Skip to content

Commit 27ee785

Browse files
AlldaAllda
committed
Use SyncObjectWithCluster instead of copying secrets
The previous solution always deleted a secret if exist and re-create it. This can lead to potential issues. The new code uses SyncObjectWithCluster that is used across a whole codebase and minimize the risk of issues. Signed-off-by: Ales Raszka <araszka@redhat.com>
1 parent 500c993 commit 27ee785

File tree

1 file changed

+29
-20
lines changed

1 file changed

+29
-20
lines changed

pkg/secrets/backup.go

Lines changed: 29 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,8 @@ import (
2727
"k8s.io/apimachinery/pkg/runtime"
2828
"sigs.k8s.io/controller-runtime/pkg/client"
2929
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
30+
31+
"github.com/devfile/devworkspace-operator/pkg/provision/sync"
3032
)
3133

3234
// GetRegistryAuthSecret retrieves the registry authentication secret for accessing backup images
@@ -78,21 +80,8 @@ func HandleRegistryAuthSecret(ctx context.Context, c client.Client, workspace *d
7880

7981
// CopySecret copies the given secret from the operator namespace to the workspace namespace.
8082
func CopySecret(ctx context.Context, c client.Client, workspace *dw.DevWorkspace, sourceSecret *corev1.Secret, scheme *runtime.Scheme, log logr.Logger) (namespaceSecret *corev1.Secret, err error) {
81-
existingNamespaceSecret := &corev1.Secret{}
82-
err = c.Get(ctx, client.ObjectKey{
83-
Name: constants.DevWorkspaceBackupAuthSecretName,
84-
Namespace: workspace.Namespace}, existingNamespaceSecret)
85-
if client.IgnoreNotFound(err) != nil {
86-
log.Error(err, "Failed to check for existing registry auth secret in workspace namespace", "namespace", workspace.Namespace)
87-
return nil, err
88-
}
89-
if err == nil {
90-
err = c.Delete(ctx, existingNamespaceSecret)
91-
if err != nil {
92-
return nil, err
93-
}
94-
}
95-
namespaceSecret = &corev1.Secret{
83+
// Construct the desired secret state
84+
desiredSecret := &corev1.Secret{
9685
ObjectMeta: metav1.ObjectMeta{
9786
Name: constants.DevWorkspaceBackupAuthSecretName,
9887
Namespace: workspace.Namespace,
@@ -104,12 +93,32 @@ func CopySecret(ctx context.Context, c client.Client, workspace *dw.DevWorkspace
10493
Data: sourceSecret.Data,
10594
Type: sourceSecret.Type,
10695
}
107-
if err := controllerutil.SetControllerReference(workspace, namespaceSecret, scheme); err != nil {
96+
97+
if err := controllerutil.SetControllerReference(workspace, desiredSecret, scheme); err != nil {
10898
return nil, err
10999
}
110-
err = c.Create(ctx, namespaceSecret)
111-
if err == nil {
112-
log.Info("Successfully created secret", "name", namespaceSecret.Name, "namespace", workspace.Namespace)
100+
101+
// Use the sync mechanism
102+
clusterAPI := sync.ClusterAPI{
103+
Client: c,
104+
Scheme: scheme,
105+
Logger: log,
106+
Ctx: ctx,
107+
}
108+
109+
syncedObj, err := sync.SyncObjectWithCluster(desiredSecret, clusterAPI)
110+
if err != nil {
111+
if _, ok := err.(*sync.NotInSyncError); !ok {
112+
return nil, err
113+
}
114+
// NotInSyncError means the sync operation was successful but triggered a change
115+
log.Info("Successfully synced secret", "name", desiredSecret.Name, "namespace", workspace.Namespace)
113116
}
114-
return namespaceSecret, err
117+
118+
// If syncedObj is nil (due to NotInSyncError), return the desired object
119+
if syncedObj == nil {
120+
return desiredSecret, nil
121+
}
122+
123+
return syncedObj.(*corev1.Secret), nil
115124
}

0 commit comments

Comments
 (0)