Remove Secret handling from kubernetes-config extension

This is done because we don't (yet) have a good way to create the proper ClusterRole (see: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#clusterrole-example) so in any cluster that has RBAC enabled, an application that uses secrets with this extension will fail unless the user performs additional actions
Ladicek · Apr 17, 2020 · 0c71c47 · 0c71c47
1 parent 6b662e8
commit 0c71c47
Show file tree

Hide file tree

Showing 8 changed files with 2 additions and 373 deletions.
diff --git a/...time/src/main/java/io/quarkus/kubernetes/client/runtime/KubernetesConfigSourceConfig.java b/...time/src/main/java/io/quarkus/kubernetes/client/runtime/KubernetesConfigSourceConfig.java
@@ -28,10 +28,4 @@ public class KubernetesConfigSourceConfig {
     @ConfigItem
     public Optional<List<String>> configMaps;
 
-    /**
-     * Secrets to look for in the namespace that the Kubernetes Client has been configured for
-     */
-    @ConfigItem
-    public Optional<List<String>> secrets;
-
 }
diff --git a/...me/src/main/java/io/quarkus/kubernetes/client/runtime/KubernetesConfigSourceProvider.java b/...me/src/main/java/io/quarkus/kubernetes/client/runtime/KubernetesConfigSourceProvider.java
@@ -9,7 +9,6 @@
 import org.jboss.logging.Logger;
 
 import io.fabric8.kubernetes.api.model.ConfigMap;
-import io.fabric8.kubernetes.api.model.Secret;
 import io.fabric8.kubernetes.client.KubernetesClient;
 
 class KubernetesConfigSourceProvider implements ConfigSourceProvider {
@@ -20,30 +19,25 @@ class KubernetesConfigSourceProvider implements ConfigSourceProvider {
     private final KubernetesClient client;
 
     private final ConfigMapConfigSourceUtil configMapConfigSourceUtil;
-    private final SecretConfigSourceUtil secretConfigSourceUtil;
 
     public KubernetesConfigSourceProvider(KubernetesConfigSourceConfig config, KubernetesClient client) {
         this.config = config;
         this.client = client;
 
         this.configMapConfigSourceUtil = new ConfigMapConfigSourceUtil();
-        this.secretConfigSourceUtil = new SecretConfigSourceUtil();
     }
 
     @Override
     public Iterable<ConfigSource> getConfigSources(ClassLoader forClassLoader) {
-        if (!config.configMaps.isPresent() && !config.secrets.isPresent()) {
-            log.debug("No ConfigMaps or Secrets were configured for config source lookup");
+        if (!config.configMaps.isPresent()) {
+            log.debug("No ConfigMaps were configured for config source lookup");
             return Collections.emptyList();
         }
 
         List<ConfigSource> result = new ArrayList<>();
         if (config.configMaps.isPresent()) {
             result.addAll(getConfigMapConfigSources(config.configMaps.get()));
         }
-        if (config.secrets.isPresent()) {
-            result.addAll(getSecretConfigSources(config.secrets.get()));
-        }
         return result;
     }
 
@@ -73,31 +67,6 @@ private List<ConfigSource> getConfigMapConfigSources(List<String> configMapNames
         }
     }
 
-    private List<ConfigSource> getSecretConfigSources(List<String> secretNames) {
-        List<ConfigSource> result = new ArrayList<>(secretNames.size());
-
-        try {
-            for (String secretName : secretNames) {
-                if (log.isDebugEnabled()) {
-                    log.debug("Attempting to read Secret " + secretName);
-                }
-                Secret secret = client.secrets().withName(secretName).get();
-                if (secret == null) {
-                    logMissingOrFail(secretName, client.getNamespace(), "Secret", config.failOnMissingConfig);
-                } else {
-                    result.addAll(secretConfigSourceUtil.toConfigSources(secret.getMetadata().getName(), secret.getData()));
-                    if (log.isDebugEnabled()) {
-                        log.debug("Done reading Secret " + secret);
-                    }
-                }
-            }
-            return result;
-        } catch (Exception e) {
-            throw new RuntimeException("Unable to obtain configuration for Secret objects for Kubernetes API Server at: "
-                    + client.getConfiguration().getMasterUrl(), e);
-        }
-    }
-
     private void logMissingOrFail(String name, String namespace, String type, boolean failOnMissingConfig) {
         String message = type + " '" + name + "' not found";
         if (namespace == null) {

diff --git a/...ig/runtime/src/main/java/io/quarkus/kubernetes/client/runtime/SecretConfigSourceUtil.java b/...ig/runtime/src/main/java/io/quarkus/kubernetes/client/runtime/SecretConfigSourceUtil.java
diff --git a/...untime/src/test/java/io/quarkus/kubernetes/client/runtime/SecretConfigSourceUtilTest.java b/...untime/src/test/java/io/quarkus/kubernetes/client/runtime/SecretConfigSourceUtilTest.java
diff --git a/...sts/kubernetes-client/src/main/java/io/quarkus/it/kubernetes/client/SecretProperties.java b/...sts/kubernetes-client/src/main/java/io/quarkus/it/kubernetes/client/SecretProperties.java