From dfc7a98d87c93860545033c9a37d81352c2caf70 Mon Sep 17 00:00:00 2001 From: Michael Mandrus <41969079+mmandrus@users.noreply.github.com> Date: Tue, 12 Jul 2022 19:21:02 -0400 Subject: [PATCH] add comments (#52124) --- pkg/services/datasources/service/secrets_mig.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkg/services/datasources/service/secrets_mig.go b/pkg/services/datasources/service/secrets_mig.go index aff7fe53815..5075ee6367a 100644 --- a/pkg/services/datasources/service/secrets_mig.go +++ b/pkg/services/datasources/service/secrets_mig.go @@ -9,9 +9,12 @@ import ( ) const ( - secretMigrationStatusKey = "secretMigrationStatus" + // Not set means migration has not happened + secretMigrationStatusKey = "secretMigrationStatus" + // Migration happened with disableSecretCompatibility set to false compatibleSecretMigrationValue = "compatible" - completeSecretMigrationValue = "complete" + // Migration happened with disableSecretCompatibility set to true + completeSecretMigrationValue = "complete" ) type DataSourceSecretMigrationService struct { @@ -38,8 +41,13 @@ func (s *DataSourceSecretMigrationService) Migrate(ctx context.Context) error { return err } + // If this flag is true, delete secrets from the legacy secrets store as they are migrated disableSecretsCompatibility := s.features.IsEnabled(featuremgmt.FlagDisableSecretsCompatibility) + // If migration hasn't happened, migrate to unified secrets and keep copy in legacy + // If a complete migration happened and now backwards compatibility is enabled, copy secrets back to legacy needCompatibility := migrationStatus != compatibleSecretMigrationValue && !disableSecretsCompatibility + // If migration hasn't happened, migrate to unified secrets and delete from legacy + // If a compatible migration happened and now compatibility is disabled, delete secrets from legacy needMigration := migrationStatus != completeSecretMigrationValue && disableSecretsCompatibility if needCompatibility || needMigration {