Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add configuration for file permission #751

Merged
merged 26 commits into from
Jan 19, 2022
Merged

feat: add configuration for file permission #751

merged 26 commits into from
Jan 19, 2022

Conversation

nilekhc
Copy link
Contributor

@nilekhc nilekhc commented Jan 12, 2022

Reason for Change:

This PR adds support for file permission for secrets being written to the pod.

Requirements

  • squashed commits
  • included documentation
  • added unit tests and e2e tests (if applicable).

Issue Fixed:

fixes #712

Does this change contain code from or inspired by another project?

  • Yes
  • No

If "Yes," did you notify that project's maintainers and provide attribution?

Special Notes for Reviewers:

@nilekhc nilekhc requested a review from aramase January 12, 2022 12:18
@nilekhc
feat: adds support for secret file permission
338e5d2 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@nilekhc
chore: fixes typo
64e2cf3 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@codecov-commenter
Copy link

codecov-commenter commented Jan 13, 2022
edited
Loading

Codecov Report

Merging #751 (0d0cf19) into master (6fc6b53) will decrease coverage by 0.07%.
The diff coverage is 53.57%.

@@            Coverage Diff             @@
##           master     #751      +/-   ##
==========================================
- Coverage   62.09%   62.02%   -0.08%     
==========================================
  Files           7        7              
  Lines         765      782      +17     
==========================================
+ Hits          475      485      +10     
- Misses        257      263       +6     
- Partials       33       34       +1

@nilekhc
Copy link
Contributor Author

nilekhc commented Jan 13, 2022

/azp run pr-e2e-azure

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@aramase aramase changed the title File permission feat: add configuration for file permission Jan 13, 2022
aramase
aramase reviewed Jan 13, 2022
View reviewed changes
Copy link
Member

@aramase aramase left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added few comments! To summarize,

  1. If no file permission is provided, we should default to the permission provided by the driver (same as today). This can be done when the objects to retrieve are unmarshalled.
  2. The validation for file permission should happen before actual call to keyvault to avoid making keyvault API calls when final result is an error.

Let's move the validation to a function so we can also unit test it

pkg/provider/provider.go Outdated Show resolved Hide resolved
pkg/provider/provider.go Outdated Show resolved Hide resolved
pkg/provider/provider.go Outdated Show resolved Hide resolved
pkg/server/server.go Outdated Show resolved Hide resolved
pkg/server/server.go Outdated Show resolved Hide resolved
@nilekhc
fix: fixes validation logic and adds tests
9d496ed 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@nilekhc
Copy link
Contributor Author

nilekhc commented Jan 14, 2022

/azp run pr-e2e-azure

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@nilekhc nilekhc requested a review from aramase January 14, 2022 09:28
@nilekhc
chore: gofmt
d2761c5 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@nilekhc
chore: gofmt
e718e5b 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@nilekhc
Copy link
Contributor Author

nilekhc commented Jan 14, 2022

/azp run pr-e2e-azure

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@aramase aramase added this to the v1.1.0 milestone Jan 14, 2022
aramase
aramase reviewed Jan 18, 2022
View reviewed changes
Copy link
Member

@aramase aramase left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we also an e2e test to validate this change?

pkg/provider/provider.go Outdated Show resolved Hide resolved
pkg/provider/provider.go Outdated Show resolved Hide resolved
@nilekhc
chore: updates comment
9a44b9f 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@nilekhc
chore: go fmt
f58e7bb 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@nilekhc
test: adds e2e test for file permission
b4f1a89 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@nilekhc
chore: updates import
2cde058 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@nilekhc
test: updates var name
2e3b53e 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@nilekhc
test: fixes test
324d701 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@nilekhc
test: enables all tests
78c1948 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@nilekhc
Copy link
Contributor Author

nilekhc commented Jan 19, 2022

/azp run pr-e2e-azure

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@nilekhc
Copy link
Contributor Author

nilekhc commented Jan 19, 2022

/azp run pr-e2e-azure

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@nilekhc
Copy link
Contributor Author

nilekhc commented Jan 19, 2022

Could we also an e2e test to validate this change?

I have added e2e tests for kind cluster.

@nilekhc nilekhc requested a review from aramase January 19, 2022 15:49
aramase
aramase reviewed Jan 19, 2022
View reviewed changes
Copy link
Member

@aramase aramase left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes look good! Could you update the documentation here to add the new field? You can add available for version > v1.1.0 so users know it's not yet released.

@nilekhc
docs: updates docs with file permission
4f75e7c 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@nilekhc
Copy link
Contributor Author

nilekhc commented Jan 19, 2022

The changes look good! Could you update the documentation here to add the new field? You can add available for version > v1.1.0 so users know it's not yet released.

added.

@nilekhc nilekhc requested a review from aramase January 19, 2022 18:24
@nilekhc
docs: updates docs
e874a24 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
@nilekhc nilekhc requested a review from aramase January 19, 2022 20:07
@nilekhc nilekhc merged commit c06bc12 into Azure:master Jan 19, 2022
@nilekhc nilekhc deleted the file-permission branch January 19, 2022 20:18
@aramase aramase mentioned this pull request Feb 2, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aramase aramase aramase approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.1.0
Development

Successfully merging this pull request may close these issues.

Set file-system permissions for mounted secrets
3 participants
@nilekhc @codecov-commenter @aramase