Skip to content

Add MissingFieldStrategy for KeyInjection #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add MissingFieldStrategy for KeyInjection #83

wants to merge 6 commits into from

Conversation

klaudworks
Copy link

@klaudworks klaudworks commented Feb 21, 2025
edited
Loading

Description of your changes

This implements MissingFieldStrategy as discussed in #81.

I have:

  • Read and followed Crossplane's [contribution process].
  • Run make reviewable test to ensure this PR is ready for review.

How has this code been tested

@arielsepton The existing tests work already. Feel free to already check if the implementation matches what you would expect.
I will now proceed to add / improve the tests to test each of the 3 different strategies for handling missing fields.
Then, I will also test it manually in my local setup.

@klaudworks klaudworks mentioned this pull request Feb 22, 2025
Open
@klaudworks
Copy link
Author

I added changes to tackle #84.

What changed?

I improved the robustness of parsing responses from JSON into an object by replacing the masked secret values first and then parsing the String as a JSON. Beforehand, it wasn't possible to parse any response that had a masked number. It just worked because of another bug as describe in #84.

Unfortunately, this is still not sufficient to fully deal with masking numbers & booleans. During the deletion phase of a request the referenced secret data may already be deleted. This is no problems for replacing values in JSON strings because replacing

{ "secretString": "{{secret:ns:key}}" } with an empty string results in { "secretString": "" } which is valid JSON
but patching a masked number / boolean e.g. { "secretNumber": {{secret:ns:key}} } without quotes results in { "secretNumber": } which is not valid JSON.

To tackle that issue, I went with a simpler solution and explicitly excluded masking numbers and booleans inside response bodies in the first place. Values are just masked if they are JSON strings. This is definitely not the optimal solution. However, it improves upon the previous behavior where a masked number would lead to a bug that stores all response values without masking (#84). Also, I assume masking booleans or numbers is a real use case in the first place but If you think o.w. I already made some improvements in the JSON parsing to enable you to do so. My additions should strictly improve upon the previous behavior.

Tests

Outlook

If you wanna work on masking numbers / booleans, I recommend to add the masking of those values in again in the secret_patcher.go and to deploy the sample Request. You will notice issues during deletion before the secret values are cleared first and the response can not be parsed into a proper JSON anymore.

@klaudworks klaudworks marked this pull request as ready for review February 23, 2025 14:08
@klaudworks
Copy link
Author

@arielsepton tagging you here because I turned the PR draft into an actual PR

@klaudworks
Copy link
Author

@arielsepton could you look into why make -j2 test fails but make test works so that we can get this merged? I'm pretty short on time in the next few weeks.

@klaudworks
Copy link
Author

klaudworks commented Mar 21, 2025
edited
Loading

I think the remaining error is test flakiness so I'd ask you to run the tests again. In status_test.go you define a map of test cases and iterate over the map to execute the test cases while expecting them to be executed in order.

However, in Golang "the iteration order over maps is not specified and is not guaranteed to be the same from one iteration to the next". - go.dev/ref/spec

Therefore, it is likely that test cases are not always evaluated in the order you intended.

	cases := map[string]struct {
		args args
		want want
	}{
		"Success": {
			...
		},
		"StatusCodeFailed": {
			...
		},
		"RequestFailed": {
			...
		},
		"ResetFailures": {
			...
		},
	}
        
        for name, tc := range cases {
        t.Run(name, func(t *testing.T) {

@klaudworks klaudworks force-pushed the add-missing-field-strategy branch from 594ba62 to e132c24 Compare March 22, 2025 18:23
arielsepton
arielsepton requested changes Apr 15, 2025
View reviewed changes
Copy link
Member

@arielsepton arielsepton left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey! Thanks so much for the contribution — this is really great!!

Before we merge, would you mind also updating the example to reflect the new functionality? It would also be awesome if you could implement the same support for the DisposableRequest resource.

Let me know if you’re up for that — I’ll make sure to review it quickly!

@klaudworks
Copy link
Author

I can update the example but I don't have capacity to implement support for the DisposableRequest at the moment.
Would you be okay with getting it merged while keeping the default Behavior for the disposable request?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arielsepton arielsepton arielsepton requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@klaudworks @arielsepton