buildpacks-community
Change where the keychain dockercreds are read
Codecov Report
Attention: 21 lines in your changes are missing coverage. Please review.
Comparison is base (
ae9fb34) 67.19% compared to head (f0a5528) 67.33%.
| Files | Patch % | Lines |
|---|---|---|
| pkg/dockercreds/docker_creds.go | 57.69% | 9 Missing and 2 partials :warning: |
| pkg/dockercreds/parse_secrets.go | 77.77% | 10 Missing :warning: |
:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.
Additional details and impacted files
@@ Coverage Diff @@
## main #1436 +/- ##
==========================================
+ Coverage 67.19% 67.33% +0.14%
==========================================
Files 140 140
Lines 8827 8887 +60
==========================================
+ Hits 5931 5984 +53
- Misses 2389 2395 +6
- Partials 507 508 +1
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Is this an opportunity a single reconcile loop could continually re-read them?
@chenbh I can add a condition in the NewVolumeSecretKeychain method to os.stat the secret file but where are you thinking would we cache the time to compare against?
@xtreme-shane-lattanzio I would have the NewVolumeSecretKeychain return a struct that implements the authn.Keychain interface, and so every time Resolve is called, it can compare last modified time against its internal state. I'm not 100% sure, but you might need to secure it with a mutex cause the KeychainFactor is shared among all the reconcilers which will run in separate goroutines.
@matthewmcnew I'm not too convinced about the benefits of continuously reading the file especially since we don't expect the underlying Secret to be rotated often.
