Allows secrets event handler predicate to accept partial metadata

This will only be needed by the SecretsFilteredCaching feature, but I cannot think of any harm by adding it to general path Signed-off-by: irbekrm <irbekrm@gmail.com>
2023-03-01 10:31:29 +00:00 · 2023-03-01 10:31:29 +00:00 · a7e2abe5fa
commit a7e2abe5fa
parent 5d7614ddd4
6 changed files with 49 additions and 19 deletions
--- a/pkg/controller/certificaterequests/selfsigned/checks.go
+++ b/pkg/controller/certificaterequests/selfsigned/checks.go
@ -45,9 +45,9 @@ func handleSecretReferenceWorkFunc(log logr.Logger,
 ) func(obj any) {
 	return func(obj any) {
 		log := log.WithName("handleSecretReference")
-		secret, ok := obj.(*corev1.Secret)
+		secret, ok := controllerpkg.ToSecret(obj)
 		if !ok {
-			log.Error(nil, "object is not a secret")
+			log.Error(nil, "object is not a secret", "object", obj)
 			return
 		}
 		log = logf.WithResource(log, secret)
--- a/pkg/controller/certificatesigningrequests/selfsigned/checks.go
+++ b/pkg/controller/certificatesigningrequests/selfsigned/checks.go
@ -48,9 +48,9 @@ func handleSecretReferenceWorkFunc(log logr.Logger,
 ) func(obj any) {
 	return func(obj any) {
 		log := log.WithName("handleSecretReference")
-		secret, ok := obj.(*corev1.Secret)
+		secret, ok := controllerpkg.ToSecret(obj)
 		if !ok {
-			log.Error(nil, "object is not a secret")
+			log.Error(nil, "object is not a secret", "object", obj)
 			return
 		}
 		log = logf.WithResource(log, secret)
--- a/pkg/controller/clusterissuers/controller.go
+++ b/pkg/controller/clusterissuers/controller.go
@ -105,11 +105,9 @@ func (c *controller) Register(ctx *controllerpkg.Context) (workqueue.RateLimitin
 func (c *controller) secretDeleted(obj interface{}) {
 	log := c.log.WithName("secretDeleted")

-	var secret *corev1.Secret
-	var ok bool
-	secret, ok = obj.(*corev1.Secret)
+	secret, ok := controllerpkg.ToSecret(obj)
 	if !ok {
-		log.Error(nil, "object was not a Secret object")
+		log.Error(nil, "object is not a secret", "object", obj)
 		return
 	}
 	log = logf.WithResource(log, secret)
--- a/pkg/controller/issuers/controller.go
+++ b/pkg/controller/issuers/controller.go
@ -99,14 +99,12 @@ func (c *controller) Register(ctx *controllerpkg.Context) (workqueue.RateLimitin
 // TODO: replace with generic handleObject function (like Navigator)
 func (c *controller) secretDeleted(obj interface{}) {
 	log := c.log.WithName("secretDeleted")
-
-	var secret *corev1.Secret
-	var ok bool
-	secret, ok = obj.(*corev1.Secret)
+	secret, ok := controllerpkg.ToSecret(obj)
 	if !ok {
-		log.Error(nil, "object was not a secret object")
+		log.Error(nil, "object is not a secret", "object", obj)
 		return
 	}
+
 	log = logf.WithResource(log, secret)
 	issuers, err := c.issuersForSecret(secret)
 	if err != nil {
--- a/pkg/controller/util.go
+++ b/pkg/controller/util.go
@ -199,3 +199,24 @@ func BuildAnnotationsToCopy(allAnnotations map[string]string, prefixes []string)
 	}
 	return filteredAnnotations
 }
+
+func ToSecret(obj interface{}) (*corev1.Secret, bool) {
+	secret, ok := obj.(*corev1.Secret)
+	if !ok {
+		meta, ok := obj.(*metav1.PartialObjectMetadata)
+		if !ok || meta.GroupVersionKind() != corev1.SchemeGroupVersion.WithKind("Secret") {
+			// TODO: I wasn't able to get GVK from PartialMetadata,
+			// however perhaps this should be possible and then we
+			// could verify that this really is a Secret. At the
+			// moment this is okay as there is no path how any
+			// reconcile loop would receive PartialObjectMetadata
+			// for any other type.
+			return nil, false
+		}
+		secret = &corev1.Secret{}
+		secret.SetName(meta.Name)
+		secret.SetNamespace(meta.Namespace)
+	}
+	return secret, true
+
+}
--- a/test/integration/certificates/generates_new_private_key_per_request_test.go
+++ b/test/integration/certificates/generates_new_private_key_per_request_test.go
@ -320,23 +320,36 @@ func runAllControllers(t *testing.T, ctx context.Context, config *rest.Config) f
 	log := logf.Log
 	clock := clock.RealClock{}
 	metrics := metrics.New(log, clock)
+	controllerContext := controllerpkg.Context{
+		Client:                    kubeClient,
+		KubeSharedInformerFactory: factory,
+		CMClient:                  cmCl,
+		SharedInformerFactory:     cmFactory,
+		ContextOptions: controllerpkg.ContextOptions{
+			Metrics: metrics,
+			Clock:   clock,
+		},
+		Recorder:     framework.NewEventRecorder(t),
+		FieldManager: "cert-manager-certificates-issuing-test",
+	}

-	revCtrl, revQueue, revMustSync := revisionmanager.NewController(log, cmCl, cmFactory)
+	// TODO: set field mananager before calling each of those- is that what we do in actual code?
+	revCtrl, revQueue, revMustSync := revisionmanager.NewController(log, &controllerContext)
 	revisionManager := controllerpkg.NewController(ctx, "revisionmanager_controller", metrics, revCtrl.ProcessItem, revMustSync, nil, revQueue)

-	readyCtrl, readyQueue, readyMustSync := readiness.NewController(log, cmCl, factory, cmFactory, policies.NewReadinessPolicyChain(clock), pki.RenewalTime, readiness.BuildReadyConditionFromChain, "readiness")
+	readyCtrl, readyQueue, readyMustSync := readiness.NewController(log, &controllerContext, policies.NewReadinessPolicyChain(clock), pki.RenewalTime, readiness.BuildReadyConditionFromChain)
 	readinessManager := controllerpkg.NewController(ctx, "readiness_controller", metrics, readyCtrl.ProcessItem, readyMustSync, nil, readyQueue)

-	issueCtrl, issueQueue, issueMustSync := issuing.NewController(log, kubeClient, cmCl, factory, cmFactory, &testpkg.FakeRecorder{}, clock, controllerpkg.CertificateOptions{}, "issuing")
+	issueCtrl, issueQueue, issueMustSync := issuing.NewController(log, &controllerContext)
 	issueManager := controllerpkg.NewController(ctx, "issuing_controller", metrics, issueCtrl.ProcessItem, issueMustSync, nil, issueQueue)

-	reqCtrl, reqQueue, reqMustSync := requestmanager.NewController(log, cmCl, factory, cmFactory, &testpkg.FakeRecorder{}, clock, controllerpkg.CertificateOptions{}, "requestmanager")
+	reqCtrl, reqQueue, reqMustSync := requestmanager.NewController(log, &controllerContext)
 	requestManager := controllerpkg.NewController(ctx, "requestmanager_controller", metrics, reqCtrl.ProcessItem, reqMustSync, nil, reqQueue)

-	keyCtrl, keyQueue, keyMustSync := keymanager.NewController(log, cmCl, kubeClient, factory, cmFactory, &testpkg.FakeRecorder{}, "keymanager")
+	keyCtrl, keyQueue, keyMustSync := keymanager.NewController(log, &controllerContext)
 	keyManager := controllerpkg.NewController(ctx, "keymanager_controller", metrics, keyCtrl.ProcessItem, keyMustSync, nil, keyQueue)

-	triggerCtrl, triggerQueue, triggerMustSync := trigger.NewController(log, cmCl, factory, cmFactory, &testpkg.FakeRecorder{}, clock, policies.NewTriggerPolicyChain(clock).Evaluate, "trigger")
+	triggerCtrl, triggerQueue, triggerMustSync := trigger.NewController(log, &controllerContext, policies.NewTriggerPolicyChain(clock).Evaluate)
 	triggerManager := controllerpkg.NewController(ctx, "trigger_controller", metrics, triggerCtrl.ProcessItem, triggerMustSync, nil, triggerQueue)

 	return framework.StartInformersAndControllers(t, factory, cmFactory, revisionManager, requestManager, keyManager, triggerManager, readinessManager, issueManager)