feat: support passing in the secret name in the CR (#17)

* feat: support passing in the secret name in the CR * fix: test for CRD status and run go fmt
ouzi-dev · Feb 5, 2020 · 4f65fc1 · 4f65fc1
1 parent d5191a6
commit 4f65fc1
Show file tree

Hide file tree

Showing 14 changed files with 375 additions and 332 deletions.
diff --git a/cmd/manager/main.go b/cmd/manager/main.go
@@ -5,9 +5,10 @@ import (
 	"errors"
 	"flag"
 	"fmt"
-	"github.com/ouzi-dev/credstash-operator/pkg/flags"
 	"os"
 	"runtime"
+
+	"github.com/ouzi-dev/credstash-operator/pkg/flags"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
@@ -38,7 +39,7 @@ var (
 	metricsHost               = "0.0.0.0"
 	metricsPort         int32 = 8383
 	operatorMetricsPort int32 = 8686
-	healthProbeHost     	  = "0.0.0.0"
+	healthProbeHost           = "0.0.0.0"
 	healthProbePort     int32 = 8080
 )
 var log = logf.Log.WithName("cmd")
@@ -99,7 +100,7 @@ func main() {
 	}
 
 	managerOptions := manager.Options{
-		MetricsBindAddress: fmt.Sprintf("%s:%d", metricsHost, metricsPort),
+		MetricsBindAddress:     fmt.Sprintf("%s:%d", metricsHost, metricsPort),
 		HealthProbeBindAddress: fmt.Sprintf("%s:%d", healthProbeHost, healthProbePort),
 	}
 

diff --git a/deploy/crds/credstash.ouzi.tech_credstashsecrets_crd.yaml b/deploy/crds/credstash.ouzi.tech_credstashsecrets_crd.yaml
@@ -31,6 +31,8 @@ spec:
         spec:
           description: CredstashSecretSpec defines the desired state of CredstashSecret
           properties:
+            name:
+              type: string
             secrets:
               items:
                 properties:
@@ -45,6 +47,9 @@ spec:
           type: object
         status:
           description: CredstashSecretStatus defines the observed state of CredstashSecret
+          properties:
+            name:
+              type: string
           type: object
       type: object
   version: v1alpha1

diff --git a/deploy/helm/credstash-operator/crds/crds.yaml b/deploy/helm/credstash-operator/crds/crds.yaml
@@ -31,6 +31,8 @@ spec:
         spec:
           description: CredstashSecretSpec defines the desired state of CredstashSecret
           properties:
+            name:
+              type: string
             secrets:
               items:
                 properties:
@@ -45,6 +47,9 @@ spec:
           type: object
         status:
           description: CredstashSecretStatus defines the observed state of CredstashSecret
+          properties:
+            name:
+              type: string
           type: object
       type: object
   version: v1alpha1

diff --git a/go.sum b/go.sum
@@ -865,6 +865,7 @@ golang.org/x/tools v0.0.0-20190624180213-70d37148ca0c/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20190706070813-72ffa07ba3db/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
 golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191018212557-ed542cd5b28a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200115044656-831fdb1e1868 h1:6VZw2h4iwEB4GwgQU3Jvcsm8l9+yReTrErAEK1k6AC4=
 golang.org/x/tools v0.0.0-20200115044656-831fdb1e1868/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -964,6 +965,7 @@ k8s.io/cri-api v0.17.2/go.mod h1:BzAkbBHHp81d+aXzbiIcUbilLkbXa40B8mUHOk6EX3s=
 k8s.io/csi-translation-lib v0.17.2/go.mod h1:NrhnhXJg/V6cHRTdPbmxvBuV3rJSqXsdLBE5JSRzcVI=
 k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/gengo v0.0.0-20191010091904-7fa3014cb28f h1:eW/6wVuHNZgQJmFesyAxu0cvj0WAHHUuGaLbPcmNY3Q=
 k8s.io/gengo v0.0.0-20191010091904-7fa3014cb28f/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/heapster v1.2.0-beta.1/go.mod h1:h1uhptVXMwC8xtZBYsPXKVi8fpdlYkTs6k949KozGrM=
 k8s.io/helm v2.16.1+incompatible/go.mod h1:LZzlS4LQBHfciFOurYBFkCMTaZ0D1l+p0teMg7TSULI=

diff --git a/pkg/apis/credstash/v1alpha1/credstashsecret_types.go b/pkg/apis/credstash/v1alpha1/credstashsecret_types.go
@@ -5,22 +5,23 @@ import (
 )
 
 type CredstashSecretDef struct {
-	Key string `json:"key,omitempty"`
-	Table string `json:"table,omitempty"`
+	Key     string `json:"key,omitempty"`
+	Table   string `json:"table,omitempty"`
 	Version string `json:"version,omitempty"`
 }
 
 // CredstashSecretSpec defines the desired state of CredstashSecret
 type CredstashSecretSpec struct {
-	Secrets []CredstashSecretDef `json:"secrets,omitempty"`
+	SecretName string               `json:"name,omitempty"`
+	Secrets    []CredstashSecretDef `json:"secrets,omitempty"`
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file
 	// Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html
 }
 
 // CredstashSecretStatus defines the observed state of CredstashSecret
 type CredstashSecretStatus struct {
-
+	SecretName string `json:"name,omitempty"`
 	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
 	// Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file
 	// Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html

diff --git a/pkg/aws/credentials.go b/pkg/aws/credentials.go
@@ -7,7 +7,7 @@ import (
 )
 
 // Gets the aws session to use for looking up credstash secrets
-func GetAwsSession(region string, awsAccessKeyId string, awsSecretAccessKey string) (*session.Session, error){
+func GetAwsSession(region string, awsAccessKeyId string, awsSecretAccessKey string) (*session.Session, error) {
 
 	if awsAccessKeyId == "" || awsSecretAccessKey == "" {
 		config := aws.Config{
@@ -42,7 +42,7 @@ func GetAwsSession(region string, awsAccessKeyId string, awsSecretAccessKey stri
 }
 
 // Gets the aws session to use for looking up credstash secrets falling back to the environment config
-func GetAwsSessionFromEnv() (*session.Session, error){
+func GetAwsSessionFromEnv() (*session.Session, error) {
 	sess, err := session.NewSessionWithOptions(session.Options{
 		SharedConfigState: session.SharedConfigEnable,
 	})
@@ -52,4 +52,4 @@ func GetAwsSessionFromEnv() (*session.Session, error){
 	}
 
 	return sess, nil
-}
+}
diff --git a/pkg/controller/credstashsecret/credstashsecret_controller.go b/pkg/controller/credstashsecret/credstashsecret_controller.go
@@ -18,10 +18,11 @@ package credstashsecret
 
 import (
 	"context"
+	"reflect"
+
 	"github.com/ouzi-dev/credstash-operator/pkg/aws"
 	"github.com/ouzi-dev/credstash-operator/pkg/credstash"
 	"github.com/ouzi-dev/credstash-operator/pkg/flags"
-	"reflect"
 	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 
@@ -45,7 +46,6 @@ const LabelNameForSelector = "operatorInstance"
 
 var log = logf.Log.WithName("controller_credstashsecret")
 
-
 // Add creates a new CredstashSecret Controller and adds it to the Manager. The Manager will set fields on the Controller
 // and Start it when the Manager is Started.
 func Add(mgr manager.Manager) error {
@@ -64,8 +64,8 @@ func newReconciler(mgr manager.Manager) (reconcile.Reconciler, error) {
 	}
 
 	return &ReconcileCredstashSecret{
-		client: mgr.GetClient(),
-		scheme: mgr.GetScheme(),
+		client:                mgr.GetClient(),
+		scheme:                mgr.GetScheme(),
 		credstashSecretGetter: credstash.NewSecretGetter(awsSession),
 	}, nil
 }
@@ -106,8 +106,8 @@ var _ reconcile.Reconciler = &ReconcileCredstashSecret{}
 type ReconcileCredstashSecret struct {
 	// This client, initialized using mgr.Client() above, is a split client
 	// that reads objects from the cache and writes to the apiserver
-	client client.Client
-	scheme *runtime.Scheme
+	client                client.Client
+	scheme                *runtime.Scheme
 	credstashSecretGetter credstash.SecretGetter
 }
 
@@ -158,6 +158,30 @@ func (r *ReconcileCredstashSecret) Reconcile(request reconcile.Request) (reconci
 			return reconcile.Result{}, err
 		}
 
+		// Secret name has changed
+		if instance.Status.SecretName != "" && secret.Name != instance.Status.SecretName {
+			secretToDelete := &corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      instance.Status.SecretName,
+					Namespace: instance.Namespace,
+				},
+			}
+
+			reqLogger.Info("Deleting old secret since name has changed", "Secret.Namespace", secretToDelete.Namespace, "Secret.Name", secretToDelete.Name)
+
+			err = r.client.Delete(context.TODO(), secretToDelete)
+			if err != nil {
+				return reconcile.Result{}, err
+			}
+		}
+
+		instance.Status.SecretName = secret.Name
+
+		err = r.client.Status().Update(context.TODO(), instance)
+		if err != nil {
+			return reconcile.Result{}, err
+		}
+
 		// Secret created successfully - don't requeue
 		return reconcile.Result{}, nil
 	} else if err != nil {
@@ -187,9 +211,15 @@ func (r *ReconcileCredstashSecret) secretForCR(cr *credstashv1alpha1.CredstashSe
 		return nil, err
 	}
 
+	// default to custom resource name if name is not provided
+	secretName := cr.Spec.SecretName
+	if secretName == "" {
+		secretName = cr.Name
+	}
+
 	secret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      cr.Name,
+			Name:      secretName,
 			Namespace: cr.Namespace,
 		},
 		Data: credstashSecretsValueMap,
@@ -278,4 +308,4 @@ func setupPredicateFuncs() predicate.Funcs {
 			return shouldProcess
 		},
 	}
-}
+}