XML

Word

Printable

Type: Story
Resolution: Done
Priority: Critical
Fix Version/s: Primaza 0.1
Affects Version/s: None
Component/s: Service Binding
Labels:
None

Story Points:
3
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Register Primaza Services
Testing Instructions:

Hide
Feature: ServicesClasses can extract RegisteredService from resource-linked secrets

    Background:
        Given Primaza Cluster "main" is running
        And Worker Cluster "worker" for ClusterEnvironment "worker" is running
        And Clusters "main" and "worker" can communicate
        And On Worker Cluster "worker", service namespace "services" for ClusterEnvironment "worker" exists
        And On Worker Cluster "worker", Primaza Service Agent is deployed into namespace "services"
        And Resource "backend_crd.yaml" is installed on worker cluster "worker" in namespace "services"
        And On Primaza Cluster "main", Resource is created
            """
            apiVersion: rbac.authorization.k8s.io/v1
            kind: RoleBinding
            metadata:
                name: primaza:reporter-svc-worker-services
                namespace: primaza-system
            roleRef:
                apiGroup: rbac.authorization.k8s.io
                kind: Role
                name: primaza-reporter
            subjects:
            - kind: ServiceAccount
              name: primaza-svc-worker-services
            """

    Scenario: A Service Class creates Registered Services as specified
        Given On Worker Cluster "worker", Resource is created
            """
            apiVersion: stable.example.com/v1
            kind: Backend
            metadata:
                name: $scenario_id
                namespace: services
            spec:
                fromSecret:
                - secretName: $scenario_id-sec
                  secretKey: internal-host
            ---
            apiVersion: v1
            kind: Secret
            metadata:
                name: $scenario_id-sec
                namespace: services
            stringData:
                internal-host: internal.db.stable.example.com
            """
        When On Worker Cluster "worker", Resource is created
            """
            apiVersion: primaza.io/v1alpha1
            kind: ServiceClass
            metadata:
                name: $scenario_id-serviceclass
                namespace: services
            spec:
                constraints: {}
                resource:
                    apiVersion: stable.example.com/v1
                    kind: Backend
                    serviceEndpointDefinitionMappings:
                        secretRefFields:
                        - name: host
                          secretName: .spec.fromSecret[0].secretName
                          secretKey: .spec.fromSecret[0].secretKey
                serviceClassIdentity:
                  - name: type
                    value: backend
                  - name: provider
                    value: stable.example.com
                  - name: version
                    value: v1
            """
        Then The resource registeredservices.primaza.io/$scenario_id:primaza-system is available in cluster "main"
        And jsonpath ".spec.serviceEndpointDefinition[0]" on "registeredservices.primaza.io/$scenario_id:primaza-system" in cluster main is "{"name": "host", "valueFromSecret": {"key": "host", "name": "$scenario_id-descriptor"}}"
        And The resource secrets/$scenario_id-descriptor:primaza-system is available in cluster "main"
        And jsonpath ".data.host" on "secrets/$scenario_id-descriptor:primaza-system" in cluster main is ""aW50ZXJuYWwuZGIuc3RhYmxlLmV4YW1wbGUuY29t""

Show
Feature: ServicesClasses can extract RegisteredService from resource-linked secrets     Background:         Given Primaza Cluster "main" is running         And Worker Cluster "worker" for ClusterEnvironment "worker" is running         And Clusters "main" and "worker" can communicate         And On Worker Cluster "worker", service namespace "services" for ClusterEnvironment "worker" exists         And On Worker Cluster "worker", Primaza Service Agent is deployed into namespace "services"         And Resource "backend_crd.yaml" is installed on worker cluster "worker" in namespace "services"         And On Primaza Cluster "main", Resource is created             """             apiVersion: rbac.authorization.k8s.io/v1             kind: RoleBinding             metadata:                 name: primaza:reporter-svc-worker-services                 namespace: primaza-system             roleRef:                 apiGroup: rbac.authorization.k8s.io                 kind: Role                 name: primaza-reporter             subjects:             - kind: ServiceAccount               name: primaza-svc-worker-services             """     Scenario: A Service Class creates Registered Services as specified         Given On Worker Cluster "worker", Resource is created             """             apiVersion: stable.example.com/v1             kind: Backend             metadata:                 name: $scenario_id                 namespace: services             spec:                 fromSecret:                 - secretName: $scenario_id-sec                   secretKey: internal-host             ---             apiVersion: v1             kind: Secret             metadata:                 name: $scenario_id-sec                 namespace: services             stringData:                 internal-host: internal.db.stable.example.com             """         When On Worker Cluster "worker", Resource is created             """             apiVersion: primaza.io/v1alpha1             kind: ServiceClass             metadata:                 name: $scenario_id-serviceclass                 namespace: services             spec:                 constraints: {}                 resource:                     apiVersion: stable.example.com/v1                     kind: Backend                     serviceEndpointDefinitionMappings:                         secretRefFields:                         - name: host                           secretName: .spec.fromSecret[0].secretName                           secretKey: .spec.fromSecret[0].secretKey                 serviceClassIdentity:                   - name: type                     value: backend                   - name: provider                     value: stable.example.com                   - name: version                     value: v1             """         Then The resource registeredservices.primaza.io/$scenario_id:primaza-system is available in cluster "main"         And jsonpath ".spec.serviceEndpointDefinition[0]" on "registeredservices.primaza.io/$scenario_id:primaza-system" in cluster main is "{"name": "host", "valueFromSecret": {"key": "host", "name": "$scenario_id-descriptor"}}"         And The resource secrets/$scenario_id-descriptor:primaza-system is available in cluster "main"         And jsonpath ".data.host" on "secrets/$scenario_id-descriptor:primaza-system" in cluster main is ""aW50ZXJuYWwuZGIuc3RhYmxlLmV4YW1wbGUuY29t""
Git Pull Request:
https://github.com/primaza/primaza/pull/142, https://github.com/primaza/primaza/pull/159
Intelligence Requested:
Market:

Sprint:
AppSvc Sprint 237

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Owner: Architect:

Francesco Ilario

Story (Required)

As a Primaza Developer,
I would like Primaza to extract data from secret's related to my deployment
so that I can extract secret data for a given service

Background (Required)

As defined in the Primaza architecture document, we need to build RegisteredService's Service Endpoint Deinition from Service specification and from linked secrets.

See epic for arch document link.

Glossary

See glossary in architecture document

Out of scope

In Scope

Secret's data extraction

Approach(Required)

Given the following service and secret:

apiVersion: stable.example.com/v1
kind: Backend
metadata: 
	name: backend
	namespace: services
spec: 
	fromSecret: 
	- secretName: backend-sec
	  secretKey: internal-host
---
apiVersion: v1
kind: Secret
metadata: 
	name: backend-sec
	namespace: services
stringData: 
	internal-host: internal.db.stable.example.com

we want to use the following ServiceClass for extracting the internal-host from the backend's secret:

apiVersion: primaza.io/v1alpha1
kind: ServiceClass
metadata: 
	name: demo
	namespace: services
spec: 
	constraints: {}
	resource: 
		apiVersion: stable.example.com/v1
		kind: Backend
		serviceEndpointDefinitionMappings: 
			secretRefFields: 
			- name: host
			  secretName: .spec.fromSecret[0].secretName
			  secretKey: .spec.fromSecret[0].secretKey
	serviceClassIdentity: 
	  - name: type
		value: backend

The data extracted from secrets MUST always be stored in another secret and never in RegisteredServices' specification.

The secretName and secretKey should be defined as JSONPath.

Demo requirements(Required)

Dependencies

Edge Case

BDD Tests

You can find BDD Test specification for this story in the "Testing Instruction" Field Tab or in the GitHub Issue linked to this story.
Click here for all BDD Tests Issues.

Acceptance Criteria

Development
ServiceClass controller fetches data from resource related secrets

QE
There are test cases for data fetched from resource related secrets

Docs
There is a section in our ServiceClass docs dedicated to explaining how data is fetched from a related Secret
Update architecture document with any changes while implementing

INVEST Checklist

Dependencies identified
Blockers noted and expected delivery timelines set
Design is implementable
Acceptance criteria agreed upon
Story estimated

Legend

Unknown
Verified
Unsatisfied

Assignee:: Andy Sadler

Reporter:: Francesco Ilario

Contributors:: Francesco Ilario

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2023/04/28 11:30 AM

Updated:: 2023/05/11 11:37 AM

Resolved:: 2023/05/11 11:37 AM

Details

Description