Skip to content

feature: Add pkg/identiy #3915

New issue
New issue
Open
Open
feature: Add pkg/identiy#3915
Labels
good first issueDenotes an issue ready for a new contributor, according to the "help wanted" guidelines.kind/featureCategorizes issue or PR as related to a new feature.
@ntnn

Description

@ntnn
ntnn
opened on Mar 17, 2026

Feature Description

We have a bunch of places where identiy hashes are calculated and stored in secrets. These should be consolidated.

kcp/pkg/reconciler/cache/cachedresources/cachedresources_reconcile_identity.go

Line 134 in 301a8f7

func IdentityHash(secret *corev1.Secret) (string, error) {

kcp/pkg/reconciler/cache/cachedresources/cachedresources_reconcile.go

Lines 225 to 259 in 301a8f7

func (c *Controller) createIdentitySecret(ctx context.Context, clusterName logicalcluster.Path, defaultSecretNamespace, cachedResourceName string) error {
secret, err := GenerateIdentitySecret(ctx, defaultSecretNamespace, cachedResourceName)
if err != nil {
return err
}
secret.Annotations[logicalcluster.AnnotationKey] = clusterName.String()
logger := logging.WithObject(klog.FromContext(ctx), secret)
ctx = klog.NewContext(ctx, logger)
logger.V(2).Info("creating identity secret")
return c.createSecret(ctx, clusterName, secret)
}
// TODO: This is copy from apiexport controller. We should move it to a shared location.
func GenerateIdentitySecret(ctx context.Context, ns string, name string) (*corev1.Secret, error) {
logger := klog.FromContext(ctx)
start := time.Now()
key := crypto.Random256BitsString()
if dur := time.Since(start); dur > time.Millisecond*100 {
logger.Info("identity key generation took a long time", "duration", dur)
}
secret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Namespace: ns,
Name: name,
Annotations: map[string]string{},
},
StringData: map[string]string{
apisv1alpha1.SecretKeyAPIExportIdentity: key,
},
}
return secret, nil
}

kcp/pkg/reconciler/apis/apiexport/crypto.go

Lines 34 to 65 in 301a8f7

func GenerateIdentitySecret(ctx context.Context, ns string, apiExportName string) (*corev1.Secret, error) {
logger := klog.FromContext(ctx)
start := time.Now()
key := crypto.Random256BitsString()
if dur := time.Since(start); dur > time.Millisecond*100 {
logger.Info("identity key generation took a long time", "duration", dur)
}
secret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Namespace: ns,
Name: apiExportName,
Annotations: map[string]string{},
},
StringData: map[string]string{
apisv1alpha1.SecretKeyAPIExportIdentity: key,
},
}
return secret, nil
}
func IdentityHash(secret *corev1.Secret) (string, error) {
key := secret.Data[apisv1alpha1.SecretKeyAPIExportIdentity]
if len(key) == 0 {
return "", fmt.Errorf("secret is missing data.%s", apisv1alpha1.SecretKeyAPIExportIdentity)
}
hashBytes := sha256.Sum256(key)
hash := fmt.Sprintf("%x", hashBytes)
return hash, nil
}

etc.pp.

Proposed Solution

Add a new pkg/identity.

Alternative Solutions

No response

Want to contribute?

  • I would like to work on this issue.

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueDenotes an issue ready for a new contributor, according to the "help wanted" guidelines.kind/featureCategorizes issue or PR as related to a new feature.

    Type

    No type

    Projects

    kcp

    Status

    New

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions