From a7e2abe5faea41e1a1cdb40082088901cad1c3ba Mon Sep 17 00:00:00 2001 From: irbekrm Date: Wed, 1 Mar 2023 10:31:29 +0000 Subject: [PATCH] Allows secrets event handler predicate to accept partial metadata This will only be needed by the SecretsFilteredCaching feature, but I cannot think of any harm by adding it to general path Signed-off-by: irbekrm --- .../certificaterequests/selfsigned/checks.go | 4 +-- .../selfsigned/checks.go | 4 +-- pkg/controller/clusterissuers/controller.go | 6 ++--- pkg/controller/issuers/controller.go | 8 +++--- pkg/controller/util.go | 21 ++++++++++++++++ ...erates_new_private_key_per_request_test.go | 25 ++++++++++++++----- 6 files changed, 49 insertions(+), 19 deletions(-) diff --git a/pkg/controller/certificaterequests/selfsigned/checks.go b/pkg/controller/certificaterequests/selfsigned/checks.go index 1e3ac3a95..87d31fa06 100644 --- a/pkg/controller/certificaterequests/selfsigned/checks.go +++ b/pkg/controller/certificaterequests/selfsigned/checks.go @@ -45,9 +45,9 @@ func handleSecretReferenceWorkFunc(log logr.Logger, ) func(obj any) { return func(obj any) { log := log.WithName("handleSecretReference") - secret, ok := obj.(*corev1.Secret) + secret, ok := controllerpkg.ToSecret(obj) if !ok { - log.Error(nil, "object is not a secret") + log.Error(nil, "object is not a secret", "object", obj) return } log = logf.WithResource(log, secret) diff --git a/pkg/controller/certificatesigningrequests/selfsigned/checks.go b/pkg/controller/certificatesigningrequests/selfsigned/checks.go index c6d2073c5..0f1e867ea 100644 --- a/pkg/controller/certificatesigningrequests/selfsigned/checks.go +++ b/pkg/controller/certificatesigningrequests/selfsigned/checks.go @@ -48,9 +48,9 @@ func handleSecretReferenceWorkFunc(log logr.Logger, ) func(obj any) { return func(obj any) { log := log.WithName("handleSecretReference") - secret, ok := obj.(*corev1.Secret) + secret, ok := controllerpkg.ToSecret(obj) if !ok { - log.Error(nil, "object is not a secret") + log.Error(nil, "object is not a secret", "object", obj) return } log = logf.WithResource(log, secret) diff --git a/pkg/controller/clusterissuers/controller.go b/pkg/controller/clusterissuers/controller.go index a5fb655b1..913f0e3ca 100644 --- a/pkg/controller/clusterissuers/controller.go +++ b/pkg/controller/clusterissuers/controller.go @@ -105,11 +105,9 @@ func (c *controller) Register(ctx *controllerpkg.Context) (workqueue.RateLimitin func (c *controller) secretDeleted(obj interface{}) { log := c.log.WithName("secretDeleted") - var secret *corev1.Secret - var ok bool - secret, ok = obj.(*corev1.Secret) + secret, ok := controllerpkg.ToSecret(obj) if !ok { - log.Error(nil, "object was not a Secret object") + log.Error(nil, "object is not a secret", "object", obj) return } log = logf.WithResource(log, secret) diff --git a/pkg/controller/issuers/controller.go b/pkg/controller/issuers/controller.go index d2b6c2f5e..9a18ed106 100644 --- a/pkg/controller/issuers/controller.go +++ b/pkg/controller/issuers/controller.go @@ -99,14 +99,12 @@ func (c *controller) Register(ctx *controllerpkg.Context) (workqueue.RateLimitin // TODO: replace with generic handleObject function (like Navigator) func (c *controller) secretDeleted(obj interface{}) { log := c.log.WithName("secretDeleted") - - var secret *corev1.Secret - var ok bool - secret, ok = obj.(*corev1.Secret) + secret, ok := controllerpkg.ToSecret(obj) if !ok { - log.Error(nil, "object was not a secret object") + log.Error(nil, "object is not a secret", "object", obj) return } + log = logf.WithResource(log, secret) issuers, err := c.issuersForSecret(secret) if err != nil { diff --git a/pkg/controller/util.go b/pkg/controller/util.go index 4d706906e..66f5bed06 100644 --- a/pkg/controller/util.go +++ b/pkg/controller/util.go @@ -199,3 +199,24 @@ func BuildAnnotationsToCopy(allAnnotations map[string]string, prefixes []string) } return filteredAnnotations } + +func ToSecret(obj interface{}) (*corev1.Secret, bool) { + secret, ok := obj.(*corev1.Secret) + if !ok { + meta, ok := obj.(*metav1.PartialObjectMetadata) + if !ok || meta.GroupVersionKind() != corev1.SchemeGroupVersion.WithKind("Secret") { + // TODO: I wasn't able to get GVK from PartialMetadata, + // however perhaps this should be possible and then we + // could verify that this really is a Secret. At the + // moment this is okay as there is no path how any + // reconcile loop would receive PartialObjectMetadata + // for any other type. + return nil, false + } + secret = &corev1.Secret{} + secret.SetName(meta.Name) + secret.SetNamespace(meta.Namespace) + } + return secret, true + +} diff --git a/test/integration/certificates/generates_new_private_key_per_request_test.go b/test/integration/certificates/generates_new_private_key_per_request_test.go index 08fdefc7f..29389acc6 100644 --- a/test/integration/certificates/generates_new_private_key_per_request_test.go +++ b/test/integration/certificates/generates_new_private_key_per_request_test.go @@ -320,23 +320,36 @@ func runAllControllers(t *testing.T, ctx context.Context, config *rest.Config) f log := logf.Log clock := clock.RealClock{} metrics := metrics.New(log, clock) + controllerContext := controllerpkg.Context{ + Client: kubeClient, + KubeSharedInformerFactory: factory, + CMClient: cmCl, + SharedInformerFactory: cmFactory, + ContextOptions: controllerpkg.ContextOptions{ + Metrics: metrics, + Clock: clock, + }, + Recorder: framework.NewEventRecorder(t), + FieldManager: "cert-manager-certificates-issuing-test", + } - revCtrl, revQueue, revMustSync := revisionmanager.NewController(log, cmCl, cmFactory) + // TODO: set field mananager before calling each of those- is that what we do in actual code? + revCtrl, revQueue, revMustSync := revisionmanager.NewController(log, &controllerContext) revisionManager := controllerpkg.NewController(ctx, "revisionmanager_controller", metrics, revCtrl.ProcessItem, revMustSync, nil, revQueue) - readyCtrl, readyQueue, readyMustSync := readiness.NewController(log, cmCl, factory, cmFactory, policies.NewReadinessPolicyChain(clock), pki.RenewalTime, readiness.BuildReadyConditionFromChain, "readiness") + readyCtrl, readyQueue, readyMustSync := readiness.NewController(log, &controllerContext, policies.NewReadinessPolicyChain(clock), pki.RenewalTime, readiness.BuildReadyConditionFromChain) readinessManager := controllerpkg.NewController(ctx, "readiness_controller", metrics, readyCtrl.ProcessItem, readyMustSync, nil, readyQueue) - issueCtrl, issueQueue, issueMustSync := issuing.NewController(log, kubeClient, cmCl, factory, cmFactory, &testpkg.FakeRecorder{}, clock, controllerpkg.CertificateOptions{}, "issuing") + issueCtrl, issueQueue, issueMustSync := issuing.NewController(log, &controllerContext) issueManager := controllerpkg.NewController(ctx, "issuing_controller", metrics, issueCtrl.ProcessItem, issueMustSync, nil, issueQueue) - reqCtrl, reqQueue, reqMustSync := requestmanager.NewController(log, cmCl, factory, cmFactory, &testpkg.FakeRecorder{}, clock, controllerpkg.CertificateOptions{}, "requestmanager") + reqCtrl, reqQueue, reqMustSync := requestmanager.NewController(log, &controllerContext) requestManager := controllerpkg.NewController(ctx, "requestmanager_controller", metrics, reqCtrl.ProcessItem, reqMustSync, nil, reqQueue) - keyCtrl, keyQueue, keyMustSync := keymanager.NewController(log, cmCl, kubeClient, factory, cmFactory, &testpkg.FakeRecorder{}, "keymanager") + keyCtrl, keyQueue, keyMustSync := keymanager.NewController(log, &controllerContext) keyManager := controllerpkg.NewController(ctx, "keymanager_controller", metrics, keyCtrl.ProcessItem, keyMustSync, nil, keyQueue) - triggerCtrl, triggerQueue, triggerMustSync := trigger.NewController(log, cmCl, factory, cmFactory, &testpkg.FakeRecorder{}, clock, policies.NewTriggerPolicyChain(clock).Evaluate, "trigger") + triggerCtrl, triggerQueue, triggerMustSync := trigger.NewController(log, &controllerContext, policies.NewTriggerPolicyChain(clock).Evaluate) triggerManager := controllerpkg.NewController(ctx, "trigger_controller", metrics, triggerCtrl.ProcessItem, triggerMustSync, nil, triggerQueue) return framework.StartInformersAndControllers(t, factory, cmFactory, revisionManager, requestManager, keyManager, triggerManager, readinessManager, issueManager)