From 7442ec4b81908e14e01f9d175f9dbe4984fa7111 Mon Sep 17 00:00:00 2001 From: Martin Schuppert Date: Thu, 5 Sep 2024 17:26:36 +0200 Subject: [PATCH] Update tls cert secret validation due VerifyCertSecrets() change Depends-On: https://github.com/openstack-k8s-operators/lib-common/pull/559 Jira: OSPRH-9991 Signed-off-by: Martin Schuppert --- api/go.mod | 2 +- api/go.sum | 6 ++-- controllers/cinderapi_controller.go | 38 ++++++++++++----------- controllers/cinderbackup_controller.go | 19 ++++++------ controllers/cinderscheduler_controller.go | 19 ++++++------ controllers/cindervolume_controller.go | 19 ++++++------ go.mod | 4 +-- go.sum | 8 ++--- 8 files changed, 60 insertions(+), 55 deletions(-) diff --git a/api/go.mod b/api/go.mod index 20275e1a..866f35a9 100644 --- a/api/go.mod +++ b/api/go.mod @@ -3,7 +3,7 @@ module github.com/openstack-k8s-operators/cinder-operator/api go 1.20 require ( - github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059 + github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6 github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 k8s.io/api v0.28.13 diff --git a/api/go.sum b/api/go.sum index 5ffbb53d..38f9ceb0 100644 --- a/api/go.sum +++ b/api/go.sum @@ -63,10 +63,10 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.20.0 h1:PE84V2mHqoT1sglvHc8ZdQtPcwmvvt29WLEEO3xmdZw= +github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= -github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059 h1:AQi/mrFBLRnus+lie6GDUokC7qT0y4OpiIkT4WRmpy4= -github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:68390qkx7+crmuqpbkTE/Am48nzO98Y9LdPT5XwOv30= +github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6 h1:VSbVNzUa41hybq/lZi0L8bNv/yzYyNylc8yKSEO+ZCA= +github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6/go.mod h1:6zxa5xg9uvpObVKFSJa/SA+vDDlgh0Q1aswxDB2XbxU= github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059 h1:HzvUWSO61v7RvJsteIAdyTycMIIJpr0Kk6FER6d1XAE= github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:u8JnCwm6XfPaJJrtOJFNDGI30AohRMY1gGau9m2Ruzg= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= diff --git a/controllers/cinderapi_controller.go b/controllers/cinderapi_controller.go index f3cf7e35..eb8be6cb 100644 --- a/controllers/cinderapi_controller.go +++ b/controllers/cinderapi_controller.go @@ -688,7 +688,7 @@ func (r *CinderAPIReconciler) reconcileNormal(ctx context.Context, instance *cin // // Validate the CA cert secret if provided if instance.Spec.TLS.CaBundleSecretName != "" { - hash, ctrlResult, err := tls.ValidateCACertSecret( + hash, err := tls.ValidateCACertSecret( ctx, helper.GetClient(), types.NamespacedName{ @@ -697,20 +697,21 @@ func (r *CinderAPIReconciler) reconcileNormal(ctx context.Context, instance *cin }, ) if err != nil { + if k8s_errors.IsNotFound(err) { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.TLSInputReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + fmt.Sprintf(condition.TLSInputReadyWaitingMessage, instance.Spec.TLS.CaBundleSecretName))) + return ctrl.Result{}, nil + } instance.Status.Conditions.Set(condition.FalseCondition( condition.TLSInputReadyCondition, condition.ErrorReason, condition.SeverityWarning, condition.TLSInputErrorMessage, err.Error())) - return ctrlResult, err - } else if (ctrlResult != ctrl.Result{}) { - instance.Status.Conditions.MarkFalse( - condition.TLSInputReadyCondition, - condition.InitReason, - condition.SeverityInfo, - condition.InputReadyInitMessage) - return ctrlResult, nil + return ctrl.Result{}, err } if hash != "" { @@ -719,22 +720,23 @@ func (r *CinderAPIReconciler) reconcileNormal(ctx context.Context, instance *cin } // Validate API service certs secrets - certsHash, ctrlResult, err := instance.Spec.TLS.API.ValidateCertSecrets(ctx, helper, instance.Namespace) + certsHash, err := instance.Spec.TLS.API.ValidateCertSecrets(ctx, helper, instance.Namespace) if err != nil { + if k8s_errors.IsNotFound(err) { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.TLSInputReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + fmt.Sprintf(condition.TLSInputReadyWaitingMessage, err.Error()))) + return ctrl.Result{}, nil + } instance.Status.Conditions.Set(condition.FalseCondition( condition.TLSInputReadyCondition, condition.ErrorReason, condition.SeverityWarning, condition.TLSInputErrorMessage, err.Error())) - return ctrlResult, err - } else if (ctrlResult != ctrl.Result{}) { - instance.Status.Conditions.MarkFalse( - condition.TLSInputReadyCondition, - condition.InitReason, - condition.SeverityInfo, - condition.InputReadyInitMessage) - return ctrlResult, nil + return ctrl.Result{}, err } configVars[tls.TLSHashName] = env.SetValue(certsHash) diff --git a/controllers/cinderbackup_controller.go b/controllers/cinderbackup_controller.go index 4afa8551..04d7b904 100644 --- a/controllers/cinderbackup_controller.go +++ b/controllers/cinderbackup_controller.go @@ -389,7 +389,7 @@ func (r *CinderBackupReconciler) reconcileNormal(ctx context.Context, instance * // // Validate the CA cert secret if provided if instance.Spec.TLS.CaBundleSecretName != "" { - hash, ctrlResult, err := tls.ValidateCACertSecret( + hash, err := tls.ValidateCACertSecret( ctx, helper.GetClient(), types.NamespacedName{ @@ -398,20 +398,21 @@ func (r *CinderBackupReconciler) reconcileNormal(ctx context.Context, instance * }, ) if err != nil { + if k8s_errors.IsNotFound(err) { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.TLSInputReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + fmt.Sprintf(condition.TLSInputReadyWaitingMessage, instance.Spec.TLS.CaBundleSecretName))) + return ctrl.Result{}, nil + } instance.Status.Conditions.Set(condition.FalseCondition( condition.TLSInputReadyCondition, condition.ErrorReason, condition.SeverityWarning, condition.TLSInputErrorMessage, err.Error())) - return ctrlResult, err - } else if (ctrlResult != ctrl.Result{}) { - instance.Status.Conditions.MarkFalse( - condition.TLSInputReadyCondition, - condition.InitReason, - condition.SeverityInfo, - condition.InputReadyInitMessage) - return ctrlResult, nil + return ctrl.Result{}, err } if hash != "" { diff --git a/controllers/cinderscheduler_controller.go b/controllers/cinderscheduler_controller.go index 8dc2c21e..49f35444 100644 --- a/controllers/cinderscheduler_controller.go +++ b/controllers/cinderscheduler_controller.go @@ -388,7 +388,7 @@ func (r *CinderSchedulerReconciler) reconcileNormal(ctx context.Context, instanc // // Validate the CA cert secret if provided if instance.Spec.TLS.CaBundleSecretName != "" { - hash, ctrlResult, err := tls.ValidateCACertSecret( + hash, err := tls.ValidateCACertSecret( ctx, helper.GetClient(), types.NamespacedName{ @@ -397,20 +397,21 @@ func (r *CinderSchedulerReconciler) reconcileNormal(ctx context.Context, instanc }, ) if err != nil { + if k8s_errors.IsNotFound(err) { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.TLSInputReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + fmt.Sprintf(condition.TLSInputReadyWaitingMessage, instance.Spec.TLS.CaBundleSecretName))) + return ctrl.Result{}, nil + } instance.Status.Conditions.Set(condition.FalseCondition( condition.TLSInputReadyCondition, condition.ErrorReason, condition.SeverityWarning, condition.TLSInputErrorMessage, err.Error())) - return ctrlResult, err - } else if (ctrlResult != ctrl.Result{}) { - instance.Status.Conditions.MarkFalse( - condition.TLSInputReadyCondition, - condition.InitReason, - condition.SeverityInfo, - condition.InputReadyInitMessage) - return ctrlResult, nil + return ctrl.Result{}, err } if hash != "" { diff --git a/controllers/cindervolume_controller.go b/controllers/cindervolume_controller.go index b2342f10..64076d7a 100644 --- a/controllers/cindervolume_controller.go +++ b/controllers/cindervolume_controller.go @@ -390,7 +390,7 @@ func (r *CinderVolumeReconciler) reconcileNormal(ctx context.Context, instance * // // Validate the CA cert secret if provided if instance.Spec.TLS.CaBundleSecretName != "" { - hash, ctrlResult, err := tls.ValidateCACertSecret( + hash, err := tls.ValidateCACertSecret( ctx, helper.GetClient(), types.NamespacedName{ @@ -399,20 +399,21 @@ func (r *CinderVolumeReconciler) reconcileNormal(ctx context.Context, instance * }, ) if err != nil { + if k8s_errors.IsNotFound(err) { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.TLSInputReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + fmt.Sprintf(condition.TLSInputReadyWaitingMessage, instance.Spec.TLS.CaBundleSecretName))) + return ctrl.Result{}, nil + } instance.Status.Conditions.Set(condition.FalseCondition( condition.TLSInputReadyCondition, condition.ErrorReason, condition.SeverityWarning, condition.TLSInputErrorMessage, err.Error())) - return ctrlResult, err - } else if (ctrlResult != ctrl.Result{}) { - instance.Status.Conditions.MarkFalse( - condition.TLSInputReadyCondition, - condition.InitReason, - condition.SeverityInfo, - condition.InputReadyInitMessage) - return ctrlResult, nil + return ctrl.Result{}, err } if hash != "" { diff --git a/go.mod b/go.mod index aeaecd72..ade3b65f 100644 --- a/go.mod +++ b/go.mod @@ -6,11 +6,11 @@ require ( github.com/go-logr/logr v1.4.2 github.com/google/uuid v1.6.0 github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0 - github.com/onsi/ginkgo/v2 v2.20.0 + github.com/onsi/ginkgo/v2 v2.20.1 github.com/onsi/gomega v1.34.1 github.com/openstack-k8s-operators/infra-operator/apis v0.4.1-0.20240813061654-72bf12d9b73e github.com/openstack-k8s-operators/keystone-operator/api v0.4.1-0.20240812074544-7379da550fef - github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059 + github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6 github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059 github.com/openstack-k8s-operators/lib-common/modules/test v0.4.1-0.20240814075458-0ae9f7f9e059 github.com/openstack-k8s-operators/mariadb-operator/api v0.4.1-0.20240812075114-497caae42b27 diff --git a/go.sum b/go.sum index 1c0b6275..63c3e43b 100644 --- a/go.sum +++ b/go.sum @@ -68,8 +68,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.20.0 h1:PE84V2mHqoT1sglvHc8ZdQtPcwmvvt29WLEEO3xmdZw= -github.com/onsi/ginkgo/v2 v2.20.0/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= +github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo= +github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7 h1:rncLxJBpFGqBztyxCMwNRnMjhhIDOWHJowi6q8G6koI= @@ -78,8 +78,8 @@ github.com/openstack-k8s-operators/infra-operator/apis v0.4.1-0.20240813061654-7 github.com/openstack-k8s-operators/infra-operator/apis v0.4.1-0.20240813061654-72bf12d9b73e/go.mod h1:0DYz6gT2jQtQe4HvtVHB//41PpyTSpWpzcFrdxn1eww= github.com/openstack-k8s-operators/keystone-operator/api v0.4.1-0.20240812074544-7379da550fef h1:DYmNZLkoYeT2NOoMN9XPiZS25EMXru6vMNZwwnEW5Og= github.com/openstack-k8s-operators/keystone-operator/api v0.4.1-0.20240812074544-7379da550fef/go.mod h1:MkvxXyvpUhfeKy4QDmzPMn6YH5eRu24uOgpLo9SBlwc= -github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059 h1:AQi/mrFBLRnus+lie6GDUokC7qT0y4OpiIkT4WRmpy4= -github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:68390qkx7+crmuqpbkTE/Am48nzO98Y9LdPT5XwOv30= +github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6 h1:VSbVNzUa41hybq/lZi0L8bNv/yzYyNylc8yKSEO+ZCA= +github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6/go.mod h1:6zxa5xg9uvpObVKFSJa/SA+vDDlgh0Q1aswxDB2XbxU= github.com/openstack-k8s-operators/lib-common/modules/openstack v0.4.1-0.20240814075458-0ae9f7f9e059 h1:Ol1P8vPxIHWzTaL6RfENRiAxp2XrMQUYtnP5Ceek53A= github.com/openstack-k8s-operators/lib-common/modules/openstack v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:CfMx4bwBVQEYMRt2dIcyqJjR3ToZxFEOPS+0Uy2Mm68= github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059 h1:HzvUWSO61v7RvJsteIAdyTycMIIJpr0Kk6FER6d1XAE=