diff --git a/internal/controller/supervisorconfig/generator/generator.go b/internal/controller/supervisorconfig/generator/generator.go index 067209da..fe711698 100644 --- a/internal/controller/supervisorconfig/generator/generator.go +++ b/internal/controller/supervisorconfig/generator/generator.go @@ -26,7 +26,7 @@ func generateSymmetricKey() ([]byte, error) { return b, nil } -func isValid(secret *corev1.Secret) bool { +func isValid(secret *corev1.Secret, labels map[string]string) bool { if secret.Type != symmetricSecretType { return false } @@ -39,6 +39,12 @@ func isValid(secret *corev1.Secret) bool { return false } + for key, value := range labels { + if secret.Labels[key] != value { + return false + } + } + return true } diff --git a/internal/controller/supervisorconfig/generator/supervisor_secrets.go b/internal/controller/supervisorconfig/generator/supervisor_secrets.go index 1c27c7a8..9f5ca1c4 100644 --- a/internal/controller/supervisorconfig/generator/supervisor_secrets.go +++ b/internal/controller/supervisorconfig/generator/supervisor_secrets.go @@ -81,7 +81,7 @@ func (c *supervisorSecretsController) Sync(ctx controllerlib.Context) error { return fmt.Errorf("failed to list secret %s/%s: %w", ctx.Key.Namespace, ctx.Key.Name, err) } - secretNeedsUpdate := isNotFound || !isValid(secret) + secretNeedsUpdate := isNotFound || !isValid(secret, c.labels) if !secretNeedsUpdate { plog.Debug("secret is up to date", "secret", klog.KObj(secret)) c.setCacheFunc(secret.Data[symmetricSecretDataKey]) @@ -128,13 +128,16 @@ func (c *supervisorSecretsController) updateSecret(ctx context.Context, newSecre return nil } - if isValid(currentSecret) { + if isValid(currentSecret, c.labels) { *newSecret = currentSecret return nil } currentSecret.Type = (*newSecret).Type currentSecret.Data = (*newSecret).Data + for key, value := range c.labels { + currentSecret.Labels[key] = value + } _, err = secrets.Update(ctx, currentSecret, metav1.UpdateOptions{}) return err diff --git a/internal/controller/supervisorconfig/generator/supervisor_secrets_test.go b/internal/controller/supervisorconfig/generator/supervisor_secrets_test.go index e452e872..2522fe7d 100644 --- a/internal/controller/supervisorconfig/generator/supervisor_secrets_test.go +++ b/internal/controller/supervisorconfig/generator/supervisor_secrets_test.go @@ -46,7 +46,6 @@ var ( } ) -// TODO want what?? func TestSupervisorSecretsControllerFilterSecret(t *testing.T) { t.Parallel() @@ -288,6 +287,9 @@ func TestSupervisorSecretsControllerSync(t *testing.T) { } ) + // Add an extra label to make sure we don't overwrite existing labels on a Secret. + generatedSecret.Labels["extra-label-key"] = "extra-label-value" + once := sync.Once{} tests := []struct { @@ -429,6 +431,28 @@ func TestSupervisorSecretsControllerSync(t *testing.T) { }, wantCallbackSecret: otherGeneratedSymmetricKey, }, + { + name: "upon updating we discover that a secret with missing labels exists", + storedSecret: func(secret **corev1.Secret) { + delete((*secret).Labels, "some-label-key-1") + }, + wantActions: []kubetesting.Action{ + kubetesting.NewGetAction(secretsGVR, generatedSecretNamespace, generatedSecretName), + kubetesting.NewUpdateAction(secretsGVR, generatedSecretNamespace, generatedSecret), + }, + wantCallbackSecret: generatedSymmetricKey, + }, + { + name: "upon updating we discover that a secret with incorrect labels exists", + storedSecret: func(secret **corev1.Secret) { + (*secret).Labels["some-label-key-1"] = "incorrect" + }, + wantActions: []kubetesting.Action{ + kubetesting.NewGetAction(secretsGVR, generatedSecretNamespace, generatedSecretName), + kubetesting.NewUpdateAction(secretsGVR, generatedSecretNamespace, generatedSecret), + }, + wantCallbackSecret: generatedSymmetricKey, + }, { name: "upon updating we discover that the secret has been deleted", storedSecret: func(secret **corev1.Secret) {