diff --git a/internal/resources/api_server_certificate.go b/internal/resources/api_server_certificate.go index ac3a8f4..6db9a5f 100644 --- a/internal/resources/api_server_certificate.go +++ b/internal/resources/api_server_certificate.go @@ -18,7 +18,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1" - "github.com/clastix/kamaji/internal/constants" "github.com/clastix/kamaji/internal/crypto" "github.com/clastix/kamaji/internal/kubeadm" "github.com/clastix/kamaji/internal/utilities" @@ -31,7 +30,7 @@ type APIServerCertificate struct { } func (r *APIServerCertificate) ShouldStatusBeUpdated(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool { - return tenantControlPlane.Status.Certificates.APIServer.Checksum != r.resource.GetAnnotations()[constants.Checksum] + return tenantControlPlane.Status.Certificates.APIServer.Checksum != utilities.GetObjectChecksum(r.resource) } func (r *APIServerCertificate) ShouldCleanup(_ *kamajiv1alpha1.TenantControlPlane) bool { @@ -76,7 +75,7 @@ func (r *APIServerCertificate) GetName() string { func (r *APIServerCertificate) UpdateTenantControlPlaneStatus(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) error { tenantControlPlane.Status.Certificates.APIServer.LastUpdate = metav1.Now() tenantControlPlane.Status.Certificates.APIServer.SecretName = r.resource.GetName() - tenantControlPlane.Status.Certificates.APIServer.Checksum = r.resource.GetAnnotations()[constants.Checksum] + tenantControlPlane.Status.Certificates.APIServer.Checksum = utilities.GetObjectChecksum(r.resource) return nil } @@ -94,7 +93,7 @@ func (r *APIServerCertificate) mutate(ctx context.Context, tenantControlPlane *k return err } - if checksum := tenantControlPlane.Status.Certificates.APIServer.Checksum; len(checksum) > 0 && checksum == r.resource.GetAnnotations()[constants.Checksum] { + if checksum := tenantControlPlane.Status.Certificates.APIServer.Checksum; len(checksum) > 0 && checksum == utilities.GetObjectChecksum(r.resource) { isCAValid, err := crypto.VerifyCertificate(r.resource.Data[kubeadmconstants.APIServerCertName], secretCA.Data[kubeadmconstants.CACertName], x509.ExtKeyUsageServerAuth) if err != nil { logger.Info(fmt.Sprintf("certificate-authority verify failed: %s", err.Error())) @@ -137,12 +136,7 @@ func (r *APIServerCertificate) mutate(ctx context.Context, tenantControlPlane *k kubeadmconstants.APIServerKeyName: certificateKeyPair.PrivateKey, } - annotations := r.resource.GetAnnotations() - if annotations == nil { - annotations = map[string]string{} - } - annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) - r.resource.SetAnnotations(annotations) + utilities.SetObjectChecksum(r.resource, r.resource.Data) r.resource.SetLabels(utilities.MergeMaps( utilities.KamajiLabels(), diff --git a/internal/resources/api_server_kubelet_client_certificate.go b/internal/resources/api_server_kubelet_client_certificate.go index a2f0735..5f74ea4 100644 --- a/internal/resources/api_server_kubelet_client_certificate.go +++ b/internal/resources/api_server_kubelet_client_certificate.go @@ -18,7 +18,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1" - "github.com/clastix/kamaji/internal/constants" "github.com/clastix/kamaji/internal/crypto" "github.com/clastix/kamaji/internal/kubeadm" "github.com/clastix/kamaji/internal/utilities" @@ -31,7 +30,7 @@ type APIServerKubeletClientCertificate struct { } func (r *APIServerKubeletClientCertificate) ShouldStatusBeUpdated(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool { - return tenantControlPlane.Status.Certificates.APIServerKubeletClient.Checksum != r.resource.GetAnnotations()[constants.Checksum] + return tenantControlPlane.Status.Certificates.APIServerKubeletClient.Checksum != utilities.GetObjectChecksum(r.resource) } func (r *APIServerKubeletClientCertificate) ShouldCleanup(*kamajiv1alpha1.TenantControlPlane) bool { @@ -76,7 +75,7 @@ func (r *APIServerKubeletClientCertificate) GetName() string { func (r *APIServerKubeletClientCertificate) UpdateTenantControlPlaneStatus(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) error { tenantControlPlane.Status.Certificates.APIServerKubeletClient.LastUpdate = metav1.Now() tenantControlPlane.Status.Certificates.APIServerKubeletClient.SecretName = r.resource.GetName() - tenantControlPlane.Status.Certificates.APIServerKubeletClient.Checksum = r.resource.GetAnnotations()[constants.Checksum] + tenantControlPlane.Status.Certificates.APIServerKubeletClient.Checksum = utilities.GetObjectChecksum(r.resource) return nil } @@ -94,7 +93,7 @@ func (r *APIServerKubeletClientCertificate) mutate(ctx context.Context, tenantCo return err } - if checksum := tenantControlPlane.Status.Certificates.APIServerKubeletClient.Checksum; len(checksum) > 0 && checksum == r.resource.GetAnnotations()[constants.Checksum] { + if checksum := tenantControlPlane.Status.Certificates.APIServerKubeletClient.Checksum; len(checksum) > 0 && checksum == utilities.GetObjectChecksum(r.resource) { isCAValid, err := crypto.VerifyCertificate(r.resource.Data[kubeadmconstants.APIServerKubeletClientCertName], secretCA.Data[kubeadmconstants.CACertName], x509.ExtKeyUsageClientAuth) if err != nil { logger.Info(fmt.Sprintf("certificate-authority verify failed: %s", err.Error())) @@ -145,12 +144,7 @@ func (r *APIServerKubeletClientCertificate) mutate(ctx context.Context, tenantCo }, )) - annotations := r.resource.GetAnnotations() - if annotations == nil { - annotations = map[string]string{} - } - annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) - r.resource.SetAnnotations(annotations) + utilities.SetObjectChecksum(r.resource, r.resource.Data) return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) } diff --git a/internal/resources/ca_certificate.go b/internal/resources/ca_certificate.go index 8922d45..bf3ff52 100644 --- a/internal/resources/ca_certificate.go +++ b/internal/resources/ca_certificate.go @@ -16,7 +16,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1" - "github.com/clastix/kamaji/internal/constants" "github.com/clastix/kamaji/internal/crypto" "github.com/clastix/kamaji/internal/kubeadm" "github.com/clastix/kamaji/internal/utilities" @@ -32,7 +31,7 @@ type CACertificate struct { func (r *CACertificate) ShouldStatusBeUpdated(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool { return r.isRotatingCA || tenantControlPlane.Status.Certificates.CA.SecretName != r.resource.GetName() || - tenantControlPlane.Status.Certificates.CA.Checksum != r.resource.GetAnnotations()[constants.Checksum] + tenantControlPlane.Status.Certificates.CA.Checksum != utilities.GetObjectChecksum(r.resource) } func (r *CACertificate) ShouldCleanup(*kamajiv1alpha1.TenantControlPlane) bool { @@ -77,7 +76,7 @@ func (r *CACertificate) GetName() string { func (r *CACertificate) UpdateTenantControlPlaneStatus(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) error { tenantControlPlane.Status.Certificates.CA.LastUpdate = metav1.Now() tenantControlPlane.Status.Certificates.CA.SecretName = r.resource.GetName() - tenantControlPlane.Status.Certificates.CA.Checksum = r.resource.GetAnnotations()[constants.Checksum] + tenantControlPlane.Status.Certificates.CA.Checksum = utilities.GetObjectChecksum(r.resource) if r.isRotatingCA { tenantControlPlane.Status.Kubernetes.Version.Status = &kamajiv1alpha1.VersionCARotating } @@ -89,7 +88,7 @@ func (r *CACertificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1 return func() error { logger := log.FromContext(ctx, "resource", r.GetName()) - if checksum := tenantControlPlane.Status.Certificates.CA.Checksum; len(checksum) > 0 && checksum == r.resource.GetAnnotations()[constants.Checksum] { + if checksum := tenantControlPlane.Status.Certificates.CA.Checksum; len(checksum) > 0 && checksum == utilities.GetObjectChecksum(r.resource) { isValid, err := crypto.CheckCertificateAndPrivateKeyPairValidity( r.resource.Data[kubeadmconstants.CACertName], r.resource.Data[kubeadmconstants.CAKeyName], @@ -133,12 +132,7 @@ func (r *CACertificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1 }, )) - annotations := r.resource.GetAnnotations() - if annotations == nil { - annotations = map[string]string{} - } - annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) - r.resource.SetAnnotations(annotations) + utilities.SetObjectChecksum(r.resource, r.resource.Data) return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) } diff --git a/internal/resources/datastore/datastore_certificate.go b/internal/resources/datastore/datastore_certificate.go index ed99de3..bc8e53e 100644 --- a/internal/resources/datastore/datastore_certificate.go +++ b/internal/resources/datastore/datastore_certificate.go @@ -16,7 +16,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1" - "github.com/clastix/kamaji/internal/constants" "github.com/clastix/kamaji/internal/crypto" "github.com/clastix/kamaji/internal/utilities" ) @@ -29,7 +28,7 @@ type Certificate struct { } func (r *Certificate) ShouldStatusBeUpdated(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool { - return tenantControlPlane.Status.Storage.Certificate.Checksum != r.resource.GetAnnotations()[constants.Checksum] + return tenantControlPlane.Status.Storage.Certificate.Checksum != utilities.GetObjectChecksum(r.resource) } func (r *Certificate) ShouldCleanup(*kamajiv1alpha1.TenantControlPlane) bool { @@ -70,7 +69,7 @@ func (r *Certificate) GetName() string { func (r *Certificate) UpdateTenantControlPlaneStatus(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) error { tenantControlPlane.Status.Storage.Certificate.SecretName = r.resource.GetName() - tenantControlPlane.Status.Storage.Certificate.Checksum = r.resource.GetAnnotations()[constants.Checksum] + tenantControlPlane.Status.Storage.Certificate.Checksum = utilities.GetObjectChecksum(r.resource) tenantControlPlane.Status.Storage.Certificate.LastUpdate = metav1.Now() return nil @@ -89,7 +88,7 @@ func (r *Certificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1al r.resource.Data["ca.crt"] = ca - if r.resource.GetAnnotations()[constants.Checksum] == utilities.CalculateMapChecksum(r.resource.Data) { + if utilities.GetObjectChecksum(r.resource) == utilities.CalculateMapChecksum(r.resource.Data) { if r.DataStore.Spec.Driver == kamajiv1alpha1.EtcdDriver { if isValid, _ := crypto.IsValidCertificateKeyPairBytes(r.resource.Data["server.crt"], r.resource.Data["server.key"]); isValid { return nil @@ -140,12 +139,7 @@ func (r *Certificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1al r.resource.Data["server.crt"] = crt.Bytes() r.resource.Data["server.key"] = key.Bytes() - annotations := r.resource.GetAnnotations() - if annotations == nil { - annotations = map[string]string{} - } - annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) - r.resource.SetAnnotations(annotations) + utilities.SetObjectChecksum(r.resource, r.resource.Data) r.resource.SetLabels(utilities.MergeMaps( utilities.KamajiLabels(), diff --git a/internal/resources/datastore/datastore_storage_config.go b/internal/resources/datastore/datastore_storage_config.go index 778b8a0..9fa1972 100644 --- a/internal/resources/datastore/datastore_storage_config.go +++ b/internal/resources/datastore/datastore_storage_config.go @@ -15,7 +15,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1" - "github.com/clastix/kamaji/internal/constants" "github.com/clastix/kamaji/internal/utilities" ) @@ -27,7 +26,7 @@ type Config struct { } func (r *Config) ShouldStatusBeUpdated(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool { - return tenantControlPlane.Status.Storage.Config.Checksum != r.resource.GetAnnotations()[constants.Checksum] || + return tenantControlPlane.Status.Storage.Config.Checksum != utilities.GetObjectChecksum(r.resource) || tenantControlPlane.Status.Storage.DataStoreName != r.DataStore.GetName() } @@ -70,7 +69,7 @@ func (r *Config) UpdateTenantControlPlaneStatus(_ context.Context, tenantControl tenantControlPlane.Status.Storage.Driver = string(r.DataStore.Spec.Driver) tenantControlPlane.Status.Storage.DataStoreName = r.DataStore.GetName() tenantControlPlane.Status.Storage.Config.SecretName = r.resource.GetName() - tenantControlPlane.Status.Storage.Config.Checksum = r.resource.GetAnnotations()[constants.Checksum] + tenantControlPlane.Status.Storage.Config.Checksum = utilities.GetObjectChecksum(r.resource) return nil } @@ -79,9 +78,9 @@ func (r *Config) mutate(_ context.Context, tenantControlPlane *kamajiv1alpha1.Te return func() error { var password []byte - savedHash, ok := r.resource.GetAnnotations()[constants.Checksum] + hash := utilities.GetObjectChecksum(r.resource) switch { - case ok && savedHash == utilities.CalculateMapChecksum(r.resource.Data): + case len(hash) > 0 && hash == utilities.CalculateMapChecksum(r.resource.Data): password = r.resource.Data["DB_PASSWORD"] default: password = []byte(uuid.New().String()) @@ -106,13 +105,7 @@ func (r *Config) mutate(_ context.Context, tenantControlPlane *kamajiv1alpha1.Te "DB_PASSWORD": password, } - annotations := r.resource.GetAnnotations() - if annotations == nil { - annotations = map[string]string{} - } - - annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) - r.resource.SetAnnotations(annotations) + utilities.SetObjectChecksum(r.resource, r.resource.Data) r.resource.SetLabels(utilities.MergeMaps( utilities.KamajiLabels(), diff --git a/internal/resources/front-proxy-client-certificate.go b/internal/resources/front-proxy-client-certificate.go index 0b90d7a..4f27f60 100644 --- a/internal/resources/front-proxy-client-certificate.go +++ b/internal/resources/front-proxy-client-certificate.go @@ -18,7 +18,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1" - "github.com/clastix/kamaji/internal/constants" "github.com/clastix/kamaji/internal/crypto" "github.com/clastix/kamaji/internal/kubeadm" "github.com/clastix/kamaji/internal/utilities" @@ -31,7 +30,7 @@ type FrontProxyClientCertificate struct { } func (r *FrontProxyClientCertificate) ShouldStatusBeUpdated(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool { - return tenantControlPlane.Status.Certificates.FrontProxyClient.Checksum != r.resource.GetAnnotations()[constants.Checksum] + return tenantControlPlane.Status.Certificates.FrontProxyClient.Checksum != utilities.GetObjectChecksum(r.resource) } func (r *FrontProxyClientCertificate) ShouldCleanup(*kamajiv1alpha1.TenantControlPlane) bool { @@ -76,7 +75,7 @@ func (r *FrontProxyClientCertificate) GetName() string { func (r *FrontProxyClientCertificate) UpdateTenantControlPlaneStatus(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) error { tenantControlPlane.Status.Certificates.FrontProxyClient.LastUpdate = metav1.Now() tenantControlPlane.Status.Certificates.FrontProxyClient.SecretName = r.resource.GetName() - tenantControlPlane.Status.Certificates.FrontProxyClient.Checksum = r.resource.GetAnnotations()[constants.Checksum] + tenantControlPlane.Status.Certificates.FrontProxyClient.Checksum = utilities.GetObjectChecksum(r.resource) return nil } @@ -93,7 +92,7 @@ func (r *FrontProxyClientCertificate) mutate(ctx context.Context, tenantControlP return err } - if checksum := tenantControlPlane.Status.Certificates.FrontProxyClient.Checksum; len(checksum) > 0 && checksum == r.resource.GetAnnotations()[constants.Checksum] { + if checksum := tenantControlPlane.Status.Certificates.FrontProxyClient.Checksum; len(checksum) > 0 && checksum == utilities.GetObjectChecksum(r.resource) { isCAValid, err := crypto.VerifyCertificate(r.resource.Data[kubeadmconstants.FrontProxyClientCertName], secretCA.Data[kubeadmconstants.FrontProxyCACertName], x509.ExtKeyUsageClientAuth) if err != nil { logger.Info(fmt.Sprintf("certificate-authority verify failed: %s", err.Error())) @@ -144,12 +143,7 @@ func (r *FrontProxyClientCertificate) mutate(ctx context.Context, tenantControlP }, )) - annotations := r.resource.GetAnnotations() - if annotations == nil { - annotations = map[string]string{} - } - annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) - r.resource.SetAnnotations(annotations) + utilities.SetObjectChecksum(r.resource, r.resource.Data) return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) } diff --git a/internal/resources/front_proxy_ca_certificate.go b/internal/resources/front_proxy_ca_certificate.go index 75dc5ce..aeeb574 100644 --- a/internal/resources/front_proxy_ca_certificate.go +++ b/internal/resources/front_proxy_ca_certificate.go @@ -16,7 +16,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1" - "github.com/clastix/kamaji/internal/constants" "github.com/clastix/kamaji/internal/crypto" "github.com/clastix/kamaji/internal/kubeadm" "github.com/clastix/kamaji/internal/utilities" @@ -29,7 +28,7 @@ type FrontProxyCACertificate struct { } func (r *FrontProxyCACertificate) ShouldStatusBeUpdated(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool { - return tenantControlPlane.Status.Certificates.FrontProxyCA.Checksum != r.resource.GetAnnotations()[constants.Checksum] + return tenantControlPlane.Status.Certificates.FrontProxyCA.Checksum != utilities.GetObjectChecksum(r.resource) } func (r *FrontProxyCACertificate) ShouldCleanup(*kamajiv1alpha1.TenantControlPlane) bool { @@ -74,7 +73,7 @@ func (r *FrontProxyCACertificate) GetName() string { func (r *FrontProxyCACertificate) UpdateTenantControlPlaneStatus(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) error { tenantControlPlane.Status.Certificates.FrontProxyCA.LastUpdate = metav1.Now() tenantControlPlane.Status.Certificates.FrontProxyCA.SecretName = r.resource.GetName() - tenantControlPlane.Status.Certificates.FrontProxyCA.Checksum = r.resource.GetAnnotations()[constants.Checksum] + tenantControlPlane.Status.Certificates.FrontProxyCA.Checksum = utilities.GetObjectChecksum(r.resource) return nil } @@ -83,7 +82,7 @@ func (r *FrontProxyCACertificate) mutate(ctx context.Context, tenantControlPlane return func() error { logger := log.FromContext(ctx, "resource", r.GetName()) - if checksum := tenantControlPlane.Status.Certificates.FrontProxyCA.Checksum; len(checksum) > 0 && checksum == r.resource.GetAnnotations()[constants.Checksum] { + if checksum := tenantControlPlane.Status.Certificates.FrontProxyCA.Checksum; len(checksum) > 0 && checksum == utilities.GetObjectChecksum(r.resource) { isValid, err := crypto.CheckCertificateAndPrivateKeyPairValidity( r.resource.Data[kubeadmconstants.FrontProxyCACertName], r.resource.Data[kubeadmconstants.FrontProxyCAKeyName], @@ -123,12 +122,7 @@ func (r *FrontProxyCACertificate) mutate(ctx context.Context, tenantControlPlane }, )) - annotations := r.resource.GetAnnotations() - if annotations == nil { - annotations = map[string]string{} - } - annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) - r.resource.SetAnnotations(annotations) + utilities.SetObjectChecksum(r.resource, r.resource.Data) return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) } diff --git a/internal/resources/konnectivity/certificate_resource.go b/internal/resources/konnectivity/certificate_resource.go index e1b9c81..0536938 100644 --- a/internal/resources/konnectivity/certificate_resource.go +++ b/internal/resources/konnectivity/certificate_resource.go @@ -18,7 +18,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1" - "github.com/clastix/kamaji/internal/constants" "github.com/clastix/kamaji/internal/crypto" "github.com/clastix/kamaji/internal/kubeadm" "github.com/clastix/kamaji/internal/utilities" @@ -30,7 +29,7 @@ type CertificateResource struct { } func (r *CertificateResource) ShouldStatusBeUpdated(ctx context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool { - return tenantControlPlane.Status.Addons.Konnectivity.Certificate.Checksum != r.resource.GetAnnotations()[constants.Checksum] + return tenantControlPlane.Status.Addons.Konnectivity.Certificate.Checksum != utilities.GetObjectChecksum(r.resource) } func (r *CertificateResource) ShouldCleanup(tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool { @@ -76,7 +75,7 @@ func (r *CertificateResource) UpdateTenantControlPlaneStatus(ctx context.Context if tenantControlPlane.Spec.Addons.Konnectivity != nil { tenantControlPlane.Status.Addons.Konnectivity.Certificate.LastUpdate = metav1.Now() tenantControlPlane.Status.Addons.Konnectivity.Certificate.SecretName = r.resource.GetName() - tenantControlPlane.Status.Addons.Konnectivity.Certificate.Checksum = r.resource.GetAnnotations()[constants.Checksum] + tenantControlPlane.Status.Addons.Konnectivity.Certificate.Checksum = utilities.GetObjectChecksum(r.resource) return nil } @@ -135,12 +134,7 @@ func (r *CertificateResource) mutate(ctx context.Context, tenantControlPlane *ka }, )) - annotations := r.resource.GetAnnotations() - if annotations == nil { - annotations = map[string]string{} - } - annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) - r.resource.SetAnnotations(annotations) + utilities.SetObjectChecksum(r.resource, r.resource.Data) return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) } diff --git a/internal/resources/konnectivity/egress_selector_configuration_resource.go b/internal/resources/konnectivity/egress_selector_configuration_resource.go index dd1b9fe..07a1a99 100644 --- a/internal/resources/konnectivity/egress_selector_configuration_resource.go +++ b/internal/resources/konnectivity/egress_selector_configuration_resource.go @@ -16,7 +16,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1" - "github.com/clastix/kamaji/internal/constants" "github.com/clastix/kamaji/internal/utilities" ) @@ -65,13 +64,13 @@ func (r *EgressSelectorConfigurationResource) GetName() string { } func (r *EgressSelectorConfigurationResource) ShouldStatusBeUpdated(ctx context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool { - return tenantControlPlane.Status.Addons.Konnectivity.ConfigMap.Checksum != r.resource.GetAnnotations()[constants.Checksum] + return tenantControlPlane.Status.Addons.Konnectivity.ConfigMap.Checksum != utilities.GetObjectChecksum(r.resource) } func (r *EgressSelectorConfigurationResource) UpdateTenantControlPlaneStatus(ctx context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) error { if tenantControlPlane.Spec.Addons.Konnectivity != nil { tenantControlPlane.Status.Addons.Konnectivity.ConfigMap.Name = r.resource.GetName() - tenantControlPlane.Status.Addons.Konnectivity.ConfigMap.Checksum = r.resource.GetAnnotations()[constants.Checksum] + tenantControlPlane.Status.Addons.Konnectivity.ConfigMap.Checksum = utilities.GetObjectChecksum(r.resource) return nil } @@ -114,11 +113,7 @@ func (r *EgressSelectorConfigurationResource) mutate(_ context.Context, tenantCo "egress-selector-configuration.yaml": string(yamlConfiguration), } - annotations := r.resource.GetAnnotations() - if annotations == nil { - annotations = map[string]string{} - } - annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) + utilities.SetObjectChecksum(r.resource, r.resource.Data) return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) } diff --git a/internal/resources/konnectivity/kubeconfig_resource.go b/internal/resources/konnectivity/kubeconfig_resource.go index 26abe7d..27d3190 100644 --- a/internal/resources/konnectivity/kubeconfig_resource.go +++ b/internal/resources/konnectivity/kubeconfig_resource.go @@ -19,7 +19,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1" - "github.com/clastix/kamaji/internal/constants" "github.com/clastix/kamaji/internal/utilities" ) @@ -29,7 +28,7 @@ type KubeconfigResource struct { } func (r *KubeconfigResource) ShouldStatusBeUpdated(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool { - return tenantControlPlane.Status.Addons.Konnectivity.Kubeconfig.Checksum != r.resource.GetAnnotations()[constants.Checksum] + return tenantControlPlane.Status.Addons.Konnectivity.Kubeconfig.Checksum != utilities.GetObjectChecksum(r.resource) } func (r *KubeconfigResource) ShouldCleanup(tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool { @@ -74,7 +73,7 @@ func (r *KubeconfigResource) UpdateTenantControlPlaneStatus(_ context.Context, t if tenantControlPlane.Spec.Addons.Konnectivity != nil { tenantControlPlane.Status.Addons.Konnectivity.Kubeconfig.LastUpdate = metav1.Now() tenantControlPlane.Status.Addons.Konnectivity.Kubeconfig.SecretName = r.resource.GetName() - tenantControlPlane.Status.Addons.Konnectivity.Kubeconfig.Checksum = r.resource.GetAnnotations()[constants.Checksum] + tenantControlPlane.Status.Addons.Konnectivity.Kubeconfig.Checksum = utilities.GetObjectChecksum(r.resource) return nil } @@ -88,7 +87,7 @@ func (r *KubeconfigResource) mutate(ctx context.Context, tenantControlPlane *kam return func() error { logger := log.FromContext(ctx, "resource", r.GetName()) - if checksum := tenantControlPlane.Status.Addons.Konnectivity.Certificate.Checksum; len(checksum) > 0 && checksum == r.resource.GetAnnotations()[constants.Checksum] { + if checksum := tenantControlPlane.Status.Addons.Konnectivity.Certificate.Checksum; len(checksum) > 0 && checksum == utilities.GetObjectChecksum(r.resource) { return nil } @@ -156,11 +155,8 @@ func (r *KubeconfigResource) mutate(ctx context.Context, tenantControlPlane *kam konnectivityKubeconfigFileName: kubeconfigBytes, } - annotations := r.resource.GetAnnotations() - if annotations == nil { - annotations = map[string]string{} - } - annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) + utilities.SetObjectChecksum(r.resource, r.resource.Data) + r.resource.SetLabels(utilities.MergeMaps( utilities.KamajiLabels(), map[string]string{ diff --git a/internal/resources/kubeadm_config.go b/internal/resources/kubeadm_config.go index 4fe9288..6b9a4d7 100644 --- a/internal/resources/kubeadm_config.go +++ b/internal/resources/kubeadm_config.go @@ -15,7 +15,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1" - "github.com/clastix/kamaji/internal/constants" "github.com/clastix/kamaji/internal/kubeadm" "github.com/clastix/kamaji/internal/utilities" ) @@ -28,7 +27,7 @@ type KubeadmConfigResource struct { } func (r *KubeadmConfigResource) ShouldStatusBeUpdated(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool { - return tenantControlPlane.Status.KubeadmConfig.Checksum != r.resource.GetAnnotations()[constants.Checksum] + return tenantControlPlane.Status.KubeadmConfig.Checksum != utilities.GetObjectChecksum(r.resource) } func (r *KubeadmConfigResource) ShouldCleanup(*kamajiv1alpha1.TenantControlPlane) bool { @@ -64,7 +63,7 @@ func (r *KubeadmConfigResource) GetName() string { func (r *KubeadmConfigResource) UpdateTenantControlPlaneStatus(ctx context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) error { tenantControlPlane.Status.KubeadmConfig.LastUpdate = metav1.Now() - tenantControlPlane.Status.KubeadmConfig.Checksum = r.resource.GetAnnotations()[constants.Checksum] + tenantControlPlane.Status.KubeadmConfig.Checksum = utilities.GetObjectChecksum(r.resource) tenantControlPlane.Status.KubeadmConfig.ConfigmapName = r.resource.GetName() return nil @@ -115,12 +114,7 @@ func (r *KubeadmConfigResource) mutate(ctx context.Context, tenantControlPlane * return err } - annotations := r.resource.GetAnnotations() - if annotations == nil { - annotations = map[string]string{} - } - annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) - r.resource.SetAnnotations(annotations) + utilities.SetObjectChecksum(r.resource, r.resource.Data) if err := ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()); err != nil { return err diff --git a/internal/resources/kubeconfig.go b/internal/resources/kubeconfig.go index 866728a..2c855fd 100644 --- a/internal/resources/kubeconfig.go +++ b/internal/resources/kubeconfig.go @@ -88,7 +88,7 @@ func (r *KubeconfigResource) UpdateTenantControlPlaneStatus(ctx context.Context, status.LastUpdate = metav1.Now() status.SecretName = r.resource.GetName() - status.Checksum = r.resource.Annotations[constants.Checksum] + status.Checksum = utilities.GetObjectChecksum(r.resource) return nil } diff --git a/internal/resources/sa_certificate.go b/internal/resources/sa_certificate.go index ffd0357..dc47439 100644 --- a/internal/resources/sa_certificate.go +++ b/internal/resources/sa_certificate.go @@ -16,7 +16,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1" - "github.com/clastix/kamaji/internal/constants" "github.com/clastix/kamaji/internal/crypto" "github.com/clastix/kamaji/internal/kubeadm" "github.com/clastix/kamaji/internal/utilities" @@ -31,7 +30,7 @@ type SACertificate struct { func (r *SACertificate) ShouldStatusBeUpdated(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool { return tenantControlPlane.Status.Certificates.SA.SecretName != r.resource.GetName() || - tenantControlPlane.Status.Certificates.SA.Checksum != r.resource.GetAnnotations()[constants.Checksum] + tenantControlPlane.Status.Certificates.SA.Checksum != utilities.GetObjectChecksum(r.resource) } func (r *SACertificate) ShouldCleanup(*kamajiv1alpha1.TenantControlPlane) bool { @@ -76,7 +75,7 @@ func (r *SACertificate) GetName() string { func (r *SACertificate) UpdateTenantControlPlaneStatus(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) error { tenantControlPlane.Status.Certificates.SA.LastUpdate = metav1.Now() tenantControlPlane.Status.Certificates.SA.SecretName = r.resource.GetName() - tenantControlPlane.Status.Certificates.SA.Checksum = r.resource.GetAnnotations()[constants.Checksum] + tenantControlPlane.Status.Certificates.SA.Checksum = utilities.GetObjectChecksum(r.resource) return nil } @@ -85,7 +84,7 @@ func (r *SACertificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1 return func() error { logger := log.FromContext(ctx, "resource", r.GetName()) - if checksum := tenantControlPlane.Status.Certificates.SA.Checksum; len(checksum) > 0 && checksum == r.resource.GetAnnotations()[constants.Checksum] { + if checksum := tenantControlPlane.Status.Certificates.SA.Checksum; len(checksum) > 0 && checksum == utilities.GetObjectChecksum(r.resource) { isValid, err := crypto.CheckPublicAndPrivateKeyValidity(r.resource.Data[kubeadmconstants.ServiceAccountPublicKeyName], r.resource.Data[kubeadmconstants.ServiceAccountPrivateKeyName]) if err != nil { logger.Info(fmt.Sprintf("%s public_key-private_key pair is not valid: %s", kubeadmconstants.ServiceAccountKeyBaseName, err.Error())) @@ -122,12 +121,7 @@ func (r *SACertificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1 }, )) - annotations := r.resource.GetAnnotations() - if annotations == nil { - annotations = map[string]string{} - } - annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) - r.resource.SetAnnotations(annotations) + utilities.SetObjectChecksum(r.resource, r.resource.Data) return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) } diff --git a/internal/utilities/checksum.go b/internal/utilities/checksum.go index 13f03de..597c54d 100644 --- a/internal/utilities/checksum.go +++ b/internal/utilities/checksum.go @@ -7,8 +7,35 @@ import ( "crypto/md5" "encoding/hex" "sort" + + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/clastix/kamaji/internal/constants" ) +// GetObjectChecksum returns the annotation checksum in case this is set, +// otherwise, an empty string. +func GetObjectChecksum(obj client.Object) string { + v, ok := obj.GetAnnotations()[constants.Checksum] + if !ok { + return "" + } + + return v +} + +// SetObjectChecksum calculates the checksum for the given map and store it in the object annotations. +func SetObjectChecksum(obj client.Object, data any) { + annotations := obj.GetAnnotations() + if annotations == nil { + annotations = make(map[string]string) + } + + annotations[constants.Checksum] = CalculateMapChecksum(data) + + obj.SetAnnotations(annotations) +} + // CalculateMapChecksum orders the map according to its key, and calculating the overall md5 of the values. // It's expected to work with ConfigMap (map[string]string) and Secrets (map[string][]byte). func CalculateMapChecksum(data any) string { @@ -36,7 +63,7 @@ func calculateMapStringString(data map[string]string) string { checksum += data[key] } - return MD5Checksum([]byte(checksum)) + return md5Checksum([]byte(checksum)) } func calculateMapStringByte(data map[string][]byte) string { @@ -53,10 +80,10 @@ func calculateMapStringByte(data map[string][]byte) string { checksum += string(data[key]) } - return MD5Checksum([]byte(checksum)) + return md5Checksum([]byte(checksum)) } -func MD5Checksum(value []byte) string { +func md5Checksum(value []byte) string { hash := md5.Sum(value) return hex.EncodeToString(hash[:])