fix api definition (optional mode)

kkb0318 · Jun 16, 2024 · 25ae093 · 25ae093
1 parent 074738f
commit 25ae093
Show file tree

Hide file tree

Showing 9 changed files with 34 additions and 23 deletions.
diff --git a/api/v1alpha1/irsasetup_types.go b/api/v1alpha1/irsasetup_types.go
@@ -33,8 +33,11 @@ type IRSASetupSpec struct {
 	// +required
 	Cleanup bool `json:"cleanup"`
 
-	// Mode specifies the mode of operation. Can be either "selfhosted" or "eks".
-	Mode string `json:"mode"`
+	// Mode (Optional, Future Feature) Defines how the controller will operate once this feature is enabled.
+	// Currently unused. Planned values:
+	//   - "selfhosted": For self-managed Kubernetes clusters.
+	//   - "eks": For Amazon EKS environments.
+	Mode string `json:"mode,omitempty"`
 
 	// Discovery configures the IdP Discovery process, essential for setting up IRSA by locating
 	// the OIDC provider information.

diff --git a/charts/irsa-manager/crds/irsasetup-crd.yaml b/charts/irsa-manager/crds/irsasetup-crd.yaml
@@ -71,13 +71,15 @@ spec:
                     type: object
                 type: object
               mode:
-                description: Mode specifies the mode of operation. Can be either "selfhosted"
-                  or "eks".
+                description: |-
+                  Mode (Optional, Future Feature) Defines how the controller will operate once this feature is enabled.
+                  Currently unused. Planned values:
+                    - "selfhosted": For self-managed Kubernetes clusters.
+                    - "eks": For Amazon EKS environments.
                 type: string
             required:
             - cleanup
             - discovery
-            - mode
             type: object
           status:
             description: IRSASetupStatus defines the observed state of IRSASetup

diff --git a/charts/irsa-manager/templates/deployment.yaml b/charts/irsa-manager/templates/deployment.yaml
@@ -62,6 +62,7 @@ spec:
             secretKeyRef:
               key: aws-role-arn
               name: aws-secret
+              optional: true
         - name: KUBERNETES_CLUSTER_DOMAIN
           value: {{ quote .Values.kubernetesClusterDomain }}
         image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag

diff --git a/config/crd/bases/irsa-manager.kkb0318.github.io_irsasetups.yaml b/config/crd/bases/irsa-manager.kkb0318.github.io_irsasetups.yaml
@@ -72,13 +72,15 @@ spec:
                     type: object
                 type: object
               mode:
-                description: Mode specifies the mode of operation. Can be either "selfhosted"
-                  or "eks".
+                description: |-
+                  Mode (Optional, Future Feature) Defines how the controller will operate once this feature is enabled.
+                  Currently unused. Planned values:
+                    - "selfhosted": For self-managed Kubernetes clusters.
+                    - "eks": For Amazon EKS environments.
                 type: string
             required:
             - cleanup
             - discovery
-            - mode
             type: object
           status:
             description: IRSASetupStatus defines the observed state of IRSASetup

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -95,7 +95,7 @@ spec:
                 secretKeyRef:
                   name: aws-secret
                   key: aws-role-arn
-                  # optional: true
+                  optional: true
           name: manager
           securityContext:
             allowPrivilegeEscalation: false

diff --git a/docs/api.md b/docs/api.md
@@ -100,7 +100,7 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `cleanup` _boolean_ | Cleanup, when enabled, allows the IRSASetup to perform garbage collection<br />of resources that are no longer needed or managed. |  |  |
-| `mode` _string_ | Mode specifies the mode of operation. Can be either "selfhosted" or "eks". |  |  |
+| `mode` _string_ | Mode (Optional, Future Feature) Defines how the controller will operate once this feature is enabled.<br />Currently unused. Planned values:<br />  - "selfhosted": For self-managed Kubernetes clusters.<br />  - "eks": For Amazon EKS environments. |  |  |
 | `discovery` _[Discovery](#discovery)_ | Discovery configures the IdP Discovery process, essential for setting up IRSA by locating<br />the OIDC provider information. |  |  |
 
 

diff --git a/examples/selfhosted.yaml b/examples/selfhosted.yaml
@@ -5,7 +5,6 @@ metadata:
   namespace: irsa-manager-system
 spec:
   cleanup: false
-  mode: selfhosted
   discovery:
     s3:
       region: ap-northeast-1

diff --git a/internal/controller/irsasetup_controller_test.go b/internal/controller/irsasetup_controller_test.go
@@ -53,7 +53,7 @@ var _ = Describe("IRSASetup Controller", func() {
 					},
 					Spec: irsav1alpha1.IRSASetupSpec{
 						Cleanup: true,
-						Mode:    "selfhosted",
+						// Mode:    "selfhosted",
 						Discovery: irsav1alpha1.Discovery{
 							S3: irsav1alpha1.S3Discovery{
 								Region:     "ap-northeast-1",
@@ -134,7 +134,7 @@ var _ = Describe("IRSASetup Controller", func() {
 					},
 					Spec: irsav1alpha1.IRSASetupSpec{
 						Cleanup: true,
-						Mode:    "selfhoted",
+						// Mode:    "selfhoted",
 						Discovery: irsav1alpha1.Discovery{
 							S3: irsav1alpha1.S3Discovery{
 								Region:     "ap-northeast-1",
@@ -219,7 +219,7 @@ var _ = Describe("IRSASetup Controller", func() {
 					},
 					Spec: irsav1alpha1.IRSASetupSpec{
 						Cleanup: false,
-						Mode:    "selfhoted",
+						// Mode:    "selfhoted",
 						Discovery: irsav1alpha1.Discovery{
 							S3: irsav1alpha1.S3Discovery{
 								Region:     "ap-northeast-1",

diff --git a/internal/selfhosted/webhook/certificate_test.go b/internal/selfhosted/webhook/certificate_test.go
@@ -19,21 +19,25 @@ func TestCreateTlsCredentials(t *testing.T) {
 	}
 
 	certBlock, _ := pem.Decode(creds.certificate)
+	var cert *x509.Certificate
 	if certBlock == nil {
 		t.Fatal("Failed to decode PEM block containing the certificate")
+	} else {
+		cert, err = x509.ParseCertificate(certBlock.Bytes)
+		if err != nil {
+			t.Fatalf("Failed to parse certificate: %v", err)
+		}
 	}
-	cert, err := x509.ParseCertificate(certBlock.Bytes)
-	if err != nil {
-		t.Fatalf("Failed to parse certificate: %v", err)
-	}
-
+	var key *rsa.PrivateKey
 	keyBlock, _ := pem.Decode(creds.privateKey)
 	if keyBlock == nil {
 		t.Fatal("Failed to decode PEM block containing the private key")
-	}
-	key, err := x509.ParsePKCS1PrivateKey(keyBlock.Bytes)
-	if err != nil {
-		t.Fatalf("Failed to parse private key: %v", err)
+	} else {
+		key, err = x509.ParsePKCS1PrivateKey(keyBlock.Bytes)
+		if err != nil {
+			t.Fatalf("Failed to parse private key: %v", err)
+		}
+
 	}
 
 	// Verify public keys are equivalent