3scale-operator icon indicating copy to clipboard operation
3scale-operator copied to clipboard

Published 20 hours ago verified publisher icon 3scale

[WIP] THREESCALE-10088 - Reconcile secrets - OpenApi secret, for OpenApi and ActiveDoc CRs

Open valerymo opened this issue 1 year ago • 2 comments

WHAT

Jira: https://issues.redhat.com/browse/THREESCALE-10088

Reconcile secrets

  • This PR is for OpenApi Secret, for OpenApi and ActiveDoc CRs.

  • This PR was related to https://issues.redhat.com/browse/THREESCALE-6735, but was removed from Epic and delayed.

  • Need rebase/update after merge of https://github.com/3scale/3scale-operator/pull/861

  • Changes in this PR:

$ git diff THREESCALE-6735-openapi..patryk/THREESCALE-6735 --name-only
controllers/capabilities/activedoc_controller.go
controllers/capabilities/openapi_controller.go
controllers/capabilities/openapi_utils.go
controllers/capabilities/secret_to_activedoc_event_mapper.go
controllers/capabilities/secret_to_openapi_event_mapper.go
main.go

NOTES

  • Current status of PR - OpenApi and ActiveDoc CRs are labled with OpenApisecret UID.
  • Further development for OpenApi and ActiveDoc CRs, if required, will be done after PR review and discussion with 3scale operator experts.

Validation

  1. Install and run 3scale operator
cd 3scale-operator
make install
oc new-project 3scale-test
make download
make run
  1. Apply s3 secret
  • Secret example (s3-creds-secret.yaml):
kind: Secret
apiVersion: v1
metadata: 
  name: s3-credentials
  namespace: 3scale-test
data: 
  AWS_ACCESS_KEY_ID: QU12345
  AWS_SECRET_ACCESS_KEY: aU12345=
  AWS_BUCKET: dm12345=
  AWS_REGION: ZX1234==
type: Opaque

oc apply -f s3-creds-secret.yaml
  1. Apply Apimanager CR
  • Apimanager CR example (apimanagerCR.yaml):
apiVersion: apps.3scale.net/v1alpha1
kind: APIManager
metadata:
    name: example-apimanager
    namespace: 3scale-test
spec:
    wildcardDomain: apps.vmogilev01.cnbz.s1.devshift.org

oc apply -f apimanagerCR.yaml
  • check DCs and Pods
oc get dc

Expecting:

$ oc get dc
NAME                 REVISION   DESIRED   CURRENT   TRIGGERED BY
apicast-production   1          1         1         config,image(amp-apicast:2.14)
apicast-staging      1          1         1         config,image(amp-apicast:2.14)
backend-cron         1          1         1         config,image(amp-backend:2.14)
backend-listener     1          1         1         config,image(amp-backend:2.14)
backend-redis        1          1         1         config,image(backend-redis:2.14)
backend-worker       1          1         1         config,image(amp-backend:2.14)
system-app           1          1         1         config,image(amp-system:2.14)
system-memcache      1          1         1         config,image(system-memcached:2.14)
system-mysql         1          1         1         config,image(system-mysql:2.14)
system-redis         1          1         1         config,image(system-redis:2.14)
system-searchd       1          1         1         config,image(system-searchd:2.14)
system-sidekiq       1          1         1         config,image(amp-system:2.14)
zync                 1          1         1         config,image(amp-zync:2.14)
zync-database        1          1         1         config,image(zync-database-postgresql:2.14)
zync-que             1          1         1         config,image(amp-zync:2.14)
  1. Create OpenApi secret

Create a secret with the OpenAPI spec document. The name of the secret object will be referenced in the OpenAPI CR.

The following example shows how to create a secret out of a file:

$ cat myopenapi.yaml
---
openapi: "3.0.2"
info:
  title: "some title"
  description: "some description"
  version: "1.0.0"
paths:
  /pet:
    get:
      operationId: "getPet"
      responses:
        405:
          description: "invalid input"


$ oc create secret generic myopenapi --from-file myopenapi.yaml

5 Label OpenApi secret: label secret with label: openapis.capabilities.3scale.net/watched-by=openapi

oc label secret myopenapi openapis.capabilities.3scale.net/watched-by=openapi
  1. Create OpenAPI CR providing reference to the secret holding the OpenAPI document.

OpenAPI_CR.yml:

apiVersion: capabilities.3scale.net/v1beta1
kind: OpenAPI
metadata:
  name: openapi1
spec:
  openapiRef:
    secretRef:
      name: myopenapi

oc apply -f  OpenAPI_CR.yml
  1. Look at OpenAPI CR - check label created with secret UID Example:
  • check secret uid:
$ oc get secret myopenapi -oyaml |grep uid
  uid: 774376cb-e7da-4182-81bd-bf327b1e7378
  • check OpenAPI CR
$ oc get OpenAPI -o=jsonpath='{range .items[*]}{@.metadata.name}{"\n"}{@.metadata.labels}{"\n"}{end}'
openapi1
{"secret.openapi.apps.3scale.net/774376cb-e7da-4182-81bd-bf327b1e7378":"true"}
[vmogilev@vmogilev THREESCALE-6735]$
  1. Create & Check ActiveDoc CR
$ cat ActiveDocCR.yaml
apiVersion: capabilities.3scale.net/v1beta1
kind: ActiveDoc
metadata:
  name: activedoc
spec:
  name: "Operated ActiveDoc From secret"
  activeDocOpenAPIRef:
    secretRef:
      name: myopenapi

oc apply -f ActiveDocCR.yaml

$ oc get activedoc -o=jsonpath='{range .items[*]}{@.metadata.name}{"\n"}{@.metadata.labels}{"\n"}{end}'
activedoc
{"secret.openapi.apps.3scale.net/774376cb-e7da-4182-81bd-bf327b1e7378":"true"}

Check that label in ActiveDoc contains OpenApi Secret UID.

valerymo avatar Aug 15 '23 11:08 valerymo

Code Climate has analyzed commit bc3ffc43 and detected 25 issues on this pull request.

Here's the issue category breakdown:

Category Count
Duplication 15
Style 10

View more on Code Climate.

codeclimate[bot] avatar Aug 16 '23 07:08 codeclimate[bot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-merge-robot avatar Sep 16 '23 22:09 openshift-merge-robot