Skip to content

Commit

Permalink
Only lookup secrets in the namespace where the install is targeting. (#…
Browse files Browse the repository at this point in the history
…1156)

* Only lookup secrets in the namespace where the install is targeting.

* Add Changelog
  • Loading branch information
Thomas Eckert authored Apr 8, 2022
1 parent d708a65 commit 0e691ba
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 4 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
BUG FIXES:
* CLI
* Fix issue where clusters not in the same namespace as their deployment name could not be upgraded. [[GH-1115](https://github.com/hashicorp/consul-k8s/pull/1115)]
* Fix issue where the CLI was looking for secrets in namespaces other than the namespace targeted by the release. [[GH-1156](https://github.com/hashicorp/consul-k8s/pull/1156)]

IMPROVEMENTS:
* Helm
Expand Down
2 changes: 1 addition & 1 deletion cli/cmd/install/install.go
Original file line number Diff line number Diff line change
Expand Up @@ -411,7 +411,7 @@ func (c *Command) checkForPreviousPVCs() error {
// and returns a message if the secret configuration is ok or an error if
// the secret configuration could cause a conflict.
func (c *Command) checkForPreviousSecrets(release release.Release) (string, error) {
secrets, err := validation.ListConsulSecrets(c.Ctx, c.kubernetes)
secrets, err := validation.ListConsulSecrets(c.Ctx, c.kubernetes, release.Namespace)
if err != nil {
return "", fmt.Errorf("Error listing Consul secrets: %s", err)
}
Expand Down
4 changes: 2 additions & 2 deletions cli/validation/kubernetes.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ import (
)

// ListConsulSecrets attempts to find secrets with the Consul label.
func ListConsulSecrets(ctx context.Context, client kubernetes.Interface) (*v1.SecretList, error) {
secrets, err := client.CoreV1().Secrets("").List(ctx, metav1.ListOptions{
func ListConsulSecrets(ctx context.Context, client kubernetes.Interface, namespace string) (*v1.SecretList, error) {
secrets, err := client.CoreV1().Secrets(namespace).List(ctx, metav1.ListOptions{
LabelSelector: fmt.Sprintf("%s=%s", common.CLILabelKey, common.CLILabelValue),
})

Expand Down
19 changes: 18 additions & 1 deletion cli/validation/kubernetes_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ func TestListConsulSecrets(t *testing.T) {

cases := map[string]struct {
secrets *v1.SecretList
namespace string
expectedSecrets int
}{
"No secrets": {
Expand All @@ -33,6 +34,7 @@ func TestListConsulSecrets(t *testing.T) {
},
},
},
namespace: v1.NamespaceDefault,
expectedSecrets: 1,
},
"A Consul and a non-Consul Secret": {
Expand All @@ -51,8 +53,23 @@ func TestListConsulSecrets(t *testing.T) {
},
},
},
namespace: v1.NamespaceDefault,
expectedSecrets: 1,
},
"A Consul Secret in default namespace with lookup in consul namespace": {
secrets: &v1.SecretList{
Items: []v1.Secret{
{
ObjectMeta: metav1.ObjectMeta{
Name: "test-consul-bootstrap-acl-token",
Labels: map[string]string{common.CLILabelKey: common.CLILabelValue},
},
},
},
},
namespace: "consul",
expectedSecrets: 0,
},
}

for name, tc := range cases {
Expand All @@ -64,7 +81,7 @@ func TestListConsulSecrets(t *testing.T) {
require.NoError(t, err)
}

actual, err := ListConsulSecrets(context.Background(), client)
actual, err := ListConsulSecrets(context.Background(), client, tc.namespace)
require.NoError(t, err)
require.Equal(t, tc.expectedSecrets, len(actual.Items))
})
Expand Down

0 comments on commit 0e691ba

Please sign in to comment.