Skip to content

KNOX-3360: create-k8s-alias command to save aliases from k8s secrets#1279

Merged
hanicz merged 2 commits into
apache:masterfrom
hanicz:KNOX-3360
Jun 26, 2026
Merged

KNOX-3360: create-k8s-alias command to save aliases from k8s secrets#1279
hanicz merged 2 commits into
apache:masterfrom
hanicz:KNOX-3360

Conversation

@hanicz

@hanicz hanicz commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

KNOX-3360 - New KnoxCLI command to save alias from k8s secret

What changes were proposed in this pull request?

  • New KnoxCLI command create-k8s-alias that adds k8s secrets as aliases
  • It can take multiple secret names at the same time, optional --ns or --namespace flag to specify where the secrets live, it defaults to knox
  • The secret has to have the below structure, topology is optional and it defaults to __gateway
  alias.name: ...
  topology: ...
  alias.value: ...

How was this patch tested?

Unit tests, tested on local kind cluster

Secrets

apiVersion: v1
kind: Secret
metadata:
  name: stringdatasecret
  namespace: knox
type: Opaque
stringData:
  alias.name: my-alias2
  topology: sandbox
  alias.value: s3cr3t
---
apiVersion: v1
kind: Secret
metadata:
  name: datasecret
  namespace: knox
type: Opaque
data:
  alias.name: bXktYWxpYXM=
  alias.value: czNjcjN0

./knoxcli.sh create-k8s-alias stringdatasecret datasecret

Integration Tests

N/A

UI changes

N/A

@github-actions

github-actions Bot commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown

Test Results

28 tests   28 ✅  3s ⏱️
 1 suites   0 💤
 1 files     0 ❌

Results for commit 5d2be2e.

♻️ This comment has been updated with latest results.

moresandeep
moresandeep requested changes Jun 25, 2026
View reviewed changes

@moresandeep moresandeep left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few things:

  1. I added my observation regarding secret.getData() on the review the other two below are minor nits.
  2. in case of batch/bulk mode if secret-a succeeds and secret-b fails looks like secret-a’s alias will be persisted with no rollback, is this expected?
  3. I think we'll need a DOC jira for this :)

Comment thread gateway-server/src/main/java/org/apache/knox/gateway/util/KnoxCLI.java
Comment thread gateway-server/src/main/java/org/apache/knox/gateway/util/KnoxCLI.java
@hanicz

hanicz commented Jun 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor Author

Few things:

  1. I added my observation regarding secret.getData() on the review the other two below are minor nits.
  2. in case of batch/bulk mode if secret-a succeeds and secret-b fails looks like secret-a’s alias will be persisted with no rollback, is this expected?
  3. I think we'll need a DOC jira for this :)
    @moresandeep
  1. As explained in my response the secret is converted into data and base64 encoded so I think the solution is correct. Tested with both stringData and data.
  2. I added a secret validation.
  3. I'll open a DOC jira.

@moresandeep moresandeep self-requested a review June 26, 2026 10:17
moresandeep
moresandeep approved these changes Jun 26, 2026
View reviewed changes

@moresandeep moresandeep left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks!

@hanicz hanicz merged commit f6c9adf into apache:master Jun 26, 2026
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@moresandeep moresandeep moresandeep approved these changes
@pzampino pzampino Awaiting requested review from pzampino
@bonampak bonampak Awaiting requested review from bonampak
@smolnar82 smolnar82 Awaiting requested review from smolnar82

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hanicz @moresandeep