You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by ka...@apache.org on 2021/12/31 13:27:55 UTC

[airflow] branch main updated: Chart: Add type to extra secrets param (#20599)

This is an automated email from the ASF dual-hosted git repository.

kaxilnaik pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new 57ed3ab  Chart: Add type to extra secrets param (#20599)
57ed3ab is described below

commit 57ed3abe2d3c3455a635d87ecd1d2064449f75a2
Author: Alexander Liotta <al...@gmail.com>
AuthorDate: Fri Dec 31 05:27:19 2021 -0800

    Chart: Add type to extra secrets param (#20599)
    
    Description: allows users to specify they type of secret they are adding when adding extra secrets. Previously we were just defaulting to Opaque.
---
 chart/templates/secrets/extra-secrets.yaml   |  3 +++
 chart/tests/test_extra_configmaps_secrets.py | 23 +++++++++++++++++++++--
 chart/values.schema.json                     |  4 ++++
 chart/values.yaml                            |  1 +
 4 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/chart/templates/secrets/extra-secrets.yaml b/chart/templates/secrets/extra-secrets.yaml
index 9137a0e..20c1751 100644
--- a/chart/templates/secrets/extra-secrets.yaml
+++ b/chart/templates/secrets/extra-secrets.yaml
@@ -36,6 +36,9 @@ metadata:
     "helm.sh/hook": "pre-install,pre-upgrade"
     "helm.sh/hook-delete-policy": "before-hook-creation"
     "helm.sh/hook-weight": "0"
+{{- if $secretContent.type }}
+type: {{ $secretContent.type }}
+{{- end }}
 {{- if $secretContent.data }}
 data:
   {{- with $secretContent.data }}
diff --git a/chart/tests/test_extra_configmaps_secrets.py b/chart/tests/test_extra_configmaps_secrets.py
index 3943990..d1e2b25 100644
--- a/chart/tests/test_extra_configmaps_secrets.py
+++ b/chart/tests/test_extra_configmaps_secrets.py
@@ -77,6 +77,14 @@ class ExtraConfigMapsSecretsTest(unittest.TestCase):
                 stringData: |
                   MY_SECRET_3: "MY_SECRET_3"
                   MY_SECRET_4: "MY_SECRET_4"
+              "{{ .Release.Name }}-other-secrets-with-type":
+                type: kubernetes.io/dockerconfigjson
+                data: |
+                  MY_SECRET_5: {{ printf "MY_SECRET_5" | b64enc }}
+                  MY_SECRET_6: {{ printf "MY_SECRET_6" | b64enc }}
+                stringData: |
+                  MY_SECRET_7: "MY_SECRET_7"
+                  MY_SECRET_8: "MY_SECRET_8"
             """
         )
         values = yaml.safe_load(values_str)
@@ -88,6 +96,7 @@ class ExtraConfigMapsSecretsTest(unittest.TestCase):
         all_expected_keys = [
             ("Secret", f"{RELEASE_NAME}-airflow-connections"),
             ("Secret", f"{RELEASE_NAME}-other-secrets"),
+            ("Secret", f"{RELEASE_NAME}-other-secrets-with-type"),
         ]
         assert set(k8s_objects_by_key.keys()) == set(all_expected_keys)
 
@@ -97,16 +106,26 @@ class ExtraConfigMapsSecretsTest(unittest.TestCase):
                 "MY_SECRET_1": b64encode(b"MY_SECRET_1").decode("utf-8"),
                 "MY_SECRET_2": b64encode(b"MY_SECRET_2").decode("utf-8"),
             },
+            {
+                "MY_SECRET_5": b64encode(b"MY_SECRET_5").decode("utf-8"),
+                "MY_SECRET_6": b64encode(b"MY_SECRET_6").decode("utf-8"),
+            },
         ]
 
         all_expected_string_data = [
             {"AIRFLOW_CON_GCP": "gcp_connection_string"},
             {"MY_SECRET_3": "MY_SECRET_3", "MY_SECRET_4": "MY_SECRET_4"},
+            {"MY_SECRET_7": "MY_SECRET_7", "MY_SECRET_8": "MY_SECRET_8"},
         ]
-        for expected_key, expected_data, expected_string_data in zip(
-            all_expected_keys, all_expected_data, all_expected_string_data
+        all_expected_types = [None, None, "kubernetes.io/dockerconfigjson"]
+        for expected_key, expected_data, expected_string_data, expected_type in zip(
+            all_expected_keys, all_expected_data, all_expected_string_data, all_expected_types
         ):
             configmap_obj = k8s_objects_by_key[expected_key]
+            if expected_type:
+                assert configmap_obj["type"] == expected_type
+            else:
+                assert "type" not in configmap_obj
             assert configmap_obj["data"] == expected_data
             assert configmap_obj["stringData"] == expected_string_data
 
diff --git a/chart/values.schema.json b/chart/values.schema.json
index 45bb67b..4e8a1b5 100644
--- a/chart/values.schema.json
+++ b/chart/values.schema.json
@@ -814,6 +814,10 @@
                 "minProperties": 1,
                 "additionalProperties": false,
                 "properties": {
+                    "type": {
+                        "description": "Type **as string** of secret E.G. Opaque, kubernetes.io/dockerconfigjson, etc.",
+                        "type": "string"
+                    },
                     "data": {
                         "description": "Content **as string** for the 'data' item of the secret (can be templated)",
                         "type": "string"
diff --git a/chart/values.yaml b/chart/values.yaml
index 3023484..1c313af 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -264,6 +264,7 @@ extraSecrets: {}
 # eg:
 # extraSecrets:
 #   '{{ .Release.Name }}-airflow-connections':
+#     type: 'Opaque'
 #     data: |
 #       AIRFLOW_CONN_GCP: 'base64_encoded_gcp_conn_string'
 #       AIRFLOW_CONN_AWS: 'base64_encoded_aws_conn_string'