pr: log instead of failure, align test with new error

Kong · Oct 17, 2023 · cb16248 · cb16248
1 parent 3da7474
commit cb16248
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 11 deletions.
diff --git a/internal/dataplane/kongstate/kongstate.go b/internal/dataplane/kongstate/kongstate.go
@@ -59,6 +59,7 @@ func (ks *KongState) SanitizedCopy() *KongState {
 }
 
 func (ks *KongState) FillConsumersAndCredentials(
+ logger logr.Logger,
  s store.Storer,
  failuresCollector *failures.ResourceFailuresCollector,
 ) {
@@ -105,8 +106,10 @@ func (ks *KongState) FillConsumersAndCredentials(
  // try the label first. if it's present, no need to check the field
  credType, credTypeSource := util.ExtractKongCredentialType(secret)
  if credTypeSource == util.CredentialTypeFromField {
- failuresCollector.PushResourceFailure("credential only has deprecated kongCredType field, needs "+
- "konghq.com/credential label", secret)
+ logger.Error(nil,
+ fmt.Sprintf("Secret uses deprecated kongCredType field, needs konghq.com/credential=%s label", credType),
+ "namesapce", secret.Namespace, "name", secret.Name)
+
  }
  if !credentials.SupportedTypes.Has(credType) {
  pushCredentialResourceFailures(

diff --git a/internal/dataplane/kongstate/kongstate_test.go b/internal/dataplane/kongstate/kongstate_test.go
@@ -651,7 +651,7 @@ func TestFillConsumersAndCredentials(t *testing.T) {
  },
  },
  expectedTranslationFailureMessages: map[k8stypes.NamespacedName]string{
- {Namespace: "default", Name: "foo"}: fmt.Sprintf("failed to provision credential: unsupported kongCredType: %q", "unsupported"),
+ {Namespace: "default", Name: "foo"}: fmt.Sprintf("failed to provision credential: unsupported credential type: %q", "unsupported"),
  },
  },
  {
@@ -680,7 +680,7 @@ func TestFillConsumersAndCredentials(t *testing.T) {
  },
  },
  expectedTranslationFailureMessages: map[k8stypes.NamespacedName]string{
- {Namespace: "default", Name: "foo"}: fmt.Sprintf("failed to provision credential: unsupported kongCredType: %q", "bee-auth"),
+ {Namespace: "default", Name: "foo"}: fmt.Sprintf("failed to provision credential: unsupported credential type: %q", "bee-auth"),
  },
  },
  {
@@ -765,7 +765,7 @@ func TestFillConsumersAndCredentials(t *testing.T) {
  failureCollector := failures.NewResourceFailuresCollector(logger)
 
  state := KongState{}
- state.FillConsumersAndCredentials(store, failureCollector)
+ state.FillConsumersAndCredentials(logger, store, failureCollector)
  // compare translated consumers.
  require.Len(t, state.Consumers, len(tc.expectedKongStateConsumers))
  // compare fields. Since we only test for translating a single consumer, we only compare the first one if exists.

diff --git a/internal/dataplane/parser/parser.go b/internal/dataplane/parser/parser.go
@@ -193,7 +193,7 @@ func (p *Parser) BuildKongConfig() KongConfigBuildingResult {
  result.FillOverrides(p.logger, p.storer)
 
  // generate consumers and credentials
- result.FillConsumersAndCredentials(p.storer, p.failuresCollector)
+ result.FillConsumersAndCredentials(p.logger, p.storer, p.failuresCollector)
  for i := range result.Consumers {
  p.registerSuccessfullyParsedObject(&result.Consumers[i].K8sKongConsumer)
  }

diff --git a/internal/util/credential.go b/internal/util/credential.go
@@ -8,18 +8,21 @@ import (
 
 // TODO https:/Kong/kubernetes-ingress-controller/issues/4853 remove field handling when no longer supported.
 
+// CredentialTypeSource indicates the source of credential type information (or lack thereof) in a Secret.
+type CredentialTypeSource int
+
 const (
  // CredentialTypeAbsent indicates that no credential information is present in a Secret.
- CredentialTypeAbsent = iota
+ CredentialTypeAbsent CredentialTypeSource = iota
  // CredentialTypeFromLabel indicates that a Secret's credential type was determined from a label.
- CredentialTypeFromLabel = iota
+ CredentialTypeFromLabel
  // CredentialTypeFromField indicates that a Secret's credential type was determined from a data field.
- CredentialTypeFromField = iota
+ CredentialTypeFromField
 )
 
 // ExtractKongCredentialType returns the credential type of a Secret and a code indicating whether the credential type
 // was obtained from a label, field, or not at all. Labels take precedence over fields if both are present.
-func ExtractKongCredentialType(secret *corev1.Secret) (string, int) {
+func ExtractKongCredentialType(secret *corev1.Secret) (string, CredentialTypeSource) {
  credType, labelOk := secret.Labels[labels.LabelPrefix+labels.CredentialKey]
  if !labelOk {
  // if no label, fall back to the deprecated field

diff --git a/internal/util/credential_test.go b/internal/util/credential_test.go
@@ -14,7 +14,7 @@ func TestExtractKongCredentialType(t *testing.T) {
  name string
  secret *corev1.Secret
  credType string
- credTypeSource int
+ credTypeSource CredentialTypeSource
  }{
  {
  name: "labeled credential",