From 25ae093bc475cfd3d0ffe0bacd3b446379ea012f Mon Sep 17 00:00:00 2001 From: kkb0318 Date: Sun, 16 Jun 2024 14:43:41 +0900 Subject: [PATCH] fix api definition (optional mode) --- api/v1alpha1/irsasetup_types.go | 7 ++++-- charts/irsa-manager/crds/irsasetup-crd.yaml | 8 ++++--- charts/irsa-manager/templates/deployment.yaml | 1 + ...-manager.kkb0318.github.io_irsasetups.yaml | 8 ++++--- config/manager/manager.yaml | 2 +- docs/api.md | 2 +- examples/selfhosted.yaml | 1 - .../controller/irsasetup_controller_test.go | 6 ++--- .../selfhosted/webhook/certificate_test.go | 22 +++++++++++-------- 9 files changed, 34 insertions(+), 23 deletions(-) diff --git a/api/v1alpha1/irsasetup_types.go b/api/v1alpha1/irsasetup_types.go index 30f7b7c..2f4910a 100644 --- a/api/v1alpha1/irsasetup_types.go +++ b/api/v1alpha1/irsasetup_types.go @@ -33,8 +33,11 @@ type IRSASetupSpec struct { // +required Cleanup bool `json:"cleanup"` - // Mode specifies the mode of operation. Can be either "selfhosted" or "eks". - Mode string `json:"mode"` + // Mode (Optional, Future Feature) Defines how the controller will operate once this feature is enabled. + // Currently unused. Planned values: + // - "selfhosted": For self-managed Kubernetes clusters. + // - "eks": For Amazon EKS environments. + Mode string `json:"mode,omitempty"` // Discovery configures the IdP Discovery process, essential for setting up IRSA by locating // the OIDC provider information. diff --git a/charts/irsa-manager/crds/irsasetup-crd.yaml b/charts/irsa-manager/crds/irsasetup-crd.yaml index 11af11c..7cc00d0 100644 --- a/charts/irsa-manager/crds/irsasetup-crd.yaml +++ b/charts/irsa-manager/crds/irsasetup-crd.yaml @@ -71,13 +71,15 @@ spec: type: object type: object mode: - description: Mode specifies the mode of operation. Can be either "selfhosted" - or "eks". + description: |- + Mode (Optional, Future Feature) Defines how the controller will operate once this feature is enabled. + Currently unused. Planned values: + - "selfhosted": For self-managed Kubernetes clusters. + - "eks": For Amazon EKS environments. type: string required: - cleanup - discovery - - mode type: object status: description: IRSASetupStatus defines the observed state of IRSASetup diff --git a/charts/irsa-manager/templates/deployment.yaml b/charts/irsa-manager/templates/deployment.yaml index 078d4d5..e75b142 100644 --- a/charts/irsa-manager/templates/deployment.yaml +++ b/charts/irsa-manager/templates/deployment.yaml @@ -62,6 +62,7 @@ spec: secretKeyRef: key: aws-role-arn name: aws-secret + optional: true - name: KUBERNETES_CLUSTER_DOMAIN value: {{ quote .Values.kubernetesClusterDomain }} image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag diff --git a/config/crd/bases/irsa-manager.kkb0318.github.io_irsasetups.yaml b/config/crd/bases/irsa-manager.kkb0318.github.io_irsasetups.yaml index 00c5eb4..c8fe6c9 100644 --- a/config/crd/bases/irsa-manager.kkb0318.github.io_irsasetups.yaml +++ b/config/crd/bases/irsa-manager.kkb0318.github.io_irsasetups.yaml @@ -72,13 +72,15 @@ spec: type: object type: object mode: - description: Mode specifies the mode of operation. Can be either "selfhosted" - or "eks". + description: |- + Mode (Optional, Future Feature) Defines how the controller will operate once this feature is enabled. + Currently unused. Planned values: + - "selfhosted": For self-managed Kubernetes clusters. + - "eks": For Amazon EKS environments. type: string required: - cleanup - discovery - - mode type: object status: description: IRSASetupStatus defines the observed state of IRSASetup diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index ed6b04c..0e6f638 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -95,7 +95,7 @@ spec: secretKeyRef: name: aws-secret key: aws-role-arn - # optional: true + optional: true name: manager securityContext: allowPrivilegeEscalation: false diff --git a/docs/api.md b/docs/api.md index e7ebdf8..aca1086 100644 --- a/docs/api.md +++ b/docs/api.md @@ -100,7 +100,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | | `cleanup` _boolean_ | Cleanup, when enabled, allows the IRSASetup to perform garbage collection
of resources that are no longer needed or managed. | | | -| `mode` _string_ | Mode specifies the mode of operation. Can be either "selfhosted" or "eks". | | | +| `mode` _string_ | Mode (Optional, Future Feature) Defines how the controller will operate once this feature is enabled.
Currently unused. Planned values:
- "selfhosted": For self-managed Kubernetes clusters.
- "eks": For Amazon EKS environments. | | | | `discovery` _[Discovery](#discovery)_ | Discovery configures the IdP Discovery process, essential for setting up IRSA by locating
the OIDC provider information. | | | diff --git a/examples/selfhosted.yaml b/examples/selfhosted.yaml index 1fbeda8..656268d 100644 --- a/examples/selfhosted.yaml +++ b/examples/selfhosted.yaml @@ -5,7 +5,6 @@ metadata: namespace: irsa-manager-system spec: cleanup: false - mode: selfhosted discovery: s3: region: ap-northeast-1 diff --git a/internal/controller/irsasetup_controller_test.go b/internal/controller/irsasetup_controller_test.go index 872a049..e67c0da 100644 --- a/internal/controller/irsasetup_controller_test.go +++ b/internal/controller/irsasetup_controller_test.go @@ -53,7 +53,7 @@ var _ = Describe("IRSASetup Controller", func() { }, Spec: irsav1alpha1.IRSASetupSpec{ Cleanup: true, - Mode: "selfhosted", + // Mode: "selfhosted", Discovery: irsav1alpha1.Discovery{ S3: irsav1alpha1.S3Discovery{ Region: "ap-northeast-1", @@ -134,7 +134,7 @@ var _ = Describe("IRSASetup Controller", func() { }, Spec: irsav1alpha1.IRSASetupSpec{ Cleanup: true, - Mode: "selfhoted", + // Mode: "selfhoted", Discovery: irsav1alpha1.Discovery{ S3: irsav1alpha1.S3Discovery{ Region: "ap-northeast-1", @@ -219,7 +219,7 @@ var _ = Describe("IRSASetup Controller", func() { }, Spec: irsav1alpha1.IRSASetupSpec{ Cleanup: false, - Mode: "selfhoted", + // Mode: "selfhoted", Discovery: irsav1alpha1.Discovery{ S3: irsav1alpha1.S3Discovery{ Region: "ap-northeast-1", diff --git a/internal/selfhosted/webhook/certificate_test.go b/internal/selfhosted/webhook/certificate_test.go index e6ed213..a025bf8 100644 --- a/internal/selfhosted/webhook/certificate_test.go +++ b/internal/selfhosted/webhook/certificate_test.go @@ -19,21 +19,25 @@ func TestCreateTlsCredentials(t *testing.T) { } certBlock, _ := pem.Decode(creds.certificate) + var cert *x509.Certificate if certBlock == nil { t.Fatal("Failed to decode PEM block containing the certificate") + } else { + cert, err = x509.ParseCertificate(certBlock.Bytes) + if err != nil { + t.Fatalf("Failed to parse certificate: %v", err) + } } - cert, err := x509.ParseCertificate(certBlock.Bytes) - if err != nil { - t.Fatalf("Failed to parse certificate: %v", err) - } - + var key *rsa.PrivateKey keyBlock, _ := pem.Decode(creds.privateKey) if keyBlock == nil { t.Fatal("Failed to decode PEM block containing the private key") - } - key, err := x509.ParsePKCS1PrivateKey(keyBlock.Bytes) - if err != nil { - t.Fatalf("Failed to parse private key: %v", err) + } else { + key, err = x509.ParsePKCS1PrivateKey(keyBlock.Bytes) + if err != nil { + t.Fatalf("Failed to parse private key: %v", err) + } + } // Verify public keys are equivalent