diff --git a/api/v1alpha1/utils/vaultobject.go b/api/v1alpha1/utils/vaultobject.go index f658461..2396df8 100644 --- a/api/v1alpha1/utils/vaultobject.go +++ b/api/v1alpha1/utils/vaultobject.go @@ -20,6 +20,7 @@ import ( "context" "strings" + "github.com/google/go-cmp/cmp" vault "github.com/hashicorp/vault/api" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/log" @@ -58,6 +59,7 @@ func (ve *VaultEndpoint) DeleteKVv2IfExists(context context.Context) error { // should match pathToDelete := fmt.Sprintf("%s/metadata/%s", kv.mountPath, secretPath) pathToDelete := strings.Replace(ve.vaultObject.GetPath(), "/data/", "/metadata/", 1) + log.V(1).Info("deleting resource from Vault", "op", "VaultEndpoint.DeleteKVv2IfExists") _, err := vaultClient.Logical().Delete(pathToDelete) if err != nil { if respErr, ok := err.(*vault.ResponseError); ok { @@ -73,6 +75,7 @@ func (ve *VaultEndpoint) DeleteKVv2IfExists(context context.Context) error { func (ve *VaultEndpoint) DeleteIfExists(context context.Context) error { log := log.FromContext(context) + log.V(1).Info("deleting resource from Vault", "op", "VaultEndpoint.DeleteIfExists") vaultClient := context.Value("vaultClient").(*vault.Client) _, err := vaultClient.Logical().Delete(ve.vaultObject.GetPath()) if err != nil { @@ -88,21 +91,30 @@ func (ve *VaultEndpoint) DeleteIfExists(context context.Context) error { } func (ve *VaultEndpoint) Create(context context.Context) error { + log := log.FromContext(context) + log.V(1).Info("creating resource in Vault", "op", "VaultEndpoint.Create") return write(context, ve.vaultObject.GetPath(), ve.vaultObject.GetPayload()) } func (ve *VaultEndpoint) CreateOrUpdate(context context.Context) error { log := log.FromContext(context) + log.V(1).Info("reading resource from Vault", "op", "VaultEndpoint.CreateOrUpdate") currentPayload, found, err := read(context, ve.vaultObject.GetPath()) if err != nil { log.Error(err, "unable to read object at", "path", ve.vaultObject.GetPath()) return err } if !found { + log.V(1).Info("resource does not exist, creating it in Vault", "op", "VaultEndpoint.CreateOrUpdate") return write(context, ve.vaultObject.GetPath(), ve.vaultObject.GetPayload()) } else { if !ve.vaultObject.IsEquivalentToDesiredState(currentPayload) { - return write(context, ve.vaultObject.GetPath(), ve.vaultObject.GetPayload()) + updatedPayload := ve.vaultObject.GetPayload() + log.V(1).Info("resource is not in sync, writing to Vault", "op", "VaultEndpoint.CreateOrUpdate", + "diff", cmp.Diff(currentPayload, updatedPayload)) + return write(context, ve.vaultObject.GetPath(), updatedPayload) + } else { + log.V(1).Info("vault resource is already in sync", "op", "VaultEndpoint.CreateOrUpdate") } } return nil @@ -125,22 +137,31 @@ func (ve *RabbitMQEngineConfigVaultEndpoint) CreateOrUpdateLease(context context if ve.rabbitMQEngineConfigVaultEndpoint.CheckTTLValuesProvided() { return nil } + log.V(1).Info("reading resource from Vault", "op", "RabbitMQEngineConfigVaultEndpoint.CreateOrUpdateLease") currentPayload, found, err := read(context, ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePath()) if err != nil { log.Error(err, "unable to read object at", "path", ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePath()) return err } if !found { + log.V(1).Info("resource does not exist, creating it in Vault", "op", "RabbitMQEngineConfigVaultEndpoint.CreateOrUpdateLease") return write(context, ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePath(), ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePayload()) } else { if !ve.rabbitMQEngineConfigVaultEndpoint.IsEquivalentToDesiredState(currentPayload) { - return write(context, ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePath(), ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePayload()) + updatedPayload := ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePayload() + log.V(1).Info("resource is not in sync, writing to Vault", "op", "RabbitMQEngineConfigVaultEndpoint.CreateOrUpdateLease", + "diff", cmp.Diff(currentPayload, updatedPayload)) + return write(context, ve.rabbitMQEngineConfigVaultEndpoint.GetLeasePath(), updatedPayload) + } else { + log.V(1).Info("vault resource is already in sync", "op", "RabbitMQEngineConfigVaultEndpoint.CreateOrUpdateLease") } } return nil } func (ve *RabbitMQEngineConfigVaultEndpoint) Create(context context.Context) error { + log := log.FromContext(context) + log.V(1).Info("creating resource in Vault", "op", "RabbitMQEngineConfigVaultEndpoint.Create") return write(context, ve.rabbitMQEngineConfigVaultEndpoint.GetPath(), ve.rabbitMQEngineConfigVaultEndpoint.GetPayload()) } diff --git a/controllers/databasesecretengineconfig_controller.go b/controllers/databasesecretengineconfig_controller.go index 2f07d96..bdae3f1 100644 --- a/controllers/databasesecretengineconfig_controller.go +++ b/controllers/databasesecretengineconfig_controller.go @@ -22,6 +22,7 @@ import ( "time" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -210,7 +211,8 @@ func (r *DatabaseSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.DatabaseSecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.DatabaseSecretEngineConfig{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -218,6 +220,7 @@ func (r *DatabaseSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager }, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request { res := []reconcile.Request{} s := a.(*corev1.Secret) + r.Log.V(1).Info("fanning event on Secret out to applicable DatabaseSecretEngineConfigs", "namespace", s.Namespace, "name", s.Name) dbsecs, err := r.findApplicableBDSCForSecret(ctx, s) if err != nil { r.Log.Error(err, "unable to find applicable databaseSecretEngines for namespace", "namespace", s.Name) @@ -232,7 +235,7 @@ func (r *DatabaseSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager }) } return res - }), builder.WithPredicates(isBasicAuthSecret)). + }), builder.WithPredicates(isBasicAuthSecret, k8sevt.Log{})). Watches(&redhatcopv1alpha1.RandomSecret{ TypeMeta: metav1.TypeMeta{ Kind: "RandomSecret", @@ -240,6 +243,7 @@ func (r *DatabaseSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager }, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request { res := []reconcile.Request{} rs := a.(*redhatcopv1alpha1.RandomSecret) + r.Log.V(1).Info("fanning event on RandomSecret out to applicable RandomSecrets", "namespace", rs.Namespace, "name", rs.Name) dbsecs, err := r.findApplicableDBSCForRandomSecret(ctx, rs) if err != nil { r.Log.Error(err, "unable to find applicable databaseSecretEngines for namespace", "namespace", rs.Name) @@ -254,7 +258,7 @@ func (r *DatabaseSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager }) } return res - }), builder.WithPredicates(isUpdatedRandomSecret)). + }), builder.WithPredicates(isUpdatedRandomSecret, k8sevt.Log{})). Complete(r) } diff --git a/controllers/databasesecretenginerole_controller.go b/controllers/databasesecretenginerole_controller.go index 95d9a00..cfe3314 100644 --- a/controllers/databasesecretenginerole_controller.go +++ b/controllers/databasesecretenginerole_controller.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -80,6 +81,7 @@ func (r *DatabaseSecretEngineRoleReconciler) Reconcile(ctx context.Context, req // SetupWithManager sets up the controller with the Manager. func (r *DatabaseSecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.DatabaseSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.DatabaseSecretEngineRole{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/databasesecretenginestaticrole_controller.go b/controllers/databasesecretenginestaticrole_controller.go index 7cbcabe..c542198 100644 --- a/controllers/databasesecretenginestaticrole_controller.go +++ b/controllers/databasesecretenginestaticrole_controller.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -71,6 +72,7 @@ func (r *DatabaseSecretEngineStaticRoleReconciler) Reconcile(ctx context.Context // SetupWithManager sets up the controller with the Manager. func (r *DatabaseSecretEngineStaticRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.DatabaseSecretEngineStaticRole{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.DatabaseSecretEngineStaticRole{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/githubsecretengineconfig_controller.go b/controllers/githubsecretengineconfig_controller.go index 4ebe9ef..b129a76 100644 --- a/controllers/githubsecretengineconfig_controller.go +++ b/controllers/githubsecretengineconfig_controller.go @@ -34,6 +34,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -118,7 +119,8 @@ func (r *GitHubSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.GitHubSecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.GitHubSecretEngineConfig{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -126,6 +128,7 @@ func (r *GitHubSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) }, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request { res := []reconcile.Request{} s := a.(*corev1.Secret) + r.Log.V(1).Info("fanning event on Secret out to applicable GitHubSecretEngineConfigs", "namespace", s.Namespace, "name", s.Name) dbsecs, err := r.findApplicableGHSCForSecret(ctx, s) if err != nil { r.Log.Error(err, "unable to find applicable github SecretEngines for namespace", "namespace", s.Name) @@ -140,7 +143,7 @@ func (r *GitHubSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) }) } return res - }), builder.WithPredicates(isSSHSecret)). + }), builder.WithPredicates(isSSHSecret, k8sevt.Log{})). Complete(r) } diff --git a/controllers/githubsecretenginerole_controller.go b/controllers/githubsecretenginerole_controller.go index a0629ab..1ba8df5 100644 --- a/controllers/githubsecretenginerole_controller.go +++ b/controllers/githubsecretenginerole_controller.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -80,6 +81,7 @@ func (r *GitHubSecretEngineRoleReconciler) Reconcile(ctx context.Context, req ct // SetupWithManager sets up the controller with the Manager. func (r *GitHubSecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.GitHubSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.GitHubSecretEngineRole{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/group_controller.go b/controllers/group_controller.go index 0bdffed..fd3de69 100644 --- a/controllers/group_controller.go +++ b/controllers/group_controller.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -77,6 +78,7 @@ func (r *GroupReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl // SetupWithManager sets up the controller with the Manager. func (r *GroupReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.Group{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.Group{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/groupalias_controller.go b/controllers/groupalias_controller.go index 340c847..738ce82 100644 --- a/controllers/groupalias_controller.go +++ b/controllers/groupalias_controller.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -77,6 +78,7 @@ func (r *GroupAliasReconciler) Reconcile(ctx context.Context, req ctrl.Request) // SetupWithManager sets up the controller with the Manager. func (r *GroupAliasReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.GroupAlias{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.GroupAlias{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/jwtoidcauthengineconfig_controller.go b/controllers/jwtoidcauthengineconfig_controller.go index 1d389dd..5a5c2fb 100644 --- a/controllers/jwtoidcauthengineconfig_controller.go +++ b/controllers/jwtoidcauthengineconfig_controller.go @@ -34,6 +34,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -142,7 +143,8 @@ func (r *JWTOIDCAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) e } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.JWTOIDCAuthEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.JWTOIDCAuthEngineConfig{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -150,6 +152,7 @@ func (r *JWTOIDCAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) e }, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request { res := []reconcile.Request{} s := a.(*corev1.Secret) + r.Log.V(1).Info("fanning event on Secret out to applicable JWTOIDCAuthEngineConfigs", "namespace", s.Namespace, "name", s.Name) dbsecs, err := r.findApplicableJOAEForSecret(ctx, s) if err != nil { r.Log.Error(err, "unable to find applicable JWTOIDCAuthEngine for namespace", "namespace", s.Name) @@ -164,7 +167,7 @@ func (r *JWTOIDCAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) e }) } return res - }), builder.WithPredicates(isBasicAuthSecret)). + }), builder.WithPredicates(isBasicAuthSecret, k8sevt.Log{})). Watches(&redhatcopv1alpha1.RandomSecret{ TypeMeta: metav1.TypeMeta{ Kind: "RandomSecret", @@ -172,6 +175,7 @@ func (r *JWTOIDCAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) e }, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request { res := []reconcile.Request{} rs := a.(*redhatcopv1alpha1.RandomSecret) + r.Log.V(1).Info("fanning event on RandomSecret out to applicable JWTOIDCAuthEngineConfigs", "namespace", rs.Namespace, "name", rs.Name) dbsecs, err := r.findApplicableJOAEForRandomSecret(ctx, rs) if err != nil { r.Log.Error(err, "unable to find applicable JWTOIDCAuthEngine for namespace", "namespace", rs.Name) @@ -186,7 +190,7 @@ func (r *JWTOIDCAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) e }) } return res - }), builder.WithPredicates(isUpdatedRandomSecret)). + }), builder.WithPredicates(isUpdatedRandomSecret, k8sevt.Log{})). Complete(r) } diff --git a/controllers/jwtoidcauthenginerole_controller.go b/controllers/jwtoidcauthenginerole_controller.go index 66457ac..dc61d47 100644 --- a/controllers/jwtoidcauthenginerole_controller.go +++ b/controllers/jwtoidcauthenginerole_controller.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -75,6 +76,7 @@ func (r *JWTOIDCAuthEngineRoleReconciler) Reconcile(ctx context.Context, req ctr // SetupWithManager sets up the controller with the Manager. func (r *JWTOIDCAuthEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.JWTOIDCAuthEngineRole{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.JWTOIDCAuthEngineRole{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/k8sevt/k8sevtlogging.go b/controllers/k8sevt/k8sevtlogging.go new file mode 100644 index 0000000..f3e7b23 --- /dev/null +++ b/controllers/k8sevt/k8sevtlogging.go @@ -0,0 +1,74 @@ +/* + Logging capable event handler that mimics handler.EnqueueRequestForObject + See "sigs.k8s.io/controller-runtime/pkg/handler" +*/ + +package k8sevt + +import ( + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/event" + "sigs.k8s.io/controller-runtime/pkg/predicate" + + redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" +) + +// List all types which include unexported fields so that cmp.Diff won't choke on them +var ignoredUnexportedDuringDiff = cmpopts.IgnoreUnexported( + redhatcopv1alpha1.VRole{}, + redhatcopv1alpha1.DBSEConfig{}, + redhatcopv1alpha1.GHConfig{}, + redhatcopv1alpha1.JWTOIDCConfig{}, + redhatcopv1alpha1.KAECConfig{}, + redhatcopv1alpha1.KubeSEConfig{}, + redhatcopv1alpha1.LDAPConfig{}, + redhatcopv1alpha1.PKIIntermediate{}, + redhatcopv1alpha1.QuayConfig{}, + redhatcopv1alpha1.RMQSEConfig{}, + redhatcopv1alpha1.RandomSecretSpec{}, + redhatcopv1alpha1.GroupAliasSpec{}, +) + +var handlerLog = ctrl.Log.WithName("eventhandler") + +type Log struct { + predicate.Funcs +} + +func (Log) Update(evt event.UpdateEvent) bool { + return LogEventWithDiff("UpdateEvent", evt.ObjectOld, evt.ObjectNew) +} + +func (Log) Create(evt event.CreateEvent) bool { + return LogEvent("CreateEvent", evt.Object, evt) +} + +func (Log) Delete(evt event.DeleteEvent) bool { + return LogEvent("DeleteEvent", evt.Object, evt) +} + +func (Log) Generic(evt event.GenericEvent) bool { + return LogEvent("GenericEvent", evt.Object, evt) +} + +func LogEvent(eventName string, object client.Object, evt interface{}) bool { + handlerLog.V(1).Info(eventName+" received", "namespace", object.GetNamespace(), "name", object.GetName(), "event", evt) + return true +} + +func LogEventWithDiff(eventName string, objectOld client.Object, objectNew client.Object) bool { + if handlerLog.V(1).Enabled() { + switch { + case objectNew != nil: + handlerLog.V(1).Info(eventName+" received", "namespace", objectNew.GetNamespace(), "name", objectNew.GetName(), + "diff", cmp.Diff(objectOld, objectNew, ignoredUnexportedDuringDiff)) + case objectOld != nil: + handlerLog.V(1).Info(eventName+" received", "namespace", objectNew.GetNamespace(), "name", objectNew.GetName(), + "diff", cmp.Diff(objectOld, objectNew, ignoredUnexportedDuringDiff)) + } + } + return true +} diff --git a/controllers/kubernetesauthengineconfig_controller.go b/controllers/kubernetesauthengineconfig_controller.go index b12ae50..359bd13 100644 --- a/controllers/kubernetesauthengineconfig_controller.go +++ b/controllers/kubernetesauthengineconfig_controller.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -84,6 +85,7 @@ func (r *KubernetesAuthEngineConfigReconciler) Reconcile(ctx context.Context, re func (r *KubernetesAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.KubernetesAuthEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.KubernetesAuthEngineConfig{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/kubernetesauthenginerole_controller.go b/controllers/kubernetesauthenginerole_controller.go index 05d0371..732abfe 100644 --- a/controllers/kubernetesauthenginerole_controller.go +++ b/controllers/kubernetesauthenginerole_controller.go @@ -32,6 +32,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -86,7 +87,8 @@ func (r *KubernetesAuthEngineRoleReconciler) Reconcile(ctx context.Context, req // SetupWithManager sets up the controller with the Manager. func (r *KubernetesAuthEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.KubernetesAuthEngineRole{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.KubernetesAuthEngineRole{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Watches(&corev1.Namespace{ TypeMeta: metav1.TypeMeta{ Kind: "Namespace", @@ -94,6 +96,7 @@ func (r *KubernetesAuthEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) }, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request { res := []reconcile.Request{} ns := a.(*corev1.Namespace) + r.Log.V(1).Info("fanning event on Namespace out to applicable KubernetesAuthEngineRoles", "namespace", ns.Name) ncl, err := r.findApplicableKubernetesAuthEngineRoles(ctx, ns) if err != nil { r.Log.Error(err, "unable to find applicable kubernetesAuthEngineRoles for namespace", "namespace", ns.Name) @@ -108,7 +111,7 @@ func (r *KubernetesAuthEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) }) } return res - })). + }), builder.WithPredicates(k8sevt.Log{})). Complete(r) } diff --git a/controllers/kubernetessecretengineconfig_controller.go b/controllers/kubernetessecretengineconfig_controller.go index 2fcb587..f606d19 100644 --- a/controllers/kubernetessecretengineconfig_controller.go +++ b/controllers/kubernetessecretengineconfig_controller.go @@ -33,6 +33,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" corev1 "k8s.io/api/core/v1" ) @@ -112,7 +113,8 @@ func (r *KubernetesSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manag } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.KubernetesSecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.KubernetesSecretEngineConfig{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -120,6 +122,7 @@ func (r *KubernetesSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manag }, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request { res := []reconcile.Request{} s := a.(*corev1.Secret) + r.Log.V(1).Info("fanning event on Secret out to applicable KubernetesSecretEngineConfigs", "namespace", s.Namespace, "name", s.Name) dbsecs, err := r.findApplicableKSECForSecret(ctx, s) if err != nil { r.Log.Error(err, "unable to find applicable github SecretEngines for namespace", "namespace", s.Name) @@ -134,7 +137,7 @@ func (r *KubernetesSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manag }) } return res - }), builder.WithPredicates(isSATokenSecret)). + }), builder.WithPredicates(isSATokenSecret, k8sevt.Log{})). Complete(r) } diff --git a/controllers/kubernetessecretenginerole_controller.go b/controllers/kubernetessecretenginerole_controller.go index 9387f7d..d7ddc47 100644 --- a/controllers/kubernetessecretenginerole_controller.go +++ b/controllers/kubernetessecretenginerole_controller.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -74,6 +75,7 @@ func (r *KubernetesSecretEngineRoleReconciler) Reconcile(ctx context.Context, re // SetupWithManager sets up the controller with the Manager. func (r *KubernetesSecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.KubernetesSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.KubernetesSecretEngineRole{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/ldapauthengineconfig_controller.go b/controllers/ldapauthengineconfig_controller.go index 89e2d15..ff42115 100644 --- a/controllers/ldapauthengineconfig_controller.go +++ b/controllers/ldapauthengineconfig_controller.go @@ -34,6 +34,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -172,7 +173,8 @@ func (r *LDAPAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) erro } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.LDAPAuthEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.LDAPAuthEngineConfig{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -180,6 +182,7 @@ func (r *LDAPAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) erro }, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request { res := []reconcile.Request{} s := a.(*corev1.Secret) + r.Log.V(1).Info("fanning event on Secret out to applicable LDAPAuthEngineConfigs", "namespace", s.Namespace, "name", s.Name) dbsecs, err := r.findApplicableLAECForSecret(ctx, s) if err != nil { r.Log.Error(err, "unable to find applicable LDAPAuthEngines for namespace", "namespace", s.Name) @@ -194,7 +197,7 @@ func (r *LDAPAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) erro }) } return res - }), builder.WithPredicates(isBasicAuthSecret)). + }), builder.WithPredicates(isBasicAuthSecret, k8sevt.Log{})). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -216,7 +219,7 @@ func (r *LDAPAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) erro }) } return res - }), builder.WithPredicates(isTLSSecret)). + }), builder.WithPredicates(isTLSSecret, k8sevt.Log{})). Watches(&redhatcopv1alpha1.RandomSecret{ TypeMeta: metav1.TypeMeta{ Kind: "RandomSecret", @@ -224,6 +227,7 @@ func (r *LDAPAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) erro }, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request { res := []reconcile.Request{} rs := a.(*redhatcopv1alpha1.RandomSecret) + r.Log.V(1).Info("fanning event on RandomSecret out to applicable LDAPAuthEngineConfigs", "namespace", rs.Namespace, "name", rs.Name) dbsecs, err := r.findApplicableLAECForRandomSecret(ctx, rs) if err != nil { r.Log.Error(err, "unable to find applicable LDAPAuthEngines for namespace", "namespace", rs.Name) @@ -238,7 +242,7 @@ func (r *LDAPAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) erro }) } return res - }), builder.WithPredicates(isUpdatedRandomSecret)). + }), builder.WithPredicates(isUpdatedRandomSecret, k8sevt.Log{})). Complete(r) } diff --git a/controllers/ldapauthenginegroup_controller.go b/controllers/ldapauthenginegroup_controller.go index 68cd867..e91b36f 100644 --- a/controllers/ldapauthenginegroup_controller.go +++ b/controllers/ldapauthenginegroup_controller.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -75,6 +76,7 @@ func (r *LDAPAuthEngineGroupReconciler) Reconcile(ctx context.Context, req ctrl. // SetupWithManager sets up the controller with the Manager. func (r *LDAPAuthEngineGroupReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.LDAPAuthEngineGroup{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.LDAPAuthEngineGroup{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/passwordpolicy_controller.go b/controllers/passwordpolicy_controller.go index 2b9f7c6..3f5e5f6 100644 --- a/controllers/passwordpolicy_controller.go +++ b/controllers/passwordpolicy_controller.go @@ -25,6 +25,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -77,6 +78,7 @@ func (r *PasswordPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque // SetupWithManager sets up the controller with the Manager. func (r *PasswordPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.PasswordPolicy{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.PasswordPolicy{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/pkisecretengineconfig_controller.go b/controllers/pkisecretengineconfig_controller.go index 497a335..909feda 100644 --- a/controllers/pkisecretengineconfig_controller.go +++ b/controllers/pkisecretengineconfig_controller.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -75,6 +76,7 @@ func (r *PKISecretEngineConfigReconciler) Reconcile(ctx context.Context, req ctr // SetupWithManager sets up the controller with the Manager. func (r *PKISecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.PKISecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.PKISecretEngineConfig{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/pkisecretenginerole_controller.go b/controllers/pkisecretenginerole_controller.go index 6f467ba..456526f 100644 --- a/controllers/pkisecretenginerole_controller.go +++ b/controllers/pkisecretenginerole_controller.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -75,6 +76,7 @@ func (r *PKISecretEngineRoleReconciler) Reconcile(ctx context.Context, req ctrl. // SetupWithManager sets up the controller with the Manager. func (r *PKISecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.PKISecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.PKISecretEngineRole{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/policy_controller.go b/controllers/policy_controller.go index c556700..9fbed3d 100644 --- a/controllers/policy_controller.go +++ b/controllers/policy_controller.go @@ -20,6 +20,7 @@ import ( "context" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" @@ -77,6 +78,7 @@ func (r *PolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr // SetupWithManager sets up the controller with the Manager. func (r *PolicyReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.Policy{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.Policy{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/quaysecretengineconfig_controller.go b/controllers/quaysecretengineconfig_controller.go index b95caa1..440df47 100644 --- a/controllers/quaysecretengineconfig_controller.go +++ b/controllers/quaysecretengineconfig_controller.go @@ -34,6 +34,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -140,7 +141,8 @@ func (r *QuaySecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) er } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.QuaySecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.QuaySecretEngineConfig{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -148,6 +150,7 @@ func (r *QuaySecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) er }, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request { res := []reconcile.Request{} s := a.(*corev1.Secret) + r.Log.V(1).Info("fanning event on Secret out to applicable QuaySecretEngineConfigs", "namespace", s.Namespace, "name", s.Name) quaysecs, err := r.findApplicableQuaySCForSecret(ctx, s) if err != nil { r.Log.Error(err, "unable to find applicable databaseSecretEngines for namespace", "namespace", s.Name) @@ -162,7 +165,7 @@ func (r *QuaySecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) er }) } return res - }), builder.WithPredicates(isBasicAuthSecret)). + }), builder.WithPredicates(isBasicAuthSecret, k8sevt.Log{})). Watches(&redhatcopv1alpha1.RandomSecret{ TypeMeta: metav1.TypeMeta{ Kind: "RandomSecret", @@ -170,6 +173,7 @@ func (r *QuaySecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) er }, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request { res := []reconcile.Request{} rs := a.(*redhatcopv1alpha1.RandomSecret) + r.Log.V(1).Info("fanning event on RandomSecret out to applicable QuaySecretEngineConfigs", "namespace", rs.Namespace, "name", rs.Name) quaysecs, err := r.findApplicableQuaySCForRandomSecret(ctx, rs) if err != nil { r.Log.Error(err, "unable to find applicable QuaySecretEngineConfig for namespace", "namespace", rs.Name) @@ -184,7 +188,7 @@ func (r *QuaySecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) er }) } return res - }), builder.WithPredicates(isUpdatedRandomSecret)). + }), builder.WithPredicates(isUpdatedRandomSecret, k8sevt.Log{})). Complete(r) } diff --git a/controllers/quaysecretenginerole_controller.go b/controllers/quaysecretenginerole_controller.go index 11f0c3d..1c96665 100644 --- a/controllers/quaysecretenginerole_controller.go +++ b/controllers/quaysecretenginerole_controller.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -72,6 +73,7 @@ func (r *QuaySecretEngineRoleReconciler) Reconcile(ctx context.Context, req ctrl // SetupWithManager sets up the controller with the Manager. func (r *QuaySecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.QuaySecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.QuaySecretEngineRole{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/quaysecretenginestaticrole_controller.go b/controllers/quaysecretenginestaticrole_controller.go index e0456e6..26cbab1 100644 --- a/controllers/quaysecretenginestaticrole_controller.go +++ b/controllers/quaysecretenginestaticrole_controller.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) @@ -71,6 +72,7 @@ func (r *QuaySecretEngineStaticRoleReconciler) Reconcile(ctx context.Context, re // SetupWithManager sets up the controller with the Manager. func (r *QuaySecretEngineStaticRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.QuaySecretEngineStaticRole{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.QuaySecretEngineStaticRole{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/rabbitmqsecretengineconfig_controller.go b/controllers/rabbitmqsecretengineconfig_controller.go index 5d948f2..491ffd3 100644 --- a/controllers/rabbitmqsecretengineconfig_controller.go +++ b/controllers/rabbitmqsecretengineconfig_controller.go @@ -21,6 +21,7 @@ import ( redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" vaultutils "github.com/redhat-cop/vault-config-operator/api/v1alpha1/utils" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" @@ -126,6 +127,7 @@ func (r *RabbitMQSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.RabbitMQSecretEngineConfig{}, builder.WithPredicates(filter, vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.RabbitMQSecretEngineConfig{}, + builder.WithPredicates(filter, vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/rabbitmqsecretenginerole_controller.go b/controllers/rabbitmqsecretenginerole_controller.go index 5d9c6c0..43d322e 100644 --- a/controllers/rabbitmqsecretenginerole_controller.go +++ b/controllers/rabbitmqsecretenginerole_controller.go @@ -20,6 +20,7 @@ import ( "context" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" @@ -79,6 +80,7 @@ func (r *RabbitMQSecretEngineRoleReconciler) Reconcile(ctx context.Context, req // SetupWithManager sets up the controller with the Manager. func (r *RabbitMQSecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.RabbitMQSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.RabbitMQSecretEngineRole{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/randomsecret_controller.go b/controllers/randomsecret_controller.go index 8f4d0fa..ef910cb 100644 --- a/controllers/randomsecret_controller.go +++ b/controllers/randomsecret_controller.go @@ -23,6 +23,7 @@ import ( redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" vaultutils "github.com/redhat-cop/vault-config-operator/api/v1alpha1/utils" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -190,6 +191,7 @@ func (r *RandomSecretReconciler) SetupWithManager(mgr ctrl.Manager) error { } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.RandomSecret{}, builder.WithPredicates(needsCreation, vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.RandomSecret{}, + builder.WithPredicates(needsCreation, vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/secretenginemount_controller.go b/controllers/secretenginemount_controller.go index d228a22..45f3e96 100644 --- a/controllers/secretenginemount_controller.go +++ b/controllers/secretenginemount_controller.go @@ -20,6 +20,7 @@ import ( "context" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" + "github.com/redhat-cop/vault-config-operator/controllers/k8sevt" "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" @@ -78,6 +79,7 @@ func (r *SecretEngineMountReconciler) Reconcile(ctx context.Context, req ctrl.Re // SetupWithManager sets up the controller with the Manager. func (r *SecretEngineMountReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.SecretEngineMount{}, builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{})). + For(&redhatcopv1alpha1.SecretEngineMount{}, + builder.WithPredicates(vaultresourcecontroller.ResourceGenerationChangedPredicate{}, k8sevt.Log{})). Complete(r) } diff --git a/controllers/vaultresourcecontroller/utils.go b/controllers/vaultresourcecontroller/utils.go index 24a4676..43977f0 100644 --- a/controllers/vaultresourcecontroller/utils.go +++ b/controllers/vaultresourcecontroller/utils.go @@ -134,6 +134,7 @@ func ManageOutcomeWithRequeue(context context.Context, r ReconcilerBase, obj cli } } conditionsAware.SetConditions(vaultutils.AddOrReplaceCondition(condition, conditionsAware.GetConditions())) + log.V(1).Info("updating k8s resource status") err := r.GetClient().Status().Update(context, obj) if err != nil { log.Error(err, "unable to update status") @@ -142,6 +143,7 @@ func ManageOutcomeWithRequeue(context context.Context, r ReconcilerBase, obj cli if vaultObject, ok := obj.(vaultutils.VaultObject); ok { if vaultObject.IsDeletable() { if issue == nil && !controllerutil.ContainsFinalizer(obj, vaultutils.GetFinalizer(obj)) { + log.V(1).Info("adding k8s resource finalizer") controllerutil.AddFinalizer(obj, vaultutils.GetFinalizer(obj)) // BEWARE: this call *mutates* the object in memory with Kube's response, there *must be invoked last* err := r.GetClient().Update(context, obj) @@ -153,6 +155,7 @@ func ManageOutcomeWithRequeue(context context.Context, r ReconcilerBase, obj cli } } else { if issue == nil && !controllerutil.ContainsFinalizer(obj, vaultutils.GetFinalizer(obj)) { + log.V(1).Info("adding k8s resource finalizer") controllerutil.AddFinalizer(obj, vaultutils.GetFinalizer(obj)) // BEWARE: this call *mutates* the object in memory with Kube's response, there *must be invoked last* err := r.GetClient().Update(context, obj) diff --git a/controllers/vaultresourcecontroller/vaultresourcereconciler.go b/controllers/vaultresourcecontroller/vaultresourcereconciler.go index 0e6d81f..f52250c 100644 --- a/controllers/vaultresourcecontroller/vaultresourcereconciler.go +++ b/controllers/vaultresourcecontroller/vaultresourcereconciler.go @@ -53,6 +53,7 @@ func (r *VaultResource) Reconcile(ctx context.Context, instance client.Object) ( log.Error(err, "unable to delete instance", "instance", instance) return ManageOutcome(ctx, *r.reconcilerBase, instance, err) } + log.V(1).Info("removing k8s resource finalizer") controllerutil.RemoveFinalizer(instance, vaultutils.GetFinalizer(instance)) err = r.reconcilerBase.GetClient().Update(ctx, instance) if err != nil {