From d47603472dcbc4bb8240438236e2f8e04b432e36 Mon Sep 17 00:00:00 2001 From: Margo Crawford Date: Tue, 30 Mar 2021 14:43:04 -0700 Subject: [PATCH 1/2] Do not error when trying to delete the TLS secret and you get a not found --- .../impersonatorconfig/impersonator_config.go | 6 ++++++ .../impersonator_config_test.go | 20 +++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/internal/controller/impersonatorconfig/impersonator_config.go b/internal/controller/impersonatorconfig/impersonator_config.go index ae99de98..c94aae15 100644 --- a/internal/controller/impersonatorconfig/impersonator_config.go +++ b/internal/controller/impersonatorconfig/impersonator_config.go @@ -781,6 +781,12 @@ func (c *impersonatorConfigController) ensureTLSSecretIsRemoved(ctx context.Cont "secret", c.tlsSecretName, "namespace", c.namespace) err = c.k8sClient.CoreV1().Secrets(c.namespace).Delete(ctx, c.tlsSecretName, metav1.DeleteOptions{}) + notFound := k8serrors.IsNotFound(err) + if notFound { + // its okay if we tried to delete and we got a not found error. This probably means + // another instance of the concierge got here first so there's nothing to delete. + return nil + } if err != nil { return err } diff --git a/internal/controller/impersonatorconfig/impersonator_config_test.go b/internal/controller/impersonatorconfig/impersonator_config_test.go index 8b9b107b..89a990de 100644 --- a/internal/controller/impersonatorconfig/impersonator_config_test.go +++ b/internal/controller/impersonatorconfig/impersonator_config_test.go @@ -2203,6 +2203,26 @@ func TestImpersonatorConfigControllerSync(t *testing.T) { }) }) + when("deleting the tls secret when informer and api are out of sync", func() { + it.Before(func() { + addNodeWithRoleToTracker("control-plane", kubeAPIClient) + addSecretToTrackers(newEmptySecret(tlsSecretName), kubeInformerClient) + configMapYAML := fmt.Sprintf("{mode: disabled}") + addImpersonatorConfigMapToTracker(configMapResourceName, configMapYAML, kubeInformerClient) + }) + + it("does not pass the not found error through", func() { + startInformersAndController() + r.NoError(runControllerSync()) + requireTLSServerWasNeverStarted() + r.Len(kubeAPIClient.Actions(), 2) + requireNodesListed(kubeAPIClient.Actions()[0]) + requireTLSSecretWasDeleted(kubeAPIClient.Actions()[1]) + requireCredentialIssuer(newManuallyDisabledStrategy()) + requireSigningCertProviderIsEmpty() + }) + }) + when("the PEM formatted data in the TLS Secret is not a valid cert", func() { it.Before(func() { addSecretToTrackers(signingCASecret, kubeInformerClient) From 8b6fe0ac708a66efc2f15d106d3d4e98260ca987 Mon Sep 17 00:00:00 2001 From: Margo Crawford Date: Tue, 30 Mar 2021 14:53:26 -0700 Subject: [PATCH 2/2] Fix lint error --- .../controller/impersonatorconfig/impersonator_config_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/internal/controller/impersonatorconfig/impersonator_config_test.go b/internal/controller/impersonatorconfig/impersonator_config_test.go index 89a990de..c7f7767a 100644 --- a/internal/controller/impersonatorconfig/impersonator_config_test.go +++ b/internal/controller/impersonatorconfig/impersonator_config_test.go @@ -2207,8 +2207,7 @@ func TestImpersonatorConfigControllerSync(t *testing.T) { it.Before(func() { addNodeWithRoleToTracker("control-plane", kubeAPIClient) addSecretToTrackers(newEmptySecret(tlsSecretName), kubeInformerClient) - configMapYAML := fmt.Sprintf("{mode: disabled}") - addImpersonatorConfigMapToTracker(configMapResourceName, configMapYAML, kubeInformerClient) + addImpersonatorConfigMapToTracker(configMapResourceName, "{mode: disabled}", kubeInformerClient) }) it("does not pass the not found error through", func() {