CNTRLPLANE-3237:: pkg/operator/encryption/kms: cleanup#2221
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@p0lyn0mial: This pull request references CNTRLPLANE-3237 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set. DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
Bot
added
the
approved
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (5)
💤 Files with no reviewable changes (2)
WalkthroughThe PR relocates KMS plugin Secret data key derivation and validation logic from the shared ChangesKMS Plugin Key Derivation Refactoring
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 10 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (10 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
@p0lyn0mial: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
| } | ||
| secret := &corev1.Secret{Data: data} | ||
| _, err := encryptiondata.FromSecret(secret) | ||
| if tt.wantError && err == nil { |
There was a problem hiding this comment.
should we unify whether we use github.com/stretchr/testify/require in library-go unit tests? Right now it's a mix of require and manual if/t.Fatal checks
| tt.keyID: {}, | ||
| }, | ||
| } | ||
| _, err := encryptiondata.ToSecret("ns", "name", cfg) |
There was a problem hiding this comment.
IIUC, the idea of this new test is to test toPluginConfigSecretDataKeyFor via ToSecret. In general I think it's better to unit test the function directly because then you can check exactly what it produces for a given input. For example, the old test verified that for a given key 42, the function would produce a data key kms-plugin-config-42, but now it only checks that the function didn't return any errors.
to test toPluginConfigSecretDataKeyFor we'd need to change the package directive in this file to encryptiondata though (it's currently encryptiondata_test)
There was a problem hiding this comment.
yes, we could create a new test file which would be in the same pkg as the production code to test the priv methods. then we could just move the prev tests. wdty ?
| data := baseSecret(t) | ||
| for k, v := range tt.extraKeys { | ||
| data[k] = v | ||
| } |
There was a problem hiding this comment.
nit: maps.Copy(data, tt.extraKeys)
|
Changes look good to me. Comments from @bertinatto make sense. |
|
Comments are all about test changes. I think, those can be handled separately. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ardaguclu, p0lyn0mial The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/hold I think I will move the tests to a private file. |
openshift-ci
Bot
added
the
do-not-merge/hold
4 participants
Summary by CodeRabbit
Bug Fixes
Tests