From d6d9e14f1e47de9a3dcf06b092cf677118079d0b Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Mon, 11 Sep 2023 10:25:36 -0700 Subject: [PATCH] fix: avoid panic in operator-ca secret checks --- pkg/controller/main-controller.go | 2 +- pkg/controller/minio.go | 15 ++++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/pkg/controller/main-controller.go b/pkg/controller/main-controller.go index 2bde7f7dab1..ad66a7e8470 100644 --- a/pkg/controller/main-controller.go +++ b/pkg/controller/main-controller.go @@ -952,7 +952,7 @@ func (c *Controller) syncHandler(key string) (Result, error) { } // check if operator-ca-tls has to be updated or re-created in the tenant namespace - operatorCATLSExists, err := c.checkOperatorCaForTenant(ctx, tenant) + operatorCATLSExists, err := c.checkOperatorCAForTenant(ctx, tenant) if err != nil { return WrapResult(Result{}, err) } diff --git a/pkg/controller/minio.go b/pkg/controller/minio.go index 74b9e0b21f8..eaa7d6a92af 100644 --- a/pkg/controller/minio.go +++ b/pkg/controller/minio.go @@ -129,8 +129,8 @@ func getOperatorCertFromSecret(secretData map[string][]byte, key string) ([]byte } // checkOperatorCaForTenant create or updates the operator-ca-tls secret for tenant if need it -func (c *Controller) checkOperatorCaForTenant(ctx context.Context, tenant *miniov2.Tenant) (operatorCATLSExists bool, err error) { - var certsData map[string][]byte +func (c *Controller) checkOperatorCAForTenant(ctx context.Context, tenant *miniov2.Tenant) (operatorCATLSExists bool, err error) { + certsData := make(map[string][]byte) // get operator-ca-tls in minio-operator namespace operatorCaSecret, err := c.kubeClientSet.CoreV1().Secrets(miniov2.GetNSFromFile()).Get(ctx, OperatorCATLSSecretName, metav1.GetOptions{}) @@ -143,13 +143,10 @@ func (c *Controller) checkOperatorCaForTenant(ctx context.Context, tenant *minio } operatorPublicCert, err := getOperatorCertFromSecret(operatorCaSecret.Data, common.PublicCRT) - if err != nil { - // If no public.crt is present we error, other certs are optional - return false, err + if err == nil { + certsData[common.PublicCRT] = operatorPublicCert } - certsData[common.PublicCRT] = operatorPublicCert - operatorTLSCert, err := getOperatorCertFromSecret(operatorCaSecret.Data, common.TLSCRT) if err == nil { certsData[common.TLSCRT] = operatorTLSCert @@ -160,6 +157,10 @@ func (c *Controller) checkOperatorCaForTenant(ctx context.Context, tenant *minio certsData[common.CACRT] = operatorCACert } + if len(certsData) == 0 { + return false, fmt.Errorf("'%s' secret exists but is missing public.crt, tls.crt and ca.crt, please fix it manually", OperatorCATLSSecretName) + } + var tenantCaSecret *corev1.Secret createTenantCASecret := func() error {