Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GITOPSRVCE-778: only create operations for missing external cluster secrets #682

Merged
merged 1 commit into from
Oct 17, 2023
Merged

GITOPSRVCE-778: only create operations for missing external cluster secrets #682

merged 1 commit into from
Oct 17, 2023

Conversation

jgwest
Copy link
Member

@jgwest jgwest commented Oct 16, 2023
edited
Loading

Description:

  • At present, in cluster-agent's namespace_reconciler.go, in recreateClusterSecrets, we are iterating through the list of ManagedEnvironments looking for those that do not have a corresponding Argo CD Cluster Secret.
  • However, there exist many ManagedEnvironment rows that do not require a cluster secret: any managed environment that corresponds to a '*_tenant' Namespace on the cluster does not require an Argo CD cluster secret. Why? Because Argo CD by default already has the credentials needed to read/write from any namespace on the that it is deployed to.
  • We can thus update logic in 'recreateClusterSecrets' to avoid creating Operations for ManagedEnvironments/Applications that target the same cluster as Argo CD.

This PR:

  • moves "serviceaccount_bearer_token" to a string constant
  • skips creating Argo CD Cluster secret in recreateClusterSecrets for ManagedEnvironents that have a default serviceaccount_bearer_token
  • adds a new test case to verify this case

Link to JIRA Story (if applicable): https://issues.redhat.com/browse/GITOPSRVCE-778

@openshift-ci-robot
Copy link

openshift-ci-robot commented Oct 16, 2023
edited by openshift-ci bot
Loading

@jgwest: This pull request references GITOPSRVCE-778 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.15.0" version, but no target version was set.

In response to this:

Description:

  • At present, in cluster-agent's namespace_reconciler.go, in recreateClusterSecrets, we are iterating through the list of ManagedEnvironments looking for those that do not have a corresponding Argo CD Cluster Secret.
  • However, there exist many ManagedEnvironment rows that do not require a cluster secret: any managed environment that corresponds to a '*_tenant' Namespace on the cluster does not require an Argo CD cluster secret. Why? Because Argo CD by default already has the credentials needed to read/write from any namespace on the that it is deployed to.
  • We can thus update logic in 'recreateClusterSecrets' to avoid creating Operations for ManagedEnvironments/Applications that target the same cluster as Argo CD.

This PR:

  • moves "serviceaccount_bearer_token" to a string constant
  • skips creating Argo CD Cluster secret in recreateClusterSecrets for ManagedEnvironents that have a default serviceaccount_bearer_token
  • adds a new test case to verify this case

Link to JIRA Story (if applicable):

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested review from jparsai and Rizwana777 October 16, 2023 09:07
@openshift-ci-robot
Copy link

openshift-ci-robot commented Oct 16, 2023
edited by openshift-ci bot
Loading

@jgwest: This pull request references GITOPSRVCE-778 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.15.0" version, but no target version was set.

In response to this:

Description:

  • At present, in cluster-agent's namespace_reconciler.go, in recreateClusterSecrets, we are iterating through the list of ManagedEnvironments looking for those that do not have a corresponding Argo CD Cluster Secret.
  • However, there exist many ManagedEnvironment rows that do not require a cluster secret: any managed environment that corresponds to a '*_tenant' Namespace on the cluster does not require an Argo CD cluster secret. Why? Because Argo CD by default already has the credentials needed to read/write from any namespace on the that it is deployed to.
  • We can thus update logic in 'recreateClusterSecrets' to avoid creating Operations for ManagedEnvironments/Applications that target the same cluster as Argo CD.

This PR:

  • moves "serviceaccount_bearer_token" to a string constant
  • skips creating Argo CD Cluster secret in recreateClusterSecrets for ManagedEnvironents that have a default serviceaccount_bearer_token
  • adds a new test case to verify this case

Link to JIRA Story (if applicable): https://issues.redhat.com/browse/GITOPSRVCE-778

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 16, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jgwest

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jgwest jgwest removed the request for review from Rizwana777 October 16, 2023 09:08
@jgwest jgwest force-pushed the gitopsrvce-778-skip-operation-creation-on-local-managed-envs-oct-2023 branch from 6296b12 to b5b959d Compare October 16, 2023 09:46
@codecov
Copy link

codecov bot commented Oct 16, 2023
edited
Loading

Codecov Report

Attention: 5 lines in your changes are missing coverage. Please review.

Comparison is base (eb5a1c0) 61.82% compared to head (b5b959d) 61.79%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #682      +/-   ##
==========================================
- Coverage   61.82%   61.79%   -0.03%     
==========================================
  Files          99       99              
  Lines       18091    18099       +8     
==========================================
+ Hits        11184    11185       +1     
- Misses       5655     5659       +4     
- Partials     1252     1255       +3
Files Coverage Δ
backend-shared/db/clustercredentials.go 38.34% <ø> (ø)
backend-shared/db/util/utils.go 71.42% <100.00%> (ø)
...nt/controllers/argoproj.io/namespace_reconciler.go 66.53% <37.50%> (-0.45%) ⬇️

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@jparsai
Copy link
Contributor

jparsai commented Oct 17, 2023

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Oct 17, 2023
@openshift-ci openshift-ci bot merged commit 136ee66 into redhat-appstudio:main Oct 17, 2023
13 checks passed
@rh-tap-build-team rh-tap-build-team bot mentioned this pull request Oct 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jparsai jparsai Awaiting requested review from jparsai

Assignees

@jparsai jparsai

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jgwest @openshift-ci-robot @jparsai