chore(backport release-1.2): refactor: change generic secret label (#…

…3350) Co-authored-by: Kent Rancourt <[email protected]>
akuity · Jan 23, 2025 · 29b0790 · 29b0790
1 parent b934ffa
commit 29b0790
Show file tree

Hide file tree

Showing 19 changed files with 1,126 additions and 2,403 deletions.
diff --git a/api/service/v1alpha1/service.proto b/api/service/v1alpha1/service.proto
@@ -99,11 +99,6 @@ service KargoService {
   rpc DeleteAnalysisTemplate(DeleteAnalysisTemplateRequest) returns (DeleteAnalysisTemplateResponse);
   rpc GetAnalysisRun(GetAnalysisRunRequest) returns (GetAnalysisRunResponse);
 
-  rpc ListAnalysisTemplateConfigMaps(ListAnalysisTemplateConfigMapsRequest) returns (ListAnalysisTemplateConfigMapsResponse);
-  rpc GetAnalysisTemplateConfigMap(GetAnalysisTemplateConfigMapRequest) returns (GetAnalysisTemplateConfigMapResponse);
-  rpc ListAnalysisTemplateSecrets(ListAnalysisTemplateSecretsRequest) returns (ListAnalysisTemplateSecretsResponse);
-  rpc GetAnalysisTemplateSecret(GetAnalysisTemplateSecretRequest) returns (GetAnalysisTemplateSecretResponse);
-
   /* Event APIs */
 
   rpc ListProjectEvents(ListProjectEventsRequest) returns (ListProjectEventsResponse);
@@ -771,45 +766,3 @@ message UpdateRoleRequest {
 message UpdateRoleResponse {
   github.com.akuity.kargo.api.rbac.v1alpha1.Role role = 1;
 }
-
-message ListAnalysisTemplateConfigMapsRequest {
-  string project = 1;
-}
-
-message ListAnalysisTemplateConfigMapsResponse {
-  repeated k8s.io.api.core.v1.ConfigMap config_maps = 1;
-}
-
-message GetAnalysisTemplateConfigMapRequest {
-  string project = 1;
-  string name = 2;
-  RawFormat format = 3;
-}
-
-message GetAnalysisTemplateConfigMapResponse {
-  oneof result {
-    k8s.io.api.core.v1.ConfigMap config_map = 1;
-    bytes raw = 2;
-  }
-}
-
-message ListAnalysisTemplateSecretsRequest {
-  string project = 1;
-}
-
-message ListAnalysisTemplateSecretsResponse {
-  repeated k8s.io.api.core.v1.Secret secrets = 1;
-}
-
-message GetAnalysisTemplateSecretRequest {
-  string project = 1;
-  string name = 2;
-  RawFormat format = 3;
-}
-
-message GetAnalysisTemplateSecretResponse {
-  oneof result {
-    k8s.io.api.core.v1.Secret secret = 1;
-    bytes raw = 2;
-  }
-}
diff --git a/api/v1alpha1/labels.go b/api/v1alpha1/labels.go
@@ -8,8 +8,13 @@ const (
 	CredentialTypeLabelValueGit   = "git"
 	CredentialTypeLabelValueHelm  = "helm"
 	CredentialTypeLabelValueImage = "image"
+	CredentialTypeLabelGeneric    = "generic"
 
 	// Project Secrets
+	// Deprecated: Use CredentialTypeLabelGeneric instead. This label should not
+	// be used and won't be documented, but will be supported short-term for
+	// backward compatibility.
+	// TODO(krancour): Remove for v1.4.0.
 	ProjectSecretLabelKey = "kargo.akuity.io/project-secret" // nolint: gosec
 
 	// Kargo core API
@@ -19,10 +24,6 @@ const (
 	ShardLabelKey             = "kargo.akuity.io/shard"
 	StageLabelKey             = "kargo.akuity.io/stage"
 
-	// AnalysisRunTemplate labels
-	AnalysisRunTemplateLabelKey         = "kargo.akuity.io/analysis-run-template"
-	AnalysisRunTemplateLabelValueConfig = "config"
-
 	LabelTrueValue = "true"
 
 	FinalizerName = "kargo.akuity.io/finalizer"

diff --git a/internal/api/create_project_secret_v1alpha1.go b/internal/api/create_project_secret_v1alpha1.go
@@ -81,7 +81,7 @@ func (s *server) projectSecretToK8sSecret(projSecret projectSecret) *corev1.Secr
 			Namespace: projSecret.project,
 			Name:      projSecret.name,
 			Labels: map[string]string{
-				kargoapi.ProjectSecretLabelKey: kargoapi.LabelTrueValue,
+				kargoapi.CredentialTypeLabelKey: kargoapi.CredentialTypeLabelGeneric,
 			},
 		},
 		Data: secretsData,

diff --git a/internal/api/delete_project_secret_v1alpha1.go b/internal/api/delete_project_secret_v1alpha1.go
@@ -46,15 +46,18 @@ func (s *server) DeleteProjectSecret(
 	); err != nil {
 		return nil, fmt.Errorf("get secret: %w", err)
 	}
-	if secret.Labels[kargoapi.ProjectSecretLabelKey] != kargoapi.LabelTrueValue {
+	// Check for either of the two possible labels (newer and legacy) that
+	// indicate the secret is a generic project secret.
+	if secret.Labels[kargoapi.CredentialTypeLabelKey] != kargoapi.CredentialTypeLabelGeneric &&
+		secret.Labels[kargoapi.ProjectSecretLabelKey] != kargoapi.LabelTrueValue { // Legacy
 		return nil, connect.NewError(
 			connect.CodeNotFound,
 			fmt.Errorf(
 				"secret %s/%s exists, but is not labeled with %s=%s",
 				secret.Namespace,
 				secret.Name,
-				kargoapi.ProjectSecretLabelKey,
-				kargoapi.LabelTrueValue,
+				kargoapi.CredentialTypeLabelKey,
+				kargoapi.CredentialTypeLabelGeneric,
 			),
 		)
 	}

diff --git a/internal/api/delete_project_secret_v1alpha1_test.go b/internal/api/delete_project_secret_v1alpha1_test.go
@@ -32,8 +32,27 @@ func TestDeleteProjectSecret(t *testing.T) {
 			NewInternalClient: func(_ context.Context, _ *rest.Config, s *runtime.Scheme) (client.Client, error) {
 				return fake.NewClientBuilder().
 					WithScheme(s).
-					WithObjects(mustNewObject[corev1.Namespace]("testdata/namespace.yaml")).
-					Build(), nil
+					WithObjects(
+						mustNewObject[corev1.Namespace]("testdata/namespace.yaml"),
+						&corev1.Secret{
+							ObjectMeta: metav1.ObjectMeta{
+								Namespace: "kargo-demo",
+								Name:      "secret-a",
+								Labels: map[string]string{
+									kargoapi.CredentialTypeLabelKey: kargoapi.CredentialTypeLabelGeneric,
+								},
+							},
+						},
+						&corev1.Secret{
+							ObjectMeta: metav1.ObjectMeta{
+								Namespace: "kargo-demo",
+								Name:      "secret-b",
+								Labels: map[string]string{
+									kargoapi.ProjectSecretLabelKey: kargoapi.LabelTrueValue, // Legacy label
+								},
+							},
+						},
+					).Build(), nil
 			},
 		},
 	)
@@ -45,27 +64,34 @@ func TestDeleteProjectSecret(t *testing.T) {
 		externalValidateProjectFn: validation.ValidateProject,
 	}
 
-	err = s.client.Create(
+	_, err = s.DeleteProjectSecret(
 		ctx,
-		&corev1.Secret{
-			ObjectMeta: metav1.ObjectMeta{
-				Namespace: "kargo-demo",
-				Name:      "secret",
-				Labels: map[string]string{
-					kargoapi.ProjectSecretLabelKey: kargoapi.LabelTrueValue,
-				},
+		connect.NewRequest(
+			&svcv1alpha1.DeleteProjectSecretRequest{
+				Project: "kargo-demo",
+				Name:    "secret-a",
 			},
-		},
+		),
 	)
 	require.NoError(t, err)
 
 	secret := corev1.Secret{}
+	err = s.client.Get(
+		ctx,
+		types.NamespacedName{
+			Namespace: "kargo-demo",
+			Name:      "secret-a",
+		},
+		&secret,
+	)
+	require.Error(t, err)
+
 	_, err = s.DeleteProjectSecret(
 		ctx,
 		connect.NewRequest(
 			&svcv1alpha1.DeleteProjectSecretRequest{
 				Project: "kargo-demo",
-				Name:    "secret",
+				Name:    "secret-b", // Has the legacy label
 			},
 		),
 	)
@@ -75,9 +101,10 @@ func TestDeleteProjectSecret(t *testing.T) {
 		ctx,
 		types.NamespacedName{
 			Namespace: "kargo-demo",
-			Name:      "secret",
+			Name:      "secret-b",
 		},
 		&secret,
 	)
 	require.Error(t, err)
+
 }
diff --git a/internal/api/get_analysis_template_config_map_v1alpha1.go b/internal/api/get_analysis_template_config_map_v1alpha1.go
diff --git a/internal/api/get_analysis_template_secret_v1alpha1.go b/internal/api/get_analysis_template_secret_v1alpha1.go