Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CredentialsBinding Support #2336

Open
wants to merge 17 commits into
base: master
Choose a base branch
from
Open

CredentialsBinding Support #2336

wants to merge 17 commits into from

Conversation

grolu
Copy link
Contributor

@grolu grolu commented Feb 26, 2025
edited
Loading

What this PR does / why we need it:
Gardener recently introduced CredentialsBinding resources, which can be considered enhanced versions of SecretBindings. In addition to referencing Secret resources, these new bindings also allow referencing WorkloadIdentity tokens. This PR adds support for viewing, editing, and creating CredentialsBindings that reference Secrets. New Secrets will always be created with a CredentialsBinding. Existing SecretBindings can still be updated using the dashboard, however it will not be possible to create new SecretBindings with the dashboard. CredentialsBindings that reference WorkloadIdentity tokens will be displayed in the dashboard and can be used to create clusters. However, the dashboard currently does not support editing these bindings in any way (including deletion). The Secrets page has been renamed to Credentials and a new column has been introduced to differentiate the binding types (as there can be name clashes). Furthermore, starting with this PR, the dashboard will display a hint to the user when a secret is referenced by another binding, indicating that updating the secret will affect those bindings as well. Additionally, logic is in place to prevent secrets from being deleted if they are referenced by another binding.

Screenshot 2025-02-26 at 13 48 16 Screenshot 2025-02-26 at 13 48 41 Screenshot 2025-02-26 at 13 36 01

Which issue(s) this PR fixes:
Fixes #2147

Special notes for your reviewer:

Release note:

CredentialsBinding Support
- Support viewing, editing, and creating CredentialsBindings referencing Secrets.
- New Secrets are now automatically created with a CredentialsBinding.
- Existing SecretBindings remain updatable; however, creating new SecretBindings via the dashboard is no longer supported.
- CredentialsBindings referencing WorkloadIdentity tokens are visible (for cluster creation) but cannot be edited or deleted.
- The "Secrets" page has been renamed to "Credentials" and now includes an extra column to differentiate binding types.
- A hint is displayed when a secret is referenced by another binding, and deletion is prevented if a secret is in use.

grolu added 13 commits February 12, 2025 11:46
@grolu
Show CredentialsBindings in Dashboard
0548c82
@grolu
Merge branch 'master' into enh/credentials-bindings
1670538 
# Conflicts:
#	frontend/src/views/GProjectPlaceholder.vue
@grolu
Adjusted tests for credentalsBindings
5b1dfc9
@grolu
Show credential kind as icon
d7cbb5a 
Use 'Secret' as term for CUD action buttons (as we currently only support modifying secrets)
@grolu
Introduced CredentialsContext
9410ed8
@grolu
Merge branch 'master' into enh/credentials-bindings
19eb001 
# Conflicts:
#	.pnp.cjs
@grolu
Updated backend logic to support cud actions for credentialsbindings
f151c0e
@grolu
Only delete secret if it is not referenced by another binding
36331da
@grolu
Adopted backend tests
d727393
@grolu
Adopted frontend tests
aea200d
@grolu
Moved referenced secrets check from backend to frontend
98a7c2f 
Added info dialog to inform users about additional bindings when editing or deleting a secret/binding
@grolu
Refactored shoot context to support credentials bindings
7e25d2d 
Pass credentialsBinding to components where we already show secretBinding
@grolu
Final fixes
5536a2d
@gardener-robot gardener-robot added the needs/review Needs review label Feb 26, 2025
@grolu grolu changed the title CredentialsBindings Support CredentialsBinding Support Feb 26, 2025
@gardener-robot gardener-robot added size/xl Size of pull request is huge (see gardener-robot robot/bots/size.py) needs/second-opinion Needs second review by someone else labels Feb 26, 2025
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 26, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Feb 26, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 26, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 26, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 26, 2025
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Feb 26, 2025
@gardener-robot
Copy link

@holgerkoser You have pull request review open invite, please check

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@holgerkoser holgerkoser Awaiting requested review from holgerkoser holgerkoser is a code owner

@petersutter petersutter Awaiting requested review from petersutter petersutter is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/review Needs review needs/second-opinion Needs second review by someone else size/xl Size of pull request is huge (see gardener-robot robot/bots/size.py)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Handle shoots using a Credentials Binding to reference cloud credentials
5 participants
@grolu @gardener-robot @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot-ci-3