Skip to content

SecretsManager - support ignore flag to noop if already exists #2457

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-bot merged 1 commit into from
Jun 24, 2025
Merged

SecretsManager - support ignore flag to noop if already exists #2457

openshift-merge-bot merged 1 commit into from
Jun 24, 2025

Conversation

@ygalblum
Copy link
Contributor

@ygalblum ygalblum commented Jun 19, 2025
edited by sourcery-ai bot
Loading

Summary by Sourcery

Enhance SecretsManager.Store to support an ignore-if-exists flag with proper validation and add corresponding tests

New Features:

  • Add IgnoreIfExists option to skip storing when a secret already exists

Bug Fixes:

  • Prevent using IgnoreIfExists and Replace flags together

Enhancements:

  • Return existing secret ID when IgnoreIfExists is set

Tests:

  • Add tests for flag combination validation and ignore-if-exists behavior

@sourcery-ai
Copy link

sourcery-ai bot commented Jun 19, 2025
edited
Loading

Reviewer's Guide

Adds an IgnoreIfExists option to the SecretsManager.Store method, enforces mutual exclusivity with the existing Replace option, and updates Store logic to no-op when ignoring an already existing secret; test coverage is added for these scenarios.

Class diagram for updated StoreOptions and SecretsManager.Store

classDiagram
    class StoreOptions {
        map~string, string~ Labels
        bool Replace
        bool IgnoreIfExists
    }
    class SecretsManager {
        Store(name string, data []byte, driverType string, options StoreOptions) (string, error)
    }
    SecretsManager --> StoreOptions : uses
Loading

Flow diagram for SecretsManager.Store logic with IgnoreIfExists and Replace

flowchart TD
    A[Start Store] --> B{Data size valid?}
    B -- No --> Z[Return errDataSize]
    B -- Yes --> C{IgnoreIfExists && Replace?}
    C -- Yes --> Y[Return errIgnoreIfExistsAndReplace]
    C -- No --> D{Secret exists?}
    D -- No --> E[Create new Secret]
    D -- Yes --> F{Replace or IgnoreIfExists?}
    F -- No --> G[Return errSecretNameInUse]
    F -- IgnoreIfExists --> H[Return existing Secret ID]
    F -- Replace --> I[Update existing Secret]
    E --> J[Return new Secret ID]
    I --> J
    H --> J
    G --> J
    Y --> J
    Z --> J
Loading

File-Level Changes

Change Details Files
Introduce IgnoreIfExists flag and mutual-exclusion error
  • Define new errIgnoreIfExistsAndReplace
  • Add IgnoreIfExists field to StoreOptions
  • Check and reject when both IgnoreIfExists and Replace are set
 pkg/secrets/secrets.go
Implement no-op behavior for existing secrets when ignoring
  • Extend existing secret branch to return existing ID if IgnoreIfExists
  • Refine conflict condition to include IgnoreIfExists
 pkg/secrets/secrets.go
Add tests for IgnoreIfExists scenarios
  • Verify error when both Replace and IgnoreIfExists are true
  • Verify no error and return existing ID when only IgnoreIfExists is true
 pkg/secrets/secrets_test.go
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot approved these changes Jun 19, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @ygalblum - I've reviewed your changes and they look great!

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@ygalblum ygalblum force-pushed the secret-create-ignore branch from 5baf72d to e5e3f5e Compare June 19, 2025 17:17
@packit-as-a-service
Copy link

packit-as-a-service bot commented Jun 19, 2025

Ephemeral COPR build failed. @containers/packit-build please check.

1 similar comment
@packit-as-a-service
Copy link

packit-as-a-service bot commented Jun 19, 2025

Ephemeral COPR build failed. @containers/packit-build please check.

@ygalblum
Copy link
Contributor Author

ygalblum commented Jun 19, 2025

@Luap99 this is the PR to complement: containers/podman#26467

Luap99
Luap99 approved these changes Jun 19, 2025
View reviewed changes
Copy link
Member

@Luap99 Luap99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 19, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Luap99, sourcery-ai[bot], ygalblum

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ygalblum
Copy link
Contributor Author

ygalblum commented Jun 19, 2025

@contaers/maintainers PTAL

@ygalblum
Copy link
Contributor Author

ygalblum commented Jun 24, 2025

@containers/common-maintainers PTAL

@rhatdan
Copy link
Member

rhatdan commented Jun 24, 2025

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Jun 24, 2025
@openshift-merge-bot openshift-merge-bot bot merged commit 1bc9d17 into containers:main Jun 24, 2025
14 checks passed
@ygalblum ygalblum deleted the secret-create-ignore branch June 24, 2025 18:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Luap99 Luap99 Luap99 approved these changes

+1 more reviewer

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@rhatdan rhatdan

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ygalblum @rhatdan @Luap99