Skip to content

Commit

Permalink
Merge pull request #432 from mgirgisf/mgirgis-osprh-8196
Browse files Browse the repository at this point in the history
Move to VerifySecret
  • Loading branch information
openshift-merge-bot[bot] authored Jul 25, 2024
2 parents cbfde2d + 04ad891 commit 5871170
Show file tree
Hide file tree
Showing 3 changed files with 98 additions and 40 deletions.
35 changes: 15 additions & 20 deletions controllers/autoscaling_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -329,7 +329,7 @@ func (r *AutoscalingReconciler) reconcileNormal(
//
// check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map
//
ctrlResult, err := r.getSecret(ctx, helper, instance, instance.Spec.Aodh.Secret, &configMapVars)
ctrlResult, err := r.getSecret(ctx, helper, instance, instance.Spec.Aodh.Secret, instance.Spec.Aodh.PasswordSelectors.AodhService, &configMapVars)
if err != nil {
return ctrlResult, err
}
Expand Down Expand Up @@ -373,7 +373,7 @@ func (r *AutoscalingReconciler) reconcileNormal(
//
// check for required TransportURL secret holding transport URL string
//
ctrlResult, err = r.getSecret(ctx, helper, instance, instance.Status.TransportURLSecret, &configMapVars)
ctrlResult, err = r.getSecret(ctx, helper, instance, instance.Status.TransportURLSecret, "transport_url", &configMapVars)
if err != nil {
return ctrlResult, err
}
Expand Down Expand Up @@ -631,29 +631,24 @@ func (r *AutoscalingReconciler) getAutoscalingHeat(
}

// getSecret - get the specified secret, and add its hash to envVars
func (r *AutoscalingReconciler) getSecret(ctx context.Context, h *helper.Helper, instance *telemetryv1.Autoscaling, secretName string, envVars *map[string]env.Setter) (ctrl.Result, error) {
secret, hash, err := secret.GetSecret(ctx, h, secretName, instance.Namespace)
func (r *AutoscalingReconciler) getSecret(ctx context.Context, h *helper.Helper, instance *telemetryv1.Autoscaling, secretName string, expectedField string, envVars *map[string]env.Setter) (ctrl.Result, error) {
secretHash, result, err := ensureSecret(
ctx,
types.NamespacedName{Namespace: instance.Namespace, Name: secretName},
[]string{
expectedField,
},
h.GetClient(),
&instance.Status.Conditions,
time.Duration(10)*time.Second,
)
if err != nil {
if k8s_errors.IsNotFound(err) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.InputReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.InputReadyWaitingMessage))
return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, fmt.Errorf("secret %s not found", secretName)
}
instance.Status.Conditions.Set(condition.FalseCondition(
condition.InputReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.InputReadyErrorMessage,
err.Error()))
return ctrl.Result{}, err
return result, err
}

// Add a prefix to the var name to avoid accidental collision with other non-secret
// vars. The secret names themselves will be unique.
(*envVars)["secret-"+secret.Name] = env.SetValue(hash)
(*envVars)["secret-"+secretName] = env.SetValue(secretHash)

return ctrl.Result{}, nil
}
Expand Down
35 changes: 15 additions & 20 deletions controllers/ceilometer_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -342,7 +342,7 @@ func (r *CeilometerReconciler) reconcileNormal(ctx context.Context, instance *te
//
// check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map
//
ctrlResult, err := r.getSecret(ctx, helper, instance, instance.Spec.Secret, &configMapVars)
ctrlResult, err := r.getSecret(ctx, helper, instance, instance.Spec.Secret, instance.Spec.PasswordSelectors.CeilometerService, &configMapVars)
if err != nil {
return ctrlResult, err
}
Expand All @@ -351,7 +351,7 @@ func (r *CeilometerReconciler) reconcileNormal(ctx context.Context, instance *te
//
// check for required TransportURL secret holding transport URL string
//
ctrlResult, err = r.getSecret(ctx, helper, instance, instance.Status.TransportURLSecret, &configMapVars)
ctrlResult, err = r.getSecret(ctx, helper, instance, instance.Status.TransportURLSecret, "transport_url", &configMapVars)
if err != nil {
return ctrlResult, err
}
Expand Down Expand Up @@ -558,29 +558,24 @@ func (r *CeilometerReconciler) reconcileNormal(ctx context.Context, instance *te
}

// getSecret - get the specified secret, and add its hash to envVars
func (r *CeilometerReconciler) getSecret(ctx context.Context, h *helper.Helper, instance *telemetryv1.Ceilometer, secretName string, envVars *map[string]env.Setter) (ctrl.Result, error) {
secret, hash, err := secret.GetSecret(ctx, h, secretName, instance.Namespace)
func (r *CeilometerReconciler) getSecret(ctx context.Context, h *helper.Helper, instance *telemetryv1.Ceilometer, secretName string, expectedField string, envVars *map[string]env.Setter) (ctrl.Result, error) {
secretHash, result, err := ensureSecret(
ctx,
types.NamespacedName{Namespace: instance.Namespace, Name: secretName},
[]string{
expectedField,
},
h.GetClient(),
&instance.Status.Conditions,
time.Duration(10)*time.Second,
)
if err != nil {
if k8s_errors.IsNotFound(err) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.InputReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.InputReadyWaitingMessage))
return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, fmt.Errorf("secret %s not found", secretName)
}
instance.Status.Conditions.Set(condition.FalseCondition(
condition.InputReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.InputReadyErrorMessage,
err.Error()))
return ctrl.Result{}, err
return result, err
}

// Add a prefix to the var name to avoid accidental collision with other non-secret
// vars. The secret names themselves will be unique.
(*envVars)["secret-"+secret.Name] = env.SetValue(hash)
(*envVars)["secret-"+secretName] = env.SetValue(secretHash)

return ctrl.Result{}, nil
}
Expand Down
68 changes: 68 additions & 0 deletions controllers/telemetry_common.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
/*
Copyright 2022.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package controllers

import (
"context"
"fmt"
"time"

condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition"
secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret"
k8s_errors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/types"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
)

type conditionUpdater interface {
Set(c *condition.Condition)
MarkTrue(t condition.Type, messageFormat string, messageArgs ...interface{})
}

// ensureSecret - ensures that the Secret object exists and the expected fields
// are in the Secret. It returns a hash of the values of the expected fields
// passed as input.
func ensureSecret(
ctx context.Context,
secretName types.NamespacedName,
expectedFields []string,
reader client.Reader,
conditionUpdater conditionUpdater,
requeueTimeout time.Duration,
) (string, ctrl.Result, error) {

hash, res, err := secret.VerifySecret(ctx, secretName, expectedFields, reader, requeueTimeout)
if err != nil {
if k8s_errors.IsNotFound(err) {
conditionUpdater.Set(condition.FalseCondition(
condition.InputReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.InputReadyWaitingMessage))
return "", ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, fmt.Errorf("OpenStack secret %s not found", secretName)
}
conditionUpdater.Set(condition.FalseCondition(
condition.InputReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.InputReadyErrorMessage,
err.Error()))
return "", res, err
}
return hash, ctrl.Result{}, nil
}

0 comments on commit 5871170

Please sign in to comment.