Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
Pascal Davoust authored and davoustp committed Nov 4, 2024
1 parent 0c7352f commit 1e33c72
Show file tree
Hide file tree
Showing 30 changed files with 202 additions and 40 deletions.
25 changes: 23 additions & 2 deletions api/v1alpha1/utils/vaultobject.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"context"
"strings"

"github.com/google/go-cmp/cmp"
vault "github.com/hashicorp/vault/api"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/log"
Expand Down Expand Up @@ -58,6 +59,7 @@ func (ve *VaultEndpoint) DeleteKVv2IfExists(context context.Context) error {
// should match pathToDelete := fmt.Sprintf("%s/metadata/%s", kv.mountPath, secretPath)
pathToDelete := strings.Replace(ve.vaultObject.GetPath(), "/data/", "/metadata/", 1)

log.V(1).Info("deleting resource from Vault", "op", "VaultEndpoint.DeleteKVv2IfExists")
_, err := vaultClient.Logical().Delete(pathToDelete)
if err != nil {
if respErr, ok := err.(*vault.ResponseError); ok {
Expand All @@ -73,6 +75,7 @@ func (ve *VaultEndpoint) DeleteKVv2IfExists(context context.Context) error {

func (ve *VaultEndpoint) DeleteIfExists(context context.Context) error {
log := log.FromContext(context)
log.V(1).Info("deleting resource from Vault", "op", "VaultEndpoint.DeleteIfExists")
vaultClient := context.Value("vaultClient").(*vault.Client)
_, err := vaultClient.Logical().Delete(ve.vaultObject.GetPath())
if err != nil {
Expand All @@ -98,21 +101,30 @@ func (ve *VaultEndpoint) Exists(context context.Context) (bool, error) {
}

func (ve *VaultEndpoint) Create(context context.Context) error {
log := log.FromContext(context)
log.V(1).Info("creating resource in Vault", "op", "VaultEndpoint.Create")
return write(context, ve.vaultObject.GetPath(), ve.vaultObject.GetPayload())
}

func (ve *VaultEndpoint) CreateOrUpdate(context context.Context) error {
log := log.FromContext(context)
log.V(1).Info("reading resource from Vault", "op", "VaultEndpoint.CreateOrUpdate")
currentPayload, found, err := read(context, ve.vaultObject.GetPath())
if err != nil {
log.Error(err, "unable to read object at", "path", ve.vaultObject.GetPath())
return err
}
if !found {
log.V(1).Info("resource does not exist, creating it in Vault", "op", "VaultEndpoint.CreateOrUpdate")
return write(context, ve.vaultObject.GetPath(), ve.vaultObject.GetPayload())
} else {
if !ve.vaultObject.IsEquivalentToDesiredState(currentPayload) {
return write(context, ve.vaultObject.GetPath(), ve.vaultObject.GetPayload())
updatedPayload := ve.vaultObject.GetPayload()
log.V(1).Info("resource is not in sync, writing to Vault", "op", "VaultEndpoint.CreateOrUpdate",
"diff", cmp.Diff(currentPayload, updatedPayload))
return write(context, ve.vaultObject.GetPath(), updatedPayload)
} else {
log.V(1).Info("vault resource is already in sync", "op", "VaultEndpoint.CreateOrUpdate")
}
}
return nil
Expand All @@ -135,22 +147,31 @@ func (ve *RabbitMQEngineConfigVaultEndpoint) CreateOrUpdateLease(context context
if ve.rabbitMQEngineConfigVaultEndpoint.CheckTTLValuesProvided() {
return nil
}
log.V(1).Info("reading resource from Vault", "op", "RabbitMQEngineConfigVaultEndpoint.CreateOrUpdateLease")
currentPayload, found, err := read(context, ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePath())
if err != nil {
log.Error(err, "unable to read object at", "path", ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePath())
return err
}
if !found {
log.V(1).Info("resource does not exist, creating it in Vault", "op", "RabbitMQEngineConfigVaultEndpoint.CreateOrUpdateLease")
return write(context, ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePath(), ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePayload())
} else {
if !ve.rabbitMQEngineConfigVaultEndpoint.IsEquivalentToDesiredState(currentPayload) {
return write(context, ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePath(), ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePayload())
updatedPayload := ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePayload()
log.V(1).Info("resource is not in sync, writing to Vault", "op", "RabbitMQEngineConfigVaultEndpoint.CreateOrUpdateLease",
"diff", cmp.Diff(currentPayload, updatedPayload))
return write(context, ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePath(), updatedPayload)
} else {
log.V(1).Info("vault resource is already in sync", "op", "RabbitMQEngineConfigVaultEndpoint.CreateOrUpdateLease")
}
}
return nil
}

func (ve *RabbitMQEngineConfigVaultEndpoint) Create(context context.Context) error {
log := log.FromContext(context)
log.V(1).Info("creating resource in Vault", "op", "RabbitMQEngineConfigVaultEndpoint.Create")
return write(context, ve.rabbitMQEngineConfigVaultEndpoint.GetPath(), ve.rabbitMQEngineConfigVaultEndpoint.GetPayload())
}

Expand Down
10 changes: 7 additions & 3 deletions controllers/databasesecretengineconfig_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"time"

redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1"
"github.com/redhat-cop/vault-config-operator/controllers/k8sevt"
"github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller"
corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
Expand Down Expand Up @@ -210,14 +211,16 @@ func (r *DatabaseSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager
}

return ctrl.NewControllerManagedBy(mgr).
For(&redhatcopv1alpha1.DatabaseSecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})).
For(&redhatcopv1alpha1.DatabaseSecretEngineConfig{},
builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})).
Watches(&corev1.Secret{
TypeMeta: metav1.TypeMeta{
Kind: "Secret",
},
}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request {
res := []reconcile.Request{}
s := a.(*corev1.Secret)
r.Log.V(1).Info("fanning event on Secret out to applicable DatabaseSecretEngineConfigs", "namespace", s.Namespace, "name", s.Name)
dbsecs, err := r.findApplicableBDSCForSecret(ctx, s)
if err != nil {
r.Log.Error(err, "unable to find applicable databaseSecretEngines for namespace", "namespace", s.Name)
Expand All @@ -232,14 +235,15 @@ func (r *DatabaseSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager
})
}
return res
}), builder.WithPredicates(isBasicAuthSecret)).
}), builder.WithPredicates(isBasicAuthSecret, k8sevt.Log{})).
Watches(&redhatcopv1alpha1.RandomSecret{
TypeMeta: metav1.TypeMeta{
Kind: "RandomSecret",
},
}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request {
res := []reconcile.Request{}
rs := a.(*redhatcopv1alpha1.RandomSecret)
r.Log.V(1).Info("fanning event on RandomSecret out to applicable RandomSecrets", "namespace", rs.Namespace, "name", rs.Name)
dbsecs, err := r.findApplicableDBSCForRandomSecret(ctx, rs)
if err != nil {
r.Log.Error(err, "unable to find applicable databaseSecretEngines for namespace", "namespace", rs.Name)
Expand All @@ -254,7 +258,7 @@ func (r *DatabaseSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager
})
}
return res
}), builder.WithPredicates(isUpdatedRandomSecret)).
}), builder.WithPredicates(isUpdatedRandomSecret, k8sevt.Log{})).
Complete(r)
}

Expand Down
4 changes: 3 additions & 1 deletion controllers/databasesecretenginerole_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/reconcile"

redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1"
"github.com/redhat-cop/vault-config-operator/controllers/k8sevt"
"github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller"
)

Expand Down Expand Up @@ -80,6 +81,7 @@ func (r *DatabaseSecretEngineRoleReconciler) Reconcile(ctx context.Context, req
// SetupWithManager sets up the controller with the Manager.
func (r *DatabaseSecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error {
return ctrl.NewControllerManagedBy(mgr).
For(&redhatcopv1alpha1.DatabaseSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})).
For(&redhatcopv1alpha1.DatabaseSecretEngineRole{},
builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})).
Complete(r)
}
4 changes: 3 additions & 1 deletion controllers/databasesecretenginestaticrole_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/reconcile"

redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1"
"github.com/redhat-cop/vault-config-operator/controllers/k8sevt"
"github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller"
)

Expand Down Expand Up @@ -71,6 +72,7 @@ func (r *DatabaseSecretEngineStaticRoleReconciler) Reconcile(ctx context.Context
// SetupWithManager sets up the controller with the Manager.
func (r *DatabaseSecretEngineStaticRoleReconciler) SetupWithManager(mgr ctrl.Manager) error {
return ctrl.NewControllerManagedBy(mgr).
For(&redhatcopv1alpha1.DatabaseSecretEngineStaticRole{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})).
For(&redhatcopv1alpha1.DatabaseSecretEngineStaticRole{},
builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})).
Complete(r)
}
7 changes: 5 additions & 2 deletions controllers/githubsecretengineconfig_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/reconcile"

redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1"
"github.com/redhat-cop/vault-config-operator/controllers/k8sevt"
"github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller"
)

Expand Down Expand Up @@ -118,14 +119,16 @@ func (r *GitHubSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager)
}

return ctrl.NewControllerManagedBy(mgr).
For(&redhatcopv1alpha1.GitHubSecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})).
For(&redhatcopv1alpha1.GitHubSecretEngineConfig{},
builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})).
Watches(&corev1.Secret{
TypeMeta: metav1.TypeMeta{
Kind: "Secret",
},
}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request {
res := []reconcile.Request{}
s := a.(*corev1.Secret)
r.Log.V(1).Info("fanning event on Secret out to applicable GitHubSecretEngineConfigs", "namespace", s.Namespace, "name", s.Name)
dbsecs, err := r.findApplicableGHSCForSecret(ctx, s)
if err != nil {
r.Log.Error(err, "unable to find applicable github SecretEngines for namespace", "namespace", s.Name)
Expand All @@ -140,7 +143,7 @@ func (r *GitHubSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager)
})
}
return res
}), builder.WithPredicates(isSSHSecret)).
}), builder.WithPredicates(isSSHSecret, k8sevt.Log{})).
Complete(r)
}

Expand Down
4 changes: 3 additions & 1 deletion controllers/githubsecretenginerole_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/reconcile"

redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1"
"github.com/redhat-cop/vault-config-operator/controllers/k8sevt"
"github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller"
)

Expand Down Expand Up @@ -80,6 +81,7 @@ func (r *GitHubSecretEngineRoleReconciler) Reconcile(ctx context.Context, req ct
// SetupWithManager sets up the controller with the Manager.
func (r *GitHubSecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error {
return ctrl.NewControllerManagedBy(mgr).
For(&redhatcopv1alpha1.GitHubSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})).
For(&redhatcopv1alpha1.GitHubSecretEngineRole{},
builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})).
Complete(r)
}
4 changes: 3 additions & 1 deletion controllers/group_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/reconcile"

redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1"
"github.com/redhat-cop/vault-config-operator/controllers/k8sevt"
"github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller"
)

Expand Down Expand Up @@ -77,6 +78,7 @@ func (r *GroupReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
// SetupWithManager sets up the controller with the Manager.
func (r *GroupReconciler) SetupWithManager(mgr ctrl.Manager) error {
return ctrl.NewControllerManagedBy(mgr).
For(&redhatcopv1alpha1.Group{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})).
For(&redhatcopv1alpha1.Group{},
builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})).
Complete(r)
}
4 changes: 3 additions & 1 deletion controllers/groupalias_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/reconcile"

redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1"
"github.com/redhat-cop/vault-config-operator/controllers/k8sevt"
"github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller"
)

Expand Down Expand Up @@ -77,6 +78,7 @@ func (r *GroupAliasReconciler) Reconcile(ctx context.Context, req ctrl.Request)
// SetupWithManager sets up the controller with the Manager.
func (r *GroupAliasReconciler) SetupWithManager(mgr ctrl.Manager) error {
return ctrl.NewControllerManagedBy(mgr).
For(&redhatcopv1alpha1.GroupAlias{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})).
For(&redhatcopv1alpha1.GroupAlias{},
builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})).
Complete(r)
}
10 changes: 7 additions & 3 deletions controllers/jwtoidcauthengineconfig_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/reconcile"

redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1"
"github.com/redhat-cop/vault-config-operator/controllers/k8sevt"
"github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller"
)

Expand Down Expand Up @@ -142,14 +143,16 @@ func (r *JWTOIDCAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) e
}

return ctrl.NewControllerManagedBy(mgr).
For(&redhatcopv1alpha1.JWTOIDCAuthEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})).
For(&redhatcopv1alpha1.JWTOIDCAuthEngineConfig{},
builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})).
Watches(&corev1.Secret{
TypeMeta: metav1.TypeMeta{
Kind: "Secret",
},
}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request {
res := []reconcile.Request{}
s := a.(*corev1.Secret)
r.Log.V(1).Info("fanning event on Secret out to applicable JWTOIDCAuthEngineConfigs", "namespace", s.Namespace, "name", s.Name)
dbsecs, err := r.findApplicableJOAEForSecret(ctx, s)
if err != nil {
r.Log.Error(err, "unable to find applicable JWTOIDCAuthEngine for namespace", "namespace", s.Name)
Expand All @@ -164,14 +167,15 @@ func (r *JWTOIDCAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) e
})
}
return res
}), builder.WithPredicates(isBasicAuthSecret)).
}), builder.WithPredicates(isBasicAuthSecret, k8sevt.Log{})).
Watches(&redhatcopv1alpha1.RandomSecret{
TypeMeta: metav1.TypeMeta{
Kind: "RandomSecret",
},
}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request {
res := []reconcile.Request{}
rs := a.(*redhatcopv1alpha1.RandomSecret)
r.Log.V(1).Info("fanning event on RandomSecret out to applicable JWTOIDCAuthEngineConfigs", "namespace", rs.Namespace, "name", rs.Name)
dbsecs, err := r.findApplicableJOAEForRandomSecret(ctx, rs)
if err != nil {
r.Log.Error(err, "unable to find applicable JWTOIDCAuthEngine for namespace", "namespace", rs.Name)
Expand All @@ -186,7 +190,7 @@ func (r *JWTOIDCAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) e
})
}
return res
}), builder.WithPredicates(isUpdatedRandomSecret)).
}), builder.WithPredicates(isUpdatedRandomSecret, k8sevt.Log{})).
Complete(r)

}
Expand Down
4 changes: 3 additions & 1 deletion controllers/jwtoidcauthenginerole_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/reconcile"

redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1"
"github.com/redhat-cop/vault-config-operator/controllers/k8sevt"
"github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller"
)

Expand Down Expand Up @@ -75,6 +76,7 @@ func (r *JWTOIDCAuthEngineRoleReconciler) Reconcile(ctx context.Context, req ctr
// SetupWithManager sets up the controller with the Manager.
func (r *JWTOIDCAuthEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error {
return ctrl.NewControllerManagedBy(mgr).
For(&redhatcopv1alpha1.JWTOIDCAuthEngineRole{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})).
For(&redhatcopv1alpha1.JWTOIDCAuthEngineRole{},
builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})).
Complete(r)
}
Loading

0 comments on commit 1e33c72

Please sign in to comment.