Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: remove duplicated logic by function call #1080

Merged
merged 3 commits into from
Jun 26, 2024
Merged

chore: remove duplicated logic by function call #1080

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
51194cc
chore: remove duplicated logic by function call
zdtsw Jun 25, 2024
11fb6b6
update:refactor some more
zdtsw Jun 25, 2024
fe4e0e5
update: code review
zdtsw Jun 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 34 additions & 44 deletions pkg/cluster/cert.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,27 +32,9 @@ func CreateSelfSignedCertificate(ctx context.Context, c client.Client, secretNam
if err := ApplyMetaOptions(certSecret, metaOptions...); err != nil {
return err
}
existingSecret := &corev1.Secret{}
err = c.Get(ctx, client.ObjectKey{Name: secretName, Namespace: namespace}, existingSecret)
if err != nil {
if k8serr.IsNotFound(err) {
// Secret does not exist, create it
if createErr := c.Create(ctx, certSecret); createErr != nil {
return fmt.Errorf("failed creating certificate secret: %w", createErr)
}
} else {
return fmt.Errorf("failed getting certificate secret: %w", err)
}
} else if existingSecret.Type != certSecret.Type {
// Secret exists but with a different type, delete and recreate it
if err := c.Delete(ctx, existingSecret); err != nil {
return fmt.Errorf("failed deleting existing secret: %w", err)
}
if createErr := c.Create(ctx, certSecret); client.IgnoreAlreadyExists(createErr) != nil {
return fmt.Errorf("failed creating certificate secret: %w", createErr)
}
if err = generateCertSecret(ctx, c, certSecret, secretName, namespace); err != nil {
return fmt.Errorf("failed update self-signed certificate secret: %w", err)
}

return nil
}

Expand Down Expand Up @@ -194,43 +176,51 @@ func copySecretToNamespace(ctx context.Context, c client.Client, secret *corev1.
Data: secret.Data,
Type: secret.Type,
}

existingSecret := &corev1.Secret{}
err := c.Get(ctx, client.ObjectKey{Name: newSecretName, Namespace: namespace}, existingSecret)
if k8serr.IsNotFound(err) { // create if not found
if err = c.Create(ctx, newSecret); err != nil {
return fmt.Errorf("failed to create new secret: %w", err)
}
} else if err != nil {
return fmt.Errorf("failed to get existing secret: %w", err)
if err := generateCertSecret(ctx, c, newSecret, newSecretName, namespace); err != nil {
return fmt.Errorf("failed to deploy default cert secret to namespace %s: %w", namespace, err)
}

if existingSecret.Type != newSecret.Type { // recreate if found with mismatched type
if recreateSecret(ctx, c, existingSecret, newSecret) != nil {
return errors.New("failed to recreate secret with type corrected")
}
}

if isSecretOutdated(existingSecret.Data, newSecret.Data) {
if err = c.Update(ctx, newSecret); err != nil { // update data if found with same type but outdated content
return fmt.Errorf("failed to update secret: %w", err)
}
}

return nil
}

// recreateSecret deletes the existing secret and creates a new one.
func recreateSecret(ctx context.Context, c client.Client, existingSecret, newSecret *corev1.Secret) error {
if err := c.Delete(ctx, existingSecret); err != nil {
return fmt.Errorf("failed to delete existing secret: %w", err)
return fmt.Errorf("failed to delete existing secret before recreating new one: %w", err)
}
if err := c.Create(ctx, newSecret); err != nil {
return fmt.Errorf("failed to create new secret: %w", err)
return fmt.Errorf("failed to create new secret after existing one has been deleted: %w", err)
}
return nil
}

// generateCertSecret creates a secret if it does not exist; recreate this secret if type not match; update data if outdated.
func generateCertSecret(ctx context.Context, c client.Client, certSecret *corev1.Secret, secretName, namespace string) error {
existingSecret := &corev1.Secret{}
err := c.Get(ctx, client.ObjectKey{Name: secretName, Namespace: namespace}, existingSecret)
switch {
case err == nil:
// Secret exists but with a different type, delete and create it again
if existingSecret.Type != certSecret.Type {
return recreateSecret(ctx, c, existingSecret, certSecret)
}
// update data if found with same type but outdated content
if isSecretOutdated(existingSecret.Data, certSecret.Data) {
if err = c.Update(ctx, certSecret); err != nil {
return fmt.Errorf("failed to update existing secret: %w", err)
}
}
case k8serr.IsNotFound(err):
// Secret does not exist, create it
if err := c.Create(ctx, certSecret); err != nil {
return fmt.Errorf("failed creating new certificate secret: %w", err)
}
default:
return fmt.Errorf("failed getting certificate secret: %w", err)
}

return nil
}

// isSecretOutdated compares two secret data of type map[string][]byte and returns true if they are not equal.
func isSecretOutdated(existingSecretData, newSecretData map[string][]byte) bool {
if len(existingSecretData) != len(newSecretData) {
Expand Down
Loading