Skip to content

Commit

Permalink
Check DbRootPassword exist using VerifySecret()
Browse files Browse the repository at this point in the history
Verification of the password secret should also check for the
expected key (DbRootPassword) to exist. This changes this by
using the secret.VerifySecret() func.

Signed-off-by: Martin Schuppert <[email protected]>
  • Loading branch information
stuggi committed Sep 13, 2024
1 parent 8c6251d commit 9b127e6
Showing 1 changed file with 17 additions and 3 deletions.
20 changes: 17 additions & 3 deletions controllers/galera_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -539,18 +539,32 @@ func (r *GaleraReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res
clusterPropertiesEnv := make(map[string]env.Setter)

// Check and hash inputs
secretName := instance.Spec.Secret
// NOTE do not hash the db root password, as its change requires
// more orchestration than a simple rolling restart
_, _, err = secret.GetSecret(ctx, helper, secretName, instance.Namespace)
_, res, err := secret.VerifySecret(
ctx,
types.NamespacedName{Namespace: instance.Namespace, Name: instance.Spec.Secret},
[]string{
"DbRootPassword",
},
helper.GetClient(),
time.Duration(5)*time.Second)
if err != nil {
if k8s_errors.IsNotFound(err) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.InputReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.InputReadyWaitingMessage))
return res, fmt.Errorf("OpenStack secret %s not found", instance.Spec.Secret)
}
instance.Status.Conditions.Set(condition.FalseCondition(
condition.InputReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.InputReadyErrorMessage,
err.Error()))
return ctrl.Result{}, fmt.Errorf("error calculating input hash: %w", err)
return ctrl.Result{}, err
}
instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)

Expand Down

0 comments on commit 9b127e6

Please sign in to comment.