Converting the AuthSecret field to a union AuthInfo type #877
Conversation
| type BrokerAuthInfo struct { | ||
| // BasicAuthSecret is a reference to a Secret containing auth information the | ||
| // catalog should use to authenticate to this Broker using basic auth. | ||
| BasicAuthSecret *v1.ObjectReference |
There was a problem hiding this comment.
Is the assumption that we know which one is being used because all others will be nil ?
If so, does that require a loop (or set of if-statements) to find the right one? Could we instead just make AuthInfo in the previous struct a pointer to an Object and dynamically find its type at runtime?
There was a problem hiding this comment.
Is the assumption that we know which one is being used because all others will be nil ?
Yes, the generic assertion is that if you provide a union type, you must provide one and only one field of that type. Since we only have basic auth right now, that collapses into 'you must provide basic auth'
| allErrs = append(allErrs, field.Invalid(fldPath.Child("authSecret", "namespace"), spec.AuthSecret.Namespace, msg)) | ||
| // TODO: when we start supporting additional auth schemes, this code will have to accommodate | ||
| // the new schemes | ||
| basicAuthSecret := spec.AuthInfo.BasicAuthSecret |
There was a problem hiding this comment.
good call, I'll add an error if basicAuthSecret == nil
| AuthSecret: &v1.ObjectReference{ | ||
| Namespace: "test-ns", | ||
| Name: "test-secret", | ||
| AuthInfo: servicecatalog.BrokerAuthInfo{ |
There was a problem hiding this comment.
Needs a test case for AuthInfo not nil but empty
There was a problem hiding this comment.
note that AuthInfo cannot be nil because it's not a pointer. BasicAuthInfo inside of AuthInfo can be nil, though, and that needs a test.
pkg/controller/controller.go
Outdated
| if broker.Spec.AuthSecret == nil { | ||
| // TODO: when we start supporting additional auth schemes, this code will have to accommodate | ||
| // the new schemes | ||
| basicAuthSecret := broker.Spec.AuthInfo.BasicAuthSecret |
There was a problem hiding this comment.
this is nil-safe because AuthInfo is a BrokerAuthInfo, not a *BrokerAuthInfo, and there's a check for a nil basic auth secret (which is a *v1.ObjectReference)
|
@pmorie comments addressed and changes made where appropriate. PTAL |
|
Looks like the integration test failure is for realsies: |
pkg/apis/servicecatalog/types.go
Outdated
| // catalog should use to authenticate to this Broker. | ||
| AuthSecret *v1.ObjectReference | ||
| // AuthInfo contains the data that the service catalog should use to authenticate | ||
| // with the Broker |
| // catalog should use to authenticate to this Broker. | ||
| AuthSecret *v1.ObjectReference `json:"authSecret,omitempty"` | ||
| // AuthInfo contains the data that the service catalog should use to authenticate | ||
| // with the Broker |
| @@ -32,6 +32,8 @@ func TestValidateBroker(t *testing.T) { | |||
| valid bool | |||
| }{ | |||
| { | |||
| // covers the case where there is no AuthInfo field specified. the validator should | |||
| // ignore the field and still succeed the validation | |||
| name: "valid broker - no auth secret", | |||
There was a problem hiding this comment.
not a feedback on your PR, but I have had a lot of luck with a method that returns a valid resource, and then subtracting / mutating things to create objects for invalid scenarios.
This change will enable operators to chose different auth schemes for brokers, as the OSB API spec begins to support more in the future. Fixes kubernetes-retired#864
|
LGTM |
This change will enable operators to chose different auth schemes for brokers, as the OSB API spec begins to support more in the future.
Fixes #864