refactor: kmp.spec.interval default to empty string disabling refresh

ratify-project · Jul 30, 2024 · 20f09ea · 20f09ea
1 parent 03dc90b
commit 20f09ea
Show file tree

Hide file tree

Showing 10 changed files with 82 additions and 6 deletions.
diff --git a/api/v1beta1/keymanagementproviders_types.go b/api/v1beta1/keymanagementproviders_types.go
@@ -31,7 +31,7 @@ type KeyManagementProviderSpec struct {
 	// Name of the key management provider
 	Type string `json:"type,omitempty"`
 
-	// +kubebuilder:default="1m"
+	// +kubebuilder:default=""
 	Interval string `json:"interval,omitempty"`
 
 	// +kubebuilder:pruning:PreserveUnknownFields

diff --git a/api/v1beta1/namespacedkeymanagementprovider_types.go b/api/v1beta1/namespacedkeymanagementprovider_types.go
@@ -32,7 +32,7 @@ type NamespacedKeyManagementProviderSpec struct {
 	// Name of the key management provider
 	Type string `json:"type,omitempty"`
 
-	// +kubebuilder:default="1m"
+	// +kubebuilder:default=""
 	Interval string `json:"interval,omitempty"`
 
 	// +kubebuilder:pruning:PreserveUnknownFields

diff --git a/charts/ratify/crds/keymanagementprovider-customresourcedefinition.yaml b/charts/ratify/crds/keymanagementprovider-customresourcedefinition.yaml
@@ -49,7 +49,7 @@ spec:
               description: KeyManagementProviderSpec defines the desired state of KeyManagementProvider
               properties:
                 interval:
-                  default: 1m
+                  default: ""
                   type: string
                 parameters:
                   description: Parameters of the key management provider

diff --git a/charts/ratify/crds/namespacedkeymanagementprovider-customresourcedefinition.yaml b/charts/ratify/crds/namespacedkeymanagementprovider-customresourcedefinition.yaml
@@ -51,7 +51,7 @@ spec:
                 of NamespacedKeyManagementProvider
               properties:
                 interval:
-                  default: 1m
+                  default: ""
                   type: string
                 parameters:
                   description: Parameters of the key management provider

diff --git a/config/crd/bases/config.ratify.deislabs.io_keymanagementproviders.yaml b/config/crd/bases/config.ratify.deislabs.io_keymanagementproviders.yaml
@@ -51,7 +51,7 @@ spec:
             description: KeyManagementProviderSpec defines the desired state of KeyManagementProvider
             properties:
               interval:
-                default: 1m
+                default: ""
                 type: string
               parameters:
                 description: Parameters of the key management provider

diff --git a/config/crd/bases/config.ratify.deislabs.io_namespacedkeymanagementproviders.yaml b/config/crd/bases/config.ratify.deislabs.io_namespacedkeymanagementproviders.yaml
@@ -52,7 +52,7 @@ spec:
               of NamespacedKeyManagementProvider
             properties:
               interval:
-                default: 1m
+                default: ""
                 type: string
               parameters:
                 description: Parameters of the key management provider

diff --git a/pkg/keymanagementprovider/refresh/kubeRefresh.go b/pkg/keymanagementprovider/refresh/kubeRefresh.go
@@ -119,6 +119,12 @@ func (kr *KubeRefresher) Refresh(ctx context.Context) error {
 		return nil
 	}
 
+	// if interval is not set, disable refresh
+	if keyManagementProvider.Spec.Interval == "" {
+		logger.Infof("KeyManagementProvider %v is refreshable but interval is not set", resource)
+		kr.Result = ctrl.Result{}
+		return nil
+	}
 	// resource is refreshable, requeue after interval
 	intervalDuration, err := time.ParseDuration(keyManagementProvider.Spec.Interval)
 	if err != nil {

diff --git a/pkg/keymanagementprovider/refresh/kubeRefreshNamedspaced_test.go b/pkg/keymanagementprovider/refresh/kubeRefreshNamedspaced_test.go
@@ -63,6 +63,37 @@ func TestKubeRefresherNamespaced_Refresh_notRefreshable(t *testing.T) {
 	}
 }
 
+func TestKubeRefresherNamespaced_Refresh_Disabled(t *testing.T) {
+	provider := &configv1beta1.NamespacedKeyManagementProvider{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "",
+			Name:      "kmpName",
+		},
+		Spec: configv1beta1.NamespacedKeyManagementProviderSpec{
+			Type:     "test-kmp",
+			Interval: "",
+			Parameters: runtime.RawExtension{
+				Raw: []byte(`{"vaultURI": "https://yourkeyvault.vault.azure.net/", "certificates": [{"name": "cert1", "version": "1"}], "tenantID": "yourtenantID", "clientID": "yourclientID"}`),
+			},
+		},
+	}
+	request := ctrl.Request{
+		NamespacedName: client.ObjectKey{
+			Namespace: "",
+			Name:      "kmpName",
+		},
+	}
+	scheme, _ := test.CreateScheme()
+	client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(provider).Build()
+	kr := &KubeRefresherNamespaced{
+		Client:  client,
+		Request: request,
+	}
+	err := kr.Refresh(context.Background())
+	if kr.Result.RequeueAfter != 0 && kr.Result.Requeue == false {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+}
 func TestKubeRefresherNamespaced_Refresh_refreshable(t *testing.T) {
 	provider := &configv1beta1.NamespacedKeyManagementProvider{
 		ObjectMeta: metav1.ObjectMeta{

diff --git a/pkg/keymanagementprovider/refresh/kubeRefreshNamespaced.go b/pkg/keymanagementprovider/refresh/kubeRefreshNamespaced.go
@@ -116,6 +116,13 @@ func (kr *KubeRefresherNamespaced) Refresh(ctx context.Context) error {
 		return nil
 	}
 
+	// if interval is not set, disable refresh
+	if keyManagementProvider.Spec.Interval == "" {
+		logger.Infof("KeyManagementProvider %v is refreshable but interval is not set", resource)
+		kr.Result = ctrl.Result{}
+		return nil
+	}
+
 	intervalDuration, err := time.ParseDuration(keyManagementProvider.Spec.Interval)
 	if err != nil {
 		logger.Error(err, "unable to parse interval duration")

diff --git a/pkg/keymanagementprovider/refresh/kubeRefresh_test.go b/pkg/keymanagementprovider/refresh/kubeRefresh_test.go
@@ -65,6 +65,38 @@ func TestKubeRefresher_Refresh_notRefreshable(t *testing.T) {
 	}
 }
 
+func TestKubeRefresher_Refresh_Disabled(t *testing.T) {
+	provider := &configv1beta1.KeyManagementProvider{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "",
+			Name:      "kmpName",
+		},
+		Spec: configv1beta1.KeyManagementProviderSpec{
+			Type:     "test-kmp",
+			Interval: "",
+			Parameters: runtime.RawExtension{
+				Raw: []byte(`{"vaultURI": "https://yourkeyvault.vault.azure.net/", "certificates": [{"name": "cert1", "version": "1"}], "tenantID": "yourtenantID", "clientID": "yourclientID"}`),
+			},
+		},
+	}
+	request := ctrl.Request{
+		NamespacedName: client.ObjectKey{
+			Namespace: "",
+			Name:      "kmpName",
+		},
+	}
+	scheme, _ := test.CreateScheme()
+	client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(provider).Build()
+	kr := &KubeRefresher{
+		Client:  client,
+		Request: request,
+	}
+	err := kr.Refresh(context.Background())
+	if kr.Result.RequeueAfter != 0 && kr.Result.Requeue == false {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+}
+
 func TestKubeRefresher_Refresh_refreshable(t *testing.T) {
 	provider := &configv1beta1.KeyManagementProvider{
 		ObjectMeta: metav1.ObjectMeta{