Add transport secret consumer finalizer for credential rotation#660
Add transport secret consumer finalizer for credential rotation#660lmiccini wants to merge 3 commits into
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: lmiccini The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Build failed (check pipeline). Post ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 14m 11s |
lmiccini
force-pushed
the
transport-secret-consumer-finalizer
branch
from
6e38f18 to
4f18186
Compare
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
lmiccini
force-pushed
the
transport-secret-consumer-finalizer
branch
from
4f18186 to
8bd2367
Compare
|
Build failed (check pipeline). Post ❌ openstack-k8s-operators-content-provider FAILURE in 6m 18s |
Add consumer finalizer management for transport URL secrets, modeled after the existing ApplicationCredential consumer finalizer pattern. This ensures the TransportURL controller waits for all consumers to roll out with new credentials before releasing old RabbitMQ users during rotation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
lmiccini
force-pushed
the
transport-secret-consumer-finalizer
branch
from
8bd2367 to
c122102
Compare
|
This change depends on a change that failed to merge. Change openstack-k8s-operators/infra-operator#606 is needed. |
|
recheck |
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Replace inline isTransportRotation/isNotificationRotation guards with shared FinalizeTransportSecretRotation helper and add allSubCRsStable guard for same-reconcile race prevention. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
Point lib-common at fix-createorpatch-readiness branch which fixes false-positive readiness after CreateOrPatch due to informer cache lag. Without this fix, statefulset/deployment IsReady can return true on stale cached data where Generation == ObservedGeneration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
@lmiccini: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
1 participant
Add consumer finalizer management for transport URL secrets, modeled
after the existing ApplicationCredential consumer finalizer pattern.
This ensures the TransportURL controller waits for all consumers to
roll out with new credentials before releasing old RabbitMQ users
during rotation.
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
Depends-on: openstack-k8s-operators/infra-operator#606