Closed DhritiShikhar closed 2 years ago
/lgtm
/lgtm cancel
LGTM for the code changes. Let's think about the e2e test case for this feature to not fall into the same trap again.
/retest
Tests may be failing because the env variable changes (from 2 vars to 1 for the file) are not propagated to the desired deployment. This PR is supposed to fix this: https://github.com/openshift/external-dns-operator/pull/150.
Disregard my previous comment about https://github.com/openshift/external-dns-operator/pull/150 which could help here. I forgot that in your test case you deploy all from scratch, so you should not be impacted by the fix I did in the other PR.
/lgtm /approve
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: alebedev87, DhritiShikhar
The full list of commands accepted by this bot can be found here.
The pull request process is described here
@DhritiShikhar: all tests passed!
Full PR test history. Your PR dashboard.
Tested manually too:
02:32:58 $ oc -n external-dns get pods
No resources found in external-dns namespace.
02:33:07 $ oc -n external-dns get secret
NAME TYPE DATA AGE
builder-dockercfg-pdf6f kubernetes.io/dockercfg 1 3h7m
builder-token-pwqlz kubernetes.io/service-account-token 4 3h7m
builder-token-r2v8x kubernetes.io/service-account-token 4 3h7m
default-dockercfg-nrgfx kubernetes.io/dockercfg 1 3h7m
default-token-fvr4j kubernetes.io/service-account-token 4 3h7m
default-token-tq696 kubernetes.io/service-account-token 4 3h7m
deployer-dockercfg-r8tmw kubernetes.io/dockercfg 1 3h7m
deployer-token-5887f kubernetes.io/service-account-token 4 3h7m
deployer-token-brdgr kubernetes.io/service-account-token 4 3h7m
02:33:14 $ oc apply -f config/samples/aws/operator_v1alpha1_externaldns_openshift.yaml
externaldns.externaldns.olm.openshift.io/sample-aws created
02:33:19 $ oc -n external-dns get secret
NAME TYPE DATA AGE
builder-dockercfg-pdf6f kubernetes.io/dockercfg 1 3h8m
builder-token-pwqlz kubernetes.io/service-account-token 4 3h8m
builder-token-r2v8x kubernetes.io/service-account-token 4 3h8m
default-dockercfg-nrgfx kubernetes.io/dockercfg 1 3h8m
default-token-fvr4j kubernetes.io/service-account-token 4 3h8m
default-token-tq696 kubernetes.io/service-account-token 4 3h8m
deployer-dockercfg-r8tmw kubernetes.io/dockercfg 1 3h8m
deployer-token-5887f kubernetes.io/service-account-token 4 3h8m
deployer-token-brdgr kubernetes.io/service-account-token 4 3h8m
external-dns-credentials-sample-aws Opaque 3 3s
external-dns-sample-aws-dockercfg-8gtlk kubernetes.io/dockercfg 1 3s
external-dns-sample-aws-token-mzc5z kubernetes.io/service-account-token 4 3s
external-dns-sample-aws-token-s6sdn kubernetes.io/service-account-token 4 3s
02:33:22 $ oc -n external-dns get pods
NAME READY STATUS RESTARTS AGE
external-dns-sample-aws-7cdcbb8b69-r7sfg 1/1 Running 0 7s
02:33:26 $ oc -n external-dns get pods external-dns-sample-aws-7cdcbb8b69-r7sfg -o yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
externaldns.olm.openshift.io/credentials-secret-hash: ca286362386fad85434e29b75dd7a5b1759bdbf5c4d378580c176887547e9ce7
02:33:37 $ oc -n external-dns exec external-dns-sample-aws-7cdcbb8b69-r7sfg -- cat /etc/kubernetes/aws-credentials
[default]
aws_access_key_id = AAAAAAAAAAAAAAAA
aws_secret_access_key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
2:34:34 $ oc -n external-dns get pods
NAME READY STATUS RESTARTS AGE
external-dns-sample-aws-7cdcbb8b69-r7sfg 1/1 Running 0 84s
02:34:43 $ oc -n external-dns-operator edit secret aws-access-key
error: secrets "aws-access-key" is invalid
secret/aws-access-key edited
02:36:18 $ oc -n external-dns get pods
NAME READY STATUS RESTARTS AGE
external-dns-sample-aws-6dff6959f6-7nx6t 1/1 Running 0 8s
02:36:32 $ oc -n external-dns exec external-dns-sample-aws-6dff6959f6-7nx6t -- cat /etc/kubernetes/aws-credentials
[default]
aws_access_key_id = WRONG
aws_secret_access_key = WRONG
02:39:36 $ oc -n external-dns get pods external-dns-sample-aws-6dff6959f6-7nx6t -o yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
externaldns.olm.openshift.io/credentials-secret-hash: edfd61362b1c83fe22a862121cfc8cc0fd86968f5f914001083d715585aef9d7
/label qe-approved
/label docs-approved /label px-approved
Changes
[1] Moves the secret checksum annotation from deployment's
metadata.annotations
tospec.template.annotations
[2] Adds an E2E to verify that at first DNS records are not created when wrong secret is supplied. When the wrong secret is updated with the right values, DNS records are created.