Set DefaultMode for projected ProjectedVolumeSource (#413)

This value is set server side for many resources, we can avoid churn by setting it directly ourselves. 0644 is the default-default value. Signed-off-by: Scott Andrews <scott@andrews.me>
servicebinding · May 14, 2024 · 6eb9d36 · 6eb9d36
1 parent b89d4d9
commit 6eb9d36
Show file tree

Hide file tree

Showing 6 changed files with 52 additions and 2 deletions.
diff --git a/controllers/servicebinding_controller_test.go b/controllers/servicebinding_controller_test.go
@@ -34,6 +34,7 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/uuid"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/utils/ptr"
 	dieappsv1 "reconciler.io/dies/apis/apps/v1"
 	diecorev1 "reconciler.io/dies/apis/core/v1"
 	diemetav1 "reconciler.io/dies/apis/meta/v1"
@@ -48,6 +49,7 @@ import (
 	"github.com/servicebinding/runtime/controllers"
 	dieservicebindingv1 "github.com/servicebinding/runtime/dies/v1"
 	"github.com/servicebinding/runtime/lifecycle"
+	"github.com/servicebinding/runtime/projector"
 )
 
 func TestServiceBindingReconciler(t *testing.T) {
@@ -127,6 +129,7 @@ func TestServiceBindingReconciler(t *testing.T) {
 					})
 					d.VolumeDie(fmt.Sprintf("servicebinding-%s", uid), func(d *diecorev1.VolumeDie) {
 						d.ProjectedDie(func(d *diecorev1.ProjectedVolumeSourceDie) {
+							d.DefaultMode(ptr.To(projector.VolumeDefaultMode))
 							d.SourcesDie(
 								diecorev1.VolumeProjectionBlank.
 									SecretDie(func(d *diecorev1.SecretProjectionDie) {
@@ -936,6 +939,7 @@ func TestProjectBinding(t *testing.T) {
 					})
 					d.VolumeDie(fmt.Sprintf("servicebinding-%s", uid), func(d *diecorev1.VolumeDie) {
 						d.ProjectedDie(func(d *diecorev1.ProjectedVolumeSourceDie) {
+							d.DefaultMode(ptr.To(projector.VolumeDefaultMode))
 							d.SourcesDie(
 								diecorev1.VolumeProjectionBlank.
 									SecretDie(func(d *diecorev1.SecretProjectionDie) {

diff --git a/controllers/webhook_controller_test.go b/controllers/webhook_controller_test.go
@@ -36,6 +36,7 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/util/workqueue"
+	"k8s.io/utils/ptr"
 	dieadmissionv1 "reconciler.io/dies/apis/admission/v1"
 	dieadmissionregistrationv1 "reconciler.io/dies/apis/admissionregistration/v1"
 	dieappsv1 "reconciler.io/dies/apis/apps/v1"
@@ -54,6 +55,7 @@ import (
 	"github.com/servicebinding/runtime/controllers"
 	dieservicebindingv1 "github.com/servicebinding/runtime/dies/v1"
 	"github.com/servicebinding/runtime/lifecycle"
+	"github.com/servicebinding/runtime/projector"
 	"github.com/servicebinding/runtime/rbac"
 )
 
@@ -298,6 +300,7 @@ func TestAdmissionProjectorWebhook(t *testing.T) {
 										})
 										d.VolumeDie(fmt.Sprintf("servicebinding-%s", bindingUID), func(d *diecorev1.VolumeDie) {
 											d.ProjectedDie(func(d *diecorev1.ProjectedVolumeSourceDie) {
+												d.DefaultMode(ptr.To(projector.VolumeDefaultMode))
 												d.SourcesDie(
 													diecorev1.VolumeProjectionBlank.SecretDie(func(d *diecorev1.SecretProjectionDie) {
 														d.LocalObjectReference(corev1.LocalObjectReference{
@@ -379,6 +382,7 @@ func TestAdmissionProjectorWebhook(t *testing.T) {
 							map[string]interface{}{
 								"name": fmt.Sprintf("servicebinding-%s", bindingUID),
 								"projected": map[string]interface{}{
+									"defaultMode": float64(projector.VolumeDefaultMode),
 									"sources": []interface{}{
 										map[string]interface{}{
 											"secret": map[string]interface{}{
@@ -454,6 +458,7 @@ func TestAdmissionProjectorWebhook(t *testing.T) {
 							map[string]interface{}{
 								"name": fmt.Sprintf("servicebinding-%s", bindingUID),
 								"projected": map[string]interface{}{
+									"defaultMode": float64(projector.VolumeDefaultMode),
 									"sources": []interface{}{
 										map[string]interface{}{
 											"secret": map[string]interface{}{

diff --git a/lifecycle/hooks_test.go b/lifecycle/hooks_test.go
@@ -32,7 +32,7 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/uuid"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
-	"k8s.io/utils/pointer"
+	"k8s.io/utils/ptr"
 	dieappsv1 "reconciler.io/dies/apis/apps/v1"
 	diecorev1 "reconciler.io/dies/apis/core/v1"
 	diemetav1 "reconciler.io/dies/apis/meta/v1"
@@ -303,7 +303,7 @@ func (p *mockProjector) IsProjected(ctx context.Context, binding *servicebinding
 
 func makeHooks() (lifecycle.ServiceBindingHooks, *mock.Mock) {
 	m := &mock.Mock{}
-	i := pointer.Int(0)
+	i := ptr.To(0)
 	hooks := lifecycle.ServiceBindingHooks{
 		ResolverFactory: func(c client.Client) resolver.Resolver {
 			return resolver.New(c)

diff --git a/lifecycle/vmware/migration_test.go b/lifecycle/vmware/migration_test.go
@@ -33,6 +33,7 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/uuid"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/utils/ptr"
 	dieadmissionv1 "reconciler.io/dies/apis/admission/v1"
 	dieappsv1 "reconciler.io/dies/apis/apps/v1"
 	diecorev1 "reconciler.io/dies/apis/core/v1"
@@ -49,6 +50,7 @@ import (
 	dieservicebindingv1 "github.com/servicebinding/runtime/dies/v1"
 	"github.com/servicebinding/runtime/lifecycle"
 	"github.com/servicebinding/runtime/lifecycle/vmware"
+	"github.com/servicebinding/runtime/projector"
 )
 
 func TestMigrationHooks_Controller(t *testing.T) {
@@ -129,6 +131,7 @@ func TestMigrationHooks_Controller(t *testing.T) {
 					})
 					d.VolumeDie(fmt.Sprintf("servicebinding-%s", uid), func(d *diecorev1.VolumeDie) {
 						d.ProjectedDie(func(d *diecorev1.ProjectedVolumeSourceDie) {
+							d.DefaultMode(ptr.To(projector.VolumeDefaultMode))
 							d.SourcesDie(
 								diecorev1.VolumeProjectionBlank.
 									SecretDie(func(d *diecorev1.SecretProjectionDie) {
@@ -197,6 +200,7 @@ func TestMigrationHooks_Controller(t *testing.T) {
 					})
 					d.VolumeDie("binding-4b2c350fb984fc36b6cf39515a2efced0fcb5053", func(d *diecorev1.VolumeDie) {
 						d.ProjectedDie(func(d *diecorev1.ProjectedVolumeSourceDie) {
+							d.DefaultMode(ptr.To(projector.VolumeDefaultMode))
 							d.SourcesDie(
 								diecorev1.VolumeProjectionBlank.
 									SecretDie(func(d *diecorev1.SecretProjectionDie) {
@@ -363,6 +367,7 @@ func TestMigrationHooks_Controller(t *testing.T) {
 								})
 								d.VolumeDie("binding-4b2c350fb984fc36b6cf39515a2efced0fcb5053", func(d *diecorev1.VolumeDie) {
 									d.ProjectedDie(func(d *diecorev1.ProjectedVolumeSourceDie) {
+										d.DefaultMode(ptr.To(projector.VolumeDefaultMode))
 										d.Sources(append(
 											d.DieRelease().Sources,
 											corev1.VolumeProjection{
@@ -452,6 +457,7 @@ func TestMigrationHooks_Controller(t *testing.T) {
 								})
 								d.VolumeDie("servicebinding-dde10100-d7b3-4cba-9430-51d60a8612a6", func(d *diecorev1.VolumeDie) {
 									d.ProjectedDie(func(d *diecorev1.ProjectedVolumeSourceDie) {
+										d.DefaultMode(ptr.To(projector.VolumeDefaultMode))
 										d.Sources(append(
 											d.DieRelease().Sources,
 											corev1.VolumeProjection{
@@ -587,6 +593,7 @@ func TestMigrationHooks_Webhook(t *testing.T) {
 					})
 					d.VolumeDie(fmt.Sprintf("servicebinding-%s", uid), func(d *diecorev1.VolumeDie) {
 						d.ProjectedDie(func(d *diecorev1.ProjectedVolumeSourceDie) {
+							d.DefaultMode(ptr.To(projector.VolumeDefaultMode))
 							d.SourcesDie(
 								diecorev1.VolumeProjectionBlank.
 									SecretDie(func(d *diecorev1.SecretProjectionDie) {
@@ -655,6 +662,7 @@ func TestMigrationHooks_Webhook(t *testing.T) {
 					})
 					d.VolumeDie("binding-4b2c350fb984fc36b6cf39515a2efced0fcb5053", func(d *diecorev1.VolumeDie) {
 						d.ProjectedDie(func(d *diecorev1.ProjectedVolumeSourceDie) {
+							d.DefaultMode(ptr.To(projector.VolumeDefaultMode))
 							d.SourcesDie(
 								diecorev1.VolumeProjectionBlank.
 									SecretDie(func(d *diecorev1.SecretProjectionDie) {

diff --git a/projector/binding.go b/projector/binding.go
@@ -30,6 +30,7 @@ import (
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/sets"
+	"k8s.io/utils/ptr"
 
 	servicebindingv1 "github.com/servicebinding/runtime/apis/v1"
 )
@@ -42,6 +43,7 @@ const (
 	TypeAnnotationPrefix     = Group + "/type-"
 	ProviderAnnotationPrefix = Group + "/provider-"
 	MappingAnnotationPrefix  = Group + "/mapping-"
+	VolumeDefaultMode        = int32(0644)
 )
 
 var _ ServiceBindingProjector = (*serviceBindingProjector)(nil)
@@ -205,6 +207,7 @@ func (p *serviceBindingProjector) projectVolume(binding *servicebindingv1.Servic
 		Name: p.volumeName(binding),
 		VolumeSource: corev1.VolumeSource{
 			Projected: &corev1.ProjectedVolumeSource{
+				DefaultMode: ptr.To(VolumeDefaultMode),
 				Sources: []corev1.VolumeProjection{
 					{
 						Secret: &corev1.SecretProjection{