BREAKING. Support for namespace label matching and secret event handling

charts/cluster-secret/crds/clustersecret-crd.yaml

@@ -20,23 +20,50 @@ spec:
     name: v1
     schema:
       openAPIV3Schema:
+        type: object
         properties:
           avoidNamespaces:
+            type: array
             items:
               type: string
-            type: array
           data:
             type: object
-            x-kubernetes-preserve-unknown-fields: true
+            additionalProperties:
+              type: string
+          fromSecret:
+            type: object
+            properties:
+              name:
+                type: string
+              namespace:
+                type: string
+              keys:
+                type: array
+                items:
+                  type: string
+            required:
+            - name
+            - namespace
+          matchLabels:
+            type: object
+            additionalProperties:
+              type: string
           matchNamespace:
+            type: array
             items:
               type: string
-            type: array
+          matchedSetsJoin:
+            type: string
+            description: intersection or union.  Operation to use when combining namespace sets from multiple labels or label and matchNamespace list
           status:
             type: object
             x-kubernetes-preserve-unknown-fields: true
           type:
             type: string
-        type: object
+        oneOf:
+        - required:
+          - data
+        - required:
+          - fromSecret
     served: true
     storage: true

conformance/cluster-secrets.yaml

@@ -2,7 +2,6 @@ apiVersion: clustersecret.io/v1
 kind: ClusterSecret
 metadata:
   name: basic-cluster-secret
-  namespace: example-1
 data:
   username: MTIzNDU2Cg==
   password: MTIzNDU2Cg==
@@ -11,7 +10,6 @@ kind: ClusterSecret
 apiVersion: clustersecret.io/v1
 metadata:
   name: typed-secret
-  namespace: example-1
   type: kubernetes.io/tls
 data:
   tls.crt: MTIzNDU2Cg==
@@ -21,7 +19,6 @@ apiVersion: clustersecret.io/v1
 kind: ClusterSecret
 metadata:
   name: basic-cluster-secret
-  namespace: example-1
 avoidNamespaces:
   - example-3
----
+---

conformance/k8s_utils.py

@@ -153,8 +153,7 @@ def update_data_cluster_secret(
 
     def delete_cluster_secret(
             self,
-            name: str,
-            namespace: str
+            name: str
     ):
         self.custom_objects_api.delete_cluster_custom_object(
             name=name,

conformance/tests.py

@@ -181,7 +181,6 @@ def test_simple_cluster_secret_deleted(self):
 
         self.cluster_secret_manager.delete_cluster_secret(
             name=name,
-            namespace=USER_NAMESPACES[0],
         )
 
         # We expect the secret to be in NO namespaces
@@ -212,7 +211,6 @@ def test_value_from_cluster_secret(self):
             name=cluster_secret_name,
             secret_key_ref={
                 'name': secret_name,
-                'namespace': USER_NAMESPACES[0],
             },
         )
 
@@ -245,7 +243,6 @@ def test_value_from_with_keys_cluster_secret(self):
             name=cluster_secret_name,
             secret_key_ref={
                 'name': secret_name,
-                'namespace': USER_NAMESPACES[0],
                 'keys': ['username', 'password']
             },
         )

src/consts.py

@@ -2,12 +2,9 @@
 Constants used by the project
 """
 
-CREATE_BY_ANNOTATION = 'clustersecret.io/created-by'
-CREATE_BY_AUTHOR = 'ClusterSecrets'
-LAST_SYNC_ANNOTATION = 'clustersecret.io/last-sync'
 VERSION_ANNOTATION = 'clustersecret.io/version'
 
-CLUSTER_SECRET_LABEL = "clustersecret.io"
+CREATE_BY_LABEL = "clustersecret.io/created-by"
 
 BLOCKED_ANNOTATIONS = ["kopf.zalando.org", "kubectl.kubernetes.io"]