mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity

Use PartialObjectMetadata to get ExternalSecret (#2504)

Browse source 
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
This commit is contained in:
Shuhei Kitagawa 2023-07-18 02:35:53 +09:00 committed by GitHub
parent 644d911caa
commit 63d1917269
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller.go
View file

@ -26,6 +26,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
ctrl "sigs.k8s.io/controller-runtime" ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/builder" "sigs.k8s.io/controller-runtime/pkg/builder"
@ -112,19 +113,15 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
provisionedNamespaces := []string{} provisionedNamespaces := []string{}
for _, namespace := range namespaceList.Items { for _, namespace := range namespaceList.Items {
var existingES esv1beta1.ExternalSecret existingES, err := r.getExternalSecret(ctx, namespace.Name, esName)
err = r.Get(ctx, types.NamespacedName{
Name: esName,
Namespace: namespace.Name,
}, &existingES)
if result := checkForError(err, &existingES); result != "" { if result := checkForError(err, existingES); result != "" {
log.Error(err, result) log.Error(err, result)
failedNamespaces[namespace.Name] = result failedNamespaces[namespace.Name] = result
continue continue
} }
if result, err := r.resolveExternalSecret(ctx, &clusterExternalSecret, &existingES, namespace, esName, clusterExternalSecret.Spec.ExternalSecretMetadata); err != nil { if result, err := r.resolveExternalSecret(ctx, &clusterExternalSecret, existingES, namespace, esName, clusterExternalSecret.Spec.ExternalSecretMetadata); err != nil {
log.Error(err, result) log.Error(err, result)
failedNamespaces[namespace.Name] = result failedNamespaces[namespace.Name] = result
continue continue
@ -145,7 +142,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
return ctrl.Result{RequeueAfter: refreshInt}, nil return ctrl.Result{RequeueAfter: refreshInt}, nil
} }
func (r *Reconciler) resolveExternalSecret(ctx context.Context, clusterExternalSecret *esv1beta1.ClusterExternalSecret, existingES *esv1beta1.ExternalSecret, namespace v1.Namespace, esName string, esMetadata esv1beta1.ExternalSecretMetadata) (string, error) { func (r *Reconciler) resolveExternalSecret(ctx context.Context, clusterExternalSecret *esv1beta1.ClusterExternalSecret, existingES *metav1.PartialObjectMetadata, namespace v1.Namespace, esName string, esMetadata esv1beta1.ExternalSecretMetadata) (string, error) {
// this means the existing ES does not belong to us // this means the existing ES does not belong to us
if err := controllerutil.SetControllerReference(clusterExternalSecret, existingES, r.Scheme); err != nil { if err := controllerutil.SetControllerReference(clusterExternalSecret, existingES, r.Scheme); err != nil {
return errSetCtrlReference, err return errSetCtrlReference, err
@ -179,22 +176,17 @@ func (r *Reconciler) resolveExternalSecret(ctx context.Context, clusterExternalS
} }
func (r *Reconciler) removeExternalSecret(ctx context.Context, esName, namespace string) (string, error) { func (r *Reconciler) removeExternalSecret(ctx context.Context, esName, namespace string) (string, error) {
var existingES esv1beta1.ExternalSecret existingES, err := r.getExternalSecret(ctx, namespace, esName)
err := r.Get(ctx, types.NamespacedName{
Name: esName,
Namespace: namespace,
}, &existingES)
// If we can't find it then just leave // If we can't find it then just leave
if err != nil && apierrors.IsNotFound(err) { if err != nil && apierrors.IsNotFound(err) {
return "", nil return "", nil
} }
if result := checkForError(err, &existingES); result != "" { if result := checkForError(err, existingES); result != "" {
return result, err return result, err
} }
err = r.Delete(ctx, &existingES, &client.DeleteOptions{}) err = r.Delete(ctx, existingES, &client.DeleteOptions{})
if err != nil { if err != nil {
return errFailedToDelete, err return errFailedToDelete, err
@ -225,7 +217,19 @@ func (r *Reconciler) removeOldNamespaces(ctx context.Context, namespaceList v1.N
return failedNamespaces return failedNamespaces
} }
func checkForError(getError error, existingES *esv1beta1.ExternalSecret) string { func (r *Reconciler) getExternalSecret(ctx context.Context, namespace, name string) (*metav1.PartialObjectMetadata, error) {
// Should not use esv1beta1.ExternalSecret since we specify builder.OnlyMetadata and cache only metadata
metadata := metav1.PartialObjectMetadata{}
metadata.SetGroupVersionKind(schema.GroupVersionKind{
Group: esv1beta1.Group,
Version: esv1beta1.Version,
Kind: esv1beta1.ExtSecretKind,
})
err := r.Get(ctx, types.NamespacedName{Namespace: namespace, Name: name}, &metadata)
return &metadata, err
}
func checkForError(getError error, existingES *metav1.PartialObjectMetadata) string {
if getError != nil && !apierrors.IsNotFound(getError) { if getError != nil && !apierrors.IsNotFound(getError) {
return errGetExistingES return errGetExistingES
} }