feat: allow disabling of interval polling (#211)

Flydiverny · web-flow · commit 944121605bc9 · 2019-11-09T18:41:40.000+01:00
diff --git a/bin/daemon.js b/bin/daemon.js
@@ -22,6 +22,7 @@ const {
   logger,
   metricsPort,
   pollerIntervalMilliseconds,
+  pollingDisabled,
   rolePermittedAnnotation
 } = require('../config')
 
@@ -49,6 +50,7 @@ async function main () {
     pollerIntervalMilliseconds,
     rolePermittedAnnotation,
     customResourceManifest,
+    pollingDisabled,
     logger
   })
 
diff --git a/charts/kubernetes-external-secrets/README.md b/charts/kubernetes-external-secrets/README.md
@@ -49,6 +49,7 @@ The following table lists the configurable parameters of the `kubernetes-externa
 | `env.ROLE_PERMITTED_ANNOTATION`           | Specify the annotation key where to lookup the role arn permission boundaries | `iam.amazonaws.com/permitted`          |
 | `env.POLLER_INTERVAL_MILLISECONDS`   | Set POLLER_INTERVAL_MILLISECONDS in Deployment Pod           | `10000`                                                 |
 | `env.VAULT_ADDR`                          | Endpoint for the Vault backend, if using Vault               | `http://127.0.0.1:8200                                  |
+| `env.DISABLE_POLLING`                          | Disables backend polling and only updates secrets when ExternalSecret is modified, setting this to any value will disable polling               | `nil`                                  |
 | `envVarsFromSecret.AWS_ACCESS_KEY_ID`     | Set AWS_ACCESS_KEY_ID (from a secret) in Deployment Pod      |                                                         |
 | `envVarsFromSecret.AWS_SECRET_ACCESS_KEY` | Set AWS_SECRET_ACCESS_KEY (from a secret) in Deployment Pod  |                                                         |
 | `image.repository`                   | kubernetes-external-secrets Image name                       | `godaddy/kubernetes-external-secrets`                   |
diff --git a/config/environment.js b/config/environment.js
@@ -21,6 +21,7 @@ const pollerIntervalMilliseconds = process.env.POLLER_INTERVAL_MILLISECONDS
   ? Number(process.env.POLLER_INTERVAL_MILLISECONDS) : 10000
 
 const logLevel = process.env.LOG_LEVEL || 'info'
+const pollingDisabled = 'DISABLE_POLLING' in process.env
 
 const rolePermittedAnnotation = process.env.ROLE_PERMITTED_ANNOTATION || 'iam.amazonaws.com/permitted'
 
@@ -32,5 +33,6 @@ module.exports = {
   pollerIntervalMilliseconds,
   metricsPort,
   rolePermittedAnnotation,
+  pollingDisabled,
   logLevel
 }
diff --git a/lib/poller-factory.js b/lib/poller-factory.js
@@ -20,6 +20,7 @@ class PollerFactory {
     pollerIntervalMilliseconds,
     rolePermittedAnnotation,
     customResourceManifest,
+    pollingDisabled,
     logger
   }) {
     this._logger = logger
@@ -29,6 +30,7 @@ class PollerFactory {
     this._pollerIntervalMilliseconds = pollerIntervalMilliseconds
     this._customResourceManifest = customResourceManifest
     this._rolePermittedAnnotation = rolePermittedAnnotation
+    this._pollingDisabled = pollingDisabled
   }
 
   /**
@@ -44,6 +46,7 @@ class PollerFactory {
       metrics: this._metrics,
       customResourceManifest: this._customResourceManifest,
       rolePermittedAnnotation: this._rolePermittedAnnotation,
+      pollingDisabled: this._pollingDisabled,
       externalSecret
     })
 
diff --git a/lib/poller.js b/lib/poller.js
@@ -37,6 +37,7 @@ class Poller {
     metrics,
     customResourceManifest,
     rolePermittedAnnotation,
+    pollingDisabled,
     externalSecret
   }) {
     this._backends = backends
@@ -45,6 +46,7 @@ class Poller {
     this._logger = logger
     this._timeoutId = null
     this._metrics = metrics
+    this._pollingDisabled = pollingDisabled
     this._rolePermittedAnnotation = rolePermittedAnnotation
     this._customResourceManifest = customResourceManifest
 
@@ -221,6 +223,11 @@ class Poller {
         return this._setNextPoll(0)
       }
 
+      // If polling is disabled we only react to changes in the ExternalSecret
+      if (this._pollingDisabled) {
+        return
+      }
+
       const now = Date.now()
       const lastPollTime = Date.parse(lastSync) || 0
 
diff --git a/lib/poller.test.js b/lib/poller.test.js
@@ -479,6 +479,25 @@ describe('Poller', () => {
       })
     })
 
+    it('disable interval polling', async () => {
+      poller = new Poller({
+        intervalMilliseconds: 5000,
+        kubeClient: kubeClientMock,
+        logger: loggerMock,
+        externalSecret: fakeExternalSecret,
+        customResourceManifest: fakeCustomResourceManifest,
+        // Disable polling!
+        pollingDisabled: true
+      })
+
+      poller._setNextPoll = sinon.stub()
+
+      await poller._scheduleNextPoll()
+
+      expect(externalSecretsApiMock.status.get.calledWith()).to.equal(true)
+      sinon.assert.notCalled(poller._setNextPoll)
+    })
+
     it('logs error if it fails', async () => {
       const error = new Error('something boom')
       externalSecretsApiMock.status.get = sinon.stub().throws(error)
