-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MTV-1862 | Mutate ESXi secret before testing connection #1289
Conversation
Codecov ReportAttention: Patch coverage is
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #1289 +/- ##
==========================================
- Coverage 15.47% 15.44% -0.04%
==========================================
Files 112 112
Lines 23399 23399
==========================================
- Hits 3621 3613 -8
- Misses 19490 19501 +11
+ Partials 288 285 -3
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
f14b93f
to
e689a6d
Compare
@@ -126,7 +126,7 @@ func (admitter *SecretAdmitter) validateProviderSecret() *admissionv1.AdmissionR | |||
func (admitter *SecretAdmitter) validateHostSecret() *admissionv1.AdmissionResponse { | |||
if hostName, ok := admitter.secret.GetLabels()["createdForResource"]; ok { | |||
if _, ok := admitter.secret.Data["user"]; !ok { | |||
err := errors.New("Missing credentials on Host secret") | |||
err := errors.New("missing credentials on Host secret") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unrelated nitpick, error should not be capitalized
Signed-off-by: yaacov <kobi.zamir@gmail.com>
e689a6d
to
df2e92c
Compare
Quality Gate passedIssues Measures |
@@ -171,6 +171,27 @@ func (admitter *SecretAdmitter) buildProviderCollector(providerType *api.Provide | |||
} | |||
} | |||
|
|||
func (admitter *SecretAdmitter) ensureEsxiCredentials(provider *api.Provider) (*core.Secret, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mimic the mutation hook that check for data["user"] and then for api.SDK
The patch looks good but I'm a bit confused as to why we trigger the secret admitter. |
Yes we store the url and ip in the secret, I think the logic is that if we have the IP and the credentials in the secret we can validate the secret without needing a the provider/host allowing to first create a secret and then the provider |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Issue:
When testing ESXi Host connection, we don't take into account the mutation of the secret via the mutation hook.
Fix:
a. use the ESXi provider user and password when testing connection in the admission hook, like the secret will be once it's mutated by the mutation hook.
b. when checking for nil user field, also check for empty string to allow for tooling that sand "" instead of nil.
Images:
Before:
After:
https://github.com/user-attachments/assets/4aa589af-075e-4ec9-a0db-7b3d2375339a
Ref:
https://issues.redhat.com/browse/MTV-1862