[Feature] add support for context variables for better use of templating #11
Conversation
…n favor of AppsV1Api for deployment operations
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #11 +/- ##
===========================================
+ Coverage 55.63% 79.68% +24.05%
===========================================
Files 13 17 +4
Lines 2439 4037 +1598
Branches 290 380 +90
===========================================
+ Hits 1357 3217 +1860
+ Misses 1066 709 -357
- Partials 16 111 +95
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
I have some more changes for this pr, but having issues with new unit tests. |
…or context, update service_spec, and helper function for base64 checks
|
I marked this back to draft, I am going to try and write functional/integration tests for it. |
…drop unused changes
…v fixture to tests/conftest.py and add a decorator to only run on linux
…efore running tests against it
…es deletions, relying on the module to raise exceptions for errors rather than checking specific response codes
…t accross versions
|
@lkubb I think I am finished writing tests for this now. Although, I may need to reassess some of the asserts I used early on. I may have over done it with spec validation and looking back on it; I probably should have done some of the testing I did in functional tests in unit tests instead. Given how much error testing I did in the execution module functional tests -> I lightened up on the rest of the tests and focused on correct usage. Thank you for your help to get this done. The versions of kubernetes I chose was based on these release notes https://github.com/kubernetes-sigs/kind/releases/tag/v0.25.0. @benfiedler If you have time, can you test this PR in your environment? You may need to clear cache and remove the old version of the state module file kubernetesmod.py as I renamed the module due to a conflict with the existing kubernetes.py in salt core code. It works in my environment. Side Note: I do not like the way the state module is not actually idempotent. If it has an existing resource the module replaces it instead of saying it exists and exit. I think we should only replace if we pass in an arg/kwarg |
…dle everything, also added metadata and type args needed
|
Thanks to some testing by @benfiedler I realized that I over complicated secrets management. Should be good now. |
…neType error, and remove default to opaque type
|
This last change was due to a use case @benfiedler gave me where when creating a secret with data as an empty dictionary, kubernetes will generate the token automatically. So, I added a test for this use case, and updated secrets to handle the NoneType error and remove the default to type opaque. |
|
Thanks, as @djivey mentioned my tests were successful after some minor tweaks. There was a minor issue during testing with one of my source+context secrets that renders data that is already base64 encoded - it gets double base64 encoded, but I was able to workaround it by updating my source file to just instead have it in plain text. I can investigate that one later when I have more time to see if I can find out how/why that's happening. |
…4 values and update is_base64 to remove whitespace and use to confirm base64
It is related to a use case where I was not handling newlines/whitespace in the __is_base64 function and returns false causing the double encoding. Example data: type: "kubernetes.io/tls"
data:
tls.crt: |
"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM5akNDQWQ2Z0F3SUJBZ0lSQVA4"
"Y3NuYmovVS9nWHJ4VDR5dXk5OUF3RFFZSktvWklodmNOQVFFTEJRQXcKRlRFVE1CRUdB"
"MVVFQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBeE1UY3hOekEwTWpkYUZ3MHpOREF4"
"TVRReApOekEwTWpkYU1CVXhFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1B"
"MEdDU3FHU0liM0RRRUJBUVVBQ"
tls.key: |
"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcw"
"QkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzFyZkdjdGhFaXk3K0YKLzdSOEd6TmFh"
"d29PdEVHVHZvWWFPMlF1b2JEcUd0NitTZFZ1Y2NTS2dDYWh3V09XN0dTTzhNRjJzaEtE"
"WHlsegp1VzZySjN2WlJOaVgyMy9TV1J3d0xXYzBHZUNVT3VXQVlVR2N1THQ5OVplUzRQ"
"eWQ5UmRnNTRZRlhMZ1FKV0"I updated the function to support this use case and added a test case in the module functional tests to validate functionality. |
There was a problem hiding this comment.
Thanks a lot (once again =D) for going beyond and implementing a proper functional/integration test suite + sorry for taking so long to review it. This PR gives the extension a solid foundation for future changes.
Edit: Not sure if you'll notice this edit, but I forgot mentioning: Something that would be nice is some functional tests for the state module that verify that test=True works as expected (correctly reports changes/no changes) and especially does not apply these changes.
| @@ -290,7 +290,7 @@ def _lint(session, rcfile, flags, paths, tee_output=True): | |||
| stdout.seek(0) | |||
| contents = stdout.read() | |||
| if contents: | |||
| contents = contents.decode("utf-8") | |||
There was a problem hiding this comment.
question: Is this change intentional?
There was a problem hiding this comment.
I tried a lot of things through this process, I could have dropped that on accident, will test it and make sure.
| @@ -71,11 +73,16 @@ lint = [ | |||
| ] | |||
| tests = [ | |||
| "pytest>=7.2.0", | |||
| "pytest-salt-factories>=1.0.0", | |||
| "pytest-custom-exit-code>=0.3", | |||
| "pytest-salt-factories>=1.0.0rc19", | |||
There was a problem hiding this comment.
issue: I don't think the version bound should be lowered.
| "PyYAML>=5.3.1", | ||
| "mock>=4.0.3", | ||
| "pytest-custom-exit-code>=0.3", |
There was a problem hiding this comment.
question: Why did you add these test dependencies?
There was a problem hiding this comment.
Dropped these and reinitiated a venv to validate tests still worked.
| context | ||
| Variables to be passed into the template. |
There was a problem hiding this comment.
note: We need to ensure this change is documented prominently since before this patch, this parameter was used for something unrelated.
There was a problem hiding this comment.
Where do I document this better? Module docstring?
There was a problem hiding this comment.
This was mostly intended to be a reminder, it's probably fine if it's mentioned in the changelog like I proposed, especially since this module has likely been broken for quite some time.
There was a problem hiding this comment.
issue: This news fragment needs to render to a bullet point in the changelog list, which won't work because it contains newlines, headers and lists itself.
note: You don't need to add testing infrastructure changes here, it's just for user-facing changes.
In essence, please cut this down to a single line like: Added support for specifying template context variables (or something that you feel describes the initial motivation for this PR). Additionally, we need to document breaking changes, which should get their own news fragment. They don't need their own issue. Example:
echo 'Removed the ability to override minion configuration in function parameters (`context`, `kubeconfig`, `kubeconfig_data`)' > changelog/+config.removed.md
echo 'Reused the removed `context` parameter for Jinja2 context variables! Take care when upgrading from earlier versions.' > changelog/+context.breaking.md| source=None, | ||
| template=None, | ||
| context=None, | ||
| saltenv="base", |
There was a problem hiding this comment.
note: I think this is a breaking change as well, right? We're going from saltenv=__env__ to saltenv="base".
There was a problem hiding this comment.
I was having a lot of trouble in the integration tests here, I will test this out again.
| try: | ||
| ret["changes"] = { | ||
| # Omit values from the return. They are unencrypted | ||
| # and can contain sensitive data. | ||
| "data": list(res["data"]) | ||
| } | ||
| # TypeError: 'NoneType' object is not iterable | ||
| except TypeError: | ||
| ret["changes"] = {"data": []} |
There was a problem hiding this comment.
suggestion: If you only need to protect against None here, you can just do this instead:
| try: | |
| ret["changes"] = { | |
| # Omit values from the return. They are unencrypted | |
| # and can contain sensitive data. | |
| "data": list(res["data"]) | |
| } | |
| # TypeError: 'NoneType' object is not iterable | |
| except TypeError: | |
| ret["changes"] = {"data": []} | |
| ret["changes"] = { | |
| # Omit values from the return. They are unencrypted | |
| # and can contain sensitive data. | |
| "data": list(res["data"] or []) | |
| } |
| cluster.create() | ||
|
|
||
| # Initial wait for cluster to start | ||
| time.sleep(10) |
There was a problem hiding this comment.
question: Is this idle time necessary? Can we just remove it and adjust the retries below?
There was a problem hiding this comment.
Removed, the retries that exist are sufficient
| log.error("stdout: %s", exc.stdout) | ||
| log.error("stderr: %s", exc.stderr) | ||
| raise | ||
| time.sleep(10) |
There was a problem hiding this comment.
question: Don't the called commands above wait?
If not:
note: I'd much prefer this decreased to 1s and the retries adjusted accordingly because we don't want to waste time in CI.
What does this PR do?
This PR introduces several enhancements to the Kubernetes extension:
Template Context Support
Secret Management Improvements
Service Specification Enhancement
Connection Handling
Updated Tests
Renamed the kubernetesmod.py state module to kubernetes.py to resolve conflicts with salt core kubernetes module
What issues does this PR fix or reference?
Fixes: #10 - Add support for context variables in Kubernetes templates.
Potentially fixes - saltstack/salt#59758
Previous Behavior
Merge requirements satisfied?
Commits signed with GPG?
Yes