support secret - add auth token as env var

dash0hq · Oct 1, 2024 · 09dd598 · 09dd598
1 parent f6f4e45
commit 09dd598
Show file tree

Hide file tree

Showing 10 changed files with 250 additions and 112 deletions.
diff --git a/api/dash0monitoring/v1alpha1/operator_configuration_types.go b/api/dash0monitoring/v1alpha1/operator_configuration_types.go
@@ -146,6 +146,22 @@ func (d *Dash0OperatorConfiguration) EnsureResourceIsMarkedAsDegraded(
 		})
 }
 
+func (d *Dash0OperatorConfiguration) GetDash0AuthorizationIfConfigured() *Authorization {
+	if d.Spec.Export == nil {
+		return nil
+	}
+	if d.Spec.Export.Dash0 == nil {
+		return nil
+	}
+
+	authorization := d.Spec.Export.Dash0.Authorization
+	if (authorization.Token != nil && *authorization.Token != "") ||
+		(authorization.SecretRef != nil && authorization.SecretRef.Name != "" && authorization.SecretRef.Key != "") {
+		return &authorization
+	}
+	return nil
+}
+
 func (d *Dash0OperatorConfiguration) GetResourceTypeName() string {
 	return "Dash0OperatorConfiguration"
 }

diff --git a/cmd/main.go b/cmd/main.go
@@ -664,7 +664,7 @@ func instrumentAtStartup(
 
 func logCurrentSelfMonitoringSettings(deploymentSelfReference *appsv1.Deployment) {
 	selfMonitoringConfiguration, err :=
-		selfmonitoring.GetSelfMonitoringConfigurationFromControllerDeployment(
+		selfmonitoring.GetSelfMonitoringConfigurationFromManagerDeployment(
 			deploymentSelfReference,
 			controller.ManagerContainerName,
 		)

diff --git a/images/instrumentation/Dockerfile b/images/instrumentation/Dockerfile
@@ -2,7 +2,7 @@
 FROM node:20.13.1-alpine3.19 AS build-node.js
 RUN mkdir -p /dash0-init-container/instrumentation/node.js
 WORKDIR /dash0-init-container/instrumentation/node.js
-COPY node.js/package* .
+COPY node.js/package* ./
 COPY node.js/dash0hq-opentelemetry-*.tgz .
 RUN NPM_CONFIG_UPDATE_NOTIFIER=false \
   npm ci \

diff --git a/internal/backendconnection/otelcolresources/desired_state.go b/internal/backendconnection/otelcolresources/desired_state.go
@@ -581,7 +581,7 @@ func assembleCollectorEnvVars(config *oTelColConfig, goMemLimit string) ([]corev
 
 	if config.Export.Dash0 != nil {
 		authTokenEnvVar, err := util.CreateEnvVarForAuthorization(
-			*config.Export.Dash0,
+			(*(config.Export.Dash0)).Authorization,
 			authTokenEnvVarName,
 		)
 		if err != nil {

diff --git a/internal/backendconnection/otelcolresources/desired_state_test.go b/internal/backendconnection/otelcolresources/desired_state_test.go
@@ -347,7 +347,7 @@ func findVolumeMountByName(objects []corev1.VolumeMount, name string) *corev1.Vo
 // Note: There is no real need to parse the env vars on the daemonset back into a SelfMonitoringConfiguration, we could
 // just read the env vars and check that they have the expected values. We might want to refactor/simplify later.
 // However, this also tests the functionality used in
-// selfmonitoring.GetSelfMonitoringConfigurationFromControllerDeployment.
+// selfmonitoring.GetSelfMonitoringConfigurationFromManagerDeployment.
 func parseBackSelfMonitoringEnvVarsFromCollectorDaemonSet(collectorDemonSet *appsv1.DaemonSet) (
 	selfmonitoring.SelfMonitoringConfiguration,
 	error,

diff --git a/internal/dash0/controller/operator_configuration_controller.go b/internal/dash0/controller/operator_configuration_controller.go
@@ -138,8 +138,13 @@ func (r *OperatorConfigurationReconciler) Reconcile(ctx context.Context, req ctr
 		logger.Info("Reconciling the deletion of the operator configuration resource", "name", req.Name)
 	}
 
+	// Irrespective of whether self-monitoring settings need to be upated, we always need to update the API token env
+	// var with the value from the Dash0 export of the operator configuration resource, if it exists (and remove if it
+	// does not exist). This is because the API token might be used for self monitoring, but also for API access, e.g.
+	// managing Perses dashboards via the operator.
+
 	currentSelfMonitoringConfiguration, err :=
-		selfmonitoring.GetSelfMonitoringConfigurationFromControllerDeployment(
+		selfmonitoring.GetSelfMonitoringConfigurationFromManagerDeployment(
 			r.DeploymentSelfReference,
 			ManagerContainerName,
 		)
@@ -152,9 +157,7 @@ func (r *OperatorConfigurationReconciler) Reconcile(ctx context.Context, req ctr
 
 	if resourceDeleted {
 		if currentSelfMonitoringConfiguration.Enabled {
-			if err = r.applySelfMonitoring(ctx, selfmonitoring.SelfMonitoringConfiguration{
-				Enabled: false,
-			}); err != nil {
+			if err = r.removeSelfMonitoringAndUpdate(ctx); err != nil {
 				logger.Error(err, "cannot disable self-monitoring of the controller deployment, requeuing reconcile request.")
 				return ctrl.Result{
 					Requeue: true,
@@ -170,9 +173,7 @@ func (r *OperatorConfigurationReconciler) Reconcile(ctx context.Context, req ctr
 
 	if resource.Spec.Export != nil &&
 		resource.Spec.Export.Dash0 != nil &&
-		resource.Spec.Export.Dash0.ApiEndpoint != "" &&
-		resource.Spec.Export.Dash0.Authorization.Token != nil &&
-		*resource.Spec.Export.Dash0.Authorization.Token != "" {
+		resource.Spec.Export.Dash0.ApiEndpoint != "" {
 		r.PersesDashboardCrdReconciler.SetApiConfig(
 			&ApiConfig{
 				Endpoint: resource.Spec.Export.Dash0.ApiEndpoint,
@@ -203,45 +204,88 @@ func (r *OperatorConfigurationReconciler) Reconcile(ctx context.Context, req ctr
 		}, err
 	}
 
-	if reflect.DeepEqual(currentSelfMonitoringConfiguration, newSelfMonitoringConfiguration) {
-		logger.Info("Self-monitoring configuration of the controller deployment is up-to-date")
-	} else {
-		if err = r.applySelfMonitoring(ctx, newSelfMonitoringConfiguration); err != nil {
-			logger.Error(err, "Cannot apply self-monitoring configurations to the controller deployment")
-			resource.EnsureResourceIsMarkedAsDegraded("CannotApplySelfMonitoring", "Could not update the controller deployment to reflect the self-monitoring settings")
-			if statusUpdateErr := r.Status().Update(ctx, resource); statusUpdateErr != nil {
-				logger.Error(statusUpdateErr, "Failed to update Dash0 operator status conditions, requeuing reconcile request.")
+	deploymentNeedsUpdate := false
+	managerDeployment := &appsv1.Deployment{}
+	dash0Authorization := resource.GetDash0AuthorizationIfConfigured()
+	if err = r.Client.Get(ctx, client.ObjectKeyFromObject(r.DeploymentSelfReference), managerDeployment); err != nil {
+		return ctrl.Result{}, fmt.Errorf("cannot fetch the current controller deployment: %w", err)
+	}
+	if !reflect.DeepEqual(currentSelfMonitoringConfiguration, newSelfMonitoringConfiguration) {
+		if err = r.applySelfMonitoring(
+			managerDeployment,
+			newSelfMonitoringConfiguration,
+			dash0Authorization,
+		); err != nil {
+			logger.Error(err, "cannot apply self-monitoring configuration to the controller deployment")
+			if statusUpdateErr := r.markAsDegraded(
+				ctx,
+				resource,
+				"CannotUpdatedControllerDeployment",
+				"Could not update the controller deployment to reflect the self-monitoring settings.",
+				&logger,
+			); statusUpdateErr != nil {
+				return ctrl.Result{}, statusUpdateErr
+			}
+			return ctrl.Result{}, err
+		}
+		deploymentNeedsUpdate = true
+	} else if dash0Authorization != nil {
+		if err = selfmonitoring.UpdatesApiTokenWithoutSelfMonitoringToManagerDeployment(
+			managerDeployment,
+			ManagerContainerName,
+			*dash0Authorization,
+		); err != nil {
+			logger.Error(err, "cannot update the API token in the controller deployment")
+			if statusUpdateErr := r.markAsDegraded(
+				ctx,
+				resource,
+				"CannotUpdatedControllerDeployment",
+				"Could not update the controller deployment to add the Dash0 API token.",
+				&logger,
+			); statusUpdateErr != nil {
 				return ctrl.Result{}, statusUpdateErr
 			}
-			return ctrl.Result{
-				Requeue: true,
-			}, nil
+			return ctrl.Result{}, err
 		}
+		deploymentNeedsUpdate = true
+	}
 
-		logger.Info("Self-monitoring configurations applied to the controller deployment", "self-monitoring", newSelfMonitoringConfiguration)
+	if deploymentNeedsUpdate {
+		if err = r.Client.Update(ctx, managerDeployment); err != nil {
+			logger.Error(err, "cannot update the controller deployment")
+			if statusUpdateErr := r.markAsDegraded(
+				ctx,
+				resource,
+				"CannotUpdatedControllerDeployment",
+				"Could not update the controller deployment.",
+				&logger,
+			); statusUpdateErr != nil {
+				return ctrl.Result{}, statusUpdateErr
+			}
+			return ctrl.Result{}, err
+		}
+		logger.Info("The controller deployment has been updated.")
+	} else {
+		logger.Info("The controller deployment is up to date.")
 	}
 
 	resource.EnsureResourceIsMarkedAsAvailable()
 	if err = r.Status().Update(ctx, resource); err != nil {
 		logger.Error(err, updateStatusFailedMessageOperatorConfiguration)
-		return ctrl.Result{}, fmt.Errorf("cannot mark Dash0 operator configuration resource as available: %w", err)
+		return ctrl.Result{}, fmt.Errorf("cannot mark the Dash0 operator configuration resource as available: %w", err)
 	}
 
 	return ctrl.Result{}, nil
 }
 
 func (r *OperatorConfigurationReconciler) applySelfMonitoring(
-	ctx context.Context,
+	managerDeployment *appsv1.Deployment,
 	selfMonitoringConfiguration selfmonitoring.SelfMonitoringConfiguration,
+	dash0Authorization *dash0v1alpha1.Authorization,
 ) error {
-	updatedDeployment := &appsv1.Deployment{}
-	if err := r.Client.Get(ctx, client.ObjectKeyFromObject(r.DeploymentSelfReference), updatedDeployment); err != nil {
-		return fmt.Errorf("cannot fetch the current controller deployment: %w", err)
-	}
-
 	if selfMonitoringConfiguration.Enabled {
-		if err := selfmonitoring.EnableSelfMonitoringInControllerDeployment(
-			updatedDeployment,
+		if err := selfmonitoring.EnableSelfMonitoringInManagerDeployment(
+			managerDeployment,
 			ManagerContainerName,
 			selfMonitoringConfiguration,
 			r.Images.GetOperatorVersion(),
@@ -250,13 +294,59 @@ func (r *OperatorConfigurationReconciler) applySelfMonitoring(
 			return fmt.Errorf("cannot apply settings to enable self-monitoring to the controller deployment: %w", err)
 		}
 	} else {
-		if err := selfmonitoring.DisableSelfMonitoringInControllerDeployment(
-			updatedDeployment,
+		if dash0Authorization != nil {
+			if err := selfmonitoring.UpdatesApiTokenWithoutSelfMonitoringToManagerDeployment(
+				managerDeployment,
+				ManagerContainerName,
+				*dash0Authorization,
+			); err != nil {
+				return fmt.Errorf("cannot add the Dash0 API token to the controller deployment: %w", err)
+			}
+		}
+
+		if err := selfmonitoring.DisableSelfMonitoringInManagerDeployment(
+			managerDeployment,
 			ManagerContainerName,
+			dash0Authorization != nil,
 		); err != nil {
 			return fmt.Errorf("cannot apply settings to disable self-monitoring to the controller deployment: %w", err)
 		}
 	}
 
+	return nil
+}
+
+func (r *OperatorConfigurationReconciler) removeSelfMonitoringAndUpdate(ctx context.Context) error {
+	updatedDeployment := &appsv1.Deployment{}
+	if err := r.Client.Get(ctx, client.ObjectKeyFromObject(r.DeploymentSelfReference), updatedDeployment); err != nil {
+		return fmt.Errorf("cannot fetch the current controller deployment: %w", err)
+	}
+
+	if err := selfmonitoring.DisableSelfMonitoringInManagerDeployment(
+		updatedDeployment,
+		ManagerContainerName,
+		true,
+	); err != nil {
+		return fmt.Errorf("cannot apply settings to disable self-monitoring to the controller deployment: %w", err)
+	}
+
 	return r.Client.Update(ctx, updatedDeployment)
 }
+
+func (r *OperatorConfigurationReconciler) markAsDegraded(
+	ctx context.Context,
+	resource *dash0v1alpha1.Dash0OperatorConfiguration,
+	reason string,
+	message string,
+	logger *logr.Logger,
+) error {
+	resource.EnsureResourceIsMarkedAsDegraded(
+		reason,
+		message,
+	)
+	if err := r.Status().Update(ctx, resource); err != nil {
+		logger.Error(err, "Failed to update Dash0 operator status conditions, requeuing reconcile request.")
+		return err
+	}
+	return nil
+}
diff --git a/internal/dash0/controller/operator_configuration_controller_test.go b/internal/dash0/controller/operator_configuration_controller_test.go
@@ -76,7 +76,7 @@ var _ = Describe("The Dash0 controller", Ordered, func() {
 					Eventually(func(g Gomega) {
 						updatedDeployment := LoadOperatorDeploymentOrFail(ctx, k8sClient, g)
 						selfMonitoringConfiguration, err :=
-							selfmonitoring.GetSelfMonitoringConfigurationFromControllerDeployment(
+							selfmonitoring.GetSelfMonitoringConfigurationFromManagerDeployment(
 								updatedDeployment,
 								ManagerContainerName,
 							)
@@ -123,7 +123,7 @@ var _ = Describe("The Dash0 controller", Ordered, func() {
 				Consistently(func(g Gomega) {
 					updatedDeployment := LoadOperatorDeploymentOrFail(ctx, k8sClient, g)
 					selfMonitoringConfiguration, err :=
-						selfmonitoring.GetSelfMonitoringConfigurationFromControllerDeployment(
+						selfmonitoring.GetSelfMonitoringConfigurationFromManagerDeployment(
 							updatedDeployment,
 							ManagerContainerName,
 						)
@@ -171,7 +171,7 @@ var _ = Describe("The Dash0 controller", Ordered, func() {
 					Consistently(func(g Gomega) {
 						updatedDeployment := LoadOperatorDeploymentOrFail(ctx, k8sClient, g)
 						selfMonitoringConfiguration, err :=
-							selfmonitoring.GetSelfMonitoringConfigurationFromControllerDeployment(
+							selfmonitoring.GetSelfMonitoringConfigurationFromManagerDeployment(
 								updatedDeployment,
 								ManagerContainerName,
 							)
@@ -218,7 +218,7 @@ var _ = Describe("The Dash0 controller", Ordered, func() {
 					Eventually(func(g Gomega) {
 						updatedDeployment := LoadOperatorDeploymentOrFail(ctx, k8sClient, g)
 						selfMonitoringConfiguration, err :=
-							selfmonitoring.GetSelfMonitoringConfigurationFromControllerDeployment(
+							selfmonitoring.GetSelfMonitoringConfigurationFromManagerDeployment(
 								updatedDeployment,
 								ManagerContainerName,
 							)
@@ -268,7 +268,7 @@ var _ = Describe("The Dash0 controller", Ordered, func() {
 					Eventually(func(g Gomega) {
 						updatedDeployment := LoadOperatorDeploymentOrFail(ctx, k8sClient, g)
 						selfMonitoringConfiguration, err :=
-							selfmonitoring.GetSelfMonitoringConfigurationFromControllerDeployment(
+							selfmonitoring.GetSelfMonitoringConfigurationFromManagerDeployment(
 								updatedDeployment,
 								ManagerContainerName,
 							)
@@ -315,7 +315,7 @@ var _ = Describe("The Dash0 controller", Ordered, func() {
 					Consistently(func(g Gomega) {
 						updatedDeployment := LoadOperatorDeploymentOrFail(ctx, k8sClient, g)
 						selfMonitoringConfiguration, err :=
-							selfmonitoring.GetSelfMonitoringConfigurationFromControllerDeployment(
+							selfmonitoring.GetSelfMonitoringConfigurationFromManagerDeployment(
 								updatedDeployment,
 								ManagerContainerName,
 							)
@@ -355,7 +355,7 @@ var _ = Describe("The Dash0 controller", Ordered, func() {
 
 			It("it disables self-monitoring in the controller deployment", func() {
 				selfMonitoringConfiguration, err :=
-					selfmonitoring.GetSelfMonitoringConfigurationFromControllerDeployment(
+					selfmonitoring.GetSelfMonitoringConfigurationFromManagerDeployment(
 						controllerDeployment,
 						ManagerContainerName,
 					)
@@ -371,7 +371,7 @@ var _ = Describe("The Dash0 controller", Ordered, func() {
 				Eventually(func(g Gomega) {
 					updatedDeployment := LoadOperatorDeploymentOrFail(ctx, k8sClient, g)
 					selfMonitoringConfiguration, err :=
-						selfmonitoring.GetSelfMonitoringConfigurationFromControllerDeployment(
+						selfmonitoring.GetSelfMonitoringConfigurationFromManagerDeployment(
 							updatedDeployment,
 							ManagerContainerName,
 						)
@@ -406,7 +406,7 @@ var _ = Describe("The Dash0 controller", Ordered, func() {
 
 			It("it does not change the controller deployment", func() {
 				selfMonitoringConfiguration, err :=
-					selfmonitoring.GetSelfMonitoringConfigurationFromControllerDeployment(
+					selfmonitoring.GetSelfMonitoringConfigurationFromManagerDeployment(
 						controllerDeployment,
 						ManagerContainerName,
 					)
@@ -424,7 +424,7 @@ var _ = Describe("The Dash0 controller", Ordered, func() {
 				Consistently(func(g Gomega) {
 					updatedDeployment := LoadOperatorDeploymentOrFail(ctx, k8sClient, g)
 					selfMonitoringConfiguration, err :=
-						selfmonitoring.GetSelfMonitoringConfigurationFromControllerDeployment(
+						selfmonitoring.GetSelfMonitoringConfigurationFromManagerDeployment(
 							updatedDeployment,
 							ManagerContainerName,
 						)

diff --git a/internal/dash0/controller/perses_dashboards_controller.go b/internal/dash0/controller/perses_dashboards_controller.go
@@ -219,7 +219,7 @@ func (r *PersesDashboardReconciler) UpsertDashboard(
 		return err
 	}
 	defer func() {
-		io.Copy(io.Discard, res.Body)
+		_, _ = io.Copy(io.Discard, res.Body)
 		_ = res.Body.Close()
 	}()
 
@@ -256,7 +256,7 @@ func (r *PersesDashboardReconciler) DeleteDashboard(
 		return err
 	}
 	defer func() {
-		io.Copy(io.Discard, res.Body)
+		_, _ = io.Copy(io.Discard, res.Body)
 		_ = res.Body.Close()
 	}()