Skip to content

Commit

Permalink
Merge pull request #916 from Danil-Grigorev/secret-diff-fix
Browse files Browse the repository at this point in the history
🐛 Fix diff check on secret sync
  • Loading branch information
alexander-demicev authored Dec 12, 2024
2 parents ff062aa + 459f363 commit 3cf3864
Show file tree
Hide file tree
Showing 7 changed files with 26 additions and 37 deletions.
10 changes: 10 additions & 0 deletions internal/controllers/capiprovider_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ limitations under the License.
package controllers

import (
"time"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"

Expand Down Expand Up @@ -187,6 +189,14 @@ var _ = Describe("Reconcile CAPIProvider", func() {
g.Expect(testEnv.Get(ctx, client.ObjectKeyFromObject(provider), provider)).ToNot(HaveOccurred())
g.Expect(conditions.IsTrue(provider, turtlesv1.RancherCredentialsSecretCondition))
}).Should(Succeed())

resourceVersion := ""
Eventually(func(g Gomega) {
g.Expect(testEnv.Get(ctx, client.ObjectKeyFromObject(doSecret), doSecret)).ToNot(HaveOccurred())
previousVersion := resourceVersion
resourceVersion = doSecret.GetResourceVersion()
g.Expect(previousVersion).To(Equal(resourceVersion))
}, time.Minute, 10*time.Second).Should(Succeed())
})

It("Should reflect missing infrastructure digitalocean provider credential secret in the status", func() {
Expand Down
9 changes: 6 additions & 3 deletions internal/sync/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ func setKind(cl client.Client, obj client.Object) error {
}

// Patch will only patch mirror object in the cluster.
func Patch(ctx context.Context, cl client.Client, obj client.Object) error {
func Patch(ctx context.Context, cl client.Client, obj client.Object, options ...client.PatchOption) error {
log := log.FromContext(ctx)

obj.SetManagedFields(nil)
Expand All @@ -50,10 +50,13 @@ func Patch(ctx context.Context, cl client.Client, obj client.Object) error {

log.Info(fmt.Sprintf("Updating %s: %s", obj.GetObjectKind().GroupVersionKind().Kind, client.ObjectKeyFromObject(obj)))

return cl.Patch(ctx, obj, client.Apply, []client.PatchOption{
patchOptions := []client.PatchOption{
client.ForceOwnership,
client.FieldOwner(fieldOwner),
}...)
}
patchOptions = append(patchOptions, options...)

return cl.Patch(ctx, obj, client.Apply, patchOptions...)
}

// PatchStatus will only patch the status subresource of the provided object.
Expand Down
7 changes: 2 additions & 5 deletions internal/sync/core.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import (

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
kerrors "k8s.io/apimachinery/pkg/util/errors"
"k8s.io/client-go/util/retry"
"k8s.io/utils/ptr"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/log"
Expand Down Expand Up @@ -60,15 +59,13 @@ func (s *DefaultSynchronizer) Get(ctx context.Context) error {
}

// Apply applies the destination object to the cluster.
func (s *DefaultSynchronizer) Apply(ctx context.Context, reterr *error) {
func (s *DefaultSynchronizer) Apply(ctx context.Context, reterr *error, options ...client.PatchOption) {
log := log.FromContext(ctx)
uid := s.Destination.GetUID()

setOwnerReference(s.Source, s.Destination)

if err := retry.RetryOnConflict(retry.DefaultBackoff, func() error {
return Patch(ctx, s.client, s.Destination)
}); err != nil {
if err := Patch(ctx, s.client, s.Destination, options...); err != nil {
*reterr = kerrors.NewAggregate([]error{*reterr, err})
log.Error(*reterr, fmt.Sprintf("Unable to patch object: %s", *reterr))
}
Expand Down
2 changes: 1 addition & 1 deletion internal/sync/interface.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ type Sync interface {
Template(source *turtlesv1.CAPIProvider) client.Object
Get(ctx context.Context) error
Sync(ctx context.Context) error
Apply(ctx context.Context, reterr *error)
Apply(ctx context.Context, reterr *error, options ...client.PatchOption)
}

// List contains a list of syncers to apply the syncing logic.
Expand Down
2 changes: 1 addition & 1 deletion internal/sync/interface_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ func (m *MockSynchronizer) Sync(ctx context.Context) error {
return m.syncronizerr
}

func (m *MockSynchronizer) Apply(ctx context.Context, reterr *error) {
func (m *MockSynchronizer) Apply(ctx context.Context, reterr *error, options ...client.PatchOption) {
*reterr = m.applyErr
}

Expand Down
19 changes: 6 additions & 13 deletions internal/sync/secret_mapper_sync.go
Original file line number Diff line number Diff line change
Expand Up @@ -304,19 +304,6 @@ func (s *SecretMapperSync) Sync(ctx context.Context) error {
return nil
}

allSet := true

for k, v := range s.SecretSync.Secret.StringData {
if b64value, found := s.RancherSecret.Data[k]; !found || base64.StdEncoding.EncodeToString([]byte(v)) != string(b64value) {
allSet = false
break
}
}

if allSet {
s.SecretSync.Secret.StringData = map[string]string{}
}

log.Info(fmt.Sprintf("Credential keys from %s (%s) are successfully mapped to secret %s",
client.ObjectKeyFromObject(s.RancherSecret).String(),
cmp.Or(s.Source.Spec.Credentials.RancherCloudCredential, s.Source.Spec.Credentials.RancherCloudCredentialNamespaceName),
Expand All @@ -329,6 +316,12 @@ func (s *SecretMapperSync) Sync(ctx context.Context) error {
return nil
}

// Apply performs SSA patch of the secret mapper resources, using different FieldOwner from default
// to avoid collisions with patches performed by variable syncer on the same secret resource.
func (s *SecretMapperSync) Apply(ctx context.Context, reterr *error, options ...client.PatchOption) {
s.DefaultSynchronizer.Apply(ctx, reterr, append(options, client.FieldOwner("secret-mapper-sync"))...)
}

// Into maps the secret keys from source secret data according to credentials map.
func Into(provider string, from map[string][]byte, to map[string]string) error {
providerValues := knownProviderRequirements[provider]
Expand Down
14 changes: 0 additions & 14 deletions internal/sync/secret_sync.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ package sync
import (
"cmp"
"context"
"encoding/base64"
"maps"
"strconv"

Expand Down Expand Up @@ -90,19 +89,6 @@ func (s *SecretSync) SyncObjects() {
setFeatures(s.DefaultSynchronizer.Source)

s.Secret.StringData = s.DefaultSynchronizer.Source.Status.Variables

allSet := true

for k, v := range s.DefaultSynchronizer.Source.Status.Variables {
if b64value, found := s.Secret.Data[k]; !found || base64.StdEncoding.EncodeToString([]byte(v)) != string(b64value) {
allSet = false
break
}
}

if allSet {
s.Secret.StringData = map[string]string{}
}
}

func setVariables(capiProvider *turtlesv1.CAPIProvider) {
Expand Down

0 comments on commit 3cf3864

Please sign in to comment.