Skip to content

Commit 18f345b

Browse files
author
Jan Roehrich
committed
implemented some of modulitos' review proposals
1 parent fe74545 commit 18f345b

File tree

4 files changed

+16
-19
lines changed

4 files changed

+16
-19
lines changed

pkg/cache/cache.go

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -59,9 +59,8 @@ type Response struct {
5959
Audience string
6060
UseRegionalSTS bool
6161
TokenExpiration int64
62-
FoundInSACache bool
63-
FoundInCMCache bool
64-
Notifier chan struct{}
62+
FoundInCache bool
63+
Notifier <-chan struct{}
6564
}
6665

6766
type ServiceAccountCache interface {
@@ -123,7 +122,7 @@ func (c *serviceAccountCache) Get(req Request) Response {
123122
var entry *Entry
124123
entry, result.Notifier = c.getSA(req)
125124
if entry != nil {
126-
result.FoundInSACache = true
125+
result.FoundInCache = true
127126
}
128127
if entry != nil && entry.RoleARN != "" {
129128
result.RoleARN = entry.RoleARN
@@ -136,7 +135,7 @@ func (c *serviceAccountCache) Get(req Request) Response {
136135
{
137136
entry := c.getCM(req.Name, req.Namespace)
138137
if entry != nil {
139-
result.FoundInCMCache = true
138+
result.FoundInCache = true
140139
result.RoleARN = entry.RoleARN
141140
result.Audience = entry.Audience
142141
result.UseRegionalSTS = entry.UseRegionalSTS

pkg/cache/cache_test.go

Lines changed: 9 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -39,8 +39,7 @@ func TestSaCache(t *testing.T) {
3939

4040
resp := cache.Get(Request{Name: "default", Namespace: "default"})
4141

42-
assert.False(t, resp.FoundInCMCache, "Expected no cache entry to be found")
43-
assert.False(t, resp.FoundInSACache, "Expected no cache entry to be found")
42+
assert.False(t, resp.FoundInCache, "Expected no cache entry to be found")
4443
if resp.RoleARN != "" || resp.Audience != "" {
4544
t.Errorf("Expected role and aud to be empty, got %v", resp)
4645
}
@@ -49,7 +48,7 @@ func TestSaCache(t *testing.T) {
4948

5049
resp = cache.Get(Request{Name: "default", Namespace: "default"})
5150

52-
assert.True(t, resp.FoundInSACache, "Expected cache entry to be found")
51+
assert.True(t, resp.FoundInCache, "Expected cache entry to be found")
5352
assert.Equal(t, roleArn, resp.RoleARN, "Expected role to be %s, got %s", roleArn, resp.RoleARN)
5453
assert.Equal(t, "sts.amazonaws.com", resp.Audience, "Expected aud to be sts.amzonaws.com, got %s", resp.Audience)
5554
assert.True(t, resp.UseRegionalSTS, "Expected regional STS to be true, got false")
@@ -77,8 +76,7 @@ func TestNotification(t *testing.T) {
7776

7877
// test that the requested SA is not in the cache
7978
resp := cache.Get(reqWithoutNotification)
80-
assert.False(t, resp.FoundInSACache, "Expected no cache entry to be found in SA cache")
81-
assert.False(t, resp.FoundInCMCache, "Expected no cache entry to be found in CM cache")
79+
assert.False(t, resp.FoundInCache, "Expected no cache entry to be found in cache")
8280

8381
// fetch with notification
8482
resp = cache.Get(reqWithNotification)
@@ -100,7 +98,7 @@ func TestNotification(t *testing.T) {
10098
// expected
10199
// test that the requested SA is now in the cache
102100
resp := cache.Get(reqWithoutNotification)
103-
assert.True(t, resp.FoundInSACache, "Expected cache entry to be found in SA cache")
101+
assert.True(t, resp.FoundInCache, "Expected cache entry to be found in cache")
104102
case <-time.After(1 * time.Second):
105103
t.Fatal("timeout waiting for notification")
106104
}
@@ -115,8 +113,7 @@ func TestNotification(t *testing.T) {
115113

116114
// test that the requested SA is not in the cache
117115
resp := cache.Get(reqWithoutNotification)
118-
assert.False(t, resp.FoundInSACache, "Expected no cache entry to be found in SA cache")
119-
assert.False(t, resp.FoundInCMCache, "Expected no cache entry to be found in CM cache")
116+
assert.False(t, resp.FoundInCache, "Expected no cache entry to be found in cache")
120117

121118
// fetch with notification
122119
resp = cache.Get(reqWithNotification)
@@ -126,17 +123,18 @@ func TestNotification(t *testing.T) {
126123
for i := 0; i < 10; i++ {
127124
wg.Add(1)
128125
go func() {
126+
defer wg.Done()
127+
129128
// wait for the notification
130129
select {
131130
case <-resp.Notifier:
132131
// expected
133132
// test that the requested SA is now in the cache
134133
resp := cache.Get(reqWithoutNotification)
135-
assert.True(t, resp.FoundInSACache, "Expected cache entry to be found in SA cache")
134+
assert.True(t, resp.FoundInCache, "Expected cache entry to be found in cache")
136135
case <-time.After(1 * time.Second):
137136
t.Error("timeout waiting for notification")
138137
}
139-
wg.Done()
140138
}()
141139
}
142140

@@ -261,7 +259,7 @@ func TestNonRegionalSTS(t *testing.T) {
261259
}
262260

263261
resp := cache.Get(Request{Name: "default", Namespace: "default"})
264-
assert.True(t, resp.FoundInSACache, "Expected cache entry to be found")
262+
assert.True(t, resp.FoundInCache, "Expected cache entry to be found")
265263
if resp.RoleARN != roleArn {
266264
t.Errorf("got roleArn %v, expected %v", resp.RoleARN, roleArn)
267265
}

pkg/cache/fake.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ func (f *FakeServiceAccountCache) Get(req Request) Response {
5656
Audience: resp.Audience,
5757
UseRegionalSTS: resp.UseRegionalSTS,
5858
TokenExpiration: resp.TokenExpiration,
59-
FoundInSACache: true,
59+
FoundInCache: true,
6060
}
6161
}
6262

pkg/handler/handler.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -435,12 +435,12 @@ func (m *Modifier) buildPodPatchConfig(pod *corev1.Pod) *podPatchConfig {
435435
// Use the STS WebIdentity method if set
436436
request := cache.Request{Namespace: pod.Namespace, Name: pod.Spec.ServiceAccountName}
437437
response := m.Cache.Get(request.WithNotification())
438-
if !response.FoundInSACache && !response.FoundInCMCache && m.saLookupGraceTime > 0 {
438+
if !response.FoundInCache && m.saLookupGraceTime > 0 {
439439
klog.Warningf("Service account %s not found in the cache. Waiting up to %s to be notified", request.CacheKey(), m.saLookupGraceTime)
440440
select {
441441
case <-response.Notifier:
442442
response = m.Cache.Get(request)
443-
if !response.FoundInSACache && !response.FoundInCMCache {
443+
if !response.FoundInCache {
444444
klog.Warningf("Service account %s not found in the cache after being notified. Not mutating.", request.CacheKey())
445445
return nil
446446
}

0 commit comments

Comments
 (0)