tls: Check for certs to mark tls as unmanaged (PROJQUAY-2428) #518
Conversation
jonathankingfc
commented
Sep 9, 2021
•
jonathankingfc
commented
- TLS should determined to be unmanaged by the presence of tls cert and key, not on any particular field
- Fields from the config.yaml are no longer used to determine this
jonathankingfc
force-pushed
the
PROJQUAY-2428
branch
from
c52fa84
to
8fb62ef
Compare
| updatedQuay.Status.Conditions = v1.RemoveCondition(updatedQuay.Status.Conditions, v1.ConditionTypeRolloutBlocked) | ||
|
|
||
| for _, component := range updatedQuay.Spec.Components { | ||
| contains, err := kustomize.ContainsComponentConfig(userProvidedConfig, component) | ||
| contains, err := kustomize.ContainsComponentConfig(userProvidedConfig, userProvidedCerts, component) |
There was a problem hiding this comment.
We could pass in configBundle.Data directly, no?
There was a problem hiding this comment.
Not unless we alter how it is called elsewhere as well, since the call to this function in configure.go takes a different shape as configBundle.Data.
There was a problem hiding this comment.
I don't follow, configBundle.Data is of type map[string][]byte. userProvidedCerts is also a map[string][]byte.
There was a problem hiding this comment.
We can do this, but we will then have to combine reconfigureRequest.Certs and reconfigureRequest.Config into a single map in configure.go
There was a problem hiding this comment.
I don't follow, sorry. This makes no sense to me. The code "copies" data from A (configBundle.Data) to B (userProvidedCerts) if data is present in A, at last it then passes B to the function instead of just passing A and avoid the "copy" all together. Why can't we pass A directly here? As far as I understand nothing needs to be changed in configure.go.
jonathankingfc
force-pushed
the
PROJQUAY-2428
branch
from
8fb62ef
to
c642a59
Compare
| updatedQuay.Status.Conditions = v1.RemoveCondition(updatedQuay.Status.Conditions, v1.ConditionTypeRolloutBlocked) | ||
|
|
||
| for _, component := range updatedQuay.Spec.Components { | ||
| contains, err := kustomize.ContainsComponentConfig(userProvidedConfig, component) | ||
| contains, err := kustomize.ContainsComponentConfig(userProvidedConfig, userProvidedCerts, component) |
There was a problem hiding this comment.
I don't follow, sorry. This makes no sense to me. The code "copies" data from A (configBundle.Data) to B (userProvidedCerts) if data is present in A, at last it then passes B to the function instead of just passing A and avoid the "copy" all together. Why can't we pass A directly here? As far as I understand nothing needs to be changed in configure.go.
- TLS is determined to be unmanaged by the presence of tls cert and key - Fields from the config.yaml are no longer used to determine this
jonathankingfc
force-pushed
the
PROJQUAY-2428
branch
from
88a6180
to
f05fad1
Compare
