search

vmware-tanzu-labs / educates-training-platform

A platform for hosting interactive workshop environments in Kubernetes, or on top of a local container runtime.
https://docs.educates.dev
Apache License 2.0
63 stars 15 forks source link

Delay in copying secret when using SecretExporter/SecretImporter. #393

Closed GrahamDumpleton closed 1 month ago

GrahamDumpleton commented 1 month ago

Describe the bug

When using SecretExporter/SecretImporter, if the source secret already exists then it will be copied immediately.

If the source secret doesn't exist, it will only be copied up to a minute after the secret is created, as reconciliation for SecretExporter is not triggered properly when an event occurs on arbitrary secrets, even though they seem to be included as to be reconciled.

    copier_configs = [
        value
        for value, *_ in itertools.chain(
            secretcopier_index.values(), secretexporter_index.values()
        )
    ]

Issue may be that since SecretExporter is namespaced it isn't being processed properly.

Additional information

No response

GrahamDumpleton commented 1 month ago

Problem appears to be that secretexporter gets fed into:

def matches_source_secret(secret_name, secret_namespace, configs):
    """Returns all configs which match the secret passed as argument."""

    for config_obj in configs:
        rules = lookup(config_obj, "spec.rules", [])

        for rule in rules:
            source_secret_name = lookup(rule, "sourceSecret.name")
            source_secret_namespace = lookup(rule, "sourceSecret.namespace")

            if (
                secret_name == source_secret_name
                and secret_namespace == source_secret_namespace
            ):
                yield config_obj
                continue

The secretexporter has no sourceSecret property as the resource name and namespace dictate the source secret.

Can probably fake up a sourceSecret property in rule when first processed.