From 12b1bf27e7b9e9f3fd0963f9d073d2552a58115f Mon Sep 17 00:00:00 2001
From: Matteo Piano <mpiano@yelp.com>
Date: Mon, 17 Jun 2024 03:59:19 -0700
Subject: [PATCH] pass around projected SA configs properly

---
 tests/config/config_parse_test.py | 14 ++++++++++++++
 tron/config/config_parse.py       | 21 +++++++++++++++++++++
 tron/core/action.py               |  1 +
 3 files changed, 36 insertions(+)

diff --git a/tests/config/config_parse_test.py b/tests/config/config_parse_test.py
index 99f2b4368..1de3986c9 100644
--- a/tests/config/config_parse_test.py
+++ b/tests/config/config_parse_test.py
@@ -302,6 +302,13 @@ def make_master_jobs():
                             items=(schema.ConfigSecretVolumeItem(key="secret1", path="abcd", mode="777"),),
                         ),
                     ),
+                    projected_sa_volumes=(
+                        schema.ConfigProjectedSAVolume(
+                            container_path="/var/secrets/whatever",
+                            audience="foo.bar",
+                            expiration_seconds=1800,
+                        ),
+                    ),
                     node_selectors={"yelp.com/pool": "default"},
                     node_affinities=(
                         ConfigNodeAffinity(
@@ -451,6 +458,13 @@ class ConfigTestCase(TestCase):
                                 ],
                             ),
                         ],
+                        projected_sa_volumes=[
+                            dict(
+                                container_path="/var/secrets/whatever",
+                                audience="foo.bar",
+                                expiration_seconds=1800,
+                            ),
+                        ],
                         cap_add=["KILL"],
                         cap_drop=["CHOWN", "KILL"],
                         node_selectors={"yelp.com/pool": "default"},
diff --git a/tron/config/config_parse.py b/tron/config/config_parse.py
index a60ec5a33..6d0c2ea0f 100644
--- a/tron/config/config_parse.py
+++ b/tron/config/config_parse.py
@@ -51,6 +51,7 @@
 from tron.config.schema import ConfigMesos
 from tron.config.schema import ConfigNodeAffinity
 from tron.config.schema import ConfigParameter
+from tron.config.schema import ConfigProjectedSAVolume
 from tron.config.schema import ConfigSecretSource
 from tron.config.schema import ConfigSecretVolume
 from tron.config.schema import ConfigSecretVolumeItem
@@ -345,6 +346,22 @@ def post_validation(self, valid_input, config_context):
 valid_secret_volume = ValidateSecretVolume()
 
 
+class ValidateProjectedSAVolume(Validator):
+    config_class = ConfigProjectedSAVolume
+    optional = True
+    defaults = {
+        "expiration_seconds": 1800,
+    }
+    validators = {
+        "container_path": valid_string,
+        "audience": valid_string,
+        "expiration_seconds": valid_int,
+    }
+
+
+valid_projected_sa_volume = ValidateProjectedSAVolume()
+
+
 class ValidateFieldSelectorSource(Validator):
     config_class = ConfigFieldSelectorSource
     validators = {
@@ -536,6 +553,7 @@ class ValidateAction(Validator):
         "env": None,
         "secret_env": None,
         "secret_volumes": None,
+        "projected_sa_volumes": None,
         "field_selector_env": None,
         "extra_volumes": None,
         "trigger_downstreams": None,
@@ -576,6 +594,7 @@ class ValidateAction(Validator):
         "env": valid_dict,
         "secret_env": build_dict_value_validator(valid_secret_source),
         "secret_volumes": build_list_of_type_validator(valid_secret_volume, allow_empty=True),
+        "projected_sa_volumes": build_list_of_type_validator(valid_projected_sa_volume, allow_empty=True),
         "field_selector_env": build_dict_value_validator(valid_field_selector_source),
         "extra_volumes": build_list_of_type_validator(valid_volume, allow_empty=True),
         "trigger_downstreams": valid_trigger_downstreams,
@@ -625,6 +644,7 @@ class ValidateCleanupAction(Validator):
         "env": None,
         "secret_env": None,
         "secret_volumes": None,
+        "projected_sa_volumes": None,
         "field_selector_env": None,
         "extra_volumes": None,
         "trigger_downstreams": None,
@@ -660,6 +680,7 @@ class ValidateCleanupAction(Validator):
         "env": valid_dict,
         "secret_env": build_dict_value_validator(valid_secret_source),
         "secret_volumes": build_list_of_type_validator(valid_secret_volume, allow_empty=True),
+        "projected_sa_volumes": build_list_of_type_validator(valid_projected_sa_volume, allow_empty=True),
         "field_selector_env": build_dict_value_validator(valid_field_selector_source),
         "extra_volumes": build_list_of_type_validator(valid_volume, allow_empty=True),
         "trigger_downstreams": valid_trigger_downstreams,
diff --git a/tron/core/action.py b/tron/core/action.py
index 2f65d0900..7b24efe3c 100644
--- a/tron/core/action.py
+++ b/tron/core/action.py
@@ -92,6 +92,7 @@ def from_config(cls, config: ConfigAction) -> "Action":
             env=config.env or {},
             secret_env=config.secret_env or {},
             secret_volumes=config.secret_volumes or [],
+            projected_sa_volumes=config.projected_sa_volumes or [],
             field_selector_env=config.field_selector_env or {},
             cap_add=config.cap_add or [],
             cap_drop=config.cap_drop or [],