From 20f09ea9caf7e231b9e28128e956655d6f0f15d6 Mon Sep 17 00:00:00 2001
From: Joshua Duffney <jduffney@microsoft.com>
Date: Tue, 30 Jul 2024 14:03:03 -0500
Subject: [PATCH] refactor: kmp.spec.interval default to empty string disabling
 refresh

---
 api/v1beta1/keymanagementproviders_types.go   |  2 +-
 .../namespacedkeymanagementprovider_types.go  |  2 +-
 ...mentprovider-customresourcedefinition.yaml |  2 +-
 ...mentprovider-customresourcedefinition.yaml |  2 +-
 ...fy.deislabs.io_keymanagementproviders.yaml |  2 +-
 ...s.io_namespacedkeymanagementproviders.yaml |  2 +-
 .../refresh/kubeRefresh.go                    |  6 ++++
 .../refresh/kubeRefreshNamedspaced_test.go    | 31 ++++++++++++++++++
 .../refresh/kubeRefreshNamespaced.go          |  7 ++++
 .../refresh/kubeRefresh_test.go               | 32 +++++++++++++++++++
 10 files changed, 82 insertions(+), 6 deletions(-)

diff --git a/api/v1beta1/keymanagementproviders_types.go b/api/v1beta1/keymanagementproviders_types.go
index c4552ec3b4..4399a46d5c 100644
--- a/api/v1beta1/keymanagementproviders_types.go
+++ b/api/v1beta1/keymanagementproviders_types.go
@@ -31,7 +31,7 @@ type KeyManagementProviderSpec struct {
 	// Name of the key management provider
 	Type string `json:"type,omitempty"`
 
-	// +kubebuilder:default="1m"
+	// +kubebuilder:default=""
 	Interval string `json:"interval,omitempty"`
 
 	// +kubebuilder:pruning:PreserveUnknownFields
diff --git a/api/v1beta1/namespacedkeymanagementprovider_types.go b/api/v1beta1/namespacedkeymanagementprovider_types.go
index 36e2ba514d..c368abbe3a 100644
--- a/api/v1beta1/namespacedkeymanagementprovider_types.go
+++ b/api/v1beta1/namespacedkeymanagementprovider_types.go
@@ -32,7 +32,7 @@ type NamespacedKeyManagementProviderSpec struct {
 	// Name of the key management provider
 	Type string `json:"type,omitempty"`
 
-	// +kubebuilder:default="1m"
+	// +kubebuilder:default=""
 	Interval string `json:"interval,omitempty"`
 
 	// +kubebuilder:pruning:PreserveUnknownFields
diff --git a/charts/ratify/crds/keymanagementprovider-customresourcedefinition.yaml b/charts/ratify/crds/keymanagementprovider-customresourcedefinition.yaml
index 39d3a025ee..c2ef79cebe 100644
--- a/charts/ratify/crds/keymanagementprovider-customresourcedefinition.yaml
+++ b/charts/ratify/crds/keymanagementprovider-customresourcedefinition.yaml
@@ -49,7 +49,7 @@ spec:
               description: KeyManagementProviderSpec defines the desired state of KeyManagementProvider
               properties:
                 interval:
-                  default: 1m
+                  default: ""
                   type: string
                 parameters:
                   description: Parameters of the key management provider
diff --git a/charts/ratify/crds/namespacedkeymanagementprovider-customresourcedefinition.yaml b/charts/ratify/crds/namespacedkeymanagementprovider-customresourcedefinition.yaml
index f081af7515..46d473689c 100644
--- a/charts/ratify/crds/namespacedkeymanagementprovider-customresourcedefinition.yaml
+++ b/charts/ratify/crds/namespacedkeymanagementprovider-customresourcedefinition.yaml
@@ -51,7 +51,7 @@ spec:
                 of NamespacedKeyManagementProvider
               properties:
                 interval:
-                  default: 1m
+                  default: ""
                   type: string
                 parameters:
                   description: Parameters of the key management provider
diff --git a/config/crd/bases/config.ratify.deislabs.io_keymanagementproviders.yaml b/config/crd/bases/config.ratify.deislabs.io_keymanagementproviders.yaml
index b54ed31561..f83dd72e2b 100644
--- a/config/crd/bases/config.ratify.deislabs.io_keymanagementproviders.yaml
+++ b/config/crd/bases/config.ratify.deislabs.io_keymanagementproviders.yaml
@@ -51,7 +51,7 @@ spec:
             description: KeyManagementProviderSpec defines the desired state of KeyManagementProvider
             properties:
               interval:
-                default: 1m
+                default: ""
                 type: string
               parameters:
                 description: Parameters of the key management provider
diff --git a/config/crd/bases/config.ratify.deislabs.io_namespacedkeymanagementproviders.yaml b/config/crd/bases/config.ratify.deislabs.io_namespacedkeymanagementproviders.yaml
index 769309da07..afd5185163 100644
--- a/config/crd/bases/config.ratify.deislabs.io_namespacedkeymanagementproviders.yaml
+++ b/config/crd/bases/config.ratify.deislabs.io_namespacedkeymanagementproviders.yaml
@@ -52,7 +52,7 @@ spec:
               of NamespacedKeyManagementProvider
             properties:
               interval:
-                default: 1m
+                default: ""
                 type: string
               parameters:
                 description: Parameters of the key management provider
diff --git a/pkg/keymanagementprovider/refresh/kubeRefresh.go b/pkg/keymanagementprovider/refresh/kubeRefresh.go
index f29245b04d..80da0703e5 100644
--- a/pkg/keymanagementprovider/refresh/kubeRefresh.go
+++ b/pkg/keymanagementprovider/refresh/kubeRefresh.go
@@ -119,6 +119,12 @@ func (kr *KubeRefresher) Refresh(ctx context.Context) error {
 		return nil
 	}
 
+	// if interval is not set, disable refresh
+	if keyManagementProvider.Spec.Interval == "" {
+		logger.Infof("KeyManagementProvider %v is refreshable but interval is not set", resource)
+		kr.Result = ctrl.Result{}
+		return nil
+	}
 	// resource is refreshable, requeue after interval
 	intervalDuration, err := time.ParseDuration(keyManagementProvider.Spec.Interval)
 	if err != nil {
diff --git a/pkg/keymanagementprovider/refresh/kubeRefreshNamedspaced_test.go b/pkg/keymanagementprovider/refresh/kubeRefreshNamedspaced_test.go
index 4a3d46c0a8..a2fc3cf46b 100644
--- a/pkg/keymanagementprovider/refresh/kubeRefreshNamedspaced_test.go
+++ b/pkg/keymanagementprovider/refresh/kubeRefreshNamedspaced_test.go
@@ -63,6 +63,37 @@ func TestKubeRefresherNamespaced_Refresh_notRefreshable(t *testing.T) {
 	}
 }
 
+func TestKubeRefresherNamespaced_Refresh_Disabled(t *testing.T) {
+	provider := &configv1beta1.NamespacedKeyManagementProvider{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "",
+			Name:      "kmpName",
+		},
+		Spec: configv1beta1.NamespacedKeyManagementProviderSpec{
+			Type:     "test-kmp",
+			Interval: "",
+			Parameters: runtime.RawExtension{
+				Raw: []byte(`{"vaultURI": "https://yourkeyvault.vault.azure.net/", "certificates": [{"name": "cert1", "version": "1"}], "tenantID": "yourtenantID", "clientID": "yourclientID"}`),
+			},
+		},
+	}
+	request := ctrl.Request{
+		NamespacedName: client.ObjectKey{
+			Namespace: "",
+			Name:      "kmpName",
+		},
+	}
+	scheme, _ := test.CreateScheme()
+	client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(provider).Build()
+	kr := &KubeRefresherNamespaced{
+		Client:  client,
+		Request: request,
+	}
+	err := kr.Refresh(context.Background())
+	if kr.Result.RequeueAfter != 0 && kr.Result.Requeue == false {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+}
 func TestKubeRefresherNamespaced_Refresh_refreshable(t *testing.T) {
 	provider := &configv1beta1.NamespacedKeyManagementProvider{
 		ObjectMeta: metav1.ObjectMeta{
diff --git a/pkg/keymanagementprovider/refresh/kubeRefreshNamespaced.go b/pkg/keymanagementprovider/refresh/kubeRefreshNamespaced.go
index b7f179ac16..ffe4d0fd84 100644
--- a/pkg/keymanagementprovider/refresh/kubeRefreshNamespaced.go
+++ b/pkg/keymanagementprovider/refresh/kubeRefreshNamespaced.go
@@ -116,6 +116,13 @@ func (kr *KubeRefresherNamespaced) Refresh(ctx context.Context) error {
 		return nil
 	}
 
+	// if interval is not set, disable refresh
+	if keyManagementProvider.Spec.Interval == "" {
+		logger.Infof("KeyManagementProvider %v is refreshable but interval is not set", resource)
+		kr.Result = ctrl.Result{}
+		return nil
+	}
+
 	intervalDuration, err := time.ParseDuration(keyManagementProvider.Spec.Interval)
 	if err != nil {
 		logger.Error(err, "unable to parse interval duration")
diff --git a/pkg/keymanagementprovider/refresh/kubeRefresh_test.go b/pkg/keymanagementprovider/refresh/kubeRefresh_test.go
index 3ef815ded4..0ab5794be3 100644
--- a/pkg/keymanagementprovider/refresh/kubeRefresh_test.go
+++ b/pkg/keymanagementprovider/refresh/kubeRefresh_test.go
@@ -65,6 +65,38 @@ func TestKubeRefresher_Refresh_notRefreshable(t *testing.T) {
 	}
 }
 
+func TestKubeRefresher_Refresh_Disabled(t *testing.T) {
+	provider := &configv1beta1.KeyManagementProvider{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "",
+			Name:      "kmpName",
+		},
+		Spec: configv1beta1.KeyManagementProviderSpec{
+			Type:     "test-kmp",
+			Interval: "",
+			Parameters: runtime.RawExtension{
+				Raw: []byte(`{"vaultURI": "https://yourkeyvault.vault.azure.net/", "certificates": [{"name": "cert1", "version": "1"}], "tenantID": "yourtenantID", "clientID": "yourclientID"}`),
+			},
+		},
+	}
+	request := ctrl.Request{
+		NamespacedName: client.ObjectKey{
+			Namespace: "",
+			Name:      "kmpName",
+		},
+	}
+	scheme, _ := test.CreateScheme()
+	client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(provider).Build()
+	kr := &KubeRefresher{
+		Client:  client,
+		Request: request,
+	}
+	err := kr.Refresh(context.Background())
+	if kr.Result.RequeueAfter != 0 && kr.Result.Requeue == false {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+}
+
 func TestKubeRefresher_Refresh_refreshable(t *testing.T) {
 	provider := &configv1beta1.KeyManagementProvider{
 		ObjectMeta: metav1.ObjectMeta{