secret-generator controller: avoid reporting 'Secret not found' error…

… in reconcile (red-hat-data-services#1312) (cherry picked from commit bde4b4e)
zdtsw-forking · Oct 28, 2024 · da743aa · da743aa
1 parent c0c4cdb
commit da743aa
Show file tree

Hide file tree

Showing 2 changed files with 329 additions and 63 deletions.
diff --git a/controllers/secretgenerator/secretgenerator_controller.go b/controllers/secretgenerator/secretgenerator_controller.go
@@ -65,6 +65,7 @@ func (r *SecretGeneratorReconciler) SetupWithManager(mgr ctrl.Manager) error {
 			if _, found := e.Object.GetAnnotations()[annotation.SecretNameAnnotation]; found {
 				return true
 			}
+
 			return false
 		},
 		GenericFunc: func(e event.GenericEvent) bool {
@@ -76,6 +77,7 @@ func (r *SecretGeneratorReconciler) SetupWithManager(mgr ctrl.Manager) error {
 			if _, found := e.Object.GetAnnotations()[annotation.SecretNameAnnotation]; found {
 				return true
 			}
+
 			return false
 		},
 		UpdateFunc: func(e event.UpdateEvent) bool {
@@ -106,76 +108,93 @@ func (r *SecretGeneratorReconciler) Reconcile(ctx context.Context, request ctrl.
 	foundSecret := &corev1.Secret{}
 	err := r.Client.Get(ctx, request.NamespacedName, foundSecret)
 	if err != nil {
-		if k8serr.IsNotFound(err) {
-			// If Secret is deleted, delete OAuthClient if exists
-			err = r.deleteOAuthClient(ctx, request.Name)
+		if !k8serr.IsNotFound(err) {
+			return ctrl.Result{}, err
 		}
-		return ctrl.Result{}, err
-	}
 
-	owner := []metav1.OwnerReference{
-		*metav1.NewControllerRef(foundSecret, foundSecret.GroupVersionKind()),
+		// If Secret is deleted, delete OAuthClient if exists
+		err = r.deleteOAuthClient(ctx, request.NamespacedName)
+		if err != nil {
+			return ctrl.Result{}, err
+		}
+
+		return ctrl.Result{}, nil
 	}
+
 	// Generate the secret if it does not previously exist
 	generatedSecret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:            foundSecret.Name + "-generated",
-			Namespace:       foundSecret.Namespace,
-			Labels:          foundSecret.Labels,
-			OwnerReferences: owner,
+			Name:      foundSecret.Name + "-generated",
+			Namespace: foundSecret.Namespace,
 		},
 	}
 
-	generatedSecretKey := types.NamespacedName{
-		Name: generatedSecret.Name, Namespace: generatedSecret.Namespace,
+	err = r.Client.Get(ctx, client.ObjectKeyFromObject(generatedSecret), generatedSecret)
+	if err == nil || !k8serr.IsNotFound(err) {
+		return ctrl.Result{}, err
 	}
-	err = r.Client.Get(ctx, generatedSecretKey, generatedSecret)
+
+	err = r.generateSecret(ctx, foundSecret, generatedSecret)
 	if err != nil {
-		if k8serr.IsNotFound(err) {
-			// Generate secret random value
-			r.Log.Info("Generating a random value for a secret in a namespace",
-				"secret", generatedSecret.Name, "namespace", generatedSecret.Namespace)
+		return ctrl.Result{}, err
+	}
 
-			secret, err := NewSecretFrom(foundSecret.GetAnnotations())
-			if err != nil {
-				r.Log.Error(err, "error creating secret %s in %s", generatedSecret.Name, generatedSecret.Namespace)
-				return ctrl.Result{}, err
-			}
+	// Don't requeue if secret is created successfully
+	return ctrl.Result{}, nil
+}
 
-			generatedSecret.StringData = map[string]string{
-				secret.Name: secret.Value,
-			}
+func (r *SecretGeneratorReconciler) generateSecret(ctx context.Context, foundSecret *corev1.Secret, generatedSecret *corev1.Secret) error {
+	// Generate secret random value
+	r.Log.Info("Generating a random value for a secret in a namespace",
+		"secret", generatedSecret.Name, "namespace", generatedSecret.Namespace)
 
-			err = r.Client.Create(ctx, generatedSecret)
-			if err != nil {
-				return ctrl.Result{}, err
-			}
-			r.Log.Info("Done generating secret in namespace",
-				"secret", generatedSecret.Name, "namespace", generatedSecret.Namespace)
-			// check if annotation oauth-client-route exists
-			if secret.OAuthClientRoute != "" {
-				// Get OauthClient Route
-				oauthClientRoute, err := r.getRoute(ctx, secret.OAuthClientRoute, request.Namespace)
-				if err != nil {
-					r.Log.Error(err, "Unable to retrieve route from OAuthClient", "route-name", secret.OAuthClientRoute)
-					return ctrl.Result{}, err
-				}
-				// Generate OAuthClient for the generated secret
-				r.Log.Info("Generating an OAuthClient CR for route", "route-name", oauthClientRoute.Name)
-				err = r.createOAuthClient(ctx, foundSecret.Name, secret.Value, oauthClientRoute.Spec.Host)
-				if err != nil {
-					r.Log.Error(err, "error creating oauth client resource. Recreate the Secret", "secret-name",
-						foundSecret.Name)
-					return ctrl.Result{}, err
-				}
-			}
-		} else {
-			return ctrl.Result{}, err
-		}
+	generatedSecret.Labels = foundSecret.Labels
+
+	generatedSecret.OwnerReferences = []metav1.OwnerReference{
+		*metav1.NewControllerRef(foundSecret, foundSecret.GroupVersionKind()),
 	}
 
-	// Don't requeue if secret is created successfully
-	return ctrl.Result{}, err
+	secret, err := NewSecretFrom(foundSecret.GetAnnotations())
+	if err != nil {
+		r.Log.Error(err, "error creating secret %s in %s", generatedSecret.Name, generatedSecret.Namespace)
+		return err
+	}
+
+	generatedSecret.StringData = map[string]string{
+		secret.Name: secret.Value,
+	}
+
+	err = r.Client.Create(ctx, generatedSecret)
+	if err != nil {
+		return err
+	}
+
+	r.Log.Info("Done generating secret in namespace",
+		"secret", generatedSecret.Name, "namespace", generatedSecret.Namespace)
+
+	// check if annotation oauth-client-route exists
+	if secret.OAuthClientRoute == "" {
+		return nil
+	}
+
+	// Get OauthClient Route
+	oauthClientRoute, err := r.getRoute(ctx, secret.OAuthClientRoute, foundSecret.Namespace)
+	if err != nil {
+		r.Log.Error(err, "Unable to retrieve route from OAuthClient", "route-name", secret.OAuthClientRoute)
+		return err
+	}
+
+	// Generate OAuthClient for the generated secret
+	r.Log.Info("Generating an OAuthClient CR for route", "route-name", oauthClientRoute.Name)
+	err = r.createOAuthClient(ctx, foundSecret.Name, secret.Value, oauthClientRoute.Spec.Host)
+	if err != nil {
+		r.Log.Error(err, "error creating oauth client resource. Recreate the Secret", "secret-name",
+			foundSecret.Name)
+
+		return err
+	}
+
+	return nil
 }
 
 // getRoute returns an OpenShift route object. It waits until the .spec.host value exists to avoid possible race conditions, fails otherwise.
@@ -198,6 +217,7 @@ func (r *SecretGeneratorReconciler) getRoute(ctx context.Context, name string, n
 	if err != nil {
 		return nil, err
 	}
+
 	return route, err
 }
 
@@ -231,20 +251,20 @@ func (r *SecretGeneratorReconciler) createOAuthClient(ctx context.Context, name
 			return nil
 		}
 	}
+
 	return err
 }
 
-func (r *SecretGeneratorReconciler) deleteOAuthClient(ctx context.Context, secretName string) error {
-	oauthClient := &oauthv1.OAuthClient{}
-
-	err := r.Client.Get(ctx, client.ObjectKey{
-		Name: secretName,
-	}, oauthClient)
-	if err != nil {
-		return client.IgnoreNotFound(err)
+func (r *SecretGeneratorReconciler) deleteOAuthClient(ctx context.Context, secretNamespacedName types.NamespacedName) error {
+	oauthClient := &oauthv1.OAuthClient{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      secretNamespacedName.Name,
+			Namespace: secretNamespacedName.Namespace,
+		},
 	}
 
-	if err = r.Client.Delete(ctx, oauthClient); err != nil {
+	err := r.Client.Delete(ctx, oauthClient)
+	if err != nil && !k8serr.IsNotFound(err) {
 		return fmt.Errorf("error deleting OAuthClient %s: %w", oauthClient.Name, err)
 	}