Skip to content

Commit

Permalink
chore: remove duplicated logic by function call (red-hat-data-service…
Browse files Browse the repository at this point in the history
…s#1080)

* chore: remove duplicated logic by function call
- change if-else-if to switch
- fast return in recreateSecret case

---------
Signed-off-by: Wen Zhou <wenzhou@redhat.com>
  • Loading branch information
zdtsw committed Jun 26, 2024
1 parent a0da2b4 commit 9a1b8d0
Showing 1 changed file with 34 additions and 44 deletions.
78 changes: 34 additions & 44 deletions pkg/cluster/cert.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,27 +32,9 @@ func CreateSelfSignedCertificate(ctx context.Context, c client.Client, secretNam
if err := ApplyMetaOptions(certSecret, metaOptions...); err != nil {
return err
}
existingSecret := &corev1.Secret{}
err = c.Get(ctx, client.ObjectKey{Name: secretName, Namespace: namespace}, existingSecret)
if err != nil {
if k8serr.IsNotFound(err) {
// Secret does not exist, create it
if createErr := c.Create(ctx, certSecret); createErr != nil {
return fmt.Errorf("failed creating certificate secret: %w", createErr)
}
} else {
return fmt.Errorf("failed getting certificate secret: %w", err)
}
} else if existingSecret.Type != certSecret.Type {
// Secret exists but with a different type, delete and recreate it
if err := c.Delete(ctx, existingSecret); err != nil {
return fmt.Errorf("failed deleting existing secret: %w", err)
}
if createErr := c.Create(ctx, certSecret); client.IgnoreAlreadyExists(createErr) != nil {
return fmt.Errorf("failed creating certificate secret: %w", createErr)
}
if err = generateCertSecret(ctx, c, certSecret, secretName, namespace); err != nil {
return fmt.Errorf("failed update self-signed certificate secret: %w", err)
}

return nil
}

Expand Down Expand Up @@ -194,43 +176,51 @@ func copySecretToNamespace(ctx context.Context, c client.Client, secret *corev1.
Data: secret.Data,
Type: secret.Type,
}

existingSecret := &corev1.Secret{}
err := c.Get(ctx, client.ObjectKey{Name: newSecretName, Namespace: namespace}, existingSecret)
if k8serr.IsNotFound(err) { // create if not found
if err = c.Create(ctx, newSecret); err != nil {
return fmt.Errorf("failed to create new secret: %w", err)
}
} else if err != nil {
return fmt.Errorf("failed to get existing secret: %w", err)
if err := generateCertSecret(ctx, c, newSecret, newSecretName, namespace); err != nil {
return fmt.Errorf("failed to deploy default cert secret to namespace %s: %w", namespace, err)
}

if existingSecret.Type != newSecret.Type { // recreate if found with mismatched type
if recreateSecret(ctx, c, existingSecret, newSecret) != nil {
return errors.New("failed to recreate secret with type corrected")
}
}

if isSecretOutdated(existingSecret.Data, newSecret.Data) {
if err = c.Update(ctx, newSecret); err != nil { // update data if found with same type but outdated content
return fmt.Errorf("failed to update secret: %w", err)
}
}

return nil
}

// recreateSecret deletes the existing secret and creates a new one.
func recreateSecret(ctx context.Context, c client.Client, existingSecret, newSecret *corev1.Secret) error {
if err := c.Delete(ctx, existingSecret); err != nil {
return fmt.Errorf("failed to delete existing secret: %w", err)
return fmt.Errorf("failed to delete existing secret before recreating new one: %w", err)
}
if err := c.Create(ctx, newSecret); err != nil {
return fmt.Errorf("failed to create new secret: %w", err)
return fmt.Errorf("failed to create new secret after existing one has been deleted: %w", err)
}
return nil
}

// generateCertSecret creates a secret if it does not exist; recreate this secret if type not match; update data if outdated.
func generateCertSecret(ctx context.Context, c client.Client, certSecret *corev1.Secret, secretName, namespace string) error {
existingSecret := &corev1.Secret{}
err := c.Get(ctx, client.ObjectKey{Name: secretName, Namespace: namespace}, existingSecret)
switch {
case err == nil:
// Secret exists but with a different type, delete and create it again
if existingSecret.Type != certSecret.Type {
return recreateSecret(ctx, c, existingSecret, certSecret)
}
// update data if found with same type but outdated content
if isSecretOutdated(existingSecret.Data, certSecret.Data) {
if err = c.Update(ctx, certSecret); err != nil {
return fmt.Errorf("failed to update existing secret: %w", err)
}
}
case k8serr.IsNotFound(err):
// Secret does not exist, create it
if err := c.Create(ctx, certSecret); err != nil {
return fmt.Errorf("failed creating new certificate secret: %w", err)
}
default:
return fmt.Errorf("failed getting certificate secret: %w", err)
}

return nil
}

// isSecretOutdated compares two secret data of type map[string][]byte and returns true if they are not equal.
func isSecretOutdated(existingSecretData, newSecretData map[string][]byte) bool {
if len(existingSecretData) != len(newSecretData) {
Expand Down

0 comments on commit 9a1b8d0

Please sign in to comment.