You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by ka...@apache.org on 2021/12/31 13:27:55 UTC
[airflow] branch main updated: Chart: Add type to extra secrets param (#20599)
This is an automated email from the ASF dual-hosted git repository.
kaxilnaik pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 57ed3ab Chart: Add type to extra secrets param (#20599)
57ed3ab is described below
commit 57ed3abe2d3c3455a635d87ecd1d2064449f75a2
Author: Alexander Liotta <al...@gmail.com>
AuthorDate: Fri Dec 31 05:27:19 2021 -0800
Chart: Add type to extra secrets param (#20599)
Description: allows users to specify they type of secret they are adding when adding extra secrets. Previously we were just defaulting to Opaque.
---
chart/templates/secrets/extra-secrets.yaml | 3 +++
chart/tests/test_extra_configmaps_secrets.py | 23 +++++++++++++++++++++--
chart/values.schema.json | 4 ++++
chart/values.yaml | 1 +
4 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/chart/templates/secrets/extra-secrets.yaml b/chart/templates/secrets/extra-secrets.yaml
index 9137a0e..20c1751 100644
--- a/chart/templates/secrets/extra-secrets.yaml
+++ b/chart/templates/secrets/extra-secrets.yaml
@@ -36,6 +36,9 @@ metadata:
"helm.sh/hook": "pre-install,pre-upgrade"
"helm.sh/hook-delete-policy": "before-hook-creation"
"helm.sh/hook-weight": "0"
+{{- if $secretContent.type }}
+type: {{ $secretContent.type }}
+{{- end }}
{{- if $secretContent.data }}
data:
{{- with $secretContent.data }}
diff --git a/chart/tests/test_extra_configmaps_secrets.py b/chart/tests/test_extra_configmaps_secrets.py
index 3943990..d1e2b25 100644
--- a/chart/tests/test_extra_configmaps_secrets.py
+++ b/chart/tests/test_extra_configmaps_secrets.py
@@ -77,6 +77,14 @@ class ExtraConfigMapsSecretsTest(unittest.TestCase):
stringData: |
MY_SECRET_3: "MY_SECRET_3"
MY_SECRET_4: "MY_SECRET_4"
+ "{{ .Release.Name }}-other-secrets-with-type":
+ type: kubernetes.io/dockerconfigjson
+ data: |
+ MY_SECRET_5: {{ printf "MY_SECRET_5" | b64enc }}
+ MY_SECRET_6: {{ printf "MY_SECRET_6" | b64enc }}
+ stringData: |
+ MY_SECRET_7: "MY_SECRET_7"
+ MY_SECRET_8: "MY_SECRET_8"
"""
)
values = yaml.safe_load(values_str)
@@ -88,6 +96,7 @@ class ExtraConfigMapsSecretsTest(unittest.TestCase):
all_expected_keys = [
("Secret", f"{RELEASE_NAME}-airflow-connections"),
("Secret", f"{RELEASE_NAME}-other-secrets"),
+ ("Secret", f"{RELEASE_NAME}-other-secrets-with-type"),
]
assert set(k8s_objects_by_key.keys()) == set(all_expected_keys)
@@ -97,16 +106,26 @@ class ExtraConfigMapsSecretsTest(unittest.TestCase):
"MY_SECRET_1": b64encode(b"MY_SECRET_1").decode("utf-8"),
"MY_SECRET_2": b64encode(b"MY_SECRET_2").decode("utf-8"),
},
+ {
+ "MY_SECRET_5": b64encode(b"MY_SECRET_5").decode("utf-8"),
+ "MY_SECRET_6": b64encode(b"MY_SECRET_6").decode("utf-8"),
+ },
]
all_expected_string_data = [
{"AIRFLOW_CON_GCP": "gcp_connection_string"},
{"MY_SECRET_3": "MY_SECRET_3", "MY_SECRET_4": "MY_SECRET_4"},
+ {"MY_SECRET_7": "MY_SECRET_7", "MY_SECRET_8": "MY_SECRET_8"},
]
- for expected_key, expected_data, expected_string_data in zip(
- all_expected_keys, all_expected_data, all_expected_string_data
+ all_expected_types = [None, None, "kubernetes.io/dockerconfigjson"]
+ for expected_key, expected_data, expected_string_data, expected_type in zip(
+ all_expected_keys, all_expected_data, all_expected_string_data, all_expected_types
):
configmap_obj = k8s_objects_by_key[expected_key]
+ if expected_type:
+ assert configmap_obj["type"] == expected_type
+ else:
+ assert "type" not in configmap_obj
assert configmap_obj["data"] == expected_data
assert configmap_obj["stringData"] == expected_string_data
diff --git a/chart/values.schema.json b/chart/values.schema.json
index 45bb67b..4e8a1b5 100644
--- a/chart/values.schema.json
+++ b/chart/values.schema.json
@@ -814,6 +814,10 @@
"minProperties": 1,
"additionalProperties": false,
"properties": {
+ "type": {
+ "description": "Type **as string** of secret E.G. Opaque, kubernetes.io/dockerconfigjson, etc.",
+ "type": "string"
+ },
"data": {
"description": "Content **as string** for the 'data' item of the secret (can be templated)",
"type": "string"
diff --git a/chart/values.yaml b/chart/values.yaml
index 3023484..1c313af 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -264,6 +264,7 @@ extraSecrets: {}
# eg:
# extraSecrets:
# '{{ .Release.Name }}-airflow-connections':
+# type: 'Opaque'
# data: |
# AIRFLOW_CONN_GCP: 'base64_encoded_gcp_conn_string'
# AIRFLOW_CONN_AWS: 'base64_encoded_aws_conn_string'