fix: construct properly data secret name

The one provided in the config owner spec is only used for pivoting.

Signed-off-by: Andrey Smirnov <[email protected]>

controllers/secrets.go

@@ -154,41 +154,39 @@ func (r *TalosConfigReconciler) writeK8sCASecret(ctx context.Context, scope *Tal
 }
 
 // writeBootstrapData creates a new secret with the data passed in as input
-func (r *TalosConfigReconciler) writeBootstrapData(ctx context.Context, scope *TalosConfigScope, data []byte) error {
-	// Create ca secret only if it doesn't already exist
+func (r *TalosConfigReconciler) writeBootstrapData(ctx context.Context, scope *TalosConfigScope, data []byte) (string, error) {
+	// Create bootstrap secret only if it doesn't already exist
 	ownerName := scope.ConfigOwner.GetName()
+	dataSecretName := ownerName + "-bootstrap-data"
+
+	r.Log.Info("handling bootstrap data for ", "owner", ownerName)
 
-	if scope.ConfigOwner.DataSecretName() == nil {
-		return fmt.Errorf("config owner data secret name is nil")
+	_, err := r.fetchSecret(ctx, scope.Config, dataSecretName)
+	if err == nil {
+		return dataSecretName, nil
 	}
 
-	r.Log.Info("handling bootstrap data for ", "owner", ownerName)
+	if err != nil && !k8serrors.IsNotFound(err) {
+		return dataSecretName, err
+	}
 
-	_, err := r.fetchSecret(ctx, scope.Config, *scope.ConfigOwner.DataSecretName())
-	if k8serrors.IsNotFound(err) {
-		certSecret := &corev1.Secret{
-			ObjectMeta: metav1.ObjectMeta{
-				Namespace: scope.Config.Namespace,
-				Name:      *scope.ConfigOwner.DataSecretName(),
-				Labels: map[string]string{
-					capiv1.ClusterLabelName: scope.Cluster.Name,
-				},
-				OwnerReferences: []metav1.OwnerReference{
-					*metav1.NewControllerRef(scope.Config, bootstrapv1alpha3.GroupVersion.WithKind("TalosConfig")),
-				},
+	certSecret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: scope.Config.Namespace,
+			Name:      dataSecretName,
+			Labels: map[string]string{
+				capiv1.ClusterLabelName: scope.Cluster.Name,
 			},
-			Data: map[string][]byte{
-				"value": data,
+			OwnerReferences: []metav1.OwnerReference{
+				*metav1.NewControllerRef(scope.Config, bootstrapv1alpha3.GroupVersion.WithKind("TalosConfig")),
 			},
-		}
-
-		err = r.Client.Create(ctx, certSecret)
-		if err != nil {
-			return err
-		}
-	} else if err != nil {
-		return err
+		},
+		Data: map[string][]byte{
+			"value": data,
+		},
 	}
 
-	return nil
+	err = r.Client.Create(ctx, certSecret)
+
+	return dataSecretName, err
 }

controllers/talosconfig_controller.go

@@ -197,6 +197,15 @@ func (r *TalosConfigReconciler) Reconcile(req ctrl.Request) (_ ctrl.Result, rerr
 		return ctrl.Result{}, errors.New("infra not ready")
 	}
 
+	// Reconcile status for machines that already have a secret reference, but our status isn't up to date.
+	// This case solves the pivoting scenario (or a backup restore) which doesn't preserve the status subresource on objects.
+	if owner.DataSecretName() != nil && (!config.Status.Ready || config.Status.DataSecretName == nil) {
+		config.Status.Ready = true
+		config.Status.DataSecretName = owner.DataSecretName()
+
+		return ctrl.Result{}, nil
+	}
+
 	tcScope := &TalosConfigScope{
 		Config:      config,
 		ConfigOwner: owner,
@@ -270,12 +279,14 @@ func (r *TalosConfigReconciler) Reconcile(req ctrl.Request) (_ ctrl.Result, rerr
 		}
 	}
 
-	err = r.writeBootstrapData(ctx, tcScope, []byte(retData.BootstrapData))
+	var dataSecretName string
+
+	dataSecretName, err = r.writeBootstrapData(ctx, tcScope, []byte(retData.BootstrapData))
 	if err != nil {
 		return ctrl.Result{}, err
 	}
 
-	config.Status.DataSecretName = tcScope.ConfigOwner.DataSecretName()
+	config.Status.DataSecretName = &dataSecretName
 	config.Status.TalosConfig = retData.TalosConfig
 	config.Status.Ready = true
 

go.sum

@@ -432,8 +432,6 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykE
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/smira/talos/pkg/machinery v0.0.0-20210920195258-7e63e43eb399 h1:4eO8ltJZZTUOtWGbGi6nKSylWuYC65dSEICHkQqHnDc=
-github.com/smira/talos/pkg/machinery v0.0.0-20210920195258-7e63e43eb399/go.mod h1:qX77JMZawrDTQaJucqecdlFsHy+dbnZ9YL8Kw4qL7d4=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
@@ -479,8 +477,6 @@ github.com/talos-systems/go-retry v0.1.1-0.20201113203059-8c63d290a688/go.mod h1
 github.com/talos-systems/go-retry v0.3.1/go.mod h1:HiXQqyVStZ35uSY/MTLWVvQVmC3lIW2MS5VdDaMtoKM=
 github.com/talos-systems/net v0.3.0 h1:TG6PoiNdg9NmSeSjyecSgguUXzoJ8wp5a8RYlIdkq3Y=
 github.com/talos-systems/net v0.3.0/go.mod h1:VreSAyRmxMtqussAHSKMKkJQa1YwBTSVfkmE4Jydam4=
-github.com/talos-systems/talos/pkg/machinery v0.12.2 h1:pLRVkJ1Xa1rrVUsqJ0RccL0c2q9It268wwBV4cvg8kk=
-github.com/talos-systems/talos/pkg/machinery v0.12.2/go.mod h1:qX77JMZawrDTQaJucqecdlFsHy+dbnZ9YL8Kw4qL7d4=
 github.com/talos-systems/talos/pkg/machinery v0.12.3-0.20210920195258-7e63e43eb399 h1:mmQ/XAV9xRm3chHx/f4xBZH4I2T960fJh4chkedW+nY=
 github.com/talos-systems/talos/pkg/machinery v0.12.3-0.20210920195258-7e63e43eb399/go.mod h1:qX77JMZawrDTQaJucqecdlFsHy+dbnZ9YL8Kw4qL7d4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=

internal/integration/helpers_test.go

@@ -14,17 +14,16 @@ import (
 	"testing"
 	"time"
 
-	"github.com/AlekSi/pointer"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	talosclient "github.com/talos-systems/talos/pkg/machinery/client"
 	talosclientconfig "github.com/talos-systems/talos/pkg/machinery/client/config"
 	machineconfig "github.com/talos-systems/talos/pkg/machinery/config"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/kubernetes/scheme"
 	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha3"
-	bsutil "sigs.k8s.io/cluster-api/bootstrap/util"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
@@ -97,7 +96,6 @@ func createMachine(ctx context.Context, t *testing.T, c client.Client, cluster *
 	t.Helper()
 
 	machineName := generateName(t, "machine")
-	dataSecretName := fmt.Sprintf("%s-bootstrap-data", machineName)
 	machine := &capiv1.Machine{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: cluster.Namespace,
@@ -106,7 +104,10 @@ func createMachine(ctx context.Context, t *testing.T, c client.Client, cluster *
 		Spec: capiv1.MachineSpec{
 			ClusterName: cluster.Name,
 			Bootstrap: capiv1.Bootstrap{
-				DataSecretName: pointer.ToString(dataSecretName),
+				ConfigRef: &corev1.ObjectReference{
+					Kind:       "TalosConfig",
+					APIVersion: bootstrapv1alpha3.GroupVersion.String(),
+				},
 			},
 		},
 	}
@@ -166,12 +167,6 @@ func waitForReady(ctx context.Context, t *testing.T, c client.Client, talosConfi
 		t.Log("Waiting ...")
 		sleepCtx(ctx, 3*time.Second)
 	}
-
-	owner, err := bsutil.GetConfigOwner(ctx, c, talosConfig)
-	require.NoError(t, err)
-
-	assert.Equal(t, pointer.GetString(owner.DataSecretName()), pointer.GetString(talosConfig.Status.DataSecretName), "%+v", talosConfig)
-
 }
 
 // validateClientConfig validates talosctl configuration.