-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add support for updating the authentication information #82
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me. Left a few suggestions, nothing blocking
} | ||
a.mu.Lock() | ||
defer a.mu.Unlock() | ||
// check again if there is now a token |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not following the reason for this check-lock-check-again behavior? Is this intended or leftover from some refactor?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's intended. If two callers to fetchToken
come in at the same time, the first would get the lock, create the token, and release the lock, the second would then get the lock, create a new token, and release the lock. This prevents the second caller from recreating the token when the first caller already succeeded.
In the current configuration this could be replaced by a sync.Once
to prevent this, but tokens don't last forever and I'm unsure when a new one will need to be fetched. So the token
itself isn't immutable.
restartedAtValue := restartedAt.Format(time.RFC3339) | ||
|
||
// similar to how kubectl rollout restart works, patch in a restartedAt annotation. | ||
rawPatch := map[string]any{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Y
E
S
S
S
!
!
!
!
!
internal/cmd/local/k8s/client.go
Outdated
} | ||
|
||
// check every 10 seconds for up to 5 minutes to see if the pods have been restarted successfully | ||
err = wait.PollUntilContextTimeout(ctx, 5*time.Second, block, true, deploymentPods) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comment does not match the invocation (interval is 5 not 10). Also (nit): there may be a clearer than for this arg than block
if err != nil { | ||
return err | ||
} | ||
|
||
pterm.Success.Println(fmt.Sprintf("Getting your credentials: %s", secret.Name)) | ||
pterm.Info.Println(fmt.Sprintf("{\n \"password\": \"%s\",\n \"client-id\": \"%s\",\n \"client-secret\": \"%s\"\n}", secret.Data["instance-admin-password"], secret.Data["instance-admin-client-id"], secret.Data["instance-admin-client-secret"])) | ||
clientId := string(secret.Data[secretClientID]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NIT (iirc): I believe secret has a .StringData
property that would mean you don't need the cast.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From the docs
// stringData allows specifying non-binary secret data in string form.
// It is provided as a write-only input field for convenience.
// All keys and values are merged into the data field on write, overwriting any existing values.
// The stringData field is never output when reading from the API.
I don't think it is actually returned from the get/read call.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, makes sense I think the context where I used it was in some tests so I may have actually written to it myself
email
toabctl local credentials
responseabctl local credentials --password
to allow changing the default, auto-generated passwordabctl local credentials --email
to allow for changing the email address for authenticationk8s.Client
to be unit-testablek8s.Client
local credentials
telemetry data to no longer be tracked as an install