Update secretgenerator controller after synchronous review
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler
parent
e2aad48852
commit
022dcd1909
@ -44,24 +44,27 @@ func generateSymmetricKey() ([]byte, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type controller struct {
|
type controller struct {
|
||||||
owner *appsv1.Deployment
|
owner *appsv1.Deployment
|
||||||
client kubernetes.Interface
|
client kubernetes.Interface
|
||||||
secrets corev1informers.SecretInformer
|
secrets corev1informers.SecretInformer
|
||||||
onCreateOrUpdate func(secret []byte)
|
setCache func(secret []byte)
|
||||||
}
|
}
|
||||||
|
|
||||||
// New instantiates a new controllerlib.Controller which will ensure existence of a generated secret.
|
// New instantiates a new controllerlib.Controller which will ensure existence of a generated secret.
|
||||||
func New(
|
func New(
|
||||||
|
// TODO: label the generated secret like we do in the JWKSWriterController
|
||||||
|
// TODO: generate the name for the secret and label the secret with the UID of the owner? So that we don't have naming conflicts if the user has already created a Secret with that name.
|
||||||
|
// TODO: add tests for the filter like we do in the JWKSWriterController?
|
||||||
owner *appsv1.Deployment,
|
owner *appsv1.Deployment,
|
||||||
client kubernetes.Interface,
|
client kubernetes.Interface,
|
||||||
secrets corev1informers.SecretInformer,
|
secrets corev1informers.SecretInformer,
|
||||||
onCreateOrUpdate func(secret []byte),
|
setCache func(secret []byte),
|
||||||
) controllerlib.Controller {
|
) controllerlib.Controller {
|
||||||
c := controller{
|
c := controller{
|
||||||
owner: owner,
|
owner: owner,
|
||||||
client: client,
|
client: client,
|
||||||
secrets: secrets,
|
secrets: secrets,
|
||||||
onCreateOrUpdate: onCreateOrUpdate,
|
setCache: setCache,
|
||||||
}
|
}
|
||||||
filter := pinnipedcontroller.SimpleFilter(func(obj metav1.Object) bool {
|
filter := pinnipedcontroller.SimpleFilter(func(obj metav1.Object) bool {
|
||||||
return metav1.IsControlledBy(obj, owner)
|
return metav1.IsControlledBy(obj, owner)
|
||||||
@ -71,7 +74,7 @@ func New(
|
|||||||
controllerlib.WithInformer(secrets, filter, controllerlib.InformerOption{}),
|
controllerlib.WithInformer(secrets, filter, controllerlib.InformerOption{}),
|
||||||
controllerlib.WithInitialEvent(controllerlib.Key{
|
controllerlib.WithInitialEvent(controllerlib.Key{
|
||||||
Namespace: owner.Namespace,
|
Namespace: owner.Namespace,
|
||||||
Name: owner.Name + "-keys",
|
Name: owner.Name + "-key",
|
||||||
}),
|
}),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
@ -87,7 +90,7 @@ func (c *controller) Sync(ctx controllerlib.Context) error {
|
|||||||
secretNeedsUpdate := isNotFound || !c.isValid(secret)
|
secretNeedsUpdate := isNotFound || !c.isValid(secret)
|
||||||
if !secretNeedsUpdate {
|
if !secretNeedsUpdate {
|
||||||
plog.Debug("secret is up to date", "secret", klog.KObj(secret))
|
plog.Debug("secret is up to date", "secret", klog.KObj(secret))
|
||||||
c.onCreateOrUpdate(secret.Data[symmetricKeySecretDataKey])
|
c.setCache(secret.Data[symmetricKeySecretDataKey])
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -105,7 +108,7 @@ func (c *controller) Sync(ctx controllerlib.Context) error {
|
|||||||
return fmt.Errorf("failed to create/update secret %s/%s: %w", newSecret.Namespace, newSecret.Name, err)
|
return fmt.Errorf("failed to create/update secret %s/%s: %w", newSecret.Namespace, newSecret.Name, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
c.onCreateOrUpdate(newSecret.Data[symmetricKeySecretDataKey])
|
c.setCache(newSecret.Data[symmetricKeySecretDataKey])
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user