From 23b70aa49b1d532d1312b8bcd2944bbf811c0cd9 Mon Sep 17 00:00:00 2001 From: Felix Kunde Date: Wed, 9 Feb 2022 19:51:11 +0100 Subject: [PATCH] let udateSecret get the secret --- pkg/cluster/sync.go | 22 ++++++++++++---------- pkg/cluster/sync_test.go | 4 ++-- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/pkg/cluster/sync.go b/pkg/cluster/sync.go index bcd26a1ca..c00f0a189 100644 --- a/pkg/cluster/sync.go +++ b/pkg/cluster/sync.go @@ -625,23 +625,19 @@ func (c *Cluster) syncSecrets() error { retentionUsers := make([]string, 0) currentTime := time.Now() - for secretUsername, generatedSecretSpec := range generatedSecrets { - secret, err := c.KubeClient.Secrets(generatedSecretSpec.Namespace).Create(context.TODO(), generatedSecretSpec, metav1.CreateOptions{}) + for secretUsername, generatedSecret := range generatedSecrets { + secret, err := c.KubeClient.Secrets(generatedSecret.Namespace).Create(context.TODO(), generatedSecret, metav1.CreateOptions{}) if err == nil { c.Secrets[secret.UID] = secret - c.logger.Debugf("created new secret %s, namespace: %s, uid: %s", util.NameFromMeta(secret.ObjectMeta), generatedSecretSpec.Namespace, secret.UID) + c.logger.Debugf("created new secret %s, namespace: %s, uid: %s", util.NameFromMeta(secret.ObjectMeta), generatedSecret.Namespace, secret.UID) continue } if k8sutil.ResourceAlreadyExists(err) { - if secret, err = c.KubeClient.Secrets(generatedSecretSpec.Namespace).Get(context.TODO(), generatedSecretSpec.Name, metav1.GetOptions{}); err != nil { - return fmt.Errorf("could not get current secret: %v", err) - } - c.Secrets[secret.UID] = secret - if err = c.updateSecret(secretUsername, generatedSecretSpec, secret, &rotationUsers, &retentionUsers, currentTime); err != nil { + if err = c.updateSecret(secretUsername, generatedSecret, &rotationUsers, &retentionUsers, currentTime); err != nil { c.logger.Warningf("syncing secret %s failed: %v", util.NameFromMeta(secret.ObjectMeta), err) } } else { - return fmt.Errorf("could not create secret for user %s: in namespace %s: %v", secretUsername, generatedSecretSpec.Namespace, err) + return fmt.Errorf("could not create secret for user %s: in namespace %s: %v", secretUsername, generatedSecret.Namespace, err) } } @@ -680,11 +676,11 @@ func (c *Cluster) syncSecrets() error { func (c *Cluster) updateSecret( secretUsername string, generatedSecret *v1.Secret, - secret *v1.Secret, rotationUsers *spec.PgUserMap, retentionUsers *[]string, currentTime time.Time) error { var ( + secret *v1.Secret err error updateSecret bool updateSecretMsg string @@ -692,6 +688,12 @@ func (c *Cluster) updateSecret( nextRotationDateStr string ) + // get the secret first + if secret, err = c.KubeClient.Secrets(generatedSecret.Namespace).Get(context.TODO(), generatedSecret.Name, metav1.GetOptions{}); err != nil { + return fmt.Errorf("could not get current secret: %v", err) + } + c.Secrets[secret.UID] = secret + // fetch user map to update later var userMap map[string]spec.PgUser var userKey string diff --git a/pkg/cluster/sync_test.go b/pkg/cluster/sync_test.go index 65583298f..80e2b8463 100644 --- a/pkg/cluster/sync_test.go +++ b/pkg/cluster/sync_test.go @@ -307,7 +307,7 @@ func TestUpdateSecret(t *testing.T) { generatedSecret := cluster.Secrets[secret.UID] // now update the secret setting next rotation date (yesterday + interval) - cluster.updateSecret(username, generatedSecret, secret, &rotationUsers, &retentionUsers, yesterday) + cluster.updateSecret(username, generatedSecret, &rotationUsers, &retentionUsers, yesterday) updatedSecret, err := cluster.KubeClient.Secrets(namespace).Get(context.TODO(), secretTemplate.Format("username", username, "cluster", clusterName), metav1.GetOptions{}) assert.NoError(t, err) @@ -318,7 +318,7 @@ func TestUpdateSecret(t *testing.T) { } // update secret again but use current time to trigger rotation - cluster.updateSecret(username, generatedSecret, updatedSecret, &rotationUsers, &retentionUsers, time.Now()) + cluster.updateSecret(username, generatedSecret, &rotationUsers, &retentionUsers, time.Now()) updatedSecret, err = cluster.KubeClient.Secrets(namespace).Get(context.TODO(), secretTemplate.Format("username", username, "cluster", clusterName), metav1.GetOptions{}) assert.NoError(t, err)