Update BindService for binding parameters

Author: spadgett

dist/origin-web-common-services.js

@@ -1018,6 +1018,9 @@ angular.module("openshiftCommonServices")
                     AuthService,
                     DataService,
                     DNS1123_SUBDOMAIN_VALIDATION) {
+    // The secret key this service uses for the parameters JSON blob when binding.
+    var PARAMETERS_SECRET_KEY = 'parameters';
+
     var bindingResource = {
       group: 'servicecatalog.k8s.io',
       resource: 'bindings'
@@ -1047,9 +1050,49 @@ angular.module("openshiftCommonServices")
     };
 
     var generateName = $filter('generateName');
-    var makeBinding = function (serviceInstance, application, parameters) {
+    var generateSecretName = function(prefix) {
+      var generateNameLength = 5;
+      // Truncate the class name if it's too long to append the generated name suffix.
+      var secretNamePrefix = _.truncate(prefix, {
+        // `generateNameLength - 1` because we append a '-' and then a 5 char generated suffix
+        length: DNS1123_SUBDOMAIN_VALIDATION.maxlength - generateNameLength - 1,
+        omission: ''
+      });
+
+      return generateName(secretNamePrefix, generateNameLength);
+    };
+
+    var makeParametersSecret = function(secretName, parameters, binding) {
+      var secret = {
+        apiVersion: 'v1',
+        kind: 'Secret',
+        metadata: {
+          name: secretName,
+          ownerReferences: [{
+            apiVersion: binding.apiVersion,
+            kind: binding.kind,
+            name: binding.metadata.name,
+            uid: binding.metadata.uid,
+            controller: false,
+            // TODO: Change to true when garbage collection works with service
+            // catalog resources. Setting to true now results in a 403 Forbidden
+            // error creating the secret.
+            blockOwnerDeletion: false
+          }]
+        },
+        type: 'Opaque',
+        stringData: {}
+      };
+
+      secret.stringData[PARAMETERS_SECRET_KEY] = JSON.stringify(parameters);
+      return secret;
+    };
+
+    var makeBinding = function(serviceInstance, application, parameters) {
+      var parametersSecretName;
       var instanceName = serviceInstance.metadata.name;
       var relatedObjName = generateName(_.truncate(instanceName, DNS1123_SUBDOMAIN_VALIDATION.maxlength - 6) + '-');
+
       var binding = {
         kind: 'Binding',
         apiVersion: 'servicecatalog.k8s.io/v1alpha1',
@@ -1060,12 +1103,17 @@ angular.module("openshiftCommonServices")
           instanceRef: {
             name: instanceName
           },
-          secretName: relatedObjName
+          secretName: generateSecretName(serviceInstance.metadata.name + '-credentials-')
         }
       };
 
       if (!_.isEmpty(parameters)) {
-        binding.spec.parameters = parameters;
+        binding.spec.parametersFrom = [{
+          secretKeyRef: {
+            name: generateSecretName(serviceInstance.metadata.name + '-parameters-'),
+            key: PARAMETERS_SECRET_KEY
+          }
+        }];
       }
 
       var appSelector = _.get(application, 'spec.selector');
@@ -1173,18 +1221,34 @@ angular.module("openshiftCommonServices")
     return {
       bindingResource: bindingResource,
       getServiceClassForInstance: getServiceClassForInstance,
+      getPlanForInstance: getPlanForInstance,
 
       // Create a binding for `serviceInstance`. If an `application` API object
       // is specified, also create a pod preset for that application using its
       // `spec.selector`. `serviceClass` is required to determine if any
       // parameters need to be set when creating the binding.
-      bindService: function(serviceInstance, application, serviceClass) {
-        return getBindParameters(serviceInstance, serviceClass).then(function (parameters) {
-          var newBinding = makeBinding(serviceInstance, application, parameters);
-          var context = {
-            namespace: serviceInstance.metadata.namespace
-          };
-          return DataService.create(bindingResource, null, newBinding, context);
+      bindService: function(serviceInstance, application, serviceClass, parameters) {
+        var secretName;
+        if (!_.isEmpty(parameters)) {
+          secretName = generateSecretName(serviceInstance.metadata.name + '-bind-parameters-');
+        }
+
+        var newBinding = makeBinding(serviceInstance, application, secretName);
+        var context = {
+          namespace: serviceInstance.metadata.namespace
+        };
+
+        var promise = DataService.create(bindingResource, null, newBinding, context);
+        if (!secretName) {
+          return promise;
+        }
+
+        // Create the secret as well if the binding has parameters.
+        return promise.then(function(binding) {
+          var parametersSecret = makeParametersSecret(secretName, parameters, binding);
+          return DataService.create("secrets", null, parametersSecret, context).then(function() {
+            return binding;
+          });
         });
       },
 

dist/origin-web-common.js

@@ -2887,6 +2887,9 @@ angular.module("openshiftCommonServices")
                     AuthService,
                     DataService,
                     DNS1123_SUBDOMAIN_VALIDATION) {
+    // The secret key this service uses for the parameters JSON blob when binding.
+    var PARAMETERS_SECRET_KEY = 'parameters';
+
     var bindingResource = {
       group: 'servicecatalog.k8s.io',
       resource: 'bindings'
@@ -2916,9 +2919,49 @@ angular.module("openshiftCommonServices")
     };
 
     var generateName = $filter('generateName');
-    var makeBinding = function (serviceInstance, application, parameters) {
+    var generateSecretName = function(prefix) {
+      var generateNameLength = 5;
+      // Truncate the class name if it's too long to append the generated name suffix.
+      var secretNamePrefix = _.truncate(prefix, {
+        // `generateNameLength - 1` because we append a '-' and then a 5 char generated suffix
+        length: DNS1123_SUBDOMAIN_VALIDATION.maxlength - generateNameLength - 1,
+        omission: ''
+      });
+
+      return generateName(secretNamePrefix, generateNameLength);
+    };
+
+    var makeParametersSecret = function(secretName, parameters, binding) {
+      var secret = {
+        apiVersion: 'v1',
+        kind: 'Secret',
+        metadata: {
+          name: secretName,
+          ownerReferences: [{
+            apiVersion: binding.apiVersion,
+            kind: binding.kind,
+            name: binding.metadata.name,
+            uid: binding.metadata.uid,
+            controller: false,
+            // TODO: Change to true when garbage collection works with service
+            // catalog resources. Setting to true now results in a 403 Forbidden
+            // error creating the secret.
+            blockOwnerDeletion: false
+          }]
+        },
+        type: 'Opaque',
+        stringData: {}
+      };
+
+      secret.stringData[PARAMETERS_SECRET_KEY] = JSON.stringify(parameters);
+      return secret;
+    };
+
+    var makeBinding = function(serviceInstance, application, parameters) {
+      var parametersSecretName;
       var instanceName = serviceInstance.metadata.name;
       var relatedObjName = generateName(_.truncate(instanceName, DNS1123_SUBDOMAIN_VALIDATION.maxlength - 6) + '-');
+
       var binding = {
         kind: 'Binding',
         apiVersion: 'servicecatalog.k8s.io/v1alpha1',
@@ -2929,12 +2972,17 @@ angular.module("openshiftCommonServices")
           instanceRef: {
             name: instanceName
           },
-          secretName: relatedObjName
+          secretName: generateSecretName(serviceInstance.metadata.name + '-credentials-')
         }
       };
 
       if (!_.isEmpty(parameters)) {
-        binding.spec.parameters = parameters;
+        binding.spec.parametersFrom = [{
+          secretKeyRef: {
+            name: generateSecretName(serviceInstance.metadata.name + '-parameters-'),
+            key: PARAMETERS_SECRET_KEY
+          }
+        }];
       }
 
       var appSelector = _.get(application, 'spec.selector');
@@ -3042,18 +3090,34 @@ angular.module("openshiftCommonServices")
     return {
       bindingResource: bindingResource,
       getServiceClassForInstance: getServiceClassForInstance,
+      getPlanForInstance: getPlanForInstance,
 
       // Create a binding for `serviceInstance`. If an `application` API object
       // is specified, also create a pod preset for that application using its
       // `spec.selector`. `serviceClass` is required to determine if any
       // parameters need to be set when creating the binding.
-      bindService: function(serviceInstance, application, serviceClass) {
-        return getBindParameters(serviceInstance, serviceClass).then(function (parameters) {
-          var newBinding = makeBinding(serviceInstance, application, parameters);
-          var context = {
-            namespace: serviceInstance.metadata.namespace
-          };
-          return DataService.create(bindingResource, null, newBinding, context);
+      bindService: function(serviceInstance, application, serviceClass, parameters) {
+        var secretName;
+        if (!_.isEmpty(parameters)) {
+          secretName = generateSecretName(serviceInstance.metadata.name + '-bind-parameters-');
+        }
+
+        var newBinding = makeBinding(serviceInstance, application, secretName);
+        var context = {
+          namespace: serviceInstance.metadata.namespace
+        };
+
+        var promise = DataService.create(bindingResource, null, newBinding, context);
+        if (!secretName) {
+          return promise;
+        }
+
+        // Create the secret as well if the binding has parameters.
+        return promise.then(function(binding) {
+          var parametersSecret = makeParametersSecret(secretName, parameters, binding);
+          return DataService.create("secrets", null, parametersSecret, context).then(function() {
+            return binding;
+          });
         });
       },
 

dist/origin-web-common.min.js

@@ -1146,7 +1146,7 @@ return data;
 }
 };
 }), angular.module("openshiftCommonServices").service("BindingService", [ "$filter", "$q", "AuthService", "DataService", "DNS1123_SUBDOMAIN_VALIDATION", function($filter, $q, AuthService, DataService, DNS1123_SUBDOMAIN_VALIDATION) {
-var bindingResource = {
+var PARAMETERS_SECRET_KEY = "parameters", bindingResource = {
 group:"servicecatalog.k8s.io",
 resource:"bindings"
 }, getServiceClassForInstance = function(serviceInstance, serviceClasses) {
@@ -1157,14 +1157,32 @@ var planName = _.get(serviceInstance, "spec.planName");
 return _.find(serviceClass.plans, {
 name:planName
 });
-}, getBindParameters = function(serviceInstance, serviceClass) {
-var plan = getPlanForInstance(serviceInstance, serviceClass);
-return _.has(plan, [ "alphaBindingCreateParameterSchema", "properties", "template.openshift.io/requester-username" ]) ? AuthService.withUser().then(function(user) {
-return {
-"template.openshift.io/requester-username":user.metadata.name
+}, generateName = $filter("generateName"), generateSecretName = function(prefix) {
+var generateNameLength = 5, secretNamePrefix = _.truncate(prefix, {
+length:DNS1123_SUBDOMAIN_VALIDATION.maxlength - generateNameLength - 1,
+omission:""
+});
+return generateName(secretNamePrefix, generateNameLength);
+}, makeParametersSecret = function(secretName, parameters, binding) {
+var secret = {
+apiVersion:"v1",
+kind:"Secret",
+metadata:{
+name:secretName,
+ownerReferences:[ {
+apiVersion:binding.apiVersion,
+kind:binding.kind,
+name:binding.metadata.name,
+uid:binding.metadata.uid,
+controller:!1,
+blockOwnerDeletion:!1
+} ]
+},
+type:"Opaque",
+stringData:{}
 };
-}) :$q.when({});
-}, generateName = $filter("generateName"), makeBinding = function(serviceInstance, application, parameters) {
+return secret.stringData[PARAMETERS_SECRET_KEY] = JSON.stringify(parameters), secret;
+}, makeBinding = function(serviceInstance, application, parameters) {
 var instanceName = serviceInstance.metadata.name, relatedObjName = generateName(_.truncate(instanceName, DNS1123_SUBDOMAIN_VALIDATION.maxlength - 6) + "-"), binding = {
 kind:"Binding",
 apiVersion:"servicecatalog.k8s.io/v1alpha1",
@@ -1175,10 +1193,15 @@ spec:{
 instanceRef:{
 name:instanceName
 },
-secretName:relatedObjName
+secretName:generateSecretName(serviceInstance.metadata.name + "-credentials-")
 }
 };
-_.isEmpty(parameters) || (binding.spec.parameters = parameters);
+_.isEmpty(parameters) || (binding.spec.parametersFrom = [ {
+secretKeyRef:{
+name:generateSecretName(serviceInstance.metadata.name + "-parameters-"),
+key:PARAMETERS_SECRET_KEY
+}
+} ]);
 var appSelector = _.get(application, "spec.selector");
 return appSelector && (appSelector.matchLabels || appSelector.matchExpressions || (appSelector = {
 matchLabels:appSelector
@@ -1217,13 +1240,19 @@ return _.get(item, "metadata.name", "");
 return {
 bindingResource:bindingResource,
 getServiceClassForInstance:getServiceClassForInstance,
-bindService:function(serviceInstance, application, serviceClass) {
-return getBindParameters(serviceInstance, serviceClass).then(function(parameters) {
-var newBinding = makeBinding(serviceInstance, application, parameters), context = {
+getPlanForInstance:getPlanForInstance,
+bindService:function(serviceInstance, application, serviceClass, parameters) {
+var secretName;
+_.isEmpty(parameters) || (secretName = generateSecretName(serviceInstance.metadata.name + "-bind-parameters-"));
+var newBinding = makeBinding(serviceInstance, application, secretName), context = {
 namespace:serviceInstance.metadata.namespace
-};
-return DataService.create(bindingResource, null, newBinding, context);
+}, promise = DataService.create(bindingResource, null, newBinding, context);
+return secretName ? promise.then(function(binding) {
+var parametersSecret = makeParametersSecret(secretName, parameters, binding);
+return DataService.create("secrets", null, parametersSecret, context).then(function() {
+return binding;
 });
+}) :promise;
 },
 isServiceBindable:isServiceBindable,
 getPodPresetSelectorsForBindings:getPodPresetSelectorsForBindings,