diff --git a/internal/pkg/cmd/reloader.go b/internal/pkg/cmd/reloader.go index f17b2a2..03b6262 100644 --- a/internal/pkg/cmd/reloader.go +++ b/internal/pkg/cmd/reloader.go @@ -36,11 +36,11 @@ func NewReloaderCommand() *cobra.Command { cmd.PersistentFlags().BoolVar(&options.AutoReloadAll, "auto-reload-all", false, "Auto reload all resources") cmd.PersistentFlags().StringVar(&options.ConfigmapUpdateOnChangeAnnotation, "configmap-annotation", "configmap.reloader.stakater.com/reload", "annotation to detect changes in configmaps, specified by name") cmd.PersistentFlags().StringVar(&options.SecretUpdateOnChangeAnnotation, "secret-annotation", "secret.reloader.stakater.com/reload", "annotation to detect changes in secrets, specified by name") - cmd.PersistentFlags().StringVar(&options.SecretProviderClassUpdateOnChangeAnnotation, "spc-annotation", "secretproviderclass.reloader.stakater.com/reload", "annotation to detect changes in secretproviderclasses, specified by name") + cmd.PersistentFlags().StringVar(&options.SecretProviderClassUpdateOnChangeAnnotation, "secretproviderclass-annotation", "secretproviderclass.reloader.stakater.com/reload", "annotation to detect changes in secretproviderclasses, specified by name") cmd.PersistentFlags().StringVar(&options.ReloaderAutoAnnotation, "auto-annotation", "reloader.stakater.com/auto", "annotation to detect changes in secrets/configmaps") cmd.PersistentFlags().StringVar(&options.ConfigmapReloaderAutoAnnotation, "configmap-auto-annotation", "configmap.reloader.stakater.com/auto", "annotation to detect changes in configmaps") cmd.PersistentFlags().StringVar(&options.SecretReloaderAutoAnnotation, "secret-auto-annotation", "secret.reloader.stakater.com/auto", "annotation to detect changes in secrets") - cmd.PersistentFlags().StringVar(&options.SecretProviderClassReloaderAutoAnnotation, "spc-auto-annotation", "secretproviderclass.reloader.stakater.com/auto", "annotation to detect changes in secretproviderclasses") + cmd.PersistentFlags().StringVar(&options.SecretProviderClassReloaderAutoAnnotation, "secretproviderclass-auto-annotation", "secretproviderclass.reloader.stakater.com/auto", "annotation to detect changes in secretproviderclasses") cmd.PersistentFlags().StringVar(&options.AutoSearchAnnotation, "auto-search-annotation", "reloader.stakater.com/search", "annotation to detect changes in configmaps or secrets tagged with special match annotation") cmd.PersistentFlags().StringVar(&options.SearchMatchAnnotation, "search-match-annotation", "reloader.stakater.com/match", "annotation to mark secrets or configmaps to match the search") cmd.PersistentFlags().StringVar(&options.LogFormat, "log-format", "", "Log format to use (empty string for text, or JSON)") @@ -184,7 +184,7 @@ func startReloader(cmd *cobra.Command, args []string) { continue } if !kube.IsCSIInstalled { - logrus.Infof("Can't run CSI controller as CSI CRDs are not installed") + logrus.Infof("Can't run secretproviderclasspodstatuses controller as CSI CRDs are not installed") continue } } diff --git a/internal/pkg/constants/constants.go b/internal/pkg/constants/constants.go index 6ad3bd5..0d1f1c7 100644 --- a/internal/pkg/constants/constants.go +++ b/internal/pkg/constants/constants.go @@ -8,7 +8,7 @@ const ( ConfigmapEnvVarPostfix = "CONFIGMAP" // SecretEnvVarPostfix is a postfix for secret envVar SecretEnvVarPostfix = "SECRET" - // SecretEnvVarSecretProviderClassPodStatus is a postfix for secretproviderclasspodstatus envVar + // SecretProviderClassEnvVarPostfix is a postfix for secretproviderclasspodstatus envVar SecretProviderClassEnvVarPostfix = "SECRETPROVIDERCLASS" // EnvVarPrefix is a Prefix for environment variable EnvVarPrefix = "STAKATER_" diff --git a/internal/pkg/controller/controller.go b/internal/pkg/controller/controller.go index bf8ea4b..dca6625 100644 --- a/internal/pkg/controller/controller.go +++ b/internal/pkg/controller/controller.go @@ -22,6 +22,7 @@ import ( "k8s.io/client-go/util/workqueue" "k8s.io/kubectl/pkg/scheme" "k8s.io/utils/strings/slices" + csiv1 "sigs.k8s.io/secrets-store-csi-driver/apis/v1" ) // Controller for checking events @@ -117,6 +118,8 @@ func (c *Controller) Add(obj interface{}) { case *v1.Namespace: c.addSelectedNamespaceToCache(*object) return + case *csiv1.SecretProviderClassPodStatus: + return } if options.ReloadOnCreate == "true" { @@ -136,6 +139,8 @@ func (c *Controller) resourceInIgnoredNamespace(raw interface{}) bool { return c.ignoredNamespaces.Contains(object.ObjectMeta.Namespace) case *v1.Secret: return c.ignoredNamespaces.Contains(object.ObjectMeta.Namespace) + case *csiv1.SecretProviderClassPodStatus: + return c.ignoredNamespaces.Contains(object.ObjectMeta.Namespace) } return false } @@ -154,6 +159,10 @@ func (c *Controller) resourceInSelectedNamespaces(raw interface{}) bool { if slices.Contains(selectedNamespacesCache, object.GetNamespace()) { return true } + case *csiv1.SecretProviderClassPodStatus: + if slices.Contains(selectedNamespacesCache, object.GetNamespace()) { + return true + } } return false } @@ -192,6 +201,13 @@ func (c *Controller) Update(old interface{}, new interface{}) { // Delete function to add an object to the queue in case of deleting a resource func (c *Controller) Delete(old interface{}) { + switch object := old.(type) { + case *v1.Namespace: + c.removeSelectedNamespaceFromCache(*object) + return + case *csiv1.SecretProviderClassPodStatus: + return + } if options.ReloadOnDelete == "true" { if !c.resourceInIgnoredNamespace(old) && c.resourceInSelectedNamespaces(old) && secretControllerInitialized && configmapControllerInitialized { @@ -202,12 +218,6 @@ func (c *Controller) Delete(old interface{}) { }) } } - - switch object := old.(type) { - case *v1.Namespace: - c.removeSelectedNamespaceFromCache(*object) - return - } } // Run function for controller which handles the queue diff --git a/internal/pkg/controller/controller_test.go b/internal/pkg/controller/controller_test.go index ae42c59..f599923 100644 --- a/internal/pkg/controller/controller_test.go +++ b/internal/pkg/controller/controller_test.go @@ -649,11 +649,11 @@ func TestControllerUpdatingSecretProviderClassPodStatusShouldCreatePodAnnotation return } - // Creating secretclassprovider + // Creating secretproviderclass secretproviderclasspodstatusName := secretProviderClassPodStatusPrefix + "-update-" + testutil.RandSeq(5) _, err := testutil.CreateSecretProviderClass(clients.CSIClient, namespace, secretproviderclasspodstatusName, data) if err != nil { - t.Errorf("Error while creating the secretclassprovider %v", err) + t.Errorf("Error while creating the secretproviderclass %v", err) } // Creating secretproviderclasspodstatus @@ -718,11 +718,11 @@ func TestControllerUpdatingSecretProviderClassPodStatusShouldUpdatePodAnnotation return } - // Creating secretclassprovider + // Creating secretproviderclass secretproviderclasspodstatusName := secretProviderClassPodStatusPrefix + "-update-" + testutil.RandSeq(5) _, err := testutil.CreateSecretProviderClass(clients.CSIClient, namespace, secretproviderclasspodstatusName, data) if err != nil { - t.Errorf("Error while creating the secretclassprovider %v", err) + t.Errorf("Error while creating the secretproviderclass %v", err) } // Creating secretproviderclasspodstatus @@ -793,11 +793,11 @@ func TestControllerUpdatingSecretProviderClassPodStatusWithSameDataShouldNotCrea return } - // Creating secretclassprovider + // Creating secretproviderclass secretproviderclasspodstatusName := secretProviderClassPodStatusPrefix + "-update-" + testutil.RandSeq(5) _, err := testutil.CreateSecretProviderClass(clients.CSIClient, namespace, secretproviderclasspodstatusName, data) if err != nil { - t.Errorf("Error while creating the secretclassprovider %v", err) + t.Errorf("Error while creating the secretproviderclass %v", err) } // Creating secretproviderclasspodstatus @@ -829,7 +829,7 @@ func TestControllerUpdatingSecretProviderClassPodStatusWithSameDataShouldNotCrea deploymentFuncs := handler.GetDeploymentRollingUpgradeFuncs() updated := testutil.VerifyResourceAnnotationUpdate(clients, config, deploymentFuncs) if updated { - t.Errorf("Deployment should not be updated by changing in secret") + t.Errorf("Deployment should not be updated by changing in secretproviderclasspodstatus") } // Deleting Deployment @@ -1870,11 +1870,11 @@ func TestControllerUpdatingSecretProviderClassPodStatusShouldCreateEnvInDeployme return } - // Creating secretclassprovider + // Creating secretproviderclass secretproviderclasspodstatusName := secretProviderClassPodStatusPrefix + "-update-" + testutil.RandSeq(5) _, err := testutil.CreateSecretProviderClass(clients.CSIClient, namespace, secretproviderclasspodstatusName, data) if err != nil { - t.Errorf("Error while creating the secretclassprovider %v", err) + t.Errorf("Error while creating the secretproviderclass %v", err) } // Creating secretproviderclasspodstatus @@ -1938,11 +1938,11 @@ func TestControllerUpdatingSecretProviderClassPodStatusShouldUpdateEnvInDeployme return } - // Creating secretclassprovider + // Creating secretproviderclass secretproviderclasspodstatusName := secretProviderClassPodStatusPrefix + "-update-" + testutil.RandSeq(5) _, err := testutil.CreateSecretProviderClass(clients.CSIClient, namespace, secretproviderclasspodstatusName, data) if err != nil { - t.Errorf("Error while creating the secretclassprovider %v", err) + t.Errorf("Error while creating the secretproviderclass %v", err) } // Creating secretproviderclasspodstatus @@ -2012,11 +2012,11 @@ func TestControllerUpdatingSecretProviderClassPodStatusLabelsShouldNotCreateOrUp return } - // Creating secretclassprovider + // Creating secretproviderclass secretproviderclasspodstatusName := secretProviderClassPodStatusPrefix + "-update-" + testutil.RandSeq(5) _, err := testutil.CreateSecretProviderClass(clients.CSIClient, namespace, secretproviderclasspodstatusName, data) if err != nil { - t.Errorf("Error while creating the secretclassprovider %v", err) + t.Errorf("Error while creating the secretproviderclass %v", err) } // Creating secretproviderclasspodstatus @@ -2033,7 +2033,7 @@ func TestControllerUpdatingSecretProviderClassPodStatusLabelsShouldNotCreateOrUp err = testutil.UpdateSecretProviderClassPodStatus(spcpsClient, namespace, secretproviderclasspodstatusName, "test", data) if err != nil { - t.Errorf("Error while updating secret %v", err) + t.Errorf("Error while updating secretproviderclasspodstatus %v", err) } // Verifying Upgrade @@ -2048,7 +2048,7 @@ func TestControllerUpdatingSecretProviderClassPodStatusLabelsShouldNotCreateOrUp deploymentFuncs := handler.GetDeploymentRollingUpgradeFuncs() updated := testutil.VerifyResourceEnvVarUpdate(clients, config, constants.SecretProviderClassEnvVarPostfix, deploymentFuncs) if updated { - t.Errorf("Deployment should not be updated by changing label in secret") + t.Errorf("Deployment should not be updated by changing label in secretproviderclasspodstatus") } // Deleting Deployment diff --git a/internal/pkg/handler/upgrade_test.go b/internal/pkg/handler/upgrade_test.go index 35acddb..a0fb657 100644 --- a/internal/pkg/handler/upgrade_test.go +++ b/internal/pkg/handler/upgrade_test.go @@ -2809,7 +2809,7 @@ func TestRollingUpgradeForDaemonSetWithSecretProviderClassUsingArs(t *testing.T) envVarPostfix := constants.SecretProviderClassEnvVarPostfix shaData := testutil.ConvertResourceToSHA(testutil.SecretProviderClassPodStatusResourceType, arsNamespace, arsSecretProviderClassName, "testing1") - config := getConfigWithAnnotations(envVarPostfix, arsSecretProviderClassName, shaData, options.SecretUpdateOnChangeAnnotation, options.SecretReloaderAutoAnnotation) + config := getConfigWithAnnotations(envVarPostfix, arsSecretProviderClassName, shaData, options.SecretProviderClassUpdateOnChangeAnnotation, options.SecretProviderClassReloaderAutoAnnotation) daemonSetFuncs := GetDaemonSetRollingUpgradeFuncs() collectors := getCollectors() @@ -2969,7 +2969,7 @@ func TestRollingUpgradeForStatefulSetWithSecretProviderClassUsingArs(t *testing. envVarPostfix := constants.SecretProviderClassEnvVarPostfix shaData := testutil.ConvertResourceToSHA(testutil.SecretProviderClassPodStatusResourceType, arsNamespace, arsSecretProviderClassName, "testing1") - config := getConfigWithAnnotations(envVarPostfix, arsSecretProviderClassName, shaData, options.SecretUpdateOnChangeAnnotation, options.SecretReloaderAutoAnnotation) + config := getConfigWithAnnotations(envVarPostfix, arsSecretProviderClassName, shaData, options.SecretProviderClassUpdateOnChangeAnnotation, options.SecretProviderClassReloaderAutoAnnotation) statefulSetFuncs := GetStatefulSetRollingUpgradeFuncs() collectors := getCollectors() @@ -3776,7 +3776,7 @@ func TestRollingUpgradeForDeploymentWithSecretProviderClassExcludeAnnotationUsin err := PerformAction(clients, config, deploymentFuncs, collectors, nil, invokeReloadStrategy) time.Sleep(5 * time.Second) if err != nil { - t.Errorf("Rolling upgrade failed for Deployment with exclude Secret") + t.Errorf("Rolling upgrade failed for Deployment with exclude SecretProviderClass") } logrus.Infof("Verifying deployment did not update") diff --git a/internal/pkg/options/flags.go b/internal/pkg/options/flags.go index 8267bed..dcefade 100644 --- a/internal/pkg/options/flags.go +++ b/internal/pkg/options/flags.go @@ -62,7 +62,7 @@ var ( EnableHA = false // Url to send a request to instead of triggering a reload WebhookUrl = "" - // EnableCsiIntegration Adds support to watch SecretProviderClassPodStatus and restart deployment based on it + // EnableCSIIntegration Adds support to watch SecretProviderClassPodStatus and restart deployment based on it EnableCSIIntegration = false ) diff --git a/internal/pkg/testutil/kube.go b/internal/pkg/testutil/kube.go index 3d8b502..8c843d7 100644 --- a/internal/pkg/testutil/kube.go +++ b/internal/pkg/testutil/kube.go @@ -845,7 +845,7 @@ func CreateSecretProviderClass(client csiclient.Interface, namespace string, sec return secretProviderClassClient, err } -// CreateSecretProviderClass creates a SecretProviderClassPodStatus in given namespace and returns the SecretProviderClassInterface +// CreateSecretProviderClassPodStatus creates a SecretProviderClassPodStatus in given namespace and returns the SecretProviderClassPodStatusInterface func CreateSecretProviderClassPodStatus(client csiclient.Interface, namespace string, secretProviderClassPodStatusName string, data string) (csiclient_v1.SecretProviderClassPodStatusInterface, error) { logrus.Infof("Creating SecretProviderClassPodStatus") secretProviderClassPodStatusClient := client.SecretsstoreV1().SecretProviderClassPodStatuses(namespace)