From 0ab00872adfb9ccb34d6d7043a26ace6fb49b324 Mon Sep 17 00:00:00 2001
From: Francesco Pantano <fpantano@redhat.com>
Date: Tue, 10 Sep 2024 16:14:35 +0200
Subject: [PATCH] Move to VerifySecret when checking the ctlplane secret

This change aligns the glance-operator to what has been done in cinder
and manila. The ensureSecret function has been renamed to verifyServiceSecret
and it takes as input the configVars where the hash is computed.

Signed-off-by: Francesco Pantano <fpantano@redhat.com>
---
 controllers/glance_common.go        | 22 +++++++++++-----------
 controllers/glance_controller.go    | 19 ++++---------------
 controllers/glanceapi_controller.go | 12 +++++-------
 3 files changed, 20 insertions(+), 33 deletions(-)

diff --git a/controllers/glance_common.go b/controllers/glance_common.go
index aff0fc83..2fea23b4 100644
--- a/controllers/glance_common.go
+++ b/controllers/glance_common.go
@@ -22,7 +22,6 @@ import (
 	"time"
 
 	"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
-	oko_secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret"
 	"k8s.io/apimachinery/pkg/types"
 
 	glancev1 "github.com/openstack-k8s-operators/glance-operator/api/v1beta1"
@@ -68,19 +67,20 @@ type conditionUpdater interface {
 	MarkTrue(t condition.Type, messageFormat string, messageArgs ...interface{})
 }
 
-// ensureSecret - ensures that the Secret object exists and the expected fields
-// are in the Secret. It returns a hash of the values of the expected fields
-// passed as input.
-func ensureSecret(
+// verifyServiceSecret - ensures that the Secret object exists and the expected
+// fields are in the Secret. It also sets a hash of the values of the expected
+// fields passed as input.
+func verifyServiceSecret(
 	ctx context.Context,
 	secretName types.NamespacedName,
 	expectedFields []string,
 	reader client.Reader,
 	conditionUpdater conditionUpdater,
 	requeueTimeout time.Duration,
-) (string, ctrl.Result, error) {
+	envVars *map[string]env.Setter,
+) (ctrl.Result, error) {
 
-	hash, res, err := oko_secret.VerifySecret(ctx, secretName, expectedFields, reader, requeueTimeout)
+	hash, res, err := secret.VerifySecret(ctx, secretName, expectedFields, reader, requeueTimeout)
 	if err != nil {
 		conditionUpdater.Set(condition.FalseCondition(
 			condition.InputReadyCondition,
@@ -88,7 +88,7 @@ func ensureSecret(
 			condition.SeverityWarning,
 			condition.InputReadyErrorMessage,
 			err.Error()))
-		return "", res, err
+		return res, err
 	} else if (res != ctrl.Result{}) {
 		log.FromContext(ctx).Info(fmt.Sprintf("OpenStack secret %s not found", secretName))
 		conditionUpdater.Set(condition.FalseCondition(
@@ -96,10 +96,10 @@ func ensureSecret(
 			condition.RequestedReason,
 			condition.SeverityInfo,
 			condition.InputReadyWaitingMessage))
-		return "", res, nil
+		return res, nil
 	}
-
-	return hash, ctrl.Result{}, nil
+	(*envVars)[secretName.Name] = env.SetValue(hash)
+	return ctrl.Result{}, nil
 }
 
 // ensureNAD - common function called in the glance controllers that GetNAD based
diff --git a/controllers/glance_controller.go b/controllers/glance_controller.go
index 7e63da11..a0def361 100644
--- a/controllers/glance_controller.go
+++ b/controllers/glance_controller.go
@@ -51,7 +51,6 @@ import (
 	"github.com/openstack-k8s-operators/lib-common/modules/common/job"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/labels"
 	common_rbac "github.com/openstack-k8s-operators/lib-common/modules/common/rbac"
-	oko_secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/util"
 	"github.com/openstack-k8s-operators/lib-common/modules/openstack"
 	mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
@@ -405,14 +404,6 @@ func (r *GlanceReconciler) reconcileInit(
 	//
 	// create Keystone service and users - https://docs.openstack.org/Glance/latest/install/install-rdo.html#configure-user-and-endpoints
 	//
-	_, _, err := oko_secret.GetSecret(ctx, helper, instance.Spec.Secret, instance.Namespace)
-	if err != nil {
-		if k8s_errors.IsNotFound(err) {
-			r.Log.Info(fmt.Sprintf("OpenStack secret %s not found", instance.Spec.Secret))
-			return glance.ResultRequeue, nil
-		}
-		return ctrl.Result{}, err
-	}
 
 	ksSvcSpec := keystonev1.KeystoneServiceSpec{
 		ServiceType:        glance.ServiceType,
@@ -565,7 +556,7 @@ func (r *GlanceReconciler) reconcileNormal(ctx context.Context, instance *glance
 	//
 	// check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map
 	//
-	secretHash, result, err := ensureSecret(
+	ctrlResult, err := verifyServiceSecret(
 		ctx,
 		types.NamespacedName{Namespace: instance.Namespace, Name: instance.Spec.Secret},
 		[]string{
@@ -574,14 +565,12 @@ func (r *GlanceReconciler) reconcileNormal(ctx context.Context, instance *glance
 		helper.GetClient(),
 		&instance.Status.Conditions,
 		glance.NormalDuration,
+		&configVars,
 	)
-	if err != nil {
-		return result, err
-	} else if (result != ctrl.Result{}) {
-		return result, nil
+	if (err != nil || ctrlResult != ctrl.Result{}) {
+		return ctrlResult, nil
 	}
 
-	configVars[instance.Spec.Secret] = env.SetValue(secretHash)
 	instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)
 	// run check OpenStack secret - end
 
diff --git a/controllers/glanceapi_controller.go b/controllers/glanceapi_controller.go
index 100dc487..f35d43d0 100644
--- a/controllers/glanceapi_controller.go
+++ b/controllers/glanceapi_controller.go
@@ -587,8 +587,7 @@ func (r *GlanceAPIReconciler) reconcileNormal(
 	//
 	// check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map
 	//
-
-	secretHash, result, err := ensureSecret(
+	ctrlResult, err := verifyServiceSecret(
 		ctx,
 		types.NamespacedName{Namespace: instance.Namespace, Name: instance.Spec.Secret},
 		[]string{
@@ -597,12 +596,11 @@ func (r *GlanceAPIReconciler) reconcileNormal(
 		helper.GetClient(),
 		&instance.Status.Conditions,
 		glance.NormalDuration,
+		&configVars,
 	)
-	if err != nil {
-		return result, err
+	if (err != nil || ctrlResult != ctrl.Result{}) {
+		return ctrlResult, nil
 	}
-
-	configVars[instance.Spec.Secret] = env.SetValue(secretHash)
 	instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)
 	// run check OpenStack secret - end
 
@@ -746,7 +744,7 @@ func (r *GlanceAPIReconciler) reconcileNormal(
 
 	var serviceAnnotations map[string]string
 	// networks to attach to
-	serviceAnnotations, ctrlResult, err := ensureNAD(ctx, &instance.Status.Conditions, instance.Spec.NetworkAttachments, helper)
+	serviceAnnotations, ctrlResult, err = ensureNAD(ctx, &instance.Status.Conditions, instance.Spec.NetworkAttachments, helper)
 	if err != nil {
 		instance.Status.Conditions.MarkFalse(
 			condition.NetworkAttachmentsReadyCondition,