Skip to content

Add an API struct representing a single Secret value #4100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 21, 2025
Merged

Add an API struct representing a single Secret value #4100

merged 1 commit into from
Feb 21, 2025

Conversation

@cbandy
Copy link
Member

@cbandy cbandy commented Feb 19, 2025
edited
Loading

This adds validation to the recurring pattern of selecting a single value from a Secret. Note that the name field is now required.

Secrets are best mounted as files, and the logic for translating these references into volume projections is now consolidated in two exported methods.

Checklist:

  • Have you added an explanation of what your changes do and why you'd like them to be included?
  • Have you updated or added documentation for the change, as applicable?
  • Have you tested your changes on all related environments with successful results, as applicable?
    • Have you added automated tests?

Type of Changes:

  • Bug fix
  • Other

What is the current behavior (link to any open issues here)?

Secret name is not validated as required, and forgetting to add it causes reconciliation errors.

What is the new behavior (if this is a feature change)?

  • Breaking change (fix or feature that would cause existing functionality to change)

The field is now required, but clusters that lack it are broken anyway.

dsessler7
dsessler7 approved these changes Feb 20, 2025
View reviewed changes
Copy link
Contributor

@dsessler7 dsessler7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

cbandy
cbandy commented Feb 20, 2025
View reviewed changes
@cbandy
Add an API struct representing a single Secret value
dd23d3e 
This adds validation to the recurring pattern of selecting a single
value from a Secret. Note that the "name" field is now required.

Secrets are best mounted as files, and the logic for translating these
references into volume projections is now consolidated in two exported
methods.
@cbandy cbandy force-pushed the shared-api-structs branch from 5b40675 to dd23d3e Compare February 20, 2025 23:28
cbandy
cbandy commented Feb 20, 2025
View reviewed changes
config/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml
type: string
x-kubernetes-validations:
- message: cannot be "." or start with ".."
rule: self != "." && !self.startsWith("..")
Copy link
Member Author

@cbandy cbandy Feb 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📝 Having a CEL rule felt like a bit much, but if we allow these values up-front, then we'll error trying to send them into volume source, secret ref, etc during reconcile.

@cbandy cbandy merged commit 85636a8 into CrunchyData:main Feb 21, 2025
19 checks passed
@cbandy cbandy deleted the shared-api-structs branch February 21, 2025 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benjaminjb benjaminjb benjaminjb approved these changes

@dsessler7 dsessler7 dsessler7 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cbandy @benjaminjb @dsessler7