diff --git a/cmd/pinniped-supervisor/main.go b/cmd/pinniped-supervisor/main.go index 94d12817..199a8e7b 100644 --- a/cmd/pinniped-supervisor/main.go +++ b/cmd/pinniped-supervisor/main.go @@ -175,8 +175,8 @@ func startControllers( secretCache.SetTokenHMACKey(federationDomainIssuer, symmetricKey) }, ), - func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference { - return &fd.Status.Secrets.TokenSigningKey + func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference { + return &fd.Secrets.TokenSigningKey }, kubeClient, pinnipedClient, @@ -198,8 +198,8 @@ func startControllers( secretCache.SetStateEncoderHashKey(federationDomainIssuer, symmetricKey) }, ), - func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference { - return &fd.Status.Secrets.StateSigningKey + func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference { + return &fd.Secrets.StateSigningKey }, kubeClient, pinnipedClient, @@ -221,8 +221,8 @@ func startControllers( secretCache.SetStateEncoderBlockKey(federationDomainIssuer, symmetricKey) }, ), - func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference { - return &fd.Status.Secrets.StateEncryptionKey + func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference { + return &fd.Secrets.StateEncryptionKey }, kubeClient, pinnipedClient, diff --git a/internal/controller/supervisorconfig/federation_domain_watcher.go b/internal/controller/supervisorconfig/federation_domain_watcher.go index 4ba54cc7..670d5ced 100644 --- a/internal/controller/supervisorconfig/federation_domain_watcher.go +++ b/internal/controller/supervisorconfig/federation_domain_watcher.go @@ -204,7 +204,7 @@ func (c *federationDomainWatcherController) updateStatus( federationDomain.Status.Status = status federationDomain.Status.Message = message federationDomain.Status.LastUpdateTime = timePtr(metav1.NewTime(c.clock.Now())) - _, err = c.client.ConfigV1alpha1().FederationDomains(namespace).Update(ctx, federationDomain, metav1.UpdateOptions{}) + _, err = c.client.ConfigV1alpha1().FederationDomains(namespace).UpdateStatus(ctx, federationDomain, metav1.UpdateOptions{}) return err }) } diff --git a/internal/controller/supervisorconfig/federation_domain_watcher_test.go b/internal/controller/supervisorconfig/federation_domain_watcher_test.go index e7324c42..34930e81 100644 --- a/internal/controller/supervisorconfig/federation_domain_watcher_test.go +++ b/internal/controller/supervisorconfig/federation_domain_watcher_test.go @@ -222,8 +222,9 @@ func TestSync(t *testing.T) { federationDomain1.Namespace, federationDomain1.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomain1.Namespace, federationDomain1, ), @@ -232,8 +233,9 @@ func TestSync(t *testing.T) { federationDomain2.Namespace, federationDomain2.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomain2.Namespace, federationDomain2, ), @@ -271,8 +273,9 @@ func TestSync(t *testing.T) { federationDomain2.Namespace, federationDomain2.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomain2.Namespace, federationDomain2, ), @@ -356,8 +359,9 @@ func TestSync(t *testing.T) { federationDomain1.Namespace, federationDomain1.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomain1.Namespace, federationDomain1, ), @@ -366,8 +370,9 @@ func TestSync(t *testing.T) { federationDomain2.Namespace, federationDomain2.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomain2.Namespace, federationDomain2, ), @@ -422,8 +427,9 @@ func TestSync(t *testing.T) { federationDomain.Namespace, federationDomain.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomain.Namespace, federationDomain, ), @@ -432,8 +438,9 @@ func TestSync(t *testing.T) { federationDomain.Namespace, federationDomain.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomain.Namespace, federationDomain, ), @@ -468,8 +475,9 @@ func TestSync(t *testing.T) { federationDomain.Namespace, federationDomain.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomain.Namespace, federationDomain, ), @@ -568,8 +576,9 @@ func TestSync(t *testing.T) { invalidFederationDomain.Namespace, invalidFederationDomain.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", invalidFederationDomain.Namespace, invalidFederationDomain, ), @@ -578,8 +587,9 @@ func TestSync(t *testing.T) { validFederationDomain.Namespace, validFederationDomain.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", validFederationDomain.Namespace, validFederationDomain, ), @@ -640,8 +650,9 @@ func TestSync(t *testing.T) { invalidFederationDomain.Namespace, invalidFederationDomain.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", invalidFederationDomain.Namespace, invalidFederationDomain, ), @@ -650,8 +661,9 @@ func TestSync(t *testing.T) { validFederationDomain.Namespace, validFederationDomain.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", validFederationDomain.Namespace, validFederationDomain, ), @@ -732,8 +744,9 @@ func TestSync(t *testing.T) { federationDomainDuplicate1.Namespace, federationDomainDuplicate1.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomainDuplicate1.Namespace, federationDomainDuplicate1, ), @@ -742,8 +755,9 @@ func TestSync(t *testing.T) { federationDomainDuplicate2.Namespace, federationDomainDuplicate2.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomainDuplicate2.Namespace, federationDomainDuplicate2, ), @@ -752,8 +766,9 @@ func TestSync(t *testing.T) { federationDomain.Namespace, federationDomain.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomain.Namespace, federationDomain, ), @@ -906,8 +921,9 @@ func TestSync(t *testing.T) { federationDomainSameIssuerAddress1.Namespace, federationDomainSameIssuerAddress1.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomainSameIssuerAddress1.Namespace, federationDomainSameIssuerAddress1, ), @@ -916,8 +932,9 @@ func TestSync(t *testing.T) { federationDomainSameIssuerAddress2.Namespace, federationDomainSameIssuerAddress2.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomainSameIssuerAddress2.Namespace, federationDomainSameIssuerAddress2, ), @@ -926,8 +943,9 @@ func TestSync(t *testing.T) { federationDomainDifferentIssuerAddress.Namespace, federationDomainDifferentIssuerAddress.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomainDifferentIssuerAddress.Namespace, federationDomainDifferentIssuerAddress, ), @@ -936,8 +954,9 @@ func TestSync(t *testing.T) { federationDomainWithInvalidIssuerURL.Namespace, federationDomainWithInvalidIssuerURL.Name, ), - coretesting.NewUpdateAction( + coretesting.NewUpdateSubresourceAction( federationDomainGVR, + "status", federationDomainWithInvalidIssuerURL.Namespace, federationDomainWithInvalidIssuerURL, ), diff --git a/internal/controller/supervisorconfig/generator/federation_domain_secrets.go b/internal/controller/supervisorconfig/generator/federation_domain_secrets.go index 5afead36..aa5b5121 100644 --- a/internal/controller/supervisorconfig/generator/federation_domain_secrets.go +++ b/internal/controller/supervisorconfig/generator/federation_domain_secrets.go @@ -26,7 +26,7 @@ import ( type federationDomainSecretsController struct { secretHelper SecretHelper - secretRefFunc func(domain *configv1alpha1.FederationDomain) *corev1.LocalObjectReference + secretRefFunc func(domain *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference kubeClient kubernetes.Interface pinnipedClient pinnipedclientset.Interface federationDomainInformer configinformers.FederationDomainInformer @@ -38,7 +38,7 @@ type federationDomainSecretsController struct { // provides the parent/child mapping logic. func NewFederationDomainSecretsController( secretHelper SecretHelper, - secretRefFunc func(domain *configv1alpha1.FederationDomain) *corev1.LocalObjectReference, + secretRefFunc func(domain *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference, kubeClient kubernetes.Interface, pinnipedClient pinnipedclientset.Interface, secretInformer corev1informers.SecretInformer, @@ -117,7 +117,7 @@ func (c *federationDomainSecretsController) Sync(ctx controllerlib.Context) erro ) federationDomain = c.secretHelper.ObserveActiveSecretAndUpdateParentFederationDomain(federationDomain, existingSecret) - if err := c.updateFederationDomain(ctx.Context, federationDomain); err != nil { + if err := c.updateFederationDomainStatus(ctx.Context, federationDomain); err != nil { return fmt.Errorf("failed to update federationdomain: %w", err) } plog.Debug("updated federationdomain", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret)) @@ -133,7 +133,7 @@ func (c *federationDomainSecretsController) Sync(ctx controllerlib.Context) erro plog.Debug("created/updated secret", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret)) federationDomain = c.secretHelper.ObserveActiveSecretAndUpdateParentFederationDomain(federationDomain, newSecret) - if err := c.updateFederationDomain(ctx.Context, federationDomain); err != nil { + if err := c.updateFederationDomainStatus(ctx.Context, federationDomain); err != nil { return fmt.Errorf("failed to update federationdomain: %w", err) } plog.Debug("updated federationdomain", "federationdomain", klog.KObj(federationDomain), "secret", klog.KObj(newSecret)) @@ -205,7 +205,7 @@ func (c *federationDomainSecretsController) createOrUpdateSecret( }) } -func (c *federationDomainSecretsController) updateFederationDomain( +func (c *federationDomainSecretsController) updateFederationDomainStatus( ctx context.Context, newFederationDomain *configv1alpha1.FederationDomain, ) error { @@ -216,14 +216,14 @@ func (c *federationDomainSecretsController) updateFederationDomain( return fmt.Errorf("failed to get federationdomain %s/%s: %w", newFederationDomain.Namespace, newFederationDomain.Name, err) } - oldFederationDomainSecretRef := c.secretRefFunc(oldFederationDomain) - newFederationDomainSecretRef := c.secretRefFunc(newFederationDomain) + oldFederationDomainSecretRef := c.secretRefFunc(&oldFederationDomain.Status) + newFederationDomainSecretRef := c.secretRefFunc(&newFederationDomain.Status) if reflect.DeepEqual(oldFederationDomainSecretRef, newFederationDomainSecretRef) { return nil } *oldFederationDomainSecretRef = *newFederationDomainSecretRef - _, err = federationDomainClient.Update(ctx, oldFederationDomain, metav1.UpdateOptions{}) + _, err = federationDomainClient.UpdateStatus(ctx, oldFederationDomain, metav1.UpdateOptions{}) return err }) } diff --git a/internal/controller/supervisorconfig/generator/federation_domain_secrets_test.go b/internal/controller/supervisorconfig/generator/federation_domain_secrets_test.go index 44fc46e6..ea8dc374 100644 --- a/internal/controller/supervisorconfig/generator/federation_domain_secrets_test.go +++ b/internal/controller/supervisorconfig/generator/federation_domain_secrets_test.go @@ -393,7 +393,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) { }, wantFederationDomainActions: []kubetesting.Action{ kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name), - kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey), + kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey), }, wantSecretActions: []kubetesting.Action{ kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name), @@ -416,7 +416,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) { }, wantFederationDomainActions: []kubetesting.Action{ kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name), - kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithJWKSAndTokenSigningKey), + kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithJWKSAndTokenSigningKey), }, wantSecretActions: []kubetesting.Action{ kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name), @@ -457,7 +457,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) { }, wantFederationDomainActions: []kubetesting.Action{ kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name), - kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey), + kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey), }, wantSecretActions: []kubetesting.Action{ kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name), @@ -484,7 +484,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) { }, wantFederationDomainActions: []kubetesting.Action{ kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name), - kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey), + kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey), }, wantSecretActions: []kubetesting.Action{ kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name), @@ -562,7 +562,7 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) { }, wantFederationDomainActions: []kubetesting.Action{ kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name), - kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey), + kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey), }, wantSecretActions: []kubetesting.Action{ kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name), @@ -615,9 +615,9 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) { }, wantFederationDomainActions: []kubetesting.Action{ kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name), - kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey), + kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey), kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name), - kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithTokenSigningKey), + kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithTokenSigningKey), }, wantSecretActions: []kubetesting.Action{ kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name), @@ -677,8 +677,8 @@ func TestFederationDomainSecretsControllerSync(t *testing.T) { c := NewFederationDomainSecretsController( secretHelper, - func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference { - return &fd.Status.Secrets.TokenSigningKey + func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference { + return &fd.Secrets.TokenSigningKey }, kubeAPIClient, pinnipedAPIClient, diff --git a/internal/controller/supervisorconfig/jwks_writer.go b/internal/controller/supervisorconfig/jwks_writer.go index be74961a..26669802 100644 --- a/internal/controller/supervisorconfig/jwks_writer.go +++ b/internal/controller/supervisorconfig/jwks_writer.go @@ -161,7 +161,7 @@ func (c *jwksWriterController) Sync(ctx controllerlib.Context) error { // Ensure that the FederationDomain points to the secret. newFederationDomain := federationDomain.DeepCopy() newFederationDomain.Status.Secrets.JWKS.Name = secret.Name - if err := c.updateFederationDomain(ctx.Context, newFederationDomain); err != nil { + if err := c.updateFederationDomainStatus(ctx.Context, newFederationDomain); err != nil { return fmt.Errorf("cannot update FederationDomain: %w", err) } plog.Debug("updated FederationDomain", "federationdomain", klog.KObj(newFederationDomain)) @@ -283,7 +283,7 @@ func (c *jwksWriterController) createOrUpdateSecret( }) } -func (c *jwksWriterController) updateFederationDomain( +func (c *jwksWriterController) updateFederationDomainStatus( ctx context.Context, newFederationDomain *configv1alpha1.FederationDomain, ) error { @@ -300,7 +300,7 @@ func (c *jwksWriterController) updateFederationDomain( } oldFederationDomain.Status.Secrets.JWKS.Name = newFederationDomain.Status.Secrets.JWKS.Name - _, err = federationDomainClient.Update(ctx, oldFederationDomain, metav1.UpdateOptions{}) + _, err = federationDomainClient.UpdateStatus(ctx, oldFederationDomain, metav1.UpdateOptions{}) return err }) } diff --git a/internal/controller/supervisorconfig/jwks_writer_test.go b/internal/controller/supervisorconfig/jwks_writer_test.go index 472035e4..811a754c 100644 --- a/internal/controller/supervisorconfig/jwks_writer_test.go +++ b/internal/controller/supervisorconfig/jwks_writer_test.go @@ -355,7 +355,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { }, wantFederationDomainActions: []kubetesting.Action{ kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name), - kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithStatus), + kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithStatus), }, }, { @@ -373,7 +373,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { }, wantFederationDomainActions: []kubetesting.Action{ kubetesting.NewGetAction(federationDomainGVR, namespace, goodFederationDomain.Name), - kubetesting.NewUpdateAction(federationDomainGVR, namespace, goodFederationDomainWithStatus), + kubetesting.NewUpdateSubresourceAction(federationDomainGVR, "status", namespace, goodFederationDomainWithStatus), }, }, {