Skip to content

Commit

Permalink
Merge pull request #101 from axel7083/feature/cluster-wide
Browse files Browse the repository at this point in the history
feat: migrating to ClusterScope CRD
  • Loading branch information
zakkg3 authored Jan 8, 2024
2 parents 6d599d8 + 37f8248 commit bcccc16
Show file tree
Hide file tree
Showing 12 changed files with 27 additions and 49 deletions.
2 changes: 1 addition & 1 deletion charts/cluster-secret/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: cluster-secret
description: ClusterSecret Operator
kubeVersion: '>= 1.16.0-0'
type: application
version: 0.2.3
version: 0.3.0
icon: https://clustersecret.io/assets/csninjasmall.png
sources:
- https://github.com/zakkg3/ClusterSecret
Expand Down
2 changes: 1 addition & 1 deletion charts/cluster-secret/crds/clustersecret-crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ spec:
shortNames:
- csec
singular: clustersecret
scope: Namespaced
scope: Cluster
versions:
- additionalPrinterColumns:
- description: Secret Type
Expand Down
7 changes: 5 additions & 2 deletions charts/cluster-secret/templates/role-cluster-rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,13 @@ rules:
resources:
- clustersecrets
verbs:
- list
- watch
- patch
- list
- get
- patch
- update
- create
- delete
- apiGroups:
- ""
resources:
Expand Down
7 changes: 0 additions & 7 deletions charts/cluster-secret/templates/role-namespaced-rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,3 @@ rules:
- create
- update
- patch
- apiGroups:
- clustersecret.io
resources:
- clustersecrets
verbs:
- get
- patch
11 changes: 3 additions & 8 deletions conformance/k8s_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,6 @@ def _generate_secret_key_ref_dict(secret_key_ref: Dict[str, str]) -> Dict[str, A
def create_cluster_secret(
self,
name: str,
namespace: str,
data: Optional[Dict[str, Any]] = None,
secret_key_ref: Optional[Dict[str, str]] = None,
labels: Optional[Dict[str, str]] = None,
Expand All @@ -117,10 +116,9 @@ def create_cluster_secret(
if data is None and secret_key_ref is None:
raise Exception('You need to either define data or secret_key_ref.')

return self.custom_objects_api.create_namespaced_custom_object(
return self.custom_objects_api.create_cluster_custom_object(
group="clustersecret.io",
version="v1",
namespace=namespace,
body={
"apiVersion": "clustersecret.io/v1",
"kind": "ClusterSecret",
Expand All @@ -135,16 +133,14 @@ def create_cluster_secret(
def update_data_cluster_secret(
self,
name: str,
namespace: str,
data: Dict[str, str],
match_namespace: Optional[List[str]] = None,
avoid_namespaces: Optional[List[str]] = None,
):
self.custom_objects_api.patch_namespaced_custom_object(
self.custom_objects_api.patch_cluster_custom_object(
name=name,
group="clustersecret.io",
version="v1",
namespace=namespace,
body={
"apiVersion": "clustersecret.io/v1",
"kind": "ClusterSecret",
Expand All @@ -160,11 +156,10 @@ def delete_cluster_secret(
name: str,
namespace: str
):
self.custom_objects_api.delete_namespaced_custom_object(
self.custom_objects_api.delete_cluster_custom_object(
name=name,
group="clustersecret.io",
version="v1",
namespace=namespace,
plural="clustersecrets",
)

Expand Down
10 changes: 0 additions & 10 deletions conformance/tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ def test_simple_cluster_secret(self):

self.cluster_secret_manager.create_cluster_secret(
name=name,
namespace=USER_NAMESPACES[0],
data={"username": username_data}
)

Expand All @@ -76,7 +75,6 @@ def test_complex_cluster_secret(self):
# Create a secret in all user namespace expect the first one
self.cluster_secret_manager.create_cluster_secret(
name=name,
namespace=USER_NAMESPACES[0],
data={"username": username_data},
match_namespace=["example-*"],
avoid_namespaces=[USER_NAMESPACES[0]]
Expand All @@ -99,7 +97,6 @@ def test_patch_cluster_secret_data(self):
# Create a secret with username_data
self.cluster_secret_manager.create_cluster_secret(
name=name,
namespace=USER_NAMESPACES[0],
data={"username": username_data},
)

Expand All @@ -115,7 +112,6 @@ def test_patch_cluster_secret_data(self):
self.cluster_secret_manager.update_data_cluster_secret(
name=name,
data={"username": updated_data},
namespace=USER_NAMESPACES[0],
)

# Ensure the secrets are updated with the right data (at some point)
Expand All @@ -133,7 +129,6 @@ def test_patch_cluster_secret_match_namespaces(self):

self.cluster_secret_manager.create_cluster_secret(
name=name,
namespace=USER_NAMESPACES[0],
data={"username": username_data},
match_namespace=[
USER_NAMESPACES[0]
Expand All @@ -154,7 +149,6 @@ def test_patch_cluster_secret_match_namespaces(self):
# Update the cluster match_namespace to ALL user namespace
self.cluster_secret_manager.update_data_cluster_secret(
name=name,
namespace=USER_NAMESPACES[0],
match_namespace=USER_NAMESPACES,
data={"username": username_data},
)
Expand All @@ -174,7 +168,6 @@ def test_simple_cluster_secret_deleted(self):

self.cluster_secret_manager.create_cluster_secret(
name=name,
namespace=USER_NAMESPACES[0],
data={"username": username_data}
)

Expand Down Expand Up @@ -217,7 +210,6 @@ def test_value_from_cluster_secret(self):
# Create the cluster secret
self.cluster_secret_manager.create_cluster_secret(
name=cluster_secret_name,
namespace=USER_NAMESPACES[0],
secret_key_ref={
'name': secret_name,
'namespace': USER_NAMESPACES[0],
Expand Down Expand Up @@ -251,7 +243,6 @@ def test_value_from_with_keys_cluster_secret(self):
# Create the cluster secret
self.cluster_secret_manager.create_cluster_secret(
name=cluster_secret_name,
namespace=USER_NAMESPACES[0],
secret_key_ref={
'name': secret_name,
'namespace': USER_NAMESPACES[0],
Expand Down Expand Up @@ -281,7 +272,6 @@ def test_simple_cluster_secret_with_annotation(self):

cluster_secret_manager.create_cluster_secret(
name=name,
namespace=USER_NAMESPACES[0],
data={"username": username_data},
annotations=annotations,
)
Expand Down
2 changes: 1 addition & 1 deletion setup.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
max-line-length = 120
exclude=
src/tests
ignore=D103,D401,D400,D200,D100,DAR201,WPS305,WPS111,DAR101,WPS326,WPS226,N400,I001,I002,I003,I004,I005,WPS221,WPS237,DAR401,WPS432,WPS211,WPS440,WPS462,WPS210,WPS229,S105,WPS229,WPS202,WPS213,WPS110,WPS238,WPS231
ignore=D103,D102,D401,D400,D200,D100,DAR201,WPS305,WPS111,DAR101,WPS326,WPS226,N400,I001,I002,I003,I004,I005,WPS221,WPS237,DAR401,WPS432,WPS211,WPS440,WPS462,WPS210,WPS229,S105,WPS229,WPS202,WPS213,WPS110,WPS238,WPS231

[darglint]
docstring_style=numpy
3 changes: 2 additions & 1 deletion src/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@

from os_utils import in_cluster

csecs: Dict[str, Any] = {}

# Loading kubeconfig
if in_cluster():
# Loading kubeconfig
Expand Down Expand Up @@ -98,7 +100,6 @@ def on_field_match_namespace(
logger.debug(f'Patching clustersecret {name} in namespace {namespace}')
patch_clustersecret_status(
logger=logger,
namespace=namespace,
name=name,
new_status={'create_fn': {'syncedns': updated_matched}},
custom_objects_api=custom_objects_api,
Expand Down
15 changes: 6 additions & 9 deletions src/kubernetes_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,10 @@


def patch_clustersecret_status(
logger: logging.Logger,
namespace: str,
name: str,
new_status,
custom_objects_api: CustomObjectsApi,
logger: logging.Logger,
name: str,
new_status,
custom_objects_api: CustomObjectsApi,
):
"""Patch the status of a given clustersecret object
"""
Expand All @@ -25,10 +24,9 @@ def patch_clustersecret_status(
plural = 'clustersecrets'

# Retrieve the clustersecret object
clustersecret = custom_objects_api.get_namespaced_custom_object(
clustersecret = custom_objects_api.get_cluster_custom_object(
group=group,
version=version,
namespace=namespace,
plural=plural,
name=name,
)
Expand All @@ -38,10 +36,9 @@ def patch_clustersecret_status(
logger.debug(f'Updated clustersecret manifest: {clustersecret}')

# Perform a patch operation to update the custom resource
custom_objects_api.patch_namespaced_custom_object(
custom_objects_api.patch_cluster_custom_object(
group=group,
version=version,
namespace=namespace,
plural=plural,
name=name,
body=clustersecret,
Expand Down
7 changes: 3 additions & 4 deletions yaml/00_rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: "clustersecret"
namespace: clustersecret
name: clustersecret-account
---
apiVersion: rbac.authorization.k8s.io/v1
Expand All @@ -33,8 +33,7 @@ rules:
# Application: read-only access for watching cluster-wide.
- apiGroups: [clustersecret.io]
resources: [clustersecrets]
verbs: [list, watch, patch, get]

verbs: [watch, list, get, patch, update, create, delete]
# Watch namespaces
- apiGroups: [""]
resources: [namespaces, namespaces/status]
Expand Down Expand Up @@ -70,7 +69,7 @@ rules:
- apiGroups: [""]
resources: [secrets]
verbs: [create,update,patch]

# Application: get and patch clustersecrets for status patching
- apiGroups: [clustersecret.io]
resources: [clustersecrets]
Expand Down
2 changes: 1 addition & 1 deletion yaml/01_crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
name: clustersecrets.clustersecret.io
spec:
scope: Namespaced
scope: Cluster
group: clustersecret.io
versions:
- name: v1
Expand Down
8 changes: 4 additions & 4 deletions yaml/02_deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@ spec:
port: 8080
periodSeconds: 120
env:
- name: CLUSTER_SECRET_VERSION
value: "v0.0.10"
- name: REPLACE_EXISTING
value: "false"
- name: CLUSTER_SECRET_VERSION
value: "v0.0.10"
- name: REPLACE_EXISTING
value: "false"
# imagePullPolicy: Always
# Uncomment next lines for debug:
# command:
Expand Down

0 comments on commit bcccc16

Please sign in to comment.