Skip to content

Commit

Permalink
Clean up code after switching from configmaps to secrets
Browse files Browse the repository at this point in the history
This is a purely cosmetic change (nothing functional) to update
and/or remove all references to configmaps now that everything
is stored in secrets.
  • Loading branch information
ASBishop committed Jun 13, 2023
1 parent d177df3 commit 47f9dc1
Show file tree
Hide file tree
Showing 6 changed files with 94 additions and 162 deletions.
12 changes: 0 additions & 12 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -193,18 +193,6 @@ rules:
- get
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
Expand Down
45 changes: 16 additions & 29 deletions controllers/cinder_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,6 @@ type CinderReconciler struct {
// +kubebuilder:rbac:groups=cinder.openstack.org,resources=cindervolumes,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=cinder.openstack.org,resources=cindervolumes/status,verbs=get;update;patch
// +kubebuilder:rbac:groups=cinder.openstack.org,resources=cindervolumes/finalizers,verbs=update
// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;create;update;patch;delete;watch
// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;create;update;patch;delete;watch
// +kubebuilder:rbac:groups=batch,resources=jobs,verbs=get;list;create;update;patch;delete;watch
// +kubebuilder:rbac:groups=mariadb.openstack.org,resources=mariadbdatabases,verbs=get;list;watch;create;update;patch;delete
Expand Down Expand Up @@ -268,7 +267,7 @@ func (r *CinderReconciler) SetupWithManager(mgr ctrl.Manager) error {
Owns(&cinderv1beta1.CinderVolume{}).
Owns(&rabbitmqv1.TransportURL{}).
Owns(&batchv1.Job{}).
Owns(&corev1.ConfigMap{}).
Owns(&corev1.Secret{}).
// Watch for TransportURL Secrets which belong to any TransportURLs created by Cinder CRs
Watches(&source.Kind{Type: &corev1.Secret{}},
handler.EnqueueRequestsFromMapFunc(transportURLSecretFn)).
Expand Down Expand Up @@ -443,8 +442,7 @@ func (r *CinderReconciler) reconcileNormal(ctx context.Context, instance *cinder
common.AppSelector: cinder.ServiceName,
}

// ConfigMap
configMapVars := make(map[string]env.Setter)
configVars := make(map[string]env.Setter)

//
// create RabbitMQ transportURL CR and get the actual URL from the associated secret that is created
Expand Down Expand Up @@ -504,22 +502,15 @@ func (r *CinderReconciler) reconcileNormal(ctx context.Context, instance *cinder
return ctrl.Result{}, err
}
// Add a prefix to the var name to avoid accidental collision with other non-secret vars.
configMapVars["secret-"+ospSecret.Name] = env.SetValue(hash)
configVars["secret-"+ospSecret.Name] = env.SetValue(hash)

instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)
// run check OpenStack secret - end

//
// Create ConfigMaps and Secrets required as input for the Service and calculate an overall hash of hashes
// Create Secrets required as input for the Service and calculate an overall hash of hashes
//

//
// create Configmap required for cinder input
// - %-scripts configmap holding scripts to e.g. bootstrap the service
// - %-config configmap holding minimal cinder config required to get the service up, user can add additional files to be added to the service
// - parameters which has passwords gets added from the OpenStack secret via the init container
//
err = r.generateServiceConfigMaps(ctx, helper, instance, &configMapVars, serviceLabels)
err = r.generateServiceConfigs(ctx, helper, instance, &configVars, serviceLabels)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.ServiceConfigReadyCondition,
Expand All @@ -534,7 +525,7 @@ func (r *CinderReconciler) reconcileNormal(ctx context.Context, instance *cinder
// create hash over all the different input resources to identify if any those changed
// and a restart/recreate is required.
//
_, hashChanged, err := r.createHashOfInputHashes(ctx, instance, configMapVars)
_, hashChanged, err := r.createHashOfInputHashes(ctx, instance, configVars)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.ServiceConfigReadyCondition,
Expand All @@ -548,7 +539,6 @@ func (r *CinderReconciler) reconcileNormal(ctx context.Context, instance *cinder
// so we need to return and reconcile again
return ctrl.Result{}, nil
}
// Create ConfigMaps and Secrets - end

instance.Status.Conditions.MarkTrue(condition.ServiceConfigReadyCondition, condition.ServiceConfigReadyMessage)

Expand Down Expand Up @@ -762,23 +752,22 @@ func (r *CinderReconciler) reconcileUpgrade(ctx context.Context, instance *cinde
return ctrl.Result{}, nil
}

// generateServiceConfigMaps - create create configmaps which hold scripts and service configuration
// generateServiceConfigs - create Secret which hold scripts and service configuration
// TODO add DefaultConfigOverwrite
func (r *CinderReconciler) generateServiceConfigMaps(
func (r *CinderReconciler) generateServiceConfigs(
ctx context.Context,
h *helper.Helper,
instance *cinderv1beta1.Cinder,
envVars *map[string]env.Setter,
serviceLabels map[string]string,
) error {
//
// create Configmap/Secret required for cinder input
// - %-scripts configmap holding scripts to e.g. bootstrap the service
// - %-config configmap holding minimal cinder config required to get the service up, user can add additional files to be added to the service
// - parameters which has passwords gets added from the ospSecret via the init container
// create Secret required for cinder input
// - %-scripts holds scripts to e.g. bootstrap the service
// - %-config holds minimal cinder config required to get the service up
//

cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(cinder.ServiceName), serviceLabels)
labels := labels.GetLabels(instance, labels.GetGroupLabel(cinder.ServiceName), serviceLabels)

// customData hold any customization for all cinder services.
customData := map[string]string{cinder.CustomConfigFileName: instance.Spec.CustomServiceConfig}
Expand Down Expand Up @@ -822,28 +811,26 @@ func (r *CinderReconciler) generateServiceConfigMaps(
instance.Status.DatabaseHostname,
cinder.DatabaseName)

cms := []util.Template{
// ScriptsConfigMap
configTemplates := []util.Template{
{
Name: fmt.Sprintf("%s-scripts", instance.Name),
Namespace: instance.Namespace,
Type: util.TemplateTypeScripts,
InstanceType: instance.Kind,
Labels: cmLabels,
Labels: labels,
},
// ConfigMap
{
Name: fmt.Sprintf("%s-config-data", instance.Name),
Namespace: instance.Namespace,
Type: util.TemplateTypeConfig,
InstanceType: instance.Kind,
CustomData: customData,
ConfigOptions: templateParameters,
Labels: cmLabels,
Labels: labels,
},
}

return secret.EnsureSecrets(ctx, h, instance, cms, envVars)
return secret.EnsureSecrets(ctx, h, instance, configTemplates, envVars)
}

// createHashOfInputHashes - creates a hash of hashes which gets added to the resources which requires a restart
Expand Down
51 changes: 20 additions & 31 deletions controllers/cinderapi_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,6 @@ var (
//+kubebuilder:rbac:groups=cinder.openstack.org,resources=cinderapis,verbs=get;list;watch;create;update;patch;delete
//+kubebuilder:rbac:groups=cinder.openstack.org,resources=cinderapis/status,verbs=get;update;patch
//+kubebuilder:rbac:groups=cinder.openstack.org,resources=cinderapis/finalizers,verbs=update
// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;create;update;patch;delete;watch
// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;create;update;patch;delete;watch
// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;
Expand Down Expand Up @@ -462,70 +461,63 @@ func (r *CinderAPIReconciler) reconcileInit(
func (r *CinderAPIReconciler) reconcileNormal(ctx context.Context, instance *cinderv1beta1.CinderAPI, helper *helper.Helper) (ctrl.Result, error) {
r.Log.Info(fmt.Sprintf("Reconciling Service '%s'", instance.Name))

// ConfigMap
configMapVars := make(map[string]env.Setter)
configVars := make(map[string]env.Setter)

//
// check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map
//
ctrlResult, err := r.getSecret(ctx, helper, instance, instance.Spec.Secret, &configMapVars)
ctrlResult, err := r.getSecret(ctx, helper, instance, instance.Spec.Secret, &configVars)
if err != nil {
return ctrlResult, err
}
// run check OpenStack secret - end

//
// check for required TransportURL secret holding transport URL string
//
ctrlResult, err = r.getSecret(ctx, helper, instance, instance.Spec.TransportURLSecret, &configMapVars)
ctrlResult, err = r.getSecret(ctx, helper, instance, instance.Spec.TransportURLSecret, &configVars)
if err != nil {
return ctrlResult, err
}
// run check TransportURL secret - end

//
// check for required service secrets
//
for _, secretName := range instance.Spec.CustomServiceConfigSecrets {
ctrlResult, err = r.getSecret(ctx, helper, instance, secretName, &configMapVars)
ctrlResult, err = r.getSecret(ctx, helper, instance, secretName, &configVars)
if err != nil {
return ctrlResult, err
}
}
// run check service secrets - end

//
// check for required Cinder config maps that should have been created by parent Cinder CR
// check for required Cinder secrets that should have been created by parent Cinder CR
//

parentCinderName := cinder.GetOwningCinderName(instance)
parentSecrets := []string{
fmt.Sprintf("%s-scripts", parentCinderName), //ScriptsConfigMap
fmt.Sprintf("%s-config-data", parentCinderName), //ConfigMap
fmt.Sprintf("%s-scripts", parentCinderName),
fmt.Sprintf("%s-config-data", parentCinderName),
}

for _, parentSecret := range parentSecrets {
ctrlResult, err = r.getSecret(ctx, helper, instance, parentSecret, &configMapVars)
ctrlResult, err = r.getSecret(ctx, helper, instance, parentSecret, &configVars)
if err != nil {
return ctrlResult, err
}
}
instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)
// run check parent Cinder CR config maps - end

//
// Create ConfigMaps required as input for the Service and calculate an overall hash of hashes
// Create secrets required as input for the Service and calculate an overall hash of hashes
//

serviceLabels := map[string]string{
common.AppSelector: cinder.ServiceName,
common.ComponentSelector: cinderapi.Component,
}

//
// create custom Configmap for this cinder volume service
// create custom config for this cinder service
//
err = r.generateServiceConfigMaps(ctx, helper, instance, &configMapVars, serviceLabels)
err = r.generateServiceConfigs(ctx, helper, instance, &configVars, serviceLabels)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.ServiceConfigReadyCondition,
Expand All @@ -535,13 +527,12 @@ func (r *CinderAPIReconciler) reconcileNormal(ctx context.Context, instance *cin
err.Error()))
return ctrl.Result{}, err
}
// Create ConfigMaps - end

//
// create hash over all the different input resources to identify if any those changed
// and a restart/recreate is required.
//
inputHash, hashChanged, err := r.createHashOfInputHashes(ctx, instance, configMapVars)
inputHash, hashChanged, err := r.createHashOfInputHashes(ctx, instance, configVars)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.ServiceConfigReadyCondition,
Expand All @@ -556,7 +547,6 @@ func (r *CinderAPIReconciler) reconcileNormal(ctx context.Context, instance *cin
return ctrl.Result{}, nil
}
instance.Status.Conditions.MarkTrue(condition.ServiceConfigReadyCondition, condition.ServiceConfigReadyMessage)
// Create ConfigMaps and Secrets - end

//
// TODO check when/if Init, Update, or Upgrade should/could be skipped
Expand Down Expand Up @@ -741,21 +731,21 @@ func (r *CinderAPIReconciler) getSecret(
return ctrl.Result{}, nil
}

// generateServiceConfigMaps - create custom configmap to hold service-specific config
// generateServiceConfigs - create Secret which holds the service configuration
// TODO add DefaultConfigOverwrite
func (r *CinderAPIReconciler) generateServiceConfigMaps(
func (r *CinderAPIReconciler) generateServiceConfigs(
ctx context.Context,
h *helper.Helper,
instance *cinderv1beta1.CinderAPI,
envVars *map[string]env.Setter,
serviceLabels map[string]string,
) error {
//
// create custom Configmap for cinder-api-specific config input
// - %-config-data configmap holding custom config for the service's cinder.conf
// create custom Secret for cinder service-specific config input
// - %-config-data holds custom config for the service
//

cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(cinder.ServiceName), serviceLabels)
labels := labels.GetLabels(instance, labels.GetGroupLabel(cinder.ServiceName), serviceLabels)

// customData hold any customization for the service.
customData := map[string]string{cinder.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig}
Expand Down Expand Up @@ -789,19 +779,18 @@ func (r *CinderAPIReconciler) generateServiceConfigMaps(
}
customData[cinder.CustomServiceConfigSecretsFileName] = customSecrets

cms := []util.Template{
// Custom ConfigMap
configTemplates := []util.Template{
{
Name: fmt.Sprintf("%s-config-data", instance.Name),
Namespace: instance.Namespace,
Type: util.TemplateTypeConfig,
InstanceType: instance.Kind,
CustomData: customData,
Labels: cmLabels,
Labels: labels,
},
}

return secret.EnsureSecrets(ctx, h, instance, cms, envVars)
return secret.EnsureSecrets(ctx, h, instance, configTemplates, envVars)
}

// createHashOfInputHashes - creates a hash of hashes which gets added to the resources which requires a restart
Expand Down
Loading

0 comments on commit 47f9dc1

Please sign in to comment.