Add option to treat secrets as mutable #3164
Conversation
|
PR is now waiting for a maintainer to run the acceptance tests. |
MaienM
force-pushed
the
feature/enable-secret-mutable-flag
branch
from
9f88514
to
4deb10c
Compare
|
PR is now waiting for a maintainer to run the acceptance tests. |
|
/run-acceptance-tests |
|
Please view the PR build: https://github.com/pulumi/pulumi-kubernetes/actions/runs/10424850378 |
|
Thank you for the contribution! A couple test failures but looks reasonable overall. We'll review this as a team next week. |
MaienM
force-pushed
the
feature/enable-secret-mutable-flag
branch
from
4deb10c
to
30cc20b
Compare
|
PR is now waiting for a maintainer to run the acceptance tests. |
This does for `Secret`s what the existing `enableConfigMapMutable` flag does for `ConfigMap`s.
MaienM
force-pushed
the
feature/enable-secret-mutable-flag
branch
from
30cc20b
to
4001e00
Compare
|
PR is now waiting for a maintainer to run the acceptance tests. |
|
Fixed! One of those was some sloppy copy-pasting in the test itself, the other was an actual logic error that I introduced when I re-marked the |
|
PR is now waiting for a maintainer to run the acceptance tests. |
|
/run-acceptance-tests |
|
Please view the PR build: https://github.com/pulumi/pulumi-kubernetes/actions/runs/10459235903 |
provider/pkg/provider/diff.go
Outdated
| if clients.IsSecret(obj) && !k.enableSecretMutable { | ||
| props = append(props, properties{".type", ".stringData", ".data"}...) | ||
| } else if kindFields, kindExists := version[gvk.Kind]; kindExists { |
There was a problem hiding this comment.
There was a problem hiding this comment.
That makes sense, yeah, it's not like trying to treat it as mutable will even work in that case. The same applies to ConfigMaps though, right? I don't think those handle that either right now, that's what I based this code on after all.
I can make a change to handle that, should I also make the same change for ConfigMaps while I'm at it?
There was a problem hiding this comment.
I've made the change for this for both Secrets and ConfigMaps. I put the change for the ConfigMaps in a separate commit because I wasn't sure whether you wanted that one, so you can just get rid of that commit if you don't.
There was a problem hiding this comment.
@MaienM thank you again for the great contribution! I'm very happy this prompted us to uncover the immutable incompatibility and that you were able to fix it while you were in here. I added an E2E test case partly as a sanity check and party to cement the behavior we expect here.
So much has changed with Pulumi and k8s since this behavior was originally introduced that it would make much more sense IMO to make this the default behavior at some point in the future (#3179). I added a note to the changelog to that effect, since it's a potentially disruptive behavioral change.
After I merge this it will be available as a pre-release if you'd like to play around with it.
|
PR is now waiting for a maintainer to run the acceptance tests. |
|
PR is now waiting for a maintainer to run the acceptance tests. |
blampe
force-pushed
the
feature/enable-secret-mutable-flag
branch
from
5d5621e
to
9affcae
Compare
|
PR is now waiting for a maintainer to run the acceptance tests. |
blampe
force-pushed
the
feature/enable-secret-mutable-flag
branch
from
9affcae
to
278cc10
Compare
|
PR is now waiting for a maintainer to run the acceptance tests. |
|
/run-acceptance-tests |
|
Please view the PR build: https://github.com/pulumi/pulumi-kubernetes/actions/runs/10494552504 |
Proposed changes
This introduces the flag
enableSecretMutablewhich does forSecrets what the existingenableConfigMapMutableflag does forConfigMaps. See #1926 for the motivation for this flag. Changes to thetypefield will still trigger a replacement as this field is immutable.Related issues (optional)
Fixes #2291.
Fixes #3181.