[SAPBTPCFS-15469] Update Service Instance on change of 'parametersFro…

…m' secret
SAP · Nov 28, 2024 · 88d1854 · 88d1854
1 parent 23059fc
commit 88d1854
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 56 deletions.
diff --git a/controllers/serviceinstance_controller.go b/controllers/serviceinstance_controller.go
@@ -179,10 +179,7 @@ func (r *ServiceInstanceReconciler) SetupWithManager(mgr ctrl.Manager) error {
 				return false
 			},
 			UpdateFunc: func(e event.UpdateEvent) bool {
-				if _, ok := e.ObjectNew.GetLabels()[common.WatchSecretLabel]; !ok {
-					return false
-				}
-				return isSecretDataChanged(e)
+				return utils.IsSecretWatched(e.ObjectNew) && isSecretDataChanged(e)
 			},
 			DeleteFunc: func(e event.DeleteEvent) bool {
 				return false
@@ -342,8 +339,9 @@ func (r *ServiceInstanceReconciler) deleteInstance(ctx context.Context, serviceI
 		}
 		for labelKey := range serviceInstance.Labels {
 			if strings.HasPrefix(labelKey, common.InstanceSecretLabel) {
-				err := utils.DecreaseSecretWatchLabel(ctx, r.Client, serviceInstance.Namespace, serviceInstance.Labels[labelKey])
+				err = utils.RemoveSecretWatch(ctx, r.Client, serviceInstance.Namespace, serviceInstance.Labels[labelKey], serviceInstance.Name)
 				if err != nil {
+					log.Error(err, fmt.Sprintf("failed to decrease secret watch label with key %s", labelKey))
 					return ctrl.Result{}, err
 				}
 			}
@@ -593,6 +591,10 @@ func (r *ServiceInstanceReconciler) handleInstanceSharingError(ctx context.Conte
 func (r *ServiceInstanceReconciler) buildSMRequestParameters(ctx context.Context, serviceInstance *v1.ServiceInstance) ([]byte, error) {
 	log := utils.GetLogger(ctx)
 	instanceParameters, newSecretsMap, err := utils.BuildSMRequestParameters(serviceInstance.Namespace, serviceInstance.Spec.Parameters, serviceInstance.Spec.ParametersFrom)
+	if err != nil {
+		log.Error(err, "failed to build instance parameters")
+		return nil, err
+	}
 	shouldUpdate := false
 	if serviceInstance.IsSubscribedToSecretKeyRefChange() {
 		existingSecrets := make(map[string]string)
@@ -614,19 +616,23 @@ func (r *ServiceInstanceReconciler) buildSMRequestParameters(ctx context.Context
 				shouldUpdate = true
 				secret := newSecretsMap[key]
 				serviceInstance.Labels[common.InstanceSecretLabel+"-"+key] = secret.Name
-				utils.IncreaseSecretHaveWatchLabel(ctx, secret, r.Client)
+				err = utils.AddSecretHaveWatch(ctx, secret, r.Client, serviceInstance.Name)
+				if err != nil {
+					log.Error(err, fmt.Sprintf("failed to increase secret watch label with key %s", key))
+					return nil, err
+				}
 			}
 		}
 		for key := range existingSecrets {
 			if existingSecrets[key] == "false" {
 				// this secret is not on the instance anymore and should be deleted
 				shouldUpdate = true
-				err = utils.DecreaseSecretWatchLabel(ctx, r.Client, serviceInstance.Namespace, serviceInstance.Labels[key])
+				err = utils.RemoveSecretWatch(ctx, r.Client, serviceInstance.Namespace, serviceInstance.Labels[key], serviceInstance.Name)
 				if err != nil {
 					log.Error(err, fmt.Sprintf("failed to decrease secret watch label with key %s", key))
-				} else {
-					delete(serviceInstance.Labels, key)
+					return nil, err
 				}
+				delete(serviceInstance.Labels, key)
 			}
 		}
 	} else {
@@ -635,12 +641,12 @@ func (r *ServiceInstanceReconciler) buildSMRequestParameters(ctx context.Context
 			for key := range serviceInstance.Labels {
 				if strings.HasPrefix(key, common.InstanceSecretLabel) {
 					shouldUpdate = true
-					err = utils.DecreaseSecretWatchLabel(ctx, r.Client, serviceInstance.Namespace, serviceInstance.Labels[key])
+					err = utils.RemoveSecretWatch(ctx, r.Client, serviceInstance.Namespace, serviceInstance.Labels[key], serviceInstance.Name)
 					if err != nil {
 						log.Error(err, fmt.Sprintf("failed to decrease secret watch label with key %s", key))
-					} else {
-						delete(serviceInstance.Labels, key)
+						return nil, err
 					}
+					delete(serviceInstance.Labels, key)
 				}
 			}
 		}

diff --git a/internal/utils/controller_util.go b/internal/utils/controller_util.go
@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
-	"strconv"
 	"strings"
 	"time"
 
@@ -248,52 +247,45 @@ func serialize(value interface{}) ([]byte, format, error) {
 	return data, JSON, nil
 }
 
-func IncreaseSecretHaveWatchLabel(ctx context.Context, secret *v12.Secret, k8sClient client.Client) {
-	log := GetLogger(ctx)
+func AddSecretHaveWatch(ctx context.Context, secret *v12.Secret, k8sClient client.Client, instanceName string) error {
 	if secret != nil {
-		if secret.Labels == nil {
-			secret.Labels = make(map[string]string)
+		if secret.Annotations == nil {
+			secret.Annotations = make(map[string]string)
 		}
-		if _, exists := secret.Labels[common.WatchSecretLabel]; exists {
-			counter, err := strconv.Atoi(secret.Labels[common.WatchSecretLabel])
-			if err != nil {
-				log.Error(err, "failed to convert label value to integer")
-				return
+		if _, exists := secret.Annotations[common.WatchSecretLabel+instanceName]; !exists {
+			secret.Annotations[common.WatchSecretLabel+instanceName] = "true"
+			if err := k8sClient.Update(ctx, secret); err != nil {
+				return err
 			}
-			secret.Labels[common.WatchSecretLabel] = strconv.Itoa(counter + 1)
-		} else {
-			secret.Labels[common.WatchSecretLabel] = "1"
-		}
-		if err := k8sClient.Update(ctx, secret); err != nil {
-			log.Error(err, "failed to update secret with watch label")
 		}
 	}
+	return nil
 }
 
-func DecreaseSecretWatchLabel(ctx context.Context, k8sClient client.Client, namespace string, name string) error {
-	log := GetLogger(ctx)
+func RemoveSecretWatch(ctx context.Context, k8sClient client.Client, namespace string, name string, instanceName string) error {
 	secret := &v12.Secret{}
 	err := k8sClient.Get(ctx, apimachinerytypes.NamespacedName{Name: name, Namespace: namespace}, secret)
 	if err != nil {
 		return err
 	}
-	if secret.Labels == nil {
+	if secret.Annotations == nil {
 		return nil
 	}
-	if _, exists := secret.Labels[common.WatchSecretLabel]; exists {
-		counter, err := strconv.Atoi(secret.Labels[common.WatchSecretLabel])
-		if err != nil {
-			return err
-		}
-		if counter == 1 {
-			log.Info(fmt.Sprintf("deleting watch label from secret %s", secret.UID))
-			delete(secret.Labels, common.WatchSecretLabel)
-		} else {
-			secret.Labels[common.WatchSecretLabel] = strconv.Itoa(counter - 1)
-		}
-		if err = k8sClient.Update(ctx, secret); err != nil {
+	if _, exists := secret.Annotations[common.WatchSecretLabel+instanceName]; exists {
+		delete(secret.Annotations, common.WatchSecretLabel+instanceName)
+		if err := k8sClient.Update(ctx, secret); err != nil {
 			return err
 		}
 	}
+
 	return nil
 }
+
+func IsSecretWatched(secret client.Object) bool {
+	for key := range secret.GetAnnotations() {
+		if strings.HasPrefix(key, common.WatchSecretLabel) {
+			return true
+		}
+	}
+	return false
+}
diff --git a/internal/utils/controller_util_test.go b/internal/utils/controller_util_test.go
@@ -202,7 +202,7 @@ var _ = Describe("Controller Util", func() {
 		})
 	})
 
-	Context("IncreaseSecretHaveWatchLabel", func() {
+	Context("AddSecretHaveWatch", func() {
 		It("should add the watch label to the secret if it is missing", func() {
 			// Create a fake client
 
@@ -215,40 +215,53 @@ var _ = Describe("Controller Util", func() {
 			}
 			err := k8sClient.Create(ctx, secret)
 			Expect(err).ToNot(HaveOccurred())
+			err = k8sClient.Get(ctx, types.NamespacedName{Name: "test-secret", Namespace: "default"}, secret)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(IsSecretWatched(secret)).To(BeFalse())
+
 			// Call the function
-			IncreaseSecretHaveWatchLabel(ctx, secret, k8sClient)
+			name := "instancedName"
+			err = AddSecretHaveWatch(ctx, secret, k8sClient, name)
+			Expect(err).ToNot(HaveOccurred())
 
 			// Get the updated secret
 			updatedSecret := &corev1.Secret{}
 			err = k8sClient.Get(ctx, types.NamespacedName{Name: "test-secret", Namespace: "default"}, updatedSecret)
 			Expect(err).ToNot(HaveOccurred())
 
-			// Verify the label was added
-			Expect(updatedSecret.Labels[common.WatchSecretLabel]).To(Equal("1"))
+			Expect(IsSecretWatched(updatedSecret)).To(BeTrue())
+			// Verify the annotation was added
+			Expect(updatedSecret.Annotations[common.WatchSecretLabel+name]).To(Equal("true"))
 
-			IncreaseSecretHaveWatchLabel(ctx, secret, k8sClient)
+			err = AddSecretHaveWatch(ctx, secret, k8sClient, "new-name")
+			Expect(err).ToNot(HaveOccurred())
 
 			err = k8sClient.Get(ctx, types.NamespacedName{Name: "test-secret", Namespace: "default"}, updatedSecret)
 			Expect(err).ToNot(HaveOccurred())
 
-			// Verify the label was added
-			Expect(updatedSecret.Labels[common.WatchSecretLabel]).To(Equal("2"))
+			Expect(IsSecretWatched(updatedSecret)).To(BeTrue())
+			// Verify the annotation was added
+			Expect(updatedSecret.Annotations[common.WatchSecretLabel+"new-name"]).To(Equal("true"))
 
-			DecreaseSecretWatchLabel(ctx, k8sClient, secret.Namespace, secret.Name)
+			err = RemoveSecretWatch(ctx, k8sClient, secret.Namespace, secret.Name, name)
+			Expect(err).ToNot(HaveOccurred())
 
 			err = k8sClient.Get(ctx, types.NamespacedName{Name: "test-secret", Namespace: "default"}, updatedSecret)
 			Expect(err).ToNot(HaveOccurred())
 
-			// Verify the label was added
-			Expect(updatedSecret.Labels[common.WatchSecretLabel]).To(Equal("1"))
+			Expect(updatedSecret.Annotations[common.WatchSecretLabel+"new-name"]).To(Equal("true"))
+			_, exist := updatedSecret.Annotations[common.WatchSecretLabel+name]
+			Expect(exist).To(BeFalse())
+
+			Expect(IsSecretWatched(updatedSecret)).To(BeTrue())
 
-			DecreaseSecretWatchLabel(ctx, k8sClient, secret.Namespace, secret.Name)
+			err = RemoveSecretWatch(ctx, k8sClient, secret.Namespace, secret.Name, "new-name")
+			Expect(err).ToNot(HaveOccurred())
 
 			err = k8sClient.Get(ctx, types.NamespacedName{Name: "test-secret", Namespace: "default"}, updatedSecret)
 			Expect(err).ToNot(HaveOccurred())
 
-			// Verify the label was added
-			Expect(updatedSecret.Labels[common.WatchSecretLabel]).To(Equal(""))
+			Expect(IsSecretWatched(updatedSecret)).To(BeFalse())
 		})
 	})
 })