Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bug-1737]: Check if CSM is Authorization Proxy Server by checking module name #893

Merged
merged 6 commits into from
Feb 14, 2025
Merged

[bug-1737]: Check if CSM is Authorization Proxy Server by checking module name #893

merged 6 commits into from
Feb 14, 2025
+172 −104

Conversation

atye
Copy link
Contributor

@atye atye commented Feb 6, 2025
edited
Loading

Description

When calculating state, the CSM name is checked to determine if the CSM is the Authorization Proxy Server or not. If the CSM name is not the default name, authorization, reconciling fails. Determining if the CSM is the Authorization Proxy Server or not should be be hardened by checking if a module name in the spec is authorization-proxy-server.

Changes:

  • Check if the CSM is the Authorization Proxy Server by checking the module name in the spec
  • Add missing deployment check for authorization-controller when checking Authorization status
  • go mod tidy in tests/e2e to make build pass in image scan action

GitHub Issues

List the GitHub issues impacted by this PR:

GitHub Issue #
dell/csm#1737

Checklist:

  • I have performed a self-review of my own code to ensure there are no formatting, vetting, linting, or security issues
  • I have verified that new and existing unit tests pass locally with my changes
  • I have not allowed coverage numbers to degenerate
  • I have maintained at least 90% code coverage
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • I have maintained backward compatibility
  • I have executed the relevant end-to-end test scenarios

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration

Updated and new unit tests. Installed Authorization using default and non-default names.

# kubectl -n csm-authorization get csm
NAME                CREATIONTIME   CSIDRIVERTYPE   CONFIGVERSION   STATE
csm-authorization   56s                                            Succeeded


# kubectl -n csm-authorization get csm
NAME            CREATIONTIME   CSIDRIVERTYPE   CONFIGVERSION   STATE
authorization   65s                                            Succeeded

@atye atye force-pushed the usr/atye/bug-1737-authorization-name branch from 399092a to b0d1fc3 Compare February 13, 2025 19:12
@atye atye force-pushed the usr/atye/bug-1737-authorization-name branch from c496393 to c13199e Compare February 13, 2025 19:23
donatwork
donatwork previously approved these changes Feb 13, 2025
View reviewed changes
ChristianAtDell
ChristianAtDell reviewed Feb 13, 2025
View reviewed changes
pkg/utils/status.go
if instance.GetName() != "" && instance.GetName() != string(csmv1.Authorization) && instance.GetName() != string(csmv1.ApplicationMobility) {
if instance.GetName() != "" && !isAuthorizationProxyServer(instance) && instance.GetName() != string(csmv1.ApplicationMobility) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you explain this change? Does the authorization proxy server only exist for auth v1?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instance.GetName() != string(csmv1.Authorization) checks if the Authorization CSM name is authorization. Assuming the user doesn't modify the default name in the sample, it'll work. If the user changes the CSM name, this check fails and reconciling will have issues.

A better check to determine if a CSM is the Authorization Server is to check the module name for authoriztion-proxy-server, which isAuthorizationProxyServer does.

alikdell
alikdell previously approved these changes Feb 13, 2025
View reviewed changes
@atye atye dismissed stale reviews from alikdell and donatwork via 7c60f2f February 14, 2025 13:30
@atye atye requested review from donatwork and alikdell February 14, 2025 13:59
@atye atye merged commit f70cff6 into main Feb 14, 2025
8 checks passed
@atye atye deleted the usr/atye/bug-1737-authorization-name branch February 14, 2025 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@donatwork donatwork donatwork approved these changes

@alexemc alexemc alexemc approved these changes

@ChristianAtDell ChristianAtDell ChristianAtDell approved these changes

@abhi16394 abhi16394 Awaiting requested review from abhi16394 abhi16394 is a code owner

@mbasha-dell mbasha-dell Awaiting requested review from mbasha-dell mbasha-dell is a code owner

@bharathsreekanth bharathsreekanth Awaiting requested review from bharathsreekanth

@chimanjain chimanjain Awaiting requested review from chimanjain chimanjain is a code owner

@coulof coulof Awaiting requested review from coulof coulof is a code owner

@Deepak-Ghivari Deepak-Ghivari Awaiting requested review from Deepak-Ghivari

@gallacher gallacher Awaiting requested review from gallacher

@gilltaran gilltaran Awaiting requested review from gilltaran

@harishp8889 harishp8889 Awaiting requested review from harishp8889 harishp8889 is a code owner

@HarishH-DELL HarishH-DELL Awaiting requested review from HarishH-DELL

@JacobGros JacobGros Awaiting requested review from JacobGros JacobGros is a code owner

@jooseppi-luna jooseppi-luna Awaiting requested review from jooseppi-luna

@karthikk92 karthikk92 Awaiting requested review from karthikk92 karthikk92 is a code owner

@kumarkgosa kumarkgosa Awaiting requested review from kumarkgosa kumarkgosa is a code owner

@bandak2 bandak2 Awaiting requested review from bandak2

@meggm meggm Awaiting requested review from meggm meggm is a code owner

@mgandharva mgandharva Awaiting requested review from mgandharva mgandharva is a code owner

@mjsdell mjsdell Awaiting requested review from mjsdell

@nitesh3108 nitesh3108 Awaiting requested review from nitesh3108 nitesh3108 is a code owner

@Prabhu-Dell Prabhu-Dell Awaiting requested review from Prabhu-Dell

@rajendraindukuri rajendraindukuri Awaiting requested review from rajendraindukuri rajendraindukuri is a code owner

@rajkumar-palani rajkumar-palani Awaiting requested review from rajkumar-palani

@shefali-malhotra shefali-malhotra Awaiting requested review from shefali-malhotra

@panigs7 panigs7 Awaiting requested review from panigs7

@tdawe tdawe Awaiting requested review from tdawe tdawe is a code owner

@shaynafinocchiaro shaynafinocchiaro Awaiting requested review from shaynafinocchiaro

@sharmilarama sharmilarama Awaiting requested review from sharmilarama

@shanmydell shanmydell Awaiting requested review from shanmydell

@AkshaySainiDell AkshaySainiDell Awaiting requested review from AkshaySainiDell AkshaySainiDell is a code owner

@EvgenyUglov EvgenyUglov Awaiting requested review from EvgenyUglov EvgenyUglov is a code owner

@falfaroc falfaroc Awaiting requested review from falfaroc falfaroc is a code owner

@rishabhatdell rishabhatdell Awaiting requested review from rishabhatdell rishabhatdell is a code owner

@alikdell alikdell Awaiting requested review from alikdell

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@atye @donatwork @alexemc @alikdell @ChristianAtDell