Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor Provider Credentials #2195

Merged
merged 43 commits into from
Jan 23, 2025
Merged

Refactor Provider Credentials #2195

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
b116c6e
Refactor Provider Credentials WIP
grolu Nov 21, 2024
452ba29
Merge branch 'master' into enh/refactor-secrets
grolu Nov 21, 2024
3ce41cd
rm unused function
grolu Nov 21, 2024
832c217
Merge branch 'enh/refactor-secrets' of github.com:gardener/dashboard …
grolu Nov 21, 2024
1c6a00d
Some cleanup
grolu Nov 21, 2024
8c08bd0
Some fixes
grolu Nov 21, 2024
b4c0e22
use composable for shared secret data
grolu Nov 22, 2024
0dda694
Merge branch 'master' into enh/refactor-secrets
grolu Nov 26, 2024
5b82bcd
PR Feedback
grolu Nov 27, 2024
e43a45f
Adapted frontend tests
grolu Nov 27, 2024
35d8c59
Adapted backend tests
grolu Nov 27, 2024
396e122
Return secretbindings, secrets, quotas as separate lists
grolu Nov 29, 2024
36bc5ed
Merge branch 'master' into enh/refactor-secrets
grolu Dec 2, 2024
cee31b0
Use lodash chaining to resolve secretbinding quotas
grolu Dec 2, 2024
46a29e8
Merge branch 'master' into enh/refactor-secrets
grolu Dec 2, 2024
8843799
PR Feedback 1
grolu Dec 3, 2024
24bdd56
Merge branch 'enh/refactor-secrets' of github.com:gardener/dashboard …
grolu Dec 3, 2024
c792b6f
- Create and Update Secret resources using `stringData`
grolu Dec 10, 2024
7ad5255
Create Secret and SecretBinding resources in Frontend
grolu Dec 18, 2024
d427a23
Merge branch 'master' into enh/refactor-secrets
grolu Dec 18, 2024
19e9497
Fixed minor things
grolu Dec 18, 2024
4d8424e
Merge branch 'master' into enh/refactor-secrets
grolu Jan 16, 2025
232f27a
Merge branch 'master' into enh/refactor-secrets
grolu Jan 16, 2025
e731806
Merge branch 'master' into enh/refactor-secrets
grolu Jan 17, 2025
c34b566
Merge branch 'master' into enh/refactor-secrets
grolu Jan 17, 2025
a73647f
Merge branch 'master' into enh/refactor-secrets
grolu Jan 17, 2025
71abea5
Merge branch 'master' into enh/refactor-secrets
grolu Jan 17, 2025
d795fbb
Merge branch 'master' into enh/refactor-secrets
grolu Jan 17, 2025
4fa0053
Merge branch 'master' into enh/refactor-secrets
grolu Jan 17, 2025
7715a9c
Merge branch 'master' into enh/refactor-secrets
grolu Jan 17, 2025
aa65e6f
PR Feedback 1
grolu Jan 17, 2025
53f7e43
Merge branch 'master' into enh/refactor-secrets
grolu Jan 17, 2025
a951738
Merge branch 'master' into enh/refactor-secrets
grolu Jan 17, 2025
94b122f
PR Feedback 2
grolu Jan 20, 2025
cb88a69
Merge branch 'enh/refactor-secrets' of github.com:gardener/dashboard …
grolu Jan 20, 2025
e438117
PR Feedback 3
grolu Jan 20, 2025
cfd633a
Fixed error on details page when accessing ._secret
grolu Jan 20, 2025
2eafdc6
PR Feedback
grolu Jan 20, 2025
e4968fc
PR Feedback
grolu Jan 21, 2025
3aec2d2
use useUrlSearchParams
grolu Jan 22, 2025
0c20607
PR Feedback
grolu Jan 22, 2025
00f52b3
Merge branch 'master' into enh/refactor-secrets
grolu Jan 22, 2025
4cb107b
Merge branch 'master' into enh/refactor-secrets
grolu Jan 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions backend/test/acceptance/__snapshots__/api.cloudProviderCredentials.spec.js.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ exports[`api cloudproviderCredentials should not delete a shared cloudProvider c
{
"code": 422,
"details": Any<Object>,
"message": "Remove allowed only for secrets in own namespace",
"message": "Remove allowed only if secret and secretBinding are in the same namespace",
"reason": "Unprocessable Entity",
"status": "Failure",
}
Expand All @@ -162,11 +162,11 @@ exports[`api cloudproviderCredentials should not patch a shared cloudProvider cr
"code": 422,
"details": {
"name": "UnprocessableEntityError",
"stack": "UnprocessableEntityError: Patch allowed only for secrets in own namespace
"stack": "UnprocessableEntityError: Patch allowed only if secret and secretBinding are in the same namespace
at [object Object]
at [object Object]",
},
"message": "Patch allowed only for secrets in own namespace",
"message": "Patch allowed only if secret and secretBinding are in the same namespace",
"reason": "Unprocessable Entity",
"status": "Failure",
}
Expand Down
84 changes: 2 additions & 82 deletions frontend/__tests__/stores/credential.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,95 +197,15 @@ describe('stores', () => {
expect(newSecretBinding._secret.data).toEqual({ newSecret: 'dummy-data' })
})

it('should deleteCredential secretbinding and referenced secret / quota', async () => {
it('should not delete credential', async () => {
const name = azureSecretBindingName
const namespace = testNamespace

let azureSecretBinding = find(credentialStore.secretBindingList, { metadata: { namespace, name } })
expect(azureSecretBinding).toMatchSnapshot()

const azureSecretRef = azureSecretBinding.secretRef
let azureSecret = find(credentialStore.secretList, { metadata: azureSecretRef })
expect(azureSecret).toMatchSnapshot()

const azureQuotaRef1 = azureSecretBinding.quotas[0]
let azureQuota1 = find(credentialStore.quotaList, { metadata: azureQuotaRef1 })
expect(azureQuota1).toMatchSnapshot()

const azureQuotaRef2 = azureSecretBinding.quotas[1]
let azureQuota2 = find(credentialStore.quotaList, { metadata: azureQuotaRef2 })
expect(azureQuota2).toMatchSnapshot()

await credentialStore.deleteCredential(name)

expect(api.deleteCloudProviderCredential).toBeCalledTimes(1)
expect(api.deleteCloudProviderCredential).toBeCalledWith({ name, namespace })

azureSecretBinding = find(credentialStore.secretBindingList, { metadata: { namespace, name } })
expect(azureSecretBinding).toBeUndefined()

azureSecret = find(credentialStore.secretList, { metadata: azureSecretRef })
expect(azureSecret).toBeUndefined()

azureQuota1 = find(credentialStore.quotaList, { metadata: azureQuotaRef1 })
expect(azureQuota1).toBeUndefined()

azureQuota2 = find(credentialStore.quotaList, { metadata: azureQuotaRef2 })
expect(azureQuota2).toBeUndefined()
})

it('should not delete secret or quota if referenced by other SecretBinding', async () => {
const name = azureSecretBindingName
const namespace = testNamespace

let azureSecretBinding = find(credentialStore.secretBindingList, { metadata: { namespace, name } })
expect(azureSecretBinding).toMatchSnapshot()

const azureSecretRef = azureSecretBinding.secretRef
const azureQuotaRef1 = azureSecretBinding.quotas[0]
const azureQuotaRef2 = azureSecretBinding.quotas[1]

// Add another SecretBinding that references the same secret and quota
const otherSecretBinding = {
metadata: {
namespace,
name: 'other-secretbinding',
},
provider: {
type: 'azure',
},
secretRef: azureSecretRef,
quotas: [azureQuotaRef1],
}
const { secretBindings, secrets, quotas } = fixtures.credentials
secretBindings.push(otherSecretBinding)
credentialStore._setCredentials({ secretBindings, secrets, quotas })

let azureSecret = find(credentialStore.secretList, { metadata: azureSecretRef })
expect(azureSecret).toMatchSnapshot()

let azureQuota1 = find(credentialStore.quotaList, { metadata: azureQuotaRef1 })
expect(azureQuota1).toMatchSnapshot()

let azureQuota2 = find(credentialStore.quotaList, { metadata: azureQuotaRef2 })
expect(azureQuota2).toMatchSnapshot()

await credentialStore.deleteCredential(name)

expect(api.deleteCloudProviderCredential).toBeCalledTimes(1)
expect(api.deleteCloudProviderCredential).toBeCalledWith({ name, namespace })

azureSecretBinding = find(credentialStore.secretBindingList, { metadata: { namespace, name } })
expect(azureSecretBinding).toBeUndefined()

azureSecret = find(credentialStore.secretList, { metadata: azureSecretRef })
expect(azureSecret).toMatchSnapshot() // still referenced by otherSecretBinding

azureQuota1 = find(credentialStore.quotaList, { metadata: azureQuotaRef1 })
expect(azureQuota1).toMatchSnapshot() // still referenced by otherSecretBinding

azureQuota2 = find(credentialStore.quotaList, { metadata: azureQuotaRef2 })
expect(azureQuota2).toBeUndefined() // not referenced anymore
expect(api.getCloudProviderCredentials).toBeCalledTimes(1)
})

it('store should be resetted in case of a fetch error', async () => {
Expand Down
10 changes: 9 additions & 1 deletion frontend/src/components/GShootSecretName.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ SPDX-License-Identifier: Apache-2.0
<g-text-router-link
v-if="canLinkToSecret"
v-bind="props"
:to="{ name: 'Secret', params: { name: secretBindingName, namespace: namespace } }"
:to="{ name: 'Secrets', params: { namespace }, hash: credentialHash }"
:text="secretBindingName"
/>
<span
Expand All @@ -23,6 +23,7 @@ SPDX-License-Identifier: Apache-2.0
</template>
<v-card>
<g-secret-details-item-content
v-if="secretBinding"
class="ma-1"
infra
:secret="secretBinding._secret"
Expand Down Expand Up @@ -67,6 +68,13 @@ export default {
secretBinding () {
return this.getSecretBinding({ namespace: this.namespace, name: this.secretBindingName })
},
credentialHash () {
const uid = this.secretBinding?.metadata.uid
if (!uid) {
return ''
}
return `#credential-uid=${encodeURIComponent(uid)}`
},
},
methods: {
...mapActions(useCredentialStore, ['getSecretBinding']),
Expand Down
42 changes: 25 additions & 17 deletions frontend/src/components/Secrets/GSecretDialog.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ SPDX-License-Identifier: Apache-2.0
<v-dialog
v-model="visible"
max-width="850"
scrollable
>
<v-card>
<g-toolbar
Expand All @@ -25,7 +26,7 @@ SPDX-License-Identifier: Apache-2.0
</template>
</g-toolbar>
<v-card-text>
<div class="d-flex flex-row pa-3">
<div class="d-flex flex-row pa-3 card-content">
grolu marked this conversation as resolved.
Show resolved Hide resolved
<div
ref="secretDetails"
class="d-flex flex-column flex-grow-1"
Expand Down Expand Up @@ -69,22 +70,24 @@ SPDX-License-Identifier: Apache-2.0
</v-slide-x-reverse-transition>
</div>
</v-card-text>
<v-alert
:model-value="!isCreateMode && relatedShootCount > 0"
type="warning"
rounded="0"
class="mb-2"
>
This secret is used by {{ relatedShootCount }} clusters. The new secret should be part of the same account as the one that gets replaced.
</v-alert>
<v-alert
:model-value="!isCreateMode && relatedShootCount > 0"
type="warning"
rounded="0"
class="mb-2"
>
Clusters will only start using the new secret after they got reconciled. Therefore, wait until all clusters using the secret are reconciled before you disable the old secret in your infrastructure account. Otherwise the clusters will no longer function.
</v-alert>
<div>
<v-alert
:model-value="!isCreateMode && relatedShootCount > 0"
type="warning"
rounded="0"
class="mb-2"
>
This secret is used by {{ relatedShootCount }} clusters. The new secret should be part of the same account as the one that gets replaced.
</v-alert>
<v-alert
:model-value="!isCreateMode && relatedShootCount > 0"
type="warning"
rounded="0"
class="mb-2"
>
Clusters will only start using the new secret after they got reconciled. Therefore, wait until all clusters using the secret are reconciled before you disable the old secret in your infrastructure account. Otherwise the clusters will no longer function.
</v-alert>
</div>
<v-divider />
<v-card-actions>
<v-spacer />
Expand Down Expand Up @@ -395,4 +398,9 @@ export default {
pointer-events: none;
}

.card-content {
overflow: scroll;
height: auto;
}

</style>
16 changes: 11 additions & 5 deletions frontend/src/components/Secrets/GSecretRowDns.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@ SPDX-License-Identifier: Apache-2.0
-->

<template>
<tr :class="{ 'highlighted': item.highlighted }">
<tr
class="secret-row"
:class="{ 'highlighted': item.highlighted }"
>
<td v-if="selectedHeaders.name">
<div class="d-flex">
{{ item.name }}
Expand Down Expand Up @@ -136,10 +139,13 @@ export default {

<style lang="scss" scoped>
$highlighted-color: rgb(var(--v-theme-accent));
grolu marked this conversation as resolved.
Show resolved Hide resolved
$highlighted-border-color: rgb(var(--v-theme-accent-darken-2));

.highlighted {
background-color: $highlighted-color;
border-color: $highlighted-border-color;
.secret-row {
background-color: inherit;
grolu marked this conversation as resolved.
Show resolved Hide resolved
transition: background-color 0.5s ease;

&.highlighted {
background-color: $highlighted-color;
}
}
</style>
14 changes: 11 additions & 3 deletions frontend/src/components/Secrets/GSecretRowInfra.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@ SPDX-License-Identifier: Apache-2.0
-->

<template>
<tr :class="{ 'highlighted': item.highlighted }">
<tr
class="secret-row"
:class="{ 'highlighted': item.highlighted }"
>
<td v-if="selectedHeaders.name">
<div class="d-flex">
{{ item.name }}
Expand Down Expand Up @@ -134,7 +137,12 @@ export default {
<style lang="scss" scoped>
$highlighted-color: rgb(var(--v-theme-accent));

.highlighted {
background-color: $highlighted-color;
.secret-row {
background-color: inherit;
grolu marked this conversation as resolved.
Show resolved Hide resolved
transition: background-color 0.5s ease;

&.highlighted {
background-color: $highlighted-color;
}
}
</style>
Loading
Loading