Support creation of managed secret without associating it to a workload

[DhritiShikhar]

Task: https://issues.redhat.com/browse/APPSVC-9

Description
Add support for "generic binding".
"In the service catalog UX this meant I just want the information dumped into a Secret, and then I'll choose what to do with it after that. This is good for referencing the Secret from other things like Jobs, or a Tekton pipeline, where your controller may not be able to directly modify a pod spec.

The request for this is coming up in discussions about transitioning some IBM brokers off of service catalog to operators instead. I think the use case is valid so we should consider it."

Acceptance Criteria

1. If the ApplicationSelectors is skipped, only the binding secret should be created with the name of the secret being dumped in the status for arbitrary consumption.
2. If the CR is updated with the ApplicationSelectors section, then the controller should inject the previously created secret into the deployment/deploymentconfig.
3. Irrespective of (2), If the credentials change on the backing service side, the binding secret should be updated as well

[DhritiShikhar]

/assign @isutton

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (master@58ea511). Click here to learn what that means.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master     #350   +/-   ##
=========================================
  Coverage          ?   64.74%           
=========================================
  Files             ?       21           
  Lines             ?     1387           
  Branches          ?        0           
=========================================
  Hits              ?      898           
  Misses            ?      364           
  Partials          ?      125

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 58ea511...78118e8. Read the comment docs.

[sbose78]

I don't see code changes, only tests?

[DhritiShikhar]

@sbose78 All the 3 acceptance criteria is already supported. I wrote test to confirm the 3 acceptance criteria in the task:

1. If the ApplicationSelectors is skipped, only the binding secret should be created with the name of the secret being dumped in the status for arbitrary consumption.

2. If the CR is updated with the ApplicationSelectors section, then the controller should inject the previously created secret into the deployment/deploymentconfig.

3. Irrespective of (2), If the credentials change on the backing service side, the binding secret should be updated as well.

[sbose78]

Interesting, Thank you!

[sbose78]

The API validations don't let it go through..

[sbose78]

.. but you would then get this

2020-02-26T11:29:56.327-0500    DEBUG   secret  Secret already exists, updating contents instead...     {"Namespace": "sbose", "Name": "binding-request"}
E0226 11:29:56.372848     560 runtime.go:78] Observed a panic: "invalid memory address or nil pointer dereference" (runtime error: invalid memory address or nil pointer dereference)
goroutine 914 [running]:
k8s.io/apimachinery/pkg/util/runtime.logPanic(0x2127980, 0x30586a0)
        /Users/sbose/appbinding/src/github.com/redhat-developer/service-binding-operator/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:74 +0xa3
k8s.io/apimachinery/pkg/util/runtime.HandleCrash(0x0, 0x0, 0x0)
        /Users/sbose/appbinding/src/github.com/redhat-developer/service-binding-operator/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:48 +0x82
panic(0x2127980, 0x30586a0)
        /usr/local/Cellar/go/1.13.8/libexec/src/runtime/panic.go:679 +0x1b2
github.com/redhat-developer/service-binding-operator/pkg/controller/servicebindingrequest.(*Binder).search(0xc00027bec0, 0x2, 0xc0004559a0, 0xf)
        /Users/sbose/appbinding/src/github.com/redhat-developer/service-binding-operator/pkg/controller/servicebindingrequest/binder.go:53 +0x7c
github.com/redhat-developer/service-binding-operator/pkg/controller/servicebindingrequest.(*Binder).Bind(0xc00027bec0, 0xc00088da28, 0x2, 0x2, 0xc0004559a0, 0xf)
        /Users/sbose/appbinding/src/github.com/redhat-developer/service-binding-operator/pkg/controller/servicebindingrequest/binder.go:539 +0x2f
github.com/redhat-developer/service-binding-operator/pkg/controller/servicebindingrequest.(*ServiceBinder).Bind(0xc0001b34a0, 0x232b02e, 0x30, 0x0, 0x0)
        /Users/sbose/appbinding/src/github.com/redhat-developer/service-binding-operator/pkg/controller/servicebindingrequest/binding.go:232 +0x179
github.com/redhat-developer/service-binding-operator/pkg/controller/servicebindingrequest.(*Reconciler).bind(0xc0003b2ba0, 0xc000780100, 0xc0001b34a0, 0xc00034a1b8, 0x0, 0x0, 0x0, 0x0)
        /Users/sbose/appbinding/src/github.com/redhat-developer/service-binding-operator/pkg/controller/servicebindingrequest/reconciler.go:93 +0xde
github.com/redhat-developer/service-binding-operator/pkg/controller/servicebindingrequest.(*Reconciler).Reconcile(0xc0003b2ba0, 0xc000b02fd9, 0x5, 0xc000b02fc0, 0xf, 0xc00088dcd8, 0xc0007485a0, 0xc000748518, 0x25002e0)
        /Users/sbose/appbinding/src/github.com/redhat-developer/service-binding-operator/pkg/controller/servicebindingrequest/reconciler.go:176 +0x5c2
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc000366cc0, 0x217efe0, 0xc00038c380, 0x0)
        /Users/sbose/appbinding/src/github.com/redhat-developer/service-binding-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:256 +0x162
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc000366cc0, 0xc00012a700)
        /Users/sbose/appbinding/src/github.com/redhat-developer/service-binding-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:232 +0xcb
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker(0xc000366cc0)
        /Users/sbose/appbinding/src/github.com/redhat-developer/service-binding-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:211 +0x2b
k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1(0xc00089a8d0)
        /Users/sbose/appbinding/src/github.com/redhat-developer/service-binding-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:152 +0x5e
k8s.io/apimachinery/pkg/util/wait.JitterUntil(0xc00089a8d0, 0x3b9aca00, 0x0, 0xc000ab0501, 0xc0000be240)

[sbose78]

I tried making a PR to your branch but the history was a bit messed up ( my bad probably ), so created one against the main repo:
#351 . I will not be merging #351, we'll merge your PR ( current one ).

I've tested #351, it works, but doesn't provide any feedback in the status block.

• Could you please take in the changes, and then..
• make improvements if needed,
• ensure status is updated
• add more tests based on the new changes

Here's the only relevant commit there.
ef6f306

[isutton]

This is not the first time I've seen this; why generated files are being generated differently between developers?

[sbose78]

Maybe because of operator-sdk versions? I'm using 0.5.2

[DhritiShikhar]

Mine is different:

➜  service-binding-operator git:(generic) ✗ operator-sdk version                                                         
operator-sdk version: "v0.15.0-37-g0eac8a11", commit: "0eac8a1169dfc0a8918b9e41ada6278307a0852b", go version: "go1.13.6 linux/amd64"

[sbose78]

You definitely got to update your operator-sdk CLI
:-)

[Avni-Sharma]

I am on 0.15.2 and even for me these changes are happening

[isutton]

I tried making a PR to your branch but the history was a bit messed up ( my bad probably ), so created one against the main repo:
#351 . I will not be merging #351, we'll merge your PR ( current one ).

I've tested #351, it works, but doesn't provide any feedback in the status block.

* Could you please take in the changes, and then..

* make improvements if needed,

* ensure status is updated

* add more tests based on the new changes

Here's the only relevant commit there.
ef6f306

Shouldn't we leave those changes for another PR, since the implemented tests already seem to validate the initial assumption that it currently works?

[sbose78]

Shouldn't we leave those changes for another PR, since the implemented tests already seem to validate the initial assumption that it currently works?

Sorry, which changes are you saying we should skip in this PR ?

[sbose78]

How's this going? @DhritiShikhar

[isutton]

Shouldn't we leave those changes for another PR, since the implemented tests already seem to validate the initial assumption that it currently works?

Sorry, which changes are you saying we should skip in this PR ?

Related to the lack of feedback in the status block.

[sbose78]

But the status is empty.

[DhritiShikhar]

@sbose78 Hmm.. but I added check for status in my test. It's not empty there -> 572adc7

Both status.BindingStatus and status.Conditions are non-empty with desirable result.

[DhritiShikhar]

@Avni-Sharma addressed. Please review again f2c599a

[Avni-Sharma]

Can we have sbrOutput3.Status.BindingData.Name . Now that the bindingData can be either in a Secret or a ConfigMap according to #366 . Refer https://github.com/redhat-developer/service-binding-operator/pull/366/files#diff-14a37dadc390fc3ec23459efc088de8eR164-R180 cc @sbose78

[DhritiShikhar]

but #366 is not merged yet

[Avni-Sharma]

we can track this and send a new PR :)

[DhritiShikhar]

/retest

[Avni-Sharma]

We are not using volumes for this test case so we should rename "test-using-volumes"

[DhritiShikhar]

fixed 78118e8

[Avni-Sharma]

/lgtm

[DhritiShikhar]

/approve

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: DhritiShikhar

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [DhritiShikhar]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[DhritiShikhar]

@sbose78 Can you merge this PR (if no more comments) ?

[DhritiShikhar]

/retest

[sbose78]

Could you share an example we've tested this with ? I'm getting the following:

apiVersion: apps.openshift.io/v1alpha1
kind: ServiceBindingRequest
metadata:
  creationTimestamp: '2020-03-12T21:05:44Z'
  generation: 1
  name: node-todo-git
  namespace: sbose
  resourceVersion: '221728'
  selfLink: >-
    /apis/apps.openshift.io/v1alpha1/namespaces/sbosse/servicebindingrequests/node-todo-git
  uid: 3413f95b-7cd6-44b7-9a62-daaec834be18
spec:
  backingServiceSelectors:
    - group: etcd.database.coreos.com
      kind: EtcdCluster
      resourceRef: example
      version: v1beta2
  detectBindingResources: true
status:
  bindingStatus: BindingFail
  conditions:
    - lastHeartbeatTime: '2020-03-12T21:05:59Z'
      lastTransitionTime: '2020-03-12T21:05:45Z'
      message: application ResourceRef or MatchLabel not found
      reason: BindingFail
      status: 'False'
      type: Ready
  secret: node-todo-git

[sbose78]

The secret does get created though.

[sbose78]

@DhritiShikhar Please use the issue template to specify "How to test". We should not be replacing the template with the content of a linked issue.