XML

Word

Printable

Type: Story
Resolution: Done
Priority: Critical
Fix Version/s: Primaza 0.1
Affects Version/s: None
Component/s: Service Binding
Labels:
None

Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
Register Primaza Services
Testing Instructions:
Hide

Feature: ServicesClasses can extract RegisteredService from resource-linked secrets

Background:
Given Primaza Cluster "main" is running
And Worker Cluster "worker" for ClusterEnvironment "worker" is running
And Clusters "main" and "worker" can communicate
And On Worker Cluster "worker", service namespace "services" for ClusterEnvironment "worker" exists
And On Worker Cluster "worker", Primaza Service Agent is deployed into namespace "services"
And Resource "backend_crd.yaml" is installed on worker cluster "worker" in namespace "services"
And On Primaza Cluster "main", Resource is created
"""
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: primaza:reporter-svc-worker-services
namespace: primaza-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: primaza-reporter
subjects:

kind: ServiceAccount
name: primaza-svc-worker-services
"""

Scenario: A Service Class creates Registered Services as specified
Given On Worker Cluster "worker", Resource is created
"""
apiVersion: stable.example.com/v1
kind: Backend
metadata:
name: $scenario_id
namespace: services
spec:
fromSecret:

secretName: $scenario_id-sec
secretKey: internal-host
—
apiVersion: v1
kind: Secret
metadata:
name: $scenario_id-sec
namespace: services
stringData:
internal-host: internal.db.stable.example.com
"""
When On Worker Cluster "worker", Resource is created
"""
apiVersion: primaza.io/v1alpha1
kind: ServiceClass
metadata:
name: $scenario_id-serviceclass
namespace: services
spec:
constraints: {}
resource:
apiVersion: stable.example.com/v1
kind: Backend
serviceEndpointDefinitionMappings:
secretRefFields:

name: host
secretName: .spec.fromSecret[0].secretName
secretKey: .spec.fromSecret[0].secretKey
serviceClassIdentity:

name: type
value: backend

name: provider
value: stable.example.com

name: version
value: v1
"""
Then The resource registeredservices.primaza.io/$scenario_id:primaza-system is available in cluster "main"
And jsonpath ".spec.serviceEndpointDefinition[0]" on "registeredservices.primaza.io/$scenario_id:primaza-system" in cluster main is "{"name": "host", "valueFromSecret": {"key": "host", "name": "$scenario_id-descriptor"}}"
And The resource secrets/$scenario_id-descriptor:primaza-system is available in cluster "main"
And jsonpath ".data.host" on "secrets/$scenario_id-descriptor:primaza-system" in cluster main is ""aW50ZXJuYWwuZGIuc3RhYmxlLmV4YW1wbGUuY29t""
Show
Feature: ServicesClasses can extract RegisteredService from resource-linked secrets Background: Given Primaza Cluster "main" is running And Worker Cluster "worker" for ClusterEnvironment "worker" is running And Clusters "main" and "worker" can communicate And On Worker Cluster "worker", service namespace "services" for ClusterEnvironment "worker" exists And On Worker Cluster "worker", Primaza Service Agent is deployed into namespace "services" And Resource "backend_crd.yaml" is installed on worker cluster "worker" in namespace "services" And On Primaza Cluster "main", Resource is created """ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: primaza:reporter-svc-worker-services namespace: primaza-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: primaza-reporter subjects: kind: ServiceAccount name: primaza-svc-worker-services """ Scenario: A Service Class creates Registered Services as specified Given On Worker Cluster "worker", Resource is created """ apiVersion: stable.example.com/v1 kind: Backend metadata: name: $scenario_id namespace: services spec: fromSecret: secretName: $scenario_id-sec secretKey: internal-host — apiVersion: v1 kind: Secret metadata: name: $scenario_id-sec namespace: services stringData: internal-host: internal.db.stable.example.com """ When On Worker Cluster "worker", Resource is created """ apiVersion: primaza.io/v1alpha1 kind: ServiceClass metadata: name: $scenario_id-serviceclass namespace: services spec: constraints: {} resource: apiVersion: stable.example.com/v1 kind: Backend serviceEndpointDefinitionMappings: secretRefFields: name: host secretName: .spec.fromSecret [0] .secretName secretKey: .spec.fromSecret [0] .secretKey serviceClassIdentity: name: type value: backend name: provider value: stable.example.com name: version value: v1 """ Then The resource registeredservices.primaza.io/$scenario_id:primaza-system is available in cluster "main" And jsonpath ".spec.serviceEndpointDefinition [0] " on "registeredservices.primaza.io/$scenario_id:primaza-system" in cluster main is "{"name": "host", "valueFromSecret": {"key": "host", "name": "$scenario_id-descriptor"}}" And The resource secrets/$scenario_id-descriptor:primaza-system is available in cluster "main" And jsonpath ".data.host" on "secrets/$scenario_id-descriptor:primaza-system" in cluster main is ""aW50ZXJuYWwuZGIuc3RhYmxlLmV4YW1wbGUuY29t""
Git Pull Request:
https://github.com/primaza/primaza/pull/142, https://github.com/primaza/primaza/pull/159
Intelligence Requested:
Market:

Sprint:
AppSvc Sprint 237

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Owner: Architect:

Francesco Ilario

Story (Required)

As a Primaza Developer,
I would like Primaza to extract data from secret's related to my deployment
so that I can extract secret data for a given service

Background (Required)

As defined in the Primaza architecture document, we need to build RegisteredService's Service Endpoint Deinition from Service specification and from linked secrets.

See epic for arch document link.

Glossary

See glossary in architecture document

Out of scope

In Scope

Secret's data extraction

Approach(Required)

Given the following service and secret:

apiVersion: stable.example.com/v1
kind: Backend
metadata: 
	name: backend
	namespace: services
spec: 
	fromSecret: 
	- secretName: backend-sec
	  secretKey: internal-host
---
apiVersion: v1
kind: Secret
metadata: 
	name: backend-sec
	namespace: services
stringData: 
	internal-host: internal.db.stable.example.com

we want to use the following ServiceClass for extracting the internal-host from the backend's secret:

apiVersion: primaza.io/v1alpha1
kind: ServiceClass
metadata: 
	name: demo
	namespace: services
spec: 
	constraints: {}
	resource: 
		apiVersion: stable.example.com/v1
		kind: Backend
		serviceEndpointDefinitionMappings: 
			secretRefFields: 
			- name: host
			  secretName: .spec.fromSecret[0].secretName
			  secretKey: .spec.fromSecret[0].secretKey
	serviceClassIdentity: 
	  - name: type
		value: backend

The data extracted from secrets MUST always be stored in another secret and never in RegisteredServices' specification.

The secretName and secretKey should be defined as JSONPath.

Demo requirements(Required)

Dependencies

Edge Case

BDD Tests

You can find BDD Test specification for this story in the "Testing Instruction" Field Tab or in the GitHub Issue linked to this story.
Click here for all BDD Tests Issues.

Acceptance Criteria

Development
ServiceClass controller fetches data from resource related secrets

QE
There are test cases for data fetched from resource related secrets

Docs
There is a section in our ServiceClass docs dedicated to explaining how data is fetched from a related Secret
Update architecture document with any changes while implementing

INVEST Checklist

Dependencies identified
Blockers noted and expected delivery timelines set
Design is implementable
Acceptance criteria agreed upon
Story estimated

Legend

Unknown
Verified
Unsatisfied

Assignee:: Andy Sadler

Reporter:: Francesco Ilario

Contributors:: Francesco Ilario

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2023/04/28 11:30 AM

Updated:: 2023/05/11 11:37 AM

Resolved:: 2023/05/11 11:37 AM

Details

Description