Skip to content

SSCSI-245: Rename rotationPollIntervalSeconds to minimumRefreshAge #2906

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
chiragkyal wants to merge 1 commit into
base: master
Choose a base branch
from
+127 −71
Open

SSCSI-245: Rename rotationPollIntervalSeconds to minimumRefreshAge #2906

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions openapi/generated_openapi/zz_generated.openapi.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 11 additions & 11 deletions operator/v1/tests/clustercsidrivers.operator.openshift.io/AAA_ungated.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ tests:
secretRotation:
type: Custom
custom:
rotationPollIntervalSeconds: 300
minimumRefreshAge: 300
expectedError: "Invalid value: \"object\": secretsStore must be set if driverType is 'SecretsStore', but remain unset otherwise"
- name: Should reject secrets-store name with non-SecretsStore driverType
initial: |
Expand All @@ -87,7 +87,7 @@ tests:
secretRotation:
type: Custom
custom:
rotationPollIntervalSeconds: 300
minimumRefreshAge: 300
expectedError: "driverType 'SecretsStore' requires metadata.name 'secrets-store.csi.k8s.io'"
- name: Should allow secrets-store name without driverType for backward compatibility
initial: |
Expand Down Expand Up @@ -214,7 +214,7 @@ tests:
secretRotation:
type: Custom
custom:
rotationPollIntervalSeconds: 300
minimumRefreshAge: 300
tokenRequests:
type: Managed
managed:
Expand All @@ -236,7 +236,7 @@ tests:
secretRotation:
type: Custom
custom:
rotationPollIntervalSeconds: 300
minimumRefreshAge: 300
tokenRequests:
type: Managed
managed:
Expand Down Expand Up @@ -496,7 +496,7 @@ tests:
secretRotation:
type: Custom
expectedError: "custom must be set when type is 'Custom', and must not be set otherwise"
- name: Should reject rotationPollIntervalSeconds below 1
- name: Should reject minimumRefreshAge below 1
initial: |
apiVersion: operator.openshift.io/v1
kind: ClusterCSIDriver
Expand All @@ -509,9 +509,9 @@ tests:
secretRotation:
type: Custom
custom:
rotationPollIntervalSeconds: 0
expectedError: "spec.driverConfig.secretsStore.secretRotation.custom.rotationPollIntervalSeconds: Invalid value"
- name: Should reject rotationPollIntervalSeconds above 31560000
minimumRefreshAge: 0
expectedError: "spec.driverConfig.secretsStore.secretRotation.custom.minimumRefreshAge: Invalid value"
- name: Should reject minimumRefreshAge above 31560000
initial: |
apiVersion: operator.openshift.io/v1
kind: ClusterCSIDriver
Expand All @@ -524,8 +524,8 @@ tests:
secretRotation:
type: Custom
custom:
rotationPollIntervalSeconds: 31560001
expectedError: "spec.driverConfig.secretsStore.secretRotation.custom.rotationPollIntervalSeconds: Invalid value"
minimumRefreshAge: 31560001
expectedError: "spec.driverConfig.secretsStore.secretRotation.custom.minimumRefreshAge: Invalid value"
- name: Should reject Managed tokenRequests without managed field
initial: |
apiVersion: operator.openshift.io/v1
Expand Down Expand Up @@ -697,7 +697,7 @@ tests:
secretRotation:
type: Custom
custom:
rotationPollIntervalSeconds: 300
minimumRefreshAge: 300
expectedError: "tokenRequests type cannot be changed from Managed"
- name: Should allow changing tokenRequests type from Unmanaged to Managed
initial: |
Expand Down
12 changes: 8 additions & 4 deletions operator/v1/types_csi_cluster_driver.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -506,16 +506,20 @@ type SecretsStoreSecretRotation struct {
// CustomSecretRotation holds configuration for custom secret rotation behavior.
// +kubebuilder:validation:MinProperties=1
type CustomSecretRotation struct {
// rotationPollIntervalSeconds is the minimum time in seconds between secret
// rotation attempts. The driver skips provider calls if less than this interval
// has elapsed since the last successful rotation.
// minimumRefreshAge is the minimum time in seconds between secret
// rotation attempts. Each time kubelet calls NodePublishVolume, the driver
// checks whether this interval has elapsed since the last successful provider
// call. If it has, the driver contacts the secret provider to fetch the latest
// secret values and updates the mounted volume.
// Setting this value below the kubelet syncFrequency (default: 1 minute)
// has no additional effect on the actual rotation cadence.
// Must be at least 1 second and no more than 31560000 seconds (~1 year).
// When omitted, this means no opinion and the platform is left to choose a
// reasonable default, which is subject to change over time.
// +kubebuilder:validation:Minimum=1
// +kubebuilder:validation:Maximum=31560000
// +optional
RotationPollIntervalSeconds int32 `json:"rotationPollIntervalSeconds,omitempty"`
MinimumRefreshAge int32 `json:"minimumRefreshAge,omitempty"`
}

// SecretsStoreTokenRequest specifies a service account token audience configuration
Expand Down
12 changes: 8 additions & 4 deletions ..._generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-CustomNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,11 +278,15 @@ spec:
Only valid when type is "Custom".
minProperties: 1
properties:
rotationPollIntervalSeconds:
minimumRefreshAge:
description: |-
rotationPollIntervalSeconds is the minimum time in seconds between secret
rotation attempts. The driver skips provider calls if less than this interval
has elapsed since the last successful rotation.
minimumRefreshAge is the minimum time in seconds between secret
rotation attempts. Each time kubelet calls NodePublishVolume, the driver
checks whether this interval has elapsed since the last successful provider
call. If it has, the driver contacts the secret provider to fetch the latest
secret values and updates the mounted volume.
Setting this value below the kubelet syncFrequency (default: 1 minute)
has no additional effect on the actual rotation cadence.
Must be at least 1 second and no more than 31560000 seconds (~1 year).
When omitted, this means no opinion and the platform is left to choose a
reasonable default, which is subject to change over time.
Expand Down
12 changes: 8 additions & 4 deletions ...or/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-Default.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,11 +278,15 @@ spec:
Only valid when type is "Custom".
minProperties: 1
properties:
rotationPollIntervalSeconds:
minimumRefreshAge:
description: |-
rotationPollIntervalSeconds is the minimum time in seconds between secret
rotation attempts. The driver skips provider calls if less than this interval
has elapsed since the last successful rotation.
minimumRefreshAge is the minimum time in seconds between secret
rotation attempts. Each time kubelet calls NodePublishVolume, the driver
checks whether this interval has elapsed since the last successful provider
call. If it has, the driver contacts the secret provider to fetch the latest
secret values and updates the mounted volume.
Setting this value below the kubelet syncFrequency (default: 1 minute)
has no additional effect on the actual rotation cadence.
Must be at least 1 second and no more than 31560000 seconds (~1 year).
When omitted, this means no opinion and the platform is left to choose a
reasonable default, which is subject to change over time.
Expand Down
12 changes: 8 additions & 4 deletions ...erated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,11 +278,15 @@ spec:
Only valid when type is "Custom".
minProperties: 1
properties:
rotationPollIntervalSeconds:
minimumRefreshAge:
description: |-
rotationPollIntervalSeconds is the minimum time in seconds between secret
rotation attempts. The driver skips provider calls if less than this interval
has elapsed since the last successful rotation.
minimumRefreshAge is the minimum time in seconds between secret
rotation attempts. Each time kubelet calls NodePublishVolume, the driver
checks whether this interval has elapsed since the last successful provider
call. If it has, the driver contacts the secret provider to fetch the latest
secret values and updates the mounted volume.
Setting this value below the kubelet syncFrequency (default: 1 minute)
has no additional effect on the actual rotation cadence.
Must be at least 1 second and no more than 31560000 seconds (~1 year).
When omitted, this means no opinion and the platform is left to choose a
reasonable default, which is subject to change over time.
Expand Down
12 changes: 8 additions & 4 deletions operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-OKD.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,11 +278,15 @@ spec:
Only valid when type is "Custom".
minProperties: 1
properties:
rotationPollIntervalSeconds:
minimumRefreshAge:
description: |-
rotationPollIntervalSeconds is the minimum time in seconds between secret
rotation attempts. The driver skips provider calls if less than this interval
has elapsed since the last successful rotation.
minimumRefreshAge is the minimum time in seconds between secret
rotation attempts. Each time kubelet calls NodePublishVolume, the driver
checks whether this interval has elapsed since the last successful provider
call. If it has, the driver contacts the secret provider to fetch the latest
secret values and updates the mounted volume.
Setting this value below the kubelet syncFrequency (default: 1 minute)
has no additional effect on the actual rotation cadence.
Must be at least 1 second and no more than 31560000 seconds (~1 year).
When omitted, this means no opinion and the platform is left to choose a
reasonable default, which is subject to change over time.
Expand Down
12 changes: 8 additions & 4 deletions ...rated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,11 +278,15 @@ spec:
Only valid when type is "Custom".
minProperties: 1
properties:
rotationPollIntervalSeconds:
minimumRefreshAge:
description: |-
rotationPollIntervalSeconds is the minimum time in seconds between secret
rotation attempts. The driver skips provider calls if less than this interval
has elapsed since the last successful rotation.
minimumRefreshAge is the minimum time in seconds between secret
rotation attempts. Each time kubelet calls NodePublishVolume, the driver
checks whether this interval has elapsed since the last successful provider
call. If it has, the driver contacts the secret provider to fetch the latest
secret values and updates the mounted volume.
Setting this value below the kubelet syncFrequency (default: 1 minute)
has no additional effect on the actual rotation cadence.
Must be at least 1 second and no more than 31560000 seconds (~1 year).
When omitted, this means no opinion and the platform is left to choose a
reasonable default, which is subject to change over time.
Expand Down
12 changes: 8 additions & 4 deletions ...rated.featuregated-crd-manifests/clustercsidrivers.operator.openshift.io/AAA_ungated.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -258,11 +258,15 @@ spec:
Only valid when type is "Custom".
minProperties: 1
properties:
rotationPollIntervalSeconds:
minimumRefreshAge:
description: |-
rotationPollIntervalSeconds is the minimum time in seconds between secret
rotation attempts. The driver skips provider calls if less than this interval
has elapsed since the last successful rotation.
minimumRefreshAge is the minimum time in seconds between secret
rotation attempts. Each time kubelet calls NodePublishVolume, the driver
checks whether this interval has elapsed since the last successful provider
call. If it has, the driver contacts the secret provider to fetch the latest
secret values and updates the mounted volume.
Setting this value below the kubelet syncFrequency (default: 1 minute)
has no additional effect on the actual rotation cadence.
Must be at least 1 second and no more than 31560000 seconds (~1 year).
When omitted, this means no opinion and the platform is left to choose a
reasonable default, which is subject to change over time.
Expand Down
12 changes: 8 additions & 4 deletions ...d-manifests/clustercsidrivers.operator.openshift.io/AWSEuropeanSovereignCloudInstall.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -258,11 +258,15 @@ spec:
Only valid when type is "Custom".
minProperties: 1
properties:
rotationPollIntervalSeconds:
minimumRefreshAge:
description: |-
rotationPollIntervalSeconds is the minimum time in seconds between secret
rotation attempts. The driver skips provider calls if less than this interval
has elapsed since the last successful rotation.
minimumRefreshAge is the minimum time in seconds between secret
rotation attempts. Each time kubelet calls NodePublishVolume, the driver
checks whether this interval has elapsed since the last successful provider
call. If it has, the driver contacts the secret provider to fetch the latest
secret values and updates the mounted volume.
Setting this value below the kubelet syncFrequency (default: 1 minute)
has no additional effect on the actual rotation cadence.
Must be at least 1 second and no more than 31560000 seconds (~1 year).
When omitted, this means no opinion and the platform is left to choose a
reasonable default, which is subject to change over time.
Expand Down
12 changes: 8 additions & 4 deletions ...tercsidrivers.operator.openshift.io/VSphereConfigurableMaxAllowedBlockVolumesPerNode.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -254,11 +254,15 @@ spec:
Only valid when type is "Custom".
minProperties: 1
properties:
rotationPollIntervalSeconds:
minimumRefreshAge:
description: |-
rotationPollIntervalSeconds is the minimum time in seconds between secret
rotation attempts. The driver skips provider calls if less than this interval
has elapsed since the last successful rotation.
minimumRefreshAge is the minimum time in seconds between secret
rotation attempts. Each time kubelet calls NodePublishVolume, the driver
checks whether this interval has elapsed since the last successful provider
call. If it has, the driver contacts the secret provider to fetch the latest
secret values and updates the mounted volume.
Setting this value below the kubelet syncFrequency (default: 1 minute)
has no additional effect on the actual rotation cadence.
Must be at least 1 second and no more than 31560000 seconds (~1 year).
When omitted, this means no opinion and the platform is left to choose a
reasonable default, which is subject to change over time.
Expand Down
Loading