Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(backport release-1.2): refactor: change generic secret label #3350

Merged
merged 1 commit into from
Jan 23, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 0 additions & 47 deletions api/service/v1alpha1/service.proto
Original file line number Diff line number Diff line change
Expand Up @@ -99,11 +99,6 @@ service KargoService {
rpc DeleteAnalysisTemplate(DeleteAnalysisTemplateRequest) returns (DeleteAnalysisTemplateResponse);
rpc GetAnalysisRun(GetAnalysisRunRequest) returns (GetAnalysisRunResponse);

rpc ListAnalysisTemplateConfigMaps(ListAnalysisTemplateConfigMapsRequest) returns (ListAnalysisTemplateConfigMapsResponse);
rpc GetAnalysisTemplateConfigMap(GetAnalysisTemplateConfigMapRequest) returns (GetAnalysisTemplateConfigMapResponse);
rpc ListAnalysisTemplateSecrets(ListAnalysisTemplateSecretsRequest) returns (ListAnalysisTemplateSecretsResponse);
rpc GetAnalysisTemplateSecret(GetAnalysisTemplateSecretRequest) returns (GetAnalysisTemplateSecretResponse);

/* Event APIs */

rpc ListProjectEvents(ListProjectEventsRequest) returns (ListProjectEventsResponse);
Expand Down Expand Up @@ -771,45 +766,3 @@ message UpdateRoleRequest {
message UpdateRoleResponse {
github.com.akuity.kargo.api.rbac.v1alpha1.Role role = 1;
}

message ListAnalysisTemplateConfigMapsRequest {
string project = 1;
}

message ListAnalysisTemplateConfigMapsResponse {
repeated k8s.io.api.core.v1.ConfigMap config_maps = 1;
}

message GetAnalysisTemplateConfigMapRequest {
string project = 1;
string name = 2;
RawFormat format = 3;
}

message GetAnalysisTemplateConfigMapResponse {
oneof result {
k8s.io.api.core.v1.ConfigMap config_map = 1;
bytes raw = 2;
}
}

message ListAnalysisTemplateSecretsRequest {
string project = 1;
}

message ListAnalysisTemplateSecretsResponse {
repeated k8s.io.api.core.v1.Secret secrets = 1;
}

message GetAnalysisTemplateSecretRequest {
string project = 1;
string name = 2;
RawFormat format = 3;
}

message GetAnalysisTemplateSecretResponse {
oneof result {
k8s.io.api.core.v1.Secret secret = 1;
bytes raw = 2;
}
}
9 changes: 5 additions & 4 deletions api/v1alpha1/labels.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,13 @@ const (
CredentialTypeLabelValueGit = "git"
CredentialTypeLabelValueHelm = "helm"
CredentialTypeLabelValueImage = "image"
CredentialTypeLabelGeneric = "generic"

// Project Secrets
// Deprecated: Use CredentialTypeLabelGeneric instead. This label should not
// be used and won't be documented, but will be supported short-term for
// backward compatibility.
// TODO(krancour): Remove for v1.4.0.
ProjectSecretLabelKey = "kargo.akuity.io/project-secret" // nolint: gosec

// Kargo core API
Expand All @@ -19,10 +24,6 @@ const (
ShardLabelKey = "kargo.akuity.io/shard"
StageLabelKey = "kargo.akuity.io/stage"

// AnalysisRunTemplate labels
AnalysisRunTemplateLabelKey = "kargo.akuity.io/analysis-run-template"
AnalysisRunTemplateLabelValueConfig = "config"

LabelTrueValue = "true"

FinalizerName = "kargo.akuity.io/finalizer"
Expand Down
2 changes: 1 addition & 1 deletion internal/api/create_project_secret_v1alpha1.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ func (s *server) projectSecretToK8sSecret(projSecret projectSecret) *corev1.Secr
Namespace: projSecret.project,
Name: projSecret.name,
Labels: map[string]string{
kargoapi.ProjectSecretLabelKey: kargoapi.LabelTrueValue,
kargoapi.CredentialTypeLabelKey: kargoapi.CredentialTypeLabelGeneric,
},
},
Data: secretsData,
Expand Down
9 changes: 6 additions & 3 deletions internal/api/delete_project_secret_v1alpha1.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,15 +46,18 @@
); err != nil {
return nil, fmt.Errorf("get secret: %w", err)
}
if secret.Labels[kargoapi.ProjectSecretLabelKey] != kargoapi.LabelTrueValue {
// Check for either of the two possible labels (newer and legacy) that
// indicate the secret is a generic project secret.
if secret.Labels[kargoapi.CredentialTypeLabelKey] != kargoapi.CredentialTypeLabelGeneric &&
secret.Labels[kargoapi.ProjectSecretLabelKey] != kargoapi.LabelTrueValue { // Legacy
return nil, connect.NewError(
connect.CodeNotFound,
fmt.Errorf(
"secret %s/%s exists, but is not labeled with %s=%s",
secret.Namespace,
secret.Name,
kargoapi.ProjectSecretLabelKey,
kargoapi.LabelTrueValue,
kargoapi.CredentialTypeLabelKey,
kargoapi.CredentialTypeLabelGeneric,

Check warning on line 60 in internal/api/delete_project_secret_v1alpha1.go

View check run for this annotation

Codecov / codecov/patch

internal/api/delete_project_secret_v1alpha1.go#L59-L60

Added lines #L59 - L60 were not covered by tests
),
)
}
Expand Down
53 changes: 40 additions & 13 deletions internal/api/delete_project_secret_v1alpha1_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,27 @@ func TestDeleteProjectSecret(t *testing.T) {
NewInternalClient: func(_ context.Context, _ *rest.Config, s *runtime.Scheme) (client.Client, error) {
return fake.NewClientBuilder().
WithScheme(s).
WithObjects(mustNewObject[corev1.Namespace]("testdata/namespace.yaml")).
Build(), nil
WithObjects(
mustNewObject[corev1.Namespace]("testdata/namespace.yaml"),
&corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Namespace: "kargo-demo",
Name: "secret-a",
Labels: map[string]string{
kargoapi.CredentialTypeLabelKey: kargoapi.CredentialTypeLabelGeneric,
},
},
},
&corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Namespace: "kargo-demo",
Name: "secret-b",
Labels: map[string]string{
kargoapi.ProjectSecretLabelKey: kargoapi.LabelTrueValue, // Legacy label
},
},
},
).Build(), nil
},
},
)
Expand All @@ -45,27 +64,34 @@ func TestDeleteProjectSecret(t *testing.T) {
externalValidateProjectFn: validation.ValidateProject,
}

err = s.client.Create(
_, err = s.DeleteProjectSecret(
ctx,
&corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Namespace: "kargo-demo",
Name: "secret",
Labels: map[string]string{
kargoapi.ProjectSecretLabelKey: kargoapi.LabelTrueValue,
},
connect.NewRequest(
&svcv1alpha1.DeleteProjectSecretRequest{
Project: "kargo-demo",
Name: "secret-a",
},
},
),
)
require.NoError(t, err)

secret := corev1.Secret{}
err = s.client.Get(
ctx,
types.NamespacedName{
Namespace: "kargo-demo",
Name: "secret-a",
},
&secret,
)
require.Error(t, err)

_, err = s.DeleteProjectSecret(
ctx,
connect.NewRequest(
&svcv1alpha1.DeleteProjectSecretRequest{
Project: "kargo-demo",
Name: "secret",
Name: "secret-b", // Has the legacy label
},
),
)
Expand All @@ -75,9 +101,10 @@ func TestDeleteProjectSecret(t *testing.T) {
ctx,
types.NamespacedName{
Namespace: "kargo-demo",
Name: "secret",
Name: "secret-b",
},
&secret,
)
require.Error(t, err)

}
96 changes: 0 additions & 96 deletions internal/api/get_analysis_template_config_map_v1alpha1.go

This file was deleted.

96 changes: 0 additions & 96 deletions internal/api/get_analysis_template_secret_v1alpha1.go

This file was deleted.

Loading
Loading