From 2f922d63432bca468f340f7e8d268abfa6bff5db Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Fri, 6 Dec 2024 01:43:41 +0400 Subject: [PATCH] fix: requested changes --- .../api/v1alpha1/infisicalpushsecret_types.go | 2 +- ...ts.infisical.com_infisicalpushsecrets.yaml | 4 +- .../infisicalpushsecret/conditions.go | 6 +-- .../infisicalpushsecret_controller.go | 40 +++++++++---------- .../infisicalpushsecret_helper.go | 22 +++++----- .../infisicalsecret_controller.go | 34 ++++++++-------- 6 files changed, 54 insertions(+), 54 deletions(-) diff --git a/k8-operator/api/v1alpha1/infisicalpushsecret_types.go b/k8-operator/api/v1alpha1/infisicalpushsecret_types.go index 336534ed2a..334b5a8476 100644 --- a/k8-operator/api/v1alpha1/infisicalpushsecret_types.go +++ b/k8-operator/api/v1alpha1/infisicalpushsecret_types.go @@ -10,7 +10,7 @@ type InfisicalPushSecretDestination struct { SecretsPath string `json:"secretsPath"` // +kubebuilder:validation:Required // +kubebuilder:validation:Immutable - EnvSlug string `json:"envSlug"` + EnvironmentSlug string `json:"EnvironmentSlug"` // +kubebuilder:validation:Required // +kubebuilder:validation:Immutable ProjectID string `json:"projectId"` diff --git a/k8-operator/config/crd/bases/secrets.infisical.com_infisicalpushsecrets.yaml b/k8-operator/config/crd/bases/secrets.infisical.com_infisicalpushsecrets.yaml index a4ee1e21ff..de0cd0b16e 100644 --- a/k8-operator/config/crd/bases/secrets.infisical.com_infisicalpushsecrets.yaml +++ b/k8-operator/config/crd/bases/secrets.infisical.com_infisicalpushsecrets.yaml @@ -114,14 +114,14 @@ spec: type: string destination: properties: - envSlug: + EnvironmentSlug: type: string projectId: type: string secretsPath: type: string required: - - envSlug + - EnvironmentSlug - projectId - secretsPath type: object diff --git a/k8-operator/controllers/infisicalpushsecret/conditions.go b/k8-operator/controllers/infisicalpushsecret/conditions.go index bd1851eb2c..335ea294d9 100644 --- a/k8-operator/controllers/infisicalpushsecret/conditions.go +++ b/k8-operator/controllers/infisicalpushsecret/conditions.go @@ -51,7 +51,7 @@ func (r *InfisicalPushSecretReconciler) SetFailedToReplaceSecretsConditions(ctx Type: "secrets.infisical.com/FailedToReplaceSecrets", Status: metav1.ConditionFalse, Reason: "OK", - Message: "No errors, no secrets failed to be replaced", + Message: "No errors, no secrets failed to be replaced in Infisical", }) } @@ -75,7 +75,7 @@ func (r *InfisicalPushSecretReconciler) SetFailedToCreateSecretsConditions(ctx c Type: "secrets.infisical.com/FailedToCreateSecrets", Status: metav1.ConditionFalse, Reason: "OK", - Message: "No errors, no secrets failed to be created", + Message: "No errors, no secrets failed to be created in Infisical", }) } @@ -99,7 +99,7 @@ func (r *InfisicalPushSecretReconciler) SetFailedToUpdateSecretsConditions(ctx c Type: "secrets.infisical.com/FailedToUpdateSecrets", Status: metav1.ConditionFalse, Reason: "OK", - Message: "No errors, no secrets failed to be updated", + Message: "No errors, no secrets failed to be updated in Infisical", }) } diff --git a/k8-operator/controllers/infisicalpushsecret/infisicalpushsecret_controller.go b/k8-operator/controllers/infisicalpushsecret/infisicalpushsecret_controller.go index 2b6a64ca13..af5428ee7b 100644 --- a/k8-operator/controllers/infisicalpushsecret/infisicalpushsecret_controller.go +++ b/k8-operator/controllers/infisicalpushsecret/infisicalpushsecret_controller.go @@ -58,10 +58,10 @@ func (r *InfisicalPushSecretReconciler) Reconcile(ctx context.Context, req ctrl. logger := r.GetLogger(req) - var infisicalPushSecretCR secretsv1alpha1.InfisicalPushSecret + var infisicalPushSecretCRD secretsv1alpha1.InfisicalPushSecret requeueTime := time.Minute // seconds - err := r.Get(ctx, req.NamespacedName, &infisicalPushSecretCR) + err := r.Get(ctx, req.NamespacedName, &infisicalPushSecretCRD) if err != nil { if errors.IsNotFound(err) { logger.Info("Infisical Push Secret CRD not found") @@ -77,25 +77,25 @@ func (r *InfisicalPushSecretReconciler) Reconcile(ctx context.Context, req ctrl. } // Add finalizer if it doesn't exist - if !controllerutil.ContainsFinalizer(&infisicalPushSecretCR, constants.INFISICAL_PUSH_SECRET_FINALIZER_NAME) { - controllerutil.AddFinalizer(&infisicalPushSecretCR, constants.INFISICAL_PUSH_SECRET_FINALIZER_NAME) - if err := r.Update(ctx, &infisicalPushSecretCR); err != nil { + if !controllerutil.ContainsFinalizer(&infisicalPushSecretCRD, constants.INFISICAL_PUSH_SECRET_FINALIZER_NAME) { + controllerutil.AddFinalizer(&infisicalPushSecretCRD, constants.INFISICAL_PUSH_SECRET_FINALIZER_NAME) + if err := r.Update(ctx, &infisicalPushSecretCRD); err != nil { return ctrl.Result{}, err } } // Check if it's being deleted - if !infisicalPushSecretCR.DeletionTimestamp.IsZero() { + if !infisicalPushSecretCRD.DeletionTimestamp.IsZero() { logger.Info("Handling deletion of InfisicalPushSecret") - if controllerutil.ContainsFinalizer(&infisicalPushSecretCR, constants.INFISICAL_PUSH_SECRET_FINALIZER_NAME) { + if controllerutil.ContainsFinalizer(&infisicalPushSecretCRD, constants.INFISICAL_PUSH_SECRET_FINALIZER_NAME) { // We remove finalizers before running deletion logic to be completely safe from stuck resources - infisicalPushSecretCR.ObjectMeta.Finalizers = []string{} - if err := r.Update(ctx, &infisicalPushSecretCR); err != nil { - logger.Error(err, fmt.Sprintf("Error removing finalizers from InfisicalPushSecret %s", infisicalPushSecretCR.Name)) + infisicalPushSecretCRD.ObjectMeta.Finalizers = []string{} + if err := r.Update(ctx, &infisicalPushSecretCRD); err != nil { + logger.Error(err, fmt.Sprintf("Error removing finalizers from InfisicalPushSecret %s", infisicalPushSecretCRD.Name)) return ctrl.Result{}, err } - if err := r.DeleteManagedSecrets(ctx, logger, infisicalPushSecretCR); err != nil { + if err := r.DeleteManagedSecrets(ctx, logger, infisicalPushSecretCRD); err != nil { return ctrl.Result{}, err // Even if this fails, we still want to delete the CRD } @@ -103,9 +103,9 @@ func (r *InfisicalPushSecretReconciler) Reconcile(ctx context.Context, req ctrl. return ctrl.Result{}, nil } - if infisicalPushSecretCR.Spec.ResyncInterval != "" { + if infisicalPushSecretCRD.Spec.ResyncInterval != "" { - duration, err := util.ConvertResyncIntervalToDuration(infisicalPushSecretCR.Spec.ResyncInterval) + duration, err := util.ConvertResyncIntervalToDuration(infisicalPushSecretCRD.Spec.ResyncInterval) if err != nil { logger.Error(err, fmt.Sprintf("unable to convert resync interval to duration. Will requeue after [requeueTime=%v]", requeueTime)) @@ -123,7 +123,7 @@ func (r *InfisicalPushSecretReconciler) Reconcile(ctx context.Context, req ctrl. } // Check if the resource is already marked for deletion - if infisicalPushSecretCR.GetDeletionTimestamp() != nil { + if infisicalPushSecretCRD.GetDeletionTimestamp() != nil { return ctrl.Result{ Requeue: false, }, nil @@ -138,14 +138,14 @@ func (r *InfisicalPushSecretReconciler) Reconcile(ctx context.Context, req ctrl. }, nil } - if infisicalPushSecretCR.Spec.HostAPI == "" { + if infisicalPushSecretCRD.Spec.HostAPI == "" { api.API_HOST_URL = infisicalConfig["hostAPI"] } else { - api.API_HOST_URL = infisicalPushSecretCR.Spec.HostAPI + api.API_HOST_URL = infisicalPushSecretCRD.Spec.HostAPI } - if infisicalPushSecretCR.Spec.TLS.CaRef.SecretName != "" { - api.API_CA_CERTIFICATE, err = r.getInfisicalCaCertificateFromKubeSecret(ctx, infisicalPushSecretCR) + if infisicalPushSecretCRD.Spec.TLS.CaRef.SecretName != "" { + api.API_CA_CERTIFICATE, err = r.getInfisicalCaCertificateFromKubeSecret(ctx, infisicalPushSecretCRD) if err != nil { logger.Error(err, fmt.Sprintf("unable to fetch CA certificate. Will requeue after [requeueTime=%v]", requeueTime)) return ctrl.Result{ @@ -158,8 +158,8 @@ func (r *InfisicalPushSecretReconciler) Reconcile(ctx context.Context, req ctrl. api.API_CA_CERTIFICATE = "" } - err = r.ReconcileInfisicalPushSecret(ctx, logger, infisicalPushSecretCR) - r.SetSuccessfullyReconciledConditions(ctx, &infisicalPushSecretCR, err) + err = r.ReconcileInfisicalPushSecret(ctx, logger, infisicalPushSecretCRD) + r.SetSuccessfullyReconciledConditions(ctx, &infisicalPushSecretCRD, err) if err != nil { logger.Error(err, fmt.Sprintf("unable to reconcile Infisical Push Secret. Will requeue after [requeueTime=%v]", requeueTime)) diff --git a/k8-operator/controllers/infisicalpushsecret/infisicalpushsecret_helper.go b/k8-operator/controllers/infisicalpushsecret/infisicalpushsecret_helper.go index 0ab0ab876b..ebe125a491 100644 --- a/k8-operator/controllers/infisicalpushsecret/infisicalpushsecret_helper.go +++ b/k8-operator/controllers/infisicalpushsecret/infisicalpushsecret_helper.go @@ -143,7 +143,7 @@ func (r *InfisicalPushSecretReconciler) ReconcileInfisicalPushSecret(ctx context destination := infisicalPushSecret.Spec.Destination existingSecrets, err := infisicalClient.Secrets().List(infisicalSdk.ListSecretsOptions{ ProjectID: destination.ProjectID, - Environment: destination.EnvSlug, + Environment: destination.EnvironmentSlug, SecretPath: destination.SecretsPath, IncludeImports: false, }) @@ -197,7 +197,7 @@ func (r *InfisicalPushSecretReconciler) ReconcileInfisicalPushSecret(ctx context updatedSecret, err := infisicalClient.Secrets().Update(infisicalSdk.UpdateSecretOptions{ SecretKey: secretKey, ProjectID: destination.ProjectID, - Environment: destination.EnvSlug, + Environment: destination.EnvironmentSlug, SecretPath: destination.SecretsPath, NewSecretValue: secretValue, }) @@ -215,7 +215,7 @@ func (r *InfisicalPushSecretReconciler) ReconcileInfisicalPushSecret(ctx context SecretKey: secretKey, SecretValue: secretValue, ProjectID: destination.ProjectID, - Environment: destination.EnvSlug, + Environment: destination.EnvironmentSlug, SecretPath: destination.SecretsPath, }) @@ -245,7 +245,7 @@ func (r *InfisicalPushSecretReconciler) ReconcileInfisicalPushSecret(ctx context deletedSecret, err := infisicalClient.Secrets().Delete(infisicalSdk.DeleteSecretOptions{ SecretKey: existingSecret.SecretKey, ProjectID: destination.ProjectID, - Environment: destination.EnvSlug, + Environment: destination.EnvironmentSlug, SecretPath: destination.SecretsPath, }) @@ -259,7 +259,7 @@ func (r *InfisicalPushSecretReconciler) ReconcileInfisicalPushSecret(ctx context SecretKey: managedSecretKey, SecretValue: existingSecret.SecretValue, ProjectID: destination.ProjectID, - Environment: destination.EnvSlug, + Environment: destination.EnvironmentSlug, SecretPath: destination.SecretsPath, }) @@ -288,7 +288,7 @@ func (r *InfisicalPushSecretReconciler) ReconcileInfisicalPushSecret(ctx context deletedSecret, err := infisicalClient.Secrets().Delete(infisicalSdk.DeleteSecretOptions{ SecretKey: managedSecretKey, ProjectID: destination.ProjectID, - Environment: destination.EnvSlug, + Environment: destination.EnvironmentSlug, SecretPath: destination.SecretsPath, }) @@ -318,7 +318,7 @@ func (r *InfisicalPushSecretReconciler) ReconcileInfisicalPushSecret(ctx context SecretKey: currentSecretKey, SecretValue: kubeSecrets[currentSecretKey], ProjectID: destination.ProjectID, - Environment: destination.EnvSlug, + Environment: destination.EnvironmentSlug, SecretPath: destination.SecretsPath, }) @@ -336,7 +336,7 @@ func (r *InfisicalPushSecretReconciler) ReconcileInfisicalPushSecret(ctx context SecretKey: currentSecretKey, NewSecretValue: kubeSecrets[currentSecretKey], ProjectID: destination.ProjectID, - Environment: destination.EnvSlug, + Environment: destination.EnvironmentSlug, SecretPath: destination.SecretsPath, }) @@ -369,7 +369,7 @@ func (r *InfisicalPushSecretReconciler) ReconcileInfisicalPushSecret(ctx context SecretKey: secretKey, NewSecretValue: secretValue, ProjectID: destination.ProjectID, - Environment: destination.EnvSlug, + Environment: destination.EnvironmentSlug, SecretPath: destination.SecretsPath, }) @@ -435,7 +435,7 @@ func (r *InfisicalPushSecretReconciler) DeleteManagedSecrets(ctx context.Context destination := infisicalPushSecret.Spec.Destination existingSecrets, err := infisicalClient.Secrets().List(infisicalSdk.ListSecretsOptions{ ProjectID: destination.ProjectID, - Environment: destination.EnvSlug, + Environment: destination.EnvironmentSlug, SecretPath: destination.SecretsPath, IncludeImports: false, }) @@ -457,7 +457,7 @@ func (r *InfisicalPushSecretReconciler) DeleteManagedSecrets(ctx context.Context _, err := infisicalClient.Secrets().Delete(infisicalSdk.DeleteSecretOptions{ SecretKey: managedSecretKey, ProjectID: destination.ProjectID, - Environment: destination.EnvSlug, + Environment: destination.EnvironmentSlug, SecretPath: destination.SecretsPath, }) diff --git a/k8-operator/controllers/infisicalsecret/infisicalsecret_controller.go b/k8-operator/controllers/infisicalsecret/infisicalsecret_controller.go index 97d13c6891..f5a974a67a 100644 --- a/k8-operator/controllers/infisicalsecret/infisicalsecret_controller.go +++ b/k8-operator/controllers/infisicalsecret/infisicalsecret_controller.go @@ -52,10 +52,10 @@ func (r *InfisicalSecretReconciler) Reconcile(ctx context.Context, req ctrl.Requ logger := r.GetLogger(req) - var infisicalSecretCR secretsv1alpha1.InfisicalSecret + var infisicalSecretCRD secretsv1alpha1.InfisicalSecret requeueTime := time.Minute // seconds - err := r.Get(ctx, req.NamespacedName, &infisicalSecretCR) + err := r.Get(ctx, req.NamespacedName, &infisicalSecretCRD) if err != nil { if errors.IsNotFound(err) { return ctrl.Result{ @@ -71,18 +71,18 @@ func (r *InfisicalSecretReconciler) Reconcile(ctx context.Context, req ctrl.Requ // Remove finalizers if they exist. This is to support previous InfisicalSecret CRD's that have finalizers on them. // In order to delete secrets with finalizers, we first remove the finalizers so we can use the simplified and improved deletion process - if !infisicalSecretCR.ObjectMeta.DeletionTimestamp.IsZero() && len(infisicalSecretCR.ObjectMeta.Finalizers) > 0 { - infisicalSecretCR.ObjectMeta.Finalizers = []string{} - if err := r.Update(ctx, &infisicalSecretCR); err != nil { - logger.Error(err, fmt.Sprintf("Error removing finalizers from Infisical Secret %s", infisicalSecretCR.Name)) + if !infisicalSecretCRD.ObjectMeta.DeletionTimestamp.IsZero() && len(infisicalSecretCRD.ObjectMeta.Finalizers) > 0 { + infisicalSecretCRD.ObjectMeta.Finalizers = []string{} + if err := r.Update(ctx, &infisicalSecretCRD); err != nil { + logger.Error(err, fmt.Sprintf("Error removing finalizers from Infisical Secret %s", infisicalSecretCRD.Name)) return ctrl.Result{}, err } // Our finalizers have been removed, so the reconciler can do nothing. return ctrl.Result{}, nil } - if infisicalSecretCR.Spec.ResyncInterval != 0 { - requeueTime = time.Second * time.Duration(infisicalSecretCR.Spec.ResyncInterval) + if infisicalSecretCRD.Spec.ResyncInterval != 0 { + requeueTime = time.Second * time.Duration(infisicalSecretCRD.Spec.ResyncInterval) logger.Info(fmt.Sprintf("Manual re-sync interval set. Interval: %v", requeueTime)) } else { @@ -90,7 +90,7 @@ func (r *InfisicalSecretReconciler) Reconcile(ctx context.Context, req ctrl.Requ } // Check if the resource is already marked for deletion - if infisicalSecretCR.GetDeletionTimestamp() != nil { + if infisicalSecretCRD.GetDeletionTimestamp() != nil { return ctrl.Result{ Requeue: false, }, nil @@ -105,14 +105,14 @@ func (r *InfisicalSecretReconciler) Reconcile(ctx context.Context, req ctrl.Requ }, nil } - if infisicalSecretCR.Spec.HostAPI == "" { + if infisicalSecretCRD.Spec.HostAPI == "" { api.API_HOST_URL = infisicalConfig["hostAPI"] } else { - api.API_HOST_URL = infisicalSecretCR.Spec.HostAPI + api.API_HOST_URL = infisicalSecretCRD.Spec.HostAPI } - if infisicalSecretCR.Spec.TLS.CaRef.SecretName != "" { - api.API_CA_CERTIFICATE, err = r.getInfisicalCaCertificateFromKubeSecret(ctx, infisicalSecretCR) + if infisicalSecretCRD.Spec.TLS.CaRef.SecretName != "" { + api.API_CA_CERTIFICATE, err = r.getInfisicalCaCertificateFromKubeSecret(ctx, infisicalSecretCRD) if err != nil { logger.Error(err, fmt.Sprintf("unable to fetch CA certificate. Will requeue after [requeueTime=%v]", requeueTime)) return ctrl.Result{ @@ -125,8 +125,8 @@ func (r *InfisicalSecretReconciler) Reconcile(ctx context.Context, req ctrl.Requ api.API_CA_CERTIFICATE = "" } - err = r.ReconcileInfisicalSecret(ctx, logger, infisicalSecretCR) - r.SetReadyToSyncSecretsConditions(ctx, &infisicalSecretCR, err) + err = r.ReconcileInfisicalSecret(ctx, logger, infisicalSecretCRD) + r.SetReadyToSyncSecretsConditions(ctx, &infisicalSecretCRD, err) if err != nil { @@ -136,8 +136,8 @@ func (r *InfisicalSecretReconciler) Reconcile(ctx context.Context, req ctrl.Requ }, nil } - numDeployments, err := r.ReconcileDeploymentsWithManagedSecrets(ctx, logger, infisicalSecretCR) - r.SetInfisicalAutoRedeploymentReady(ctx, logger, &infisicalSecretCR, numDeployments, err) + numDeployments, err := r.ReconcileDeploymentsWithManagedSecrets(ctx, logger, infisicalSecretCRD) + r.SetInfisicalAutoRedeploymentReady(ctx, logger, &infisicalSecretCRD, numDeployments, err) if err != nil { logger.Error(err, fmt.Sprintf("unable to reconcile auto redeployment. Will requeue after [requeueTime=%v]", requeueTime)) return ctrl.Result{