From f593cdba26b3f1936952fca0d6f1aabdd6e3e187 Mon Sep 17 00:00:00 2001 From: Martin Schuppert Date: Thu, 5 Sep 2024 17:48:22 +0200 Subject: [PATCH] Update tls cert secret validation due VerifyCertSecrets() change Depends-On: https://github.com/openstack-k8s-operators/lib-common/pull/559 Jira: OSPRH-9991 Signed-off-by: Martin Schuppert --- api/go.mod | 3 +- api/go.sum | 5 +-- controllers/glanceapi_controller.go | 44 ++++++++++---------- go.mod | 2 +- go.sum | 4 +- test/functional/glanceapi_controller_test.go | 22 ++++++---- 6 files changed, 40 insertions(+), 40 deletions(-) diff --git a/api/go.mod b/api/go.mod index 923aab1a..7c29457e 100644 --- a/api/go.mod +++ b/api/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/google/go-cmp v0.6.0 - github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059 + github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6 github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059 k8s.io/api v0.28.13 k8s.io/apimachinery v0.28.13 @@ -36,7 +36,6 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/onsi/ginkgo/v2 v2.20.1 // indirect github.com/openshift/api v3.9.0+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_golang v1.18.0 // indirect diff --git a/api/go.sum b/api/go.sum index de173636..3979c203 100644 --- a/api/go.sum +++ b/api/go.sum @@ -64,12 +64,11 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo= -github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7 h1:rncLxJBpFGqBztyxCMwNRnMjhhIDOWHJowi6q8G6koI= github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4= -github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059 h1:AQi/mrFBLRnus+lie6GDUokC7qT0y4OpiIkT4WRmpy4= -github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:68390qkx7+crmuqpbkTE/Am48nzO98Y9LdPT5XwOv30= +github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6 h1:VSbVNzUa41hybq/lZi0L8bNv/yzYyNylc8yKSEO+ZCA= +github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6/go.mod h1:6zxa5xg9uvpObVKFSJa/SA+vDDlgh0Q1aswxDB2XbxU= github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059 h1:HzvUWSO61v7RvJsteIAdyTycMIIJpr0Kk6FER6d1XAE= github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:u8JnCwm6XfPaJJrtOJFNDGI30AohRMY1gGau9m2Ruzg= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= diff --git a/controllers/glanceapi_controller.go b/controllers/glanceapi_controller.go index 7b87cdc0..100dc487 100644 --- a/controllers/glanceapi_controller.go +++ b/controllers/glanceapi_controller.go @@ -691,7 +691,7 @@ func (r *GlanceAPIReconciler) reconcileNormal( // // Validate the CA cert secret if provided if instance.Spec.TLS.CaBundleSecretName != "" { - hash, ctrlResult, err := tls.ValidateCACertSecret( + hash, err := tls.ValidateCACertSecret( ctx, helper.GetClient(), types.NamespacedName{ @@ -700,22 +700,21 @@ func (r *GlanceAPIReconciler) reconcileNormal( }, ) if err != nil { + if k8s_errors.IsNotFound(err) { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.TLSInputReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + fmt.Sprintf(condition.TLSInputReadyWaitingMessage, instance.Spec.TLS.CaBundleSecretName))) + return ctrl.Result{}, nil + } instance.Status.Conditions.Set(condition.FalseCondition( condition.TLSInputReadyCondition, condition.ErrorReason, condition.SeverityWarning, condition.TLSInputErrorMessage, err.Error())) - return ctrlResult, err - } else if (ctrlResult != ctrl.Result{}) { - // Marking the condition as Unknown because we are not returining - // an err, but comparing the ctrlResult: this represents an in - // progress operation rather than something that failed - instance.Status.Conditions.MarkUnknown( - condition.TLSInputReadyCondition, - condition.RequestedReason, - condition.InputReadyWaitingMessage) - return ctrlResult, nil + return ctrl.Result{}, err } if hash != "" { configVars[tls.CABundleKey] = env.SetValue(hash) @@ -723,24 +722,23 @@ func (r *GlanceAPIReconciler) reconcileNormal( } // Validate API service certs secrets - certsHash, ctrlResult, err := instance.Spec.TLS.API.ValidateCertSecrets(ctx, helper, instance.Namespace) + certsHash, err := instance.Spec.TLS.API.ValidateCertSecrets(ctx, helper, instance.Namespace) if err != nil { + if k8s_errors.IsNotFound(err) { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.TLSInputReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + fmt.Sprintf(condition.TLSInputReadyWaitingMessage, err.Error()))) + return ctrl.Result{}, nil + } instance.Status.Conditions.Set(condition.FalseCondition( condition.TLSInputReadyCondition, condition.ErrorReason, condition.SeverityWarning, condition.TLSInputErrorMessage, err.Error())) - return ctrlResult, err - } else if (ctrlResult != ctrl.Result{}) { - // Marking the condition as Unknown because we are not returining - // an err, but comparing the ctrlResult: this represents an in - // progress operation rather than something that failed - instance.Status.Conditions.MarkUnknown( - condition.TLSInputReadyCondition, - condition.RequestedReason, - condition.InputReadyWaitingMessage) - return ctrlResult, nil + return ctrl.Result{}, err } configVars[tls.TLSHashName] = env.SetValue(certsHash) // all cert input checks out so report InputReady @@ -748,7 +746,7 @@ func (r *GlanceAPIReconciler) reconcileNormal( var serviceAnnotations map[string]string // networks to attach to - serviceAnnotations, ctrlResult, err = ensureNAD(ctx, &instance.Status.Conditions, instance.Spec.NetworkAttachments, helper) + serviceAnnotations, ctrlResult, err := ensureNAD(ctx, &instance.Status.Conditions, instance.Spec.NetworkAttachments, helper) if err != nil { instance.Status.Conditions.MarkFalse( condition.NetworkAttachmentsReadyCondition, diff --git a/go.mod b/go.mod index d17adaa9..4bfbb493 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/openstack-k8s-operators/glance-operator/api v0.0.0-00010101000000-000000000000 github.com/openstack-k8s-operators/infra-operator/apis v0.4.1-0.20240813061654-72bf12d9b73e github.com/openstack-k8s-operators/keystone-operator/api v0.4.1-0.20240812074544-7379da550fef - github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059 + github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.4.1-0.20240814075458-0ae9f7f9e059 github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059 github.com/openstack-k8s-operators/lib-common/modules/test v0.4.1-0.20240814075458-0ae9f7f9e059 diff --git a/go.sum b/go.sum index b1fae840..dec26adf 100644 --- a/go.sum +++ b/go.sum @@ -80,8 +80,8 @@ github.com/openstack-k8s-operators/infra-operator/apis v0.4.1-0.20240813061654-7 github.com/openstack-k8s-operators/infra-operator/apis v0.4.1-0.20240813061654-72bf12d9b73e/go.mod h1:0DYz6gT2jQtQe4HvtVHB//41PpyTSpWpzcFrdxn1eww= github.com/openstack-k8s-operators/keystone-operator/api v0.4.1-0.20240812074544-7379da550fef h1:DYmNZLkoYeT2NOoMN9XPiZS25EMXru6vMNZwwnEW5Og= github.com/openstack-k8s-operators/keystone-operator/api v0.4.1-0.20240812074544-7379da550fef/go.mod h1:MkvxXyvpUhfeKy4QDmzPMn6YH5eRu24uOgpLo9SBlwc= -github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059 h1:AQi/mrFBLRnus+lie6GDUokC7qT0y4OpiIkT4WRmpy4= -github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:68390qkx7+crmuqpbkTE/Am48nzO98Y9LdPT5XwOv30= +github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6 h1:VSbVNzUa41hybq/lZi0L8bNv/yzYyNylc8yKSEO+ZCA= +github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6/go.mod h1:6zxa5xg9uvpObVKFSJa/SA+vDDlgh0Q1aswxDB2XbxU= github.com/openstack-k8s-operators/lib-common/modules/openstack v0.4.1-0.20240814075458-0ae9f7f9e059 h1:Ol1P8vPxIHWzTaL6RfENRiAxp2XrMQUYtnP5Ceek53A= github.com/openstack-k8s-operators/lib-common/modules/openstack v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:CfMx4bwBVQEYMRt2dIcyqJjR3ToZxFEOPS+0Uy2Mm68= github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059 h1:HzvUWSO61v7RvJsteIAdyTycMIIJpr0Kk6FER6d1XAE= diff --git a/test/functional/glanceapi_controller_test.go b/test/functional/glanceapi_controller_test.go index 34717300..01c397e0 100644 --- a/test/functional/glanceapi_controller_test.go +++ b/test/functional/glanceapi_controller_test.go @@ -17,6 +17,8 @@ limitations under the License. package functional import ( + "fmt" + . "github.com/onsi/ginkgo/v2" //revive:disable:dot-imports . "github.com/onsi/gomega" //revive:disable:dot-imports memcachedv1 "github.com/openstack-k8s-operators/infra-operator/apis/memcached/v1beta1" @@ -761,15 +763,15 @@ var _ = Describe("Glanceapi controller", func() { glanceTest.GlanceSingle, ConditionGetterFunc(GlanceAPIConditionGetter), condition.TLSInputReadyCondition, - corev1.ConditionUnknown, + corev1.ConditionFalse, condition.RequestedReason, - condition.InputReadyWaitingMessage, + fmt.Sprintf("TLSInput is missing: %s", CABundleSecretName), ) th.ExpectCondition( glanceTest.GlanceSingle, ConditionGetterFunc(GlanceAPIConditionGetter), condition.ReadyCondition, - corev1.ConditionUnknown, + corev1.ConditionFalse, ) }) @@ -779,15 +781,16 @@ var _ = Describe("Glanceapi controller", func() { glanceTest.GlanceSingle, ConditionGetterFunc(GlanceAPIConditionGetter), condition.TLSInputReadyCondition, - corev1.ConditionUnknown, + corev1.ConditionFalse, condition.RequestedReason, - condition.InputReadyWaitingMessage, + fmt.Sprintf("TLSInput is missing: secrets \"%s in namespace %s\" not found", + glanceTest.InternalCertSecret.Name, glanceTest.InternalCertSecret.Namespace), ) th.ExpectCondition( glanceTest.GlanceSingle, ConditionGetterFunc(GlanceAPIConditionGetter), condition.ReadyCondition, - corev1.ConditionUnknown, + corev1.ConditionFalse, ) }) @@ -798,15 +801,16 @@ var _ = Describe("Glanceapi controller", func() { glanceTest.GlanceSingle, ConditionGetterFunc(GlanceAPIConditionGetter), condition.TLSInputReadyCondition, - corev1.ConditionUnknown, + corev1.ConditionFalse, condition.RequestedReason, - condition.InputReadyWaitingMessage, + fmt.Sprintf("TLSInput is missing: secrets \"%s in namespace %s\" not found", + glanceTest.PublicCertSecret.Name, glanceTest.PublicCertSecret.Namespace), ) th.ExpectCondition( glanceTest.GlanceSingle, ConditionGetterFunc(GlanceAPIConditionGetter), condition.ReadyCondition, - corev1.ConditionUnknown, + corev1.ConditionFalse, ) })