
|
coretesting.NewUpdateSubresourceAction(
|
||||||
federationDomainGVR,
|
federationDomainGVR,
|
||||||
|
"status",
|
||||||
federationDomainWithInvalidIssuerURL.Namespace,
|
federationDomainWithInvalidIssuerURL.Namespace,
|
||||||
federationDomainWithInvalidIssuerURL,
|
federationDomainWithInvalidIssuerURL,
|
||||||
),
|
),
|
||||||
|
|||||||
@ -26,7 +26,7 @@ import (
|
|||||||
|
|
||||||
type federationDomainSecretsController struct {
|
type federationDomainSecretsController struct {
|
||||||
secretHelper SecretHelper
|
secretHelper SecretHelper
|
||||||
secretRefFunc func(domain *configv1alpha1.FederationDomain) *corev1.LocalObjectReference
|
secretRefFunc func(domain *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference
|
||||||
kubeClient kubernetes.Interface
|
kubeClient kubernetes.Interface
|
||||||
pinnipedClient pinnipedclientset.Interface
|
pinnipedClient pinnipedclientset.Interface
|
||||||
federationDomainInformer configinformers.FederationDomainInformer
|
federationDomainInformer configinformers.FederationDomainInformer
|
||||||
@ -38,7 +38,7 @@ type federationDomainSecretsController struct {
|
|||||||
// provides the parent/child mapping logic.
|
// provides the parent/child mapping logic.
|
||||||
func NewFederationDomainSecretsController(
|
func NewFederationDomainSecretsController(
|
||||||
secretHelper SecretHelper,
|
secretHelper SecretHelper,
|
||||||
secretRefFunc func(domain *configv1alpha1.FederationDomain) *corev1.LocalObjectReference,
|
secretRefFunc func(domain *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference,
|
||||||
kubeClient kubernetes.Interface,
|
kubeClient kubernetes.Interface,
|
||||||
pinnipedClient pinnipedclientset.Interface,
|
pinnipedClient pinnipedclientset.Interface,
|
||||||
secretInformer corev1informers.SecretInformer,
|
secretInformer corev1informers.SecretInformer,
|
||||||
@ -117,7 +117,7 @@ func (c *federationDomainSecretsController) Sync(ctx controllerlib.Context) erro
|
|||||||
)
|
)
|
||||||
|
|
||||||
federationDomain = c.secretHelper.ObserveActiveSecretAndUpdateParentFederationDomain(federationDomain, existingSecret)
|
federationDomain = c.secretHelper.ObserveActiveSecretAndUpdateParentFederationDomain(federationDomain, existingSecret)
|
||||||
if err := c.updateFederationDomain(ctx.Context, federationDomain); err != nil {
|
if err := c.updateFederationDomainStatus(ctx.Context, federationDomain); err != nil {
|
||||||
return fmt.Errorf("failed to update federationdomain: %w", err)
|
return fmt.Errorf("failed to update federationdomain: %w", err)
|
||||||
}
|
}
|
||||||
plog.Debug("updated federationdomain", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret))
|
plog.Debug("updated federationdomain", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret))
|
||||||
@ -133,7 +133,7 @@ func (c *federationDomainSecretsController) Sync(ctx controllerlib.Context) erro
|
|||||||
plog.Debug("created/updated secret", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret))
|
plog.Debug("created/updated secret", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret))
|
||||||
|
|
||||||
federationDomain = c.secretHelper.ObserveActiveSecretAndUpdateParentFederationDomain(federationDomain, newSecret)
|
federationDomain = c.secretHelper.ObserveActiveSecretAndUpdateParentFederationDomain(federationDomain, newSecret)
|
||||||
if err := c.updateFederationDomain(ctx.Context, federationDomain); err != nil {
|
if err := c.updateFederationDomainStatus(ctx.Context, federationDomain); err != nil {
|
||||||
return fmt.Errorf("failed to update federationdomain: %w", err)
|
return fmt.Errorf("failed to update federationdomain: %w", err)
|
||||||
}
|
}
|
||||||
plog.Debug("updated federationdomain", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret))
|
plog.Debug("updated federationdomain", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret))
|
||||||
@ -205,7 +205,7 @@ func (c *federationDomainSecretsController) createOrUpdateSecret(
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *federationDomainSecretsController) updateFederationDomain(
|
func (c *federationDomainSecretsController) updateFederationDomainStatus(
|
||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
newFederationDomain *configv1alpha1.FederationDomain,
|
newFederationDomain *configv1alpha1.FederationDomain,
|
||||||
) error {
|
) error {
|
||||||
@ -216,14 +216,14 @@ func (c *federationDomainSecretsController) updateFederationDomain(
|
|||||||
return fmt.Errorf("failed to get federationdomain %s/%s: %w", newFederationDomain.Namespace, newFederationDomain.Name, err)
|
return fmt.Errorf("failed to get federationdomain %s/%s: %w", newFederationDomain.Namespace, newFederationDomain.Name, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
oldFederationDomainSecretRef := c.secretRefFunc(oldFederationDomain)
|
oldFederationDomainSecretRef := c.secretRefFunc(&oldFederationDomain.Status)
|
||||||
newFederationDomainSecretRef := c.secretRefFunc(newFederationDomain)
|
newFederationDomainSecretRef := c.secretRefFunc(&newFederationDomain.Status)
|
||||||
if reflect.DeepEqual(oldFederationDomainSecretRef, newFederationDomainSecretRef) {
|
if reflect.DeepEqual(oldFederationDomainSecretRef, newFederationDomainSecretRef) {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
*oldFederationDomainSecretRef = *newFederationDomainSecretRef
|
*oldFederationDomainSecretRef = *newFederationDomainSecretRef
|
||||||
_, err = federationDomainClient.Update(ctx, oldFederationDomain, metav1.UpdateOptions{})
|
_, err = federationDomainClient.UpdateStatus(ctx, oldFederationDomain, metav1.UpdateOptions{})
|
||||||
return err
|
return err
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|||||||
@ -393,7 +393,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
|
|||||||
},
|
},
|
||||||
wantFederationDomainActions: []kubetesting.Action{
|
wantFederationDomainActions: []kubetesting.Action{
|
||||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
|
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
|
||||||
},
|
},
|
||||||
wantSecretActions: []kubetesting.Action{
|
wantSecretActions: []kubetesting.Action{
|
||||||
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
||||||
@ -416,7 +416,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
|
|||||||
},
|
},
|
||||||
wantFederationDomainActions: []kubetesting.Action{
|
wantFederationDomainActions: []kubetesting.Action{
|
||||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithJWKSAndTokenSigningKey),
|
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithJWKSAndTokenSigningKey),
|
||||||
},
|
},
|
||||||
wantSecretActions: []kubetesting.Action{
|
wantSecretActions: []kubetesting.Action{
|
||||||
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
||||||
@ -457,7 +457,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
|
|||||||
},
|
},
|
||||||
wantFederationDomainActions: []kubetesting.Action{
|
wantFederationDomainActions: []kubetesting.Action{
|
||||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
|
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
|
||||||
},
|
},
|
||||||
wantSecretActions: []kubetesting.Action{
|
wantSecretActions: []kubetesting.Action{
|
||||||
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
||||||
@ -484,7 +484,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
|
|||||||
},
|
},
|
||||||
wantFederationDomainActions: []kubetesting.Action{
|
wantFederationDomainActions: []kubetesting.Action{
|
||||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
|
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
|
||||||
},
|
},
|
||||||
wantSecretActions: []kubetesting.Action{
|
wantSecretActions: []kubetesting.Action{
|
||||||
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
||||||
@ -562,7 +562,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
|
|||||||
},
|
},
|
||||||
wantFederationDomainActions: []kubetesting.Action{
|
wantFederationDomainActions: []kubetesting.Action{
|
||||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
|
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
|
||||||
},
|
},
|
||||||
wantSecretActions: []kubetesting.Action{
|
wantSecretActions: []kubetesting.Action{
|
||||||
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
||||||
@ -615,9 +615,9 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
|
|||||||
},
|
},
|
||||||
wantFederationDomainActions: []kubetesting.Action{
|
wantFederationDomainActions: []kubetesting.Action{
|
||||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
|
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
|
||||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey),
|
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey),
|
||||||
},
|
},
|
||||||
wantSecretActions: []kubetesting.Action{
|
wantSecretActions: []kubetesting.Action{
|
||||||
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name),
|
||||||
@ -677,8 +677,8 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) {
|
|||||||
|
|
||||||
c := NewFederationDomainSecretsController(
|
c := NewFederationDomainSecretsController(
|
||||||
secretHelper,
|
secretHelper,
|
||||||
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
|
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
|
||||||
return &fd.Status.Secrets.TokenSigningKey
|
return &fd.Secrets.TokenSigningKey
|
||||||
},
|
},
|
||||||
kubeAPIClient,
|
kubeAPIClient,
|
||||||
pinnipedAPIClient,
|
pinnipedAPIClient,
|
||||||
|
|||||||
@ -161,7 +161,7 @@ func (c *jwksWriterController) Sync(ctx controllerlib.Context) error {
|
|||||||
// Ensure that the FederationDomain points to the secret.
|
// Ensure that the FederationDomain points to the secret.
|
||||||
newFederationDomain := federationDomain.DeepCopy()
|
newFederationDomain := federationDomain.DeepCopy()
|
||||||
newFederationDomain.Status.Secrets.JWKS.Name = secret.Name
|
newFederationDomain.Status.Secrets.JWKS.Name = secret.Name
|
||||||
if err := c.updateFederationDomain(ctx.Context, newFederationDomain); err != nil {
|
if err := c.updateFederationDomainStatus(ctx.Context, newFederationDomain); err != nil {
|
||||||
return fmt.Errorf("cannot update FederationDomain: %w", err)
|
return fmt.Errorf("cannot update FederationDomain: %w", err)
|
||||||
}
|
}
|
||||||
plog.Debug("updated FederationDomain", "federationdomain", klog.KObj(newFederationDomain))
|
plog.Debug("updated FederationDomain", "federationdomain", klog.KObj(newFederationDomain))
|
||||||
@ -283,7 +283,7 @@ func (c *jwksWriterController) createOrUpdateSecret(
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *jwksWriterController) updateFederationDomain(
|
func (c *jwksWriterController) updateFederationDomainStatus(
|
||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
newFederationDomain *configv1alpha1.FederationDomain,
|
newFederationDomain *configv1alpha1.FederationDomain,
|
||||||
) error {
|
) error {
|
||||||
@ -300,7 +300,7 @@ func (c *jwksWriterController) updateFederationDomain(
|
|||||||
}
|
}
|
||||||
|
|
||||||
oldFederationDomain.Status.Secrets.JWKS.Name = newFederationDomain.Status.Secrets.JWKS.Name
|
oldFederationDomain.Status.Secrets.JWKS.Name = newFederationDomain.Status.Secrets.JWKS.Name
|
||||||
_, err = federationDomainClient.Update(ctx, oldFederationDomain, metav1.UpdateOptions{})
|
_, err = federationDomainClient.UpdateStatus(ctx, oldFederationDomain, metav1.UpdateOptions{})
|
||||||
return err
|
return err
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|||||||
@ -355,7 +355,7 @@ func TestJWKSWriterControllerSync(t *testing.T) {
|
|||||||
},
|
},
|
||||||
wantFederationDomainActions: []kubetesting.Action{
|
wantFederationDomainActions: []kubetesting.Action{
|
||||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithStatus),
|
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithStatus),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -373,7 +373,7 @@ func TestJWKSWriterControllerSync(t *testing.T) {
|
|||||||
},
|
},
|
||||||
wantFederationDomainActions: []kubetesting.Action{
|
wantFederationDomainActions: []kubetesting.Action{
|
||||||
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name),
|
||||||
kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithStatus),
|
kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithStatus),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user