feat: add token id reference to agent secret

b81916c3 · Timo Furrer · Gary Holtz · a70f0fc7 · b81916c3 · b81916c3
Commit b81916c3 authored 4 months ago by Timo Furrer Committed by Gary Holtz 4 months ago
--- a/commands/cluster/agent/bootstrap/kubectl.go
+++ b/commands/cluster/agent/bootstrap/kubectl.go
@@ -41,7 +41,7 @@ func (k *localKubectlWrapper) createAgentTokenSecret(tokenID int, token string)
 		}
 	}

-	// create the secret again with the next token
+	// create the secret (again) with the next token
 	_, err = k.cmd.RunWithOutput(
 		k.binary,
 		"create",
@@ -51,7 +51,19 @@ func (k *localKubectlWrapper) createAgentTokenSecret(tokenID int, token string)
 		namespaceFlag,
 		"--type=Opaque",
 		fmt.Sprintf("--from-literal=token=%s", token),
-		fmt.Sprintf("--from-literal=token-id=%d", tokenID),
+	)
+	if err != nil {
+		return err
+	}
+
+	// annotate the secret with some metadata
+	_, err = k.cmd.RunWithOutput(
+		k.binary,
+		"annotate",
+		"secrets",
+		k.gitlabAgentTokenSecretName,
+		namespaceFlag,
+		fmt.Sprintf("gitlab.com/agent-token-id=%d", tokenID),
 	)
 	if err != nil {
 		return err

--- a/commands/cluster/agent/bootstrap/kubectl_test.go
+++ b/commands/cluster/agent/bootstrap/kubectl_test.go
@@ -14,7 +14,8 @@ func TestKubectl_createAgentSecretToken_NewNamespace(t *testing.T) {

 	gomock.InOrder(
 		mockCmd.EXPECT().RunWithOutput("kubectl", "create", "namespace", "gitlab-agent"),
-		mockCmd.EXPECT().RunWithOutput("kubectl", "create", "secret", "generic", "gitlab-agent-token", "-n=gitlab-agent", "--type=Opaque", "--from-literal=token=any-token", "--from-literal=token-id=42"),
+		mockCmd.EXPECT().RunWithOutput("kubectl", "create", "secret", "generic", "gitlab-agent-token", "-n=gitlab-agent", "--type=Opaque", "--from-literal=token=any-token"),
+		mockCmd.EXPECT().RunWithOutput("kubectl", "annotate", "secrets", "gitlab-agent-token", "-n=gitlab-agent", "gitlab.com/agent-token-id=42"),
 	)

 	// WHEN
@@ -31,7 +32,8 @@ func TestKubectl_createAgentSecretToken_NamespaceAlreadyExists(t *testing.T) {
 	gomock.InOrder(
 		mockCmd.EXPECT().RunWithOutput("kubectl", "create", "namespace", "gitlab-agent").Return([]byte("already exists"), errors.New("test")),
 		mockCmd.EXPECT().RunWithOutput("kubectl", "delete", "secret", "gitlab-agent-token", "-n=gitlab-agent").Return([]byte("not found"), errors.New("test")),
-		mockCmd.EXPECT().RunWithOutput("kubectl", "create", "secret", "generic", "gitlab-agent-token", "-n=gitlab-agent", "--type=Opaque", "--from-literal=token=any-token", "--from-literal=token-id=42"),
+		mockCmd.EXPECT().RunWithOutput("kubectl", "create", "secret", "generic", "gitlab-agent-token", "-n=gitlab-agent", "--type=Opaque", "--from-literal=token=any-token"),
+		mockCmd.EXPECT().RunWithOutput("kubectl", "annotate", "secrets", "gitlab-agent-token", "-n=gitlab-agent", "gitlab.com/agent-token-id=42"),
 	)

 	// WHEN
@@ -76,7 +78,7 @@ func TestKubectl_createAgentSecretToken_SecretCreationFails(t *testing.T) {

 	gomock.InOrder(
 		mockCmd.EXPECT().RunWithOutput("kubectl", "create", "namespace", "gitlab-agent"),
-		mockCmd.EXPECT().RunWithOutput("kubectl", "create", "secret", "generic", "gitlab-agent-token", "-n=gitlab-agent", "--type=Opaque", "--from-literal=token=any-token", "--from-literal=token-id=42").Return([]byte("unknown error"), errors.New("test")),
+		mockCmd.EXPECT().RunWithOutput("kubectl", "create", "secret", "generic", "gitlab-agent-token", "-n=gitlab-agent", "--type=Opaque", "--from-literal=token=any-token").Return([]byte("unknown error"), errors.New("test")),
 	)

 	// WHEN