Move to VerifySecret when checking the ctlplane secret

This change aligns the glance-operator to what has been done in cinder and manila. The ensureSecret function has been renamed to verifyServiceSecret and it takes as input the configVars where the hash is computed. Signed-off-by: Francesco Pantano <[email protected]>
openstack-k8s-operators · Sep 10, 2024 · dc32059 · dc32059
1 parent 5a518ee
commit dc32059
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 24 deletions.
diff --git a/controllers/glance_common.go b/controllers/glance_common.go
@@ -22,7 +22,6 @@ import (
 	"time"
 
 	"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
-	oko_secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret"
 	"k8s.io/apimachinery/pkg/types"
 
 	glancev1 "github.com/openstack-k8s-operators/glance-operator/api/v1beta1"
@@ -68,38 +67,39 @@ type conditionUpdater interface {
 	MarkTrue(t condition.Type, messageFormat string, messageArgs ...interface{})
 }
 
-// ensureSecret - ensures that the Secret object exists and the expected fields
-// are in the Secret. It returns a hash of the values of the expected fields
-// passed as input.
-func ensureSecret(
+// verifyServiceSecret - ensures that the Secret object exists and the expected
+// fields are in the Secret. It also sets a hash of the values of the expected
+// fields passed as input.
+func verifyServiceSecret(
 	ctx context.Context,
 	secretName types.NamespacedName,
 	expectedFields []string,
 	reader client.Reader,
 	conditionUpdater conditionUpdater,
 	requeueTimeout time.Duration,
-) (string, ctrl.Result, error) {
+	envVars *map[string]env.Setter,
+) (ctrl.Result, error) {
 
-	hash, res, err := oko_secret.VerifySecret(ctx, secretName, expectedFields, reader, requeueTimeout)
+	hash, res, err := secret.VerifySecret(ctx, secretName, expectedFields, reader, requeueTimeout)
 	if err != nil {
 		conditionUpdater.Set(condition.FalseCondition(
 			condition.InputReadyCondition,
 			condition.ErrorReason,
 			condition.SeverityWarning,
 			condition.InputReadyErrorMessage,
 			err.Error()))
-		return "", res, err
+		return res, err
 	} else if (res != ctrl.Result{}) {
 		log.FromContext(ctx).Info(fmt.Sprintf("OpenStack secret %s not found", secretName))
 		conditionUpdater.Set(condition.FalseCondition(
 			condition.InputReadyCondition,
 			condition.RequestedReason,
 			condition.SeverityInfo,
 			condition.InputReadyWaitingMessage))
-		return "", res, nil
+		return res, nil
 	}
-
-	return hash, ctrl.Result{}, nil
+	(*envVars)[secretName.Name] = env.SetValue(hash)
+	return ctrl.Result{}, nil
 }
 
 // ensureNAD - common function called in the glance controllers that GetNAD based

diff --git a/controllers/glance_controller.go b/controllers/glance_controller.go
@@ -565,7 +565,7 @@ func (r *GlanceReconciler) reconcileNormal(ctx context.Context, instance *glance
 	//
 	// check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map
 	//
-	secretHash, result, err := ensureSecret(
+	ctrlResult, err := verifyServiceSecret(
 		ctx,
 		types.NamespacedName{Namespace: instance.Namespace, Name: instance.Spec.Secret},
 		[]string{
@@ -574,14 +574,12 @@ func (r *GlanceReconciler) reconcileNormal(ctx context.Context, instance *glance
 		helper.GetClient(),
 		&instance.Status.Conditions,
 		glance.NormalDuration,
+		&configVars,
 	)
-	if err != nil {
-		return result, err
-	} else if (result != ctrl.Result{}) {
-		return result, nil
+	if (err != nil || ctrlResult != ctrl.Result{}) {
+		return ctrlResult, nil
 	}
 
-	configVars[instance.Spec.Secret] = env.SetValue(secretHash)
 	instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)
 	// run check OpenStack secret - end
 

diff --git a/controllers/glanceapi_controller.go b/controllers/glanceapi_controller.go
@@ -587,8 +587,7 @@ func (r *GlanceAPIReconciler) reconcileNormal(
 	//
 	// check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map
 	//
-
-	secretHash, result, err := ensureSecret(
+	ctrlResult, err := verifyServiceSecret(
 		ctx,
 		types.NamespacedName{Namespace: instance.Namespace, Name: instance.Spec.Secret},
 		[]string{
@@ -597,12 +596,11 @@ func (r *GlanceAPIReconciler) reconcileNormal(
 		helper.GetClient(),
 		&instance.Status.Conditions,
 		glance.NormalDuration,
+		&configVars,
 	)
-	if err != nil {
-		return result, err
+	if (err != nil || ctrlResult != ctrl.Result{}) {
+		return ctrlResult, nil
 	}
-
-	configVars[instance.Spec.Secret] = env.SetValue(secretHash)
 	instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)
 	// run check OpenStack secret - end
 
@@ -746,7 +744,7 @@ func (r *GlanceAPIReconciler) reconcileNormal(
 
 	var serviceAnnotations map[string]string
 	// networks to attach to
-	serviceAnnotations, ctrlResult, err := ensureNAD(ctx, &instance.Status.Conditions, instance.Spec.NetworkAttachments, helper)
+	serviceAnnotations, ctrlResult, err = ensureNAD(ctx, &instance.Status.Conditions, instance.Spec.NetworkAttachments, helper)
 	if err != nil {
 		instance.Status.Conditions.MarkFalse(
 			condition.NetworkAttachmentsReadyCondition,