PR Feedback #1

Author: grolu

frontend/__tests__/composables/__snapshots__/useShootDns.spec.js.snap

@@ -23,7 +23,7 @@ exports[`composables > useShootDns > should add extension custom domain dns prov
         "kind": "DNSConfig",
         "providers": [
           {
-            "credentials": "shoot-dns-service-bar",
+            "credentials": "shoot-dns-service-s-bar",
             "domains": {
               "include": [
                 "example.org",
@@ -39,7 +39,7 @@ exports[`composables > useShootDns > should add extension custom domain dns prov
   ],
   "resources": [
     {
-      "name": "shoot-dns-service-bar",
+      "name": "shoot-dns-service-s-bar",
       "resourceRef": {
         "apiVersion": "v1",
         "kind": "Secret",
@@ -62,7 +62,7 @@ exports[`composables > useShootDns > should add extension dns providers 1`] = `
         "kind": "DNSConfig",
         "providers": [
           {
-            "credentials": "shoot-dns-service-aws-route53-secret",
+            "credentials": "shoot-dns-service-s-aws-route53-secret",
             "type": "aws-route53",
           },
         ],
@@ -73,7 +73,7 @@ exports[`composables > useShootDns > should add extension dns providers 1`] = `
   ],
   "resources": [
     {
-      "name": "shoot-dns-service-aws-route53-secret",
+      "name": "shoot-dns-service-s-aws-route53-secret",
       "resourceRef": {
         "apiVersion": "v1",
         "kind": "Secret",
@@ -141,7 +141,7 @@ exports[`composables > useShootDns > should delete extension dns providers > two
         "kind": "DNSConfig",
         "providers": [
           {
-            "credentials": "shoot-dns-service-aws-route53-secret",
+            "credentials": "shoot-dns-service-s-aws-route53-secret",
             "type": "aws-route53",
           },
           {
@@ -156,7 +156,7 @@ exports[`composables > useShootDns > should delete extension dns providers > two
   ],
   "resources": [
     {
-      "name": "shoot-dns-service-aws-route53-secret",
+      "name": "shoot-dns-service-s-aws-route53-secret",
       "resourceRef": {
         "apiVersion": "v1",
         "kind": "Secret",
@@ -176,7 +176,7 @@ exports[`composables > useShootDns > should fallback to provider credentialsRef
         "kind": "DNSConfig",
         "providers": [
           {
-            "credentials": "shoot-dns-service-bar",
+            "credentials": "shoot-dns-service-s-bar",
             "type": "foo",
           },
         ],
@@ -187,7 +187,7 @@ exports[`composables > useShootDns > should fallback to provider credentialsRef
   ],
   "resources": [
     {
-      "name": "shoot-dns-service-bar",
+      "name": "shoot-dns-service-s-bar",
       "resourceRef": {
         "apiVersion": "v1",
         "kind": "Secret",

frontend/__tests__/composables/useShootDns.spec.js

@@ -17,6 +17,8 @@ import { useCredentialStore } from '@/store/credential'
 
 import { useShootDns } from '@/composables/useShootDns'
 
+import cloneDeep from 'lodash/cloneDeep'
+
 describe('composables', () => {
   describe('useShootDns', () => {
     const manifest = reactive({})
@@ -284,5 +286,86 @@ describe('composables', () => {
 
       expect(manifest.spec).toMatchSnapshot()
     })
+
+    it('should generate distinct dns service resources for same-name credentials with different kinds', () => {
+      const credentialStore = useCredentialStore()
+      const credentials = cloneDeep(global.fixtures.credentials)
+      credentials.secrets.push({
+        apiVersion: 'v1',
+        kind: 'Secret',
+        metadata: {
+          namespace: 'garden-test',
+          name: 'shared-name',
+          uid: 'secret-shared-name-uid',
+          labels: {
+            'dashboard.gardener.cloud/dnsProviderType': 'aws-route53',
+          },
+        },
+      })
+      credentials.workloadIdentities.push({
+        apiVersion: 'security.gardener.cloud/v1alpha1',
+        kind: 'WorkloadIdentity',
+        metadata: {
+          namespace: 'garden-test',
+          name: 'shared-name',
+          uid: 'wlid-shared-name-uid',
+          labels: {
+            'provider.extensions.gardener.cloud/aws-route53': 'true',
+          },
+        },
+        spec: {
+          targetSystem: {
+            type: 'foo-infra',
+          },
+        },
+      })
+      credentialStore._setCredentials(credentials)
+
+      shootDns.addDnsServiceExtensionProvider({
+        type: 'aws-route53',
+        credentialsRef: {
+          apiVersion: 'v1',
+          kind: 'Secret',
+          name: 'shared-name',
+        },
+      })
+      shootDns.addDnsServiceExtensionProvider({
+        type: 'aws-route53',
+        credentialsRef: {
+          apiVersion: 'security.gardener.cloud/v1alpha1',
+          kind: 'WorkloadIdentity',
+          name: 'shared-name',
+        },
+      })
+
+      expect(manifest.spec.resources).toEqual([
+        {
+          name: 'shoot-dns-service-s-shared-name',
+          resourceRef: {
+            apiVersion: 'v1',
+            kind: 'Secret',
+            name: 'shared-name',
+          },
+        },
+        {
+          name: 'shoot-dns-service-wlid-shared-name',
+          resourceRef: {
+            apiVersion: 'security.gardener.cloud/v1alpha1',
+            kind: 'WorkloadIdentity',
+            name: 'shared-name',
+          },
+        },
+      ])
+      expect(shootDns.dnsServiceExtensionProviders).toEqual([
+        {
+          type: 'aws-route53',
+          credentials: 'shoot-dns-service-s-shared-name',
+        },
+        {
+          type: 'aws-route53',
+          credentials: 'shoot-dns-service-wlid-shared-name',
+        },
+      ])
+    })
   })
 })

frontend/src/components/ShootDetails/GShootInfrastructureCard.vue

@@ -283,7 +283,6 @@ import { useCloudProviderBinding } from '@/composables/credential/useCloudProvid
 import { useOpenStackConstraints } from '@/composables/useCloudProfile/useOpenStackConstraints'
 import {
   dnsProviderCredentialsRef,
-  resolvedDnsProviderCredentialKind,
   dnsExtensionProviderResourceName,
 } from '@/composables/credential/helper'
 
@@ -438,22 +437,13 @@ export default {
       return 'generated'
     },
     shootDnsPrimaryProviderCredential () {
+      const credentialsRef = dnsProviderCredentialsRef(this.shootDnsPrimaryProvider)
       return this.getCredentialByRef({
-        name: this.shootDnsPrimaryProviderCredentialName,
-        kind: this.shootDnsPrimaryProviderCredentialKind,
+        name: credentialsRef?.name,
+        kind: credentialsRef?.kind,
         namespace: this.shootNamespace,
       })
     },
-    shootDnsPrimaryProviderCredentialKind () {
-      return resolvedDnsProviderCredentialKind({
-        provider: this.shootDnsPrimaryProvider,
-        extensionProviders: this.shootDnsServiceExtensionProviders,
-        getResourceRef: this.getResourceRef,
-      })
-    },
-    shootDnsPrimaryProviderCredentialName () {
-      return dnsProviderCredentialsRef(this.shootDnsPrimaryProvider)?.name
-    },
   },
   methods: {
     getCredentialByRef ({ name, kind, namespace }) {

frontend/src/composables/credential/helper.js

@@ -7,7 +7,6 @@
 import { decodeBase64 } from '@/utils'
 
 import get from 'lodash/get'
-import find from 'lodash/find'
 
 // Credentials
 export function isSecret (credential) {
@@ -78,15 +77,27 @@ export function dnsExtensionProviderResourceName (provider) {
   return provider?.credentials ?? provider?.secretName
 }
 
-export function resolvedDnsProviderCredentialKind ({ provider, extensionProviders, getResourceRef }) {
-  const credentialsRef = dnsProviderCredentialsRef(provider)
-  const matchingExtensionProvider = find(extensionProviders, extensionProvider => {
-    return getResourceRef(dnsExtensionProviderResourceName(extensionProvider))?.name === credentialsRef?.name
-  })
+export function dnsCredentialResourceNamePart (credentialRef) {
+  const kind = credentialRef?.kind
+  const name = credentialRef?.name
+  if (!kind || !name) {
+    return undefined
+  }
+
+  let kindPrefix
+  switch (kind) {
+    case 'Secret':
+      kindPrefix = 's'
+      break
+    case 'WorkloadIdentity':
+      kindPrefix = 'wlid'
+      break
+    default:
+      kindPrefix = kind.toLowerCase()
+      break
+  }
 
-  return matchingExtensionProvider
-    ? getResourceRef(dnsExtensionProviderResourceName(matchingExtensionProvider))?.kind
-    : credentialsRef?.kind
+  return `${kindPrefix}-${name}`
 }
 
 // Bindings

frontend/src/composables/useShootDns.js

@@ -19,6 +19,7 @@ import { useCloudProviderEntityList } from '@/composables/credential/useCloudPro
 import {
   dnsProviderCredentialsRef,
   dnsExtensionProviderResourceName,
+  dnsCredentialResourceNamePart,
 } from '@/composables/credential/helper'
 
 import get from 'lodash/get'
@@ -211,9 +212,10 @@ export const useShootDns = (manifest, options) => {
       : false
   })
 
-  function getDnsServiceExtensionResourceName (credentialName) {
-    return credentialName
-      ? `shoot-dns-service-${credentialName}`
+  function getDnsServiceExtensionResourceName (credentialRef) {
+    const key = dnsCredentialResourceNamePart(credentialRef)
+    return key
+      ? `shoot-dns-service-${key}`
       : undefined
   }
 
@@ -234,24 +236,45 @@ export const useShootDns = (manifest, options) => {
     // find unused credential
     const usedResourceNames = map(resources.value, 'name')
     const credential = find(credentials.value, credential => {
-      const resourceName = getDnsServiceExtensionResourceName(credential?.metadata?.name)
+      const resourceName = getDnsServiceExtensionResourceName({
+        kind: credential?.kind,
+        name: credential?.metadata?.name,
+      })
       return !includes(usedResourceNames, resourceName)
     })
 
-    return credential ? credential?.metadata?.name : undefined
+    return credential
   }
 
   function addDnsServiceExtensionProvider (options = {}) {
     normalizeDnsServiceExtensionProviders()
     normalizeDnsProviderCredentialsRefs()
 
     const type = options.type ?? head(gardenerExtensionStore.dnsProviderTypes)
-    const credentialName = options.credentialsRef?.name ?? options.secretName ?? getDefaultCredentialName(type)
+    const defaultCredential = getDefaultCredentialName(type)
+    const credentialsRef = options.credentialsRef ?? (options.secretName
+      ? {
+          apiVersion: 'v1',
+          kind: 'Secret',
+          name: options.secretName,
+        }
+      : defaultCredential
+        ? {
+            apiVersion: defaultCredential.apiVersion,
+            kind: defaultCredential.kind,
+            name: defaultCredential.metadata?.name,
+          }
+        : undefined)
 
     const credentials = useCloudProviderEntityList(toRef(type), { credentialStore, gardenerExtensionStore, cloudProfileStore })
-    const credential = find(credentials.value, ['metadata.name', credentialName])
+    const credential = find(credentials.value, credential => {
+      return dnsCredentialResourceNamePart({
+        kind: credential?.kind,
+        name: credential?.metadata?.name,
+      }) === dnsCredentialResourceNamePart(credentialsRef)
+    })
 
-    const resourceName = getDnsServiceExtensionResourceName(credentialName)
+    const resourceName = getDnsServiceExtensionResourceName(credentialsRef)
     const provider = {
       type,
       credentials: resourceName,
@@ -266,9 +289,9 @@ export const useShootDns = (manifest, options) => {
       ? {
           apiVersion: credential.apiVersion,
           kind: credential.kind,
-          name: credentialName,
+          name: credential.metadata?.name,
         }
-      : options.credentialsRef
+      : credentialsRef
 
     if (resourceName && resourceRef) {
       setResource({