From 79a0f62bc9972292d91bbed71ddef3003d577c2e Mon Sep 17 00:00:00 2001
From: Markus Maga <markus@maga.se>
Date: Fri, 8 Nov 2019 22:41:51 +0100
Subject: [PATCH] feat: allow disabling of interval polling

---
 bin/daemon.js                                |  2 ++
 charts/kubernetes-external-secrets/README.md |  1 +
 config/environment.js                        |  2 ++
 lib/poller-factory.js                        |  3 +++
 lib/poller.js                                |  7 +++++++
 lib/poller.test.js                           | 19 +++++++++++++++++++
 6 files changed, 34 insertions(+)

diff --git a/bin/daemon.js b/bin/daemon.js
index ec7986ec..ba3ee28e 100755
--- a/bin/daemon.js
+++ b/bin/daemon.js
@@ -22,6 +22,7 @@ const {
   logger,
   metricsPort,
   pollerIntervalMilliseconds,
+  pollingDisabled,
   rolePermittedAnnotation
 } = require('../config')
 
@@ -49,6 +50,7 @@ async function main () {
     pollerIntervalMilliseconds,
     rolePermittedAnnotation,
     customResourceManifest,
+    pollingDisabled,
     logger
   })
 
diff --git a/charts/kubernetes-external-secrets/README.md b/charts/kubernetes-external-secrets/README.md
index 948683e6..afb95bee 100644
--- a/charts/kubernetes-external-secrets/README.md
+++ b/charts/kubernetes-external-secrets/README.md
@@ -49,6 +49,7 @@ The following table lists the configurable parameters of the `kubernetes-externa
 | `env.ROLE_PERMITTED_ANNOTATION`           | Specify the annotation key where to lookup the role arn permission boundaries | `iam.amazonaws.com/permitted`          |
 | `env.POLLER_INTERVAL_MILLISECONDS`   | Set POLLER_INTERVAL_MILLISECONDS in Deployment Pod           | `10000`                                                 |
 | `env.VAULT_ADDR`                          | Endpoint for the Vault backend, if using Vault               | `http://127.0.0.1:8200                                  |
+| `env.DISABLE_POLLING`                          | Disables backend polling and only updates secrets when ExternalSecret is modified, setting this to any value will disable polling               | `nil`                                  |
 | `envVarsFromSecret.AWS_ACCESS_KEY_ID`     | Set AWS_ACCESS_KEY_ID (from a secret) in Deployment Pod      |                                                         |
 | `envVarsFromSecret.AWS_SECRET_ACCESS_KEY` | Set AWS_SECRET_ACCESS_KEY (from a secret) in Deployment Pod  |                                                         |
 | `image.repository`                   | kubernetes-external-secrets Image name                       | `godaddy/kubernetes-external-secrets`                   |
diff --git a/config/environment.js b/config/environment.js
index b2cf2dd8..ae745523 100644
--- a/config/environment.js
+++ b/config/environment.js
@@ -21,6 +21,7 @@ const pollerIntervalMilliseconds = process.env.POLLER_INTERVAL_MILLISECONDS
   ? Number(process.env.POLLER_INTERVAL_MILLISECONDS) : 10000
 
 const logLevel = process.env.LOG_LEVEL || 'info'
+const pollingDisabled = 'DISABLE_POLLING' in process.env
 
 const rolePermittedAnnotation = process.env.ROLE_PERMITTED_ANNOTATION || 'iam.amazonaws.com/permitted'
 
@@ -32,5 +33,6 @@ module.exports = {
   pollerIntervalMilliseconds,
   metricsPort,
   rolePermittedAnnotation,
+  pollingDisabled,
   logLevel
 }
diff --git a/lib/poller-factory.js b/lib/poller-factory.js
index d683a8fd..d5c71b93 100644
--- a/lib/poller-factory.js
+++ b/lib/poller-factory.js
@@ -20,6 +20,7 @@ class PollerFactory {
     pollerIntervalMilliseconds,
     rolePermittedAnnotation,
     customResourceManifest,
+    pollingDisabled,
     logger
   }) {
     this._logger = logger
@@ -29,6 +30,7 @@ class PollerFactory {
     this._pollerIntervalMilliseconds = pollerIntervalMilliseconds
     this._customResourceManifest = customResourceManifest
     this._rolePermittedAnnotation = rolePermittedAnnotation
+    this._pollingDisabled = pollingDisabled
   }
 
   /**
@@ -44,6 +46,7 @@ class PollerFactory {
       metrics: this._metrics,
       customResourceManifest: this._customResourceManifest,
       rolePermittedAnnotation: this._rolePermittedAnnotation,
+      pollingDisabled: this._pollingDisabled,
       externalSecret
     })
 
diff --git a/lib/poller.js b/lib/poller.js
index 123f723c..0e3ca8b3 100644
--- a/lib/poller.js
+++ b/lib/poller.js
@@ -37,6 +37,7 @@ class Poller {
     metrics,
     customResourceManifest,
     rolePermittedAnnotation,
+    pollingDisabled,
     externalSecret
   }) {
     this._backends = backends
@@ -45,6 +46,7 @@ class Poller {
     this._logger = logger
     this._timeoutId = null
     this._metrics = metrics
+    this._pollingDisabled = pollingDisabled
     this._rolePermittedAnnotation = rolePermittedAnnotation
     this._customResourceManifest = customResourceManifest
 
@@ -230,6 +232,11 @@ class Poller {
         return this._setNextPoll(0)
       }
 
+      // If polling is disabled we only react to changes in the ExternalSecret
+      if (this._pollingDisabled) {
+        return
+      }
+
       const elapsedTime = now - lastPollTime
       const nextPollIn = Math.max(this._intervalMilliseconds - elapsedTime, 0)
 
diff --git a/lib/poller.test.js b/lib/poller.test.js
index 6e6db67e..d9abd73a 100644
--- a/lib/poller.test.js
+++ b/lib/poller.test.js
@@ -479,6 +479,25 @@ describe('Poller', () => {
       })
     })
 
+    it('disable interval polling', async () => {
+      poller = new Poller({
+        intervalMilliseconds: 5000,
+        kubeClient: kubeClientMock,
+        logger: loggerMock,
+        externalSecret: fakeExternalSecret,
+        customResourceManifest: fakeCustomResourceManifest,
+        // Disable polling!
+        pollingDisabled: true
+      })
+
+      poller._setNextPoll = sinon.stub()
+
+      await poller._scheduleNextPoll()
+
+      expect(externalSecretsApiMock.status.get.calledWith()).to.equal(true)
+      sinon.assert.notCalled(poller._setNextPoll)
+    })
+
     it('logs error if it fails', async () => {
       const error = new Error('something boom')
       externalSecretsApiMock.status.get = sinon.stub().throws(error)