-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add validation for cloud provider Secrets #112
Add validation for cloud provider Secrets #112
Conversation
@ialidzhikov Labels area/todo, kind/todo do not exist. |
Something interesting that I figure out today trying to use if err := mgr.GetFieldIndexer().IndexField(&gardencorev1beta1.Shoot{}, "spec.seedName", func(rawObj runtime.Object) []string {
shoot := rawObj.(*gardencorev1beta1.Shoot)
if shoot.Spec.SeedName == nil {
return nil
}
return []string{*shoot.Spec.SeedName}
}); err != nil {
return err
} Otherwise the calls always fail with
Ahh, that was quite unintuitive for me, as I added the required changes for gardener-apiserver for new field-selectors, kubectl and a non-cached client were working well, but I was wondering why the cached client continues to return |
3839ae7
to
823d93b
Compare
823d93b
to
c4fe9e7
Compare
/assign |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, looks very nice!
I have mostly comments and several change requests.
...rdener-extension-admission-gcp/charts/application/templates/validatingwebhook-validator.yaml
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice PR!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice PR, I really like it. Just a few comments and questions.
c4fe9e7
to
66450e4
Compare
// SecretRefNamespaceField is the field name for the index function that extracts the corresponding field from SecretBinding. | ||
const SecretRefNamespaceField string = "secretRef.namespace" | ||
|
||
func SecretRefNamespaceIndexerFunc(rawObj runtime.Object) []string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These funcs are not admission-gcp specific, they would also need to go under g/g extensions pkgs to make them usable also from other provider extensions.
327e589
to
245f296
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice. Can you update the g/g dependency to include gardener/gardener#2537 and adapt this PR to it?
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
245f296
to
800ee3e
Compare
Sorry for the long delay, now I updated the PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/reviewed ok-to-test
How to categorize this PR?
/area robustness
/area ops-productivity
/kind enhancement
/priority normal
/platform gcp
What this PR does / why we need it:
Add validation for cloud provider Secrets.
Which issue(s) this PR fixes:
Ref gardener/gardener#2293
Special notes for your reviewer:
Release note: