Initial External AUTH Secret #359
Conversation
pull-request-size
bot
added
the
size/M
|
I have done some initial testing already, but will do a more detailed testing tomorrow. @cognifloyd and @armab -> I would appreciate your input on the name of the property to disable the Auth secret from being generated. I have no preference on the name of the property. |
|
FYI - I got pull off this work to do different tasks at my Job. |
|
Please let me know what you think of the values file. |
pull-request-size
bot
added
size/L
cognifloyd
left a comment
cognifloyd
left a comment
There was a problem hiding this comment.
LGTM. Let me know when you're ready for the final review. :)
Will test today in my environment for real world testing. So request should come in later today |
|
Correction the jobs failed due to missing the st2-admin secret. checking that now |
|
Okay I can confirm that the process fully works! |
bmarick
force-pushed
the
externalAuthSecret
branch
3 times, most recently
from
9cfd9cf to
9239520
Compare
|
The only things missing are tests for the following files.
|
bmarick
force-pushed
the
externalAuthSecret
branch
2 times, most recently
from
db07c14 to
a7f7bc9
Compare
Ready for review! |
cognifloyd
left a comment
cognifloyd
left a comment
There was a problem hiding this comment.
Nice! One nitpick to save my sanity in the tests, and then I'll approve and merge.
Thank you for working on this!
tests/unit/secrets_test.yaml
Outdated
| - equal: | ||
| path: spec.template.spec.initContainers[2].envFrom[0].secretRef.name | ||
| value: "hello-world" | ||
| documentIndex: 0 |
There was a problem hiding this comment.
Could you add a comment on the documentIndex for deployments and jobs to say which deployment/job this test is for?
Aside: I really wish we could use something other than index to select documents (and containers, ...) With helm-unittest. But oh well.
There was a problem hiding this comment.
I added a comment saying
# Checking Deployment/Job {name} was properly updatedThe {name} is a place holder for the metadata.name without the {{ .Release.Name }} included
Please let me know if that works for you
There was a problem hiding this comment.
oh. Sorry. I was not very specific. I was thinking of something more terse:
documentIndex: 0 # st2auth
If you look in the other test files, I've done something like that. Is that helpful or confusing for you? If adding this comment is confusing, then I can change how I do it in the other files for clarity.
bmarick
force-pushed
the
externalAuthSecret
branch
2 times, most recently
from
dd7e2ee to
0bfbffb
Compare
|
The tests appear to have failed due to a rate limit |
Adjust authExistingSecret to existingAuthSecret; to match similar existingConfigSecret Add job tests and catch a missing location Properly document which Job/deployment was updated
bmarick
force-pushed
the
externalAuthSecret
branch
from
0bfbffb to
7f74438
Compare
2 participants
This PR is intended to resolve #332.
Provides a way to disable the generation of the
{{Release.name}}-st2-authSecret.This will allow users to manage this secret outside of from the HELM process.
Limitation -> The customer provided secret must have the same name and keys as what would normally be generated.