Merge pull request #101 from axel7083/feature/cluster-wide

zakkg3 · web-flow · commit bcccc16686fb · 2024-01-08T14:51:55.000+01:00
feat: migrating to ClusterScope CRD
diff --git a/charts/cluster-secret/Chart.yaml b/charts/cluster-secret/Chart.yaml
@@ -3,7 +3,7 @@ name: cluster-secret
 description: ClusterSecret Operator
 kubeVersion: '>= 1.16.0-0'
 type: application
-version: 0.2.3
+version: 0.3.0
 icon: https://clustersecret.io/assets/csninjasmall.png
 sources:
 - https://github.com/zakkg3/ClusterSecret
diff --git a/charts/cluster-secret/crds/clustersecret-crd.yaml b/charts/cluster-secret/crds/clustersecret-crd.yaml
@@ -10,7 +10,7 @@ spec:
     shortNames:
     - csec
     singular: clustersecret
-  scope: Namespaced
+  scope: Cluster
   versions:
   - additionalPrinterColumns:
     - description: Secret Type
diff --git a/charts/cluster-secret/templates/role-cluster-rbac.yaml b/charts/cluster-secret/templates/role-cluster-rbac.yaml
@@ -39,10 +39,13 @@ rules:
   resources:
   - clustersecrets
   verbs:
-  - list
   - watch
-  - patch
+  - list
   - get
+  - patch
+  - update
+  - create
+  - delete
 - apiGroups:
   - ""
   resources:
diff --git a/charts/cluster-secret/templates/role-namespaced-rbac.yaml b/charts/cluster-secret/templates/role-namespaced-rbac.yaml
@@ -34,10 +34,3 @@ rules:
   - create
   - update
   - patch
-- apiGroups:
-  - clustersecret.io
-  resources:
-  - clustersecrets
-  verbs:
-  - get
-  - patch
diff --git a/conformance/k8s_utils.py b/conformance/k8s_utils.py
@@ -106,7 +106,6 @@ def _generate_secret_key_ref_dict(secret_key_ref: Dict[str, str]) -> Dict[str, A
     def create_cluster_secret(
             self,
             name: str,
-            namespace: str,
             data: Optional[Dict[str, Any]] = None,
             secret_key_ref: Optional[Dict[str, str]] = None,
             labels: Optional[Dict[str, str]] = None,
@@ -117,10 +116,9 @@ def create_cluster_secret(
         if data is None and secret_key_ref is None:
             raise Exception('You need to either define data or secret_key_ref.')
 
-        return self.custom_objects_api.create_namespaced_custom_object(
+        return self.custom_objects_api.create_cluster_custom_object(
             group="clustersecret.io",
             version="v1",
-            namespace=namespace,
             body={
                 "apiVersion": "clustersecret.io/v1",
                 "kind": "ClusterSecret",
@@ -135,16 +133,14 @@ def create_cluster_secret(
     def update_data_cluster_secret(
             self,
             name: str,
-            namespace: str,
             data: Dict[str, str],
             match_namespace: Optional[List[str]] = None,
             avoid_namespaces: Optional[List[str]] = None,
     ):
-        self.custom_objects_api.patch_namespaced_custom_object(
+        self.custom_objects_api.patch_cluster_custom_object(
             name=name,
             group="clustersecret.io",
             version="v1",
-            namespace=namespace,
             body={
                 "apiVersion": "clustersecret.io/v1",
                 "kind": "ClusterSecret",
@@ -160,11 +156,10 @@ def delete_cluster_secret(
             name: str,
             namespace: str
     ):
-        self.custom_objects_api.delete_namespaced_custom_object(
+        self.custom_objects_api.delete_cluster_custom_object(
             name=name,
             group="clustersecret.io",
             version="v1",
-            namespace=namespace,
             plural="clustersecrets",
         )
 
diff --git a/conformance/tests.py b/conformance/tests.py
@@ -57,7 +57,6 @@ def test_simple_cluster_secret(self):
 
         self.cluster_secret_manager.create_cluster_secret(
             name=name,
-            namespace=USER_NAMESPACES[0],
             data={"username": username_data}
         )
 
@@ -76,7 +75,6 @@ def test_complex_cluster_secret(self):
         # Create a secret in all user namespace expect the first one
         self.cluster_secret_manager.create_cluster_secret(
             name=name,
-            namespace=USER_NAMESPACES[0],
             data={"username": username_data},
             match_namespace=["example-*"],
             avoid_namespaces=[USER_NAMESPACES[0]]
@@ -99,7 +97,6 @@ def test_patch_cluster_secret_data(self):
         # Create a secret with username_data
         self.cluster_secret_manager.create_cluster_secret(
             name=name,
-            namespace=USER_NAMESPACES[0],
             data={"username": username_data},
         )
 
@@ -115,7 +112,6 @@ def test_patch_cluster_secret_data(self):
         self.cluster_secret_manager.update_data_cluster_secret(
             name=name,
             data={"username": updated_data},
-            namespace=USER_NAMESPACES[0],
         )
 
         # Ensure the secrets are updated with the right data (at some point)
@@ -133,7 +129,6 @@ def test_patch_cluster_secret_match_namespaces(self):
 
         self.cluster_secret_manager.create_cluster_secret(
             name=name,
-            namespace=USER_NAMESPACES[0],
             data={"username": username_data},
             match_namespace=[
                 USER_NAMESPACES[0]
@@ -154,7 +149,6 @@ def test_patch_cluster_secret_match_namespaces(self):
         # Update the cluster match_namespace to ALL user namespace
         self.cluster_secret_manager.update_data_cluster_secret(
             name=name,
-            namespace=USER_NAMESPACES[0],
             match_namespace=USER_NAMESPACES,
             data={"username": username_data},
         )
@@ -174,7 +168,6 @@ def test_simple_cluster_secret_deleted(self):
 
         self.cluster_secret_manager.create_cluster_secret(
             name=name,
-            namespace=USER_NAMESPACES[0],
             data={"username": username_data}
         )
 
@@ -217,7 +210,6 @@ def test_value_from_cluster_secret(self):
         # Create the cluster secret
         self.cluster_secret_manager.create_cluster_secret(
             name=cluster_secret_name,
-            namespace=USER_NAMESPACES[0],
             secret_key_ref={
                 'name': secret_name,
                 'namespace': USER_NAMESPACES[0],
@@ -251,7 +243,6 @@ def test_value_from_with_keys_cluster_secret(self):
         # Create the cluster secret
         self.cluster_secret_manager.create_cluster_secret(
             name=cluster_secret_name,
-            namespace=USER_NAMESPACES[0],
             secret_key_ref={
                 'name': secret_name,
                 'namespace': USER_NAMESPACES[0],
@@ -281,7 +272,6 @@ def test_simple_cluster_secret_with_annotation(self):
 
         cluster_secret_manager.create_cluster_secret(
             name=name,
-            namespace=USER_NAMESPACES[0],
             data={"username": username_data},
             annotations=annotations,
         )
diff --git a/setup.cfg b/setup.cfg
@@ -2,7 +2,7 @@
 max-line-length = 120
 exclude=
     src/tests
-ignore=D103,D401,D400,D200,D100,DAR201,WPS305,WPS111,DAR101,WPS326,WPS226,N400,I001,I002,I003,I004,I005,WPS221,WPS237,DAR401,WPS432,WPS211,WPS440,WPS462,WPS210,WPS229,S105,WPS229,WPS202,WPS213,WPS110,WPS238,WPS231
+ignore=D103,D102,D401,D400,D200,D100,DAR201,WPS305,WPS111,DAR101,WPS326,WPS226,N400,I001,I002,I003,I004,I005,WPS221,WPS237,DAR401,WPS432,WPS211,WPS440,WPS462,WPS210,WPS229,S105,WPS229,WPS202,WPS213,WPS110,WPS238,WPS231
 
 [darglint]
 docstring_style=numpy
diff --git a/src/handlers.py b/src/handlers.py
@@ -14,6 +14,8 @@
 
 from os_utils import in_cluster
 
+csecs: Dict[str, Any] = {}
+
 # Loading kubeconfig
 if in_cluster():
     # Loading kubeconfig
@@ -98,7 +100,6 @@ def on_field_match_namespace(
     logger.debug(f'Patching clustersecret {name} in namespace {namespace}')
     patch_clustersecret_status(
         logger=logger,
-        namespace=namespace,
         name=name,
         new_status={'create_fn': {'syncedns': updated_matched}},
         custom_objects_api=custom_objects_api,
diff --git a/src/kubernetes_utils.py b/src/kubernetes_utils.py
@@ -12,11 +12,10 @@
 
 
 def patch_clustersecret_status(
-        logger: logging.Logger,
-        namespace: str,
-        name: str,
-        new_status,
-        custom_objects_api: CustomObjectsApi,
+    logger: logging.Logger,
+    name: str,
+    new_status,
+    custom_objects_api: CustomObjectsApi,
 ):
     """Patch the status of a given clustersecret object
     """
@@ -25,10 +24,9 @@ def patch_clustersecret_status(
     plural = 'clustersecrets'
 
     # Retrieve the clustersecret object
-    clustersecret = custom_objects_api.get_namespaced_custom_object(
+    clustersecret = custom_objects_api.get_cluster_custom_object(
         group=group,
         version=version,
-        namespace=namespace,
         plural=plural,
         name=name,
     )
@@ -38,10 +36,9 @@ def patch_clustersecret_status(
     logger.debug(f'Updated clustersecret manifest: {clustersecret}')
 
     # Perform a patch operation to update the custom resource
-    custom_objects_api.patch_namespaced_custom_object(
+    custom_objects_api.patch_cluster_custom_object(
         group=group,
         version=version,
-        namespace=namespace,
         plural=plural,
         name=name,
         body=clustersecret,
diff --git a/yaml/00_rbac.yaml b/yaml/00_rbac.yaml
@@ -6,7 +6,7 @@ metadata:
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  namespace: "clustersecret"
+  namespace: clustersecret
   name: clustersecret-account
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -33,8 +33,7 @@ rules:
   # Application: read-only access for watching cluster-wide.
   - apiGroups: [clustersecret.io]
     resources: [clustersecrets]
-    verbs: [list, watch, patch, get]
-
+    verbs: [watch, list, get, patch, update, create, delete]
   # Watch namespaces
   - apiGroups: [""]
     resources: [namespaces, namespaces/status]
@@ -70,7 +69,7 @@ rules:
   - apiGroups: [""]
     resources: [secrets]
     verbs: [create,update,patch]
-  
+
   # Application: get and patch clustersecrets for status patching
   - apiGroups: [clustersecret.io]
     resources: [clustersecrets]
diff --git a/yaml/01_crd.yaml b/yaml/01_crd.yaml
@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
 metadata:
   name: clustersecrets.clustersecret.io
 spec:
-  scope: Namespaced
+  scope: Cluster
   group: clustersecret.io
   versions:
     - name: v1
diff --git a/yaml/02_deployment.yaml b/yaml/02_deployment.yaml
@@ -26,10 +26,10 @@ spec:
               port: 8080
             periodSeconds: 120
           env:
-          - name: CLUSTER_SECRET_VERSION
-            value: "v0.0.10"
-          - name: REPLACE_EXISTING
-            value: "false"
+            - name: CLUSTER_SECRET_VERSION
+              value: "v0.0.10"
+            - name: REPLACE_EXISTING
+              value: "false"
           # imagePullPolicy: Always
           # Uncomment next lines for debug:
           # command:
