Skip to content

Commit

Permalink
Merge pull request #621 from fmount/verify-secret
Browse files Browse the repository at this point in the history
Move to VerifySecret when checking the ctlplane secret
  • Loading branch information
openshift-merge-bot[bot] authored Sep 10, 2024
2 parents 5a518ee + 0ab0087 commit 50b7ba5
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 33 deletions.
22 changes: 11 additions & 11 deletions controllers/glance_common.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import (
"time"

"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
oko_secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret"
"k8s.io/apimachinery/pkg/types"

glancev1 "github.com/openstack-k8s-operators/glance-operator/api/v1beta1"
Expand Down Expand Up @@ -68,38 +67,39 @@ type conditionUpdater interface {
MarkTrue(t condition.Type, messageFormat string, messageArgs ...interface{})
}

// ensureSecret - ensures that the Secret object exists and the expected fields
// are in the Secret. It returns a hash of the values of the expected fields
// passed as input.
func ensureSecret(
// verifyServiceSecret - ensures that the Secret object exists and the expected
// fields are in the Secret. It also sets a hash of the values of the expected
// fields passed as input.
func verifyServiceSecret(
ctx context.Context,
secretName types.NamespacedName,
expectedFields []string,
reader client.Reader,
conditionUpdater conditionUpdater,
requeueTimeout time.Duration,
) (string, ctrl.Result, error) {
envVars *map[string]env.Setter,
) (ctrl.Result, error) {

hash, res, err := oko_secret.VerifySecret(ctx, secretName, expectedFields, reader, requeueTimeout)
hash, res, err := secret.VerifySecret(ctx, secretName, expectedFields, reader, requeueTimeout)
if err != nil {
conditionUpdater.Set(condition.FalseCondition(
condition.InputReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.InputReadyErrorMessage,
err.Error()))
return "", res, err
return res, err
} else if (res != ctrl.Result{}) {
log.FromContext(ctx).Info(fmt.Sprintf("OpenStack secret %s not found", secretName))
conditionUpdater.Set(condition.FalseCondition(
condition.InputReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.InputReadyWaitingMessage))
return "", res, nil
return res, nil
}

return hash, ctrl.Result{}, nil
(*envVars)[secretName.Name] = env.SetValue(hash)
return ctrl.Result{}, nil
}

// ensureNAD - common function called in the glance controllers that GetNAD based
Expand Down
19 changes: 4 additions & 15 deletions controllers/glance_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,6 @@ import (
"github.com/openstack-k8s-operators/lib-common/modules/common/job"
"github.com/openstack-k8s-operators/lib-common/modules/common/labels"
common_rbac "github.com/openstack-k8s-operators/lib-common/modules/common/rbac"
oko_secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret"
"github.com/openstack-k8s-operators/lib-common/modules/common/util"
"github.com/openstack-k8s-operators/lib-common/modules/openstack"
mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
Expand Down Expand Up @@ -405,14 +404,6 @@ func (r *GlanceReconciler) reconcileInit(
//
// create Keystone service and users - https://docs.openstack.org/Glance/latest/install/install-rdo.html#configure-user-and-endpoints
//
_, _, err := oko_secret.GetSecret(ctx, helper, instance.Spec.Secret, instance.Namespace)
if err != nil {
if k8s_errors.IsNotFound(err) {
r.Log.Info(fmt.Sprintf("OpenStack secret %s not found", instance.Spec.Secret))
return glance.ResultRequeue, nil
}
return ctrl.Result{}, err
}

ksSvcSpec := keystonev1.KeystoneServiceSpec{
ServiceType: glance.ServiceType,
Expand Down Expand Up @@ -565,7 +556,7 @@ func (r *GlanceReconciler) reconcileNormal(ctx context.Context, instance *glance
//
// check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map
//
secretHash, result, err := ensureSecret(
ctrlResult, err := verifyServiceSecret(
ctx,
types.NamespacedName{Namespace: instance.Namespace, Name: instance.Spec.Secret},
[]string{
Expand All @@ -574,14 +565,12 @@ func (r *GlanceReconciler) reconcileNormal(ctx context.Context, instance *glance
helper.GetClient(),
&instance.Status.Conditions,
glance.NormalDuration,
&configVars,
)
if err != nil {
return result, err
} else if (result != ctrl.Result{}) {
return result, nil
if (err != nil || ctrlResult != ctrl.Result{}) {
return ctrlResult, nil
}

configVars[instance.Spec.Secret] = env.SetValue(secretHash)
instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)
// run check OpenStack secret - end

Expand Down
12 changes: 5 additions & 7 deletions controllers/glanceapi_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -587,8 +587,7 @@ func (r *GlanceAPIReconciler) reconcileNormal(
//
// check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map
//

secretHash, result, err := ensureSecret(
ctrlResult, err := verifyServiceSecret(
ctx,
types.NamespacedName{Namespace: instance.Namespace, Name: instance.Spec.Secret},
[]string{
Expand All @@ -597,12 +596,11 @@ func (r *GlanceAPIReconciler) reconcileNormal(
helper.GetClient(),
&instance.Status.Conditions,
glance.NormalDuration,
&configVars,
)
if err != nil {
return result, err
if (err != nil || ctrlResult != ctrl.Result{}) {
return ctrlResult, nil
}

configVars[instance.Spec.Secret] = env.SetValue(secretHash)
instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)
// run check OpenStack secret - end

Expand Down Expand Up @@ -746,7 +744,7 @@ func (r *GlanceAPIReconciler) reconcileNormal(

var serviceAnnotations map[string]string
// networks to attach to
serviceAnnotations, ctrlResult, err := ensureNAD(ctx, &instance.Status.Conditions, instance.Spec.NetworkAttachments, helper)
serviceAnnotations, ctrlResult, err = ensureNAD(ctx, &instance.Status.Conditions, instance.Spec.NetworkAttachments, helper)
if err != nil {
instance.Status.Conditions.MarkFalse(
condition.NetworkAttachmentsReadyCondition,
Expand Down

0 comments on commit 50b7ba5

Please sign in to comment.