@@ -15,6 +15,8 @@ package database
1515import (
1616 "context"
1717
18+ "fmt"
19+
1820 "github.com/eclipse-che/che-operator/pkg/common/chetypes"
1921 "github.com/eclipse-che/che-operator/pkg/common/constants"
2022 defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults"
@@ -23,6 +25,7 @@ import (
2325 "github.com/eclipse-che/che-operator/pkg/deploy"
2426 appsv1 "k8s.io/api/apps/v1"
2527 corev1 "k8s.io/api/core/v1"
28+
2629 "k8s.io/apimachinery/pkg/api/errors"
2730 "k8s.io/apimachinery/pkg/api/resource"
2831 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -51,7 +54,9 @@ func (p *OpenVSXDatabaseReconciler) Reconcile(ctx *chetypes.DeployContext) (reco
5154 _ = cw.DeleteByKeyIgnoreNotFound(context.TODO(), types.NamespacedName{Name: constants.OpenVSXDatabaseName, Namespace: ns}, &appsv1.Deployment{})
5255 _ = cw.DeleteByKeyIgnoreNotFound(context.TODO(), types.NamespacedName{Name: constants.OpenVSXDatabaseName, Namespace: ns}, &corev1.Service{})
5356 _ = cw.DeleteByKeyIgnoreNotFound(context.TODO(), types.NamespacedName{Name: pvcName, Namespace: ns}, &corev1.PersistentVolumeClaim{})
54- _ = cw.DeleteByKeyIgnoreNotFound(context.TODO(), types.NamespacedName{Name: constants.OpenVSXDatabaseCredentialsSecret, Namespace: ns}, &corev1.Secret{})
57+ if !isUserProvidedSecret(ctx) {
58+ _ = cw.DeleteByKeyIgnoreNotFound(context.TODO(), types.NamespacedName{Name: constants.OpenVSXDatabaseCredentialsSecret, Namespace: ns}, &corev1.Secret{})
59+ }
5560 return reconcile.Result{}, true, nil
5661 }
5762
@@ -82,50 +87,90 @@ func (p *OpenVSXDatabaseReconciler) Finalize(ctx *chetypes.DeployContext) bool {
8287 return true
8388}
8489
90+ var requiredSecretKeys = []string{
91+ "db-user", "db-password", "db-name",
92+ "publisher-name", "publisher-token",
93+ "admin-name", "admin-token",
94+ }
95+
8596func (p *OpenVSXDatabaseReconciler) syncSecret(ctx *chetypes.DeployContext) (bool, error) {
97+ secretName := GetCredentialsSecretName(ctx)
98+
8699 secret := &corev1.Secret{}
87100 err := ctx.ClusterAPI.Client.Get(context.TODO(), types.NamespacedName{
88- Name: constants.OpenVSXDatabaseCredentialsSecret ,
101+ Name: secretName ,
89102 Namespace: ctx.CheCluster.Namespace,
90103 }, secret)
91104
92105 if err == nil {
106+ if isUserProvidedSecret(ctx) {
107+ return validateSecretKeys(secret)
108+ }
93109 return true, nil
94110 }
95111
96112 if !errors.IsNotFound(err) {
97113 return false, err
98114 }
99115
116+ if isUserProvidedSecret(ctx) {
117+ return false, fmt.Errorf("credentials secret '%s' not found", secretName)
118+ }
119+
100120 secret = &corev1.Secret{
101121 TypeMeta: metav1.TypeMeta{
102122 Kind: "Secret",
103123 APIVersion: "v1",
104124 },
105125 ObjectMeta: metav1.ObjectMeta{
106- Name: constants.OpenVSXDatabaseCredentialsSecret ,
126+ Name: secretName ,
107127 Namespace: ctx.CheCluster.Namespace,
108128 Labels: deploy.GetLabels(defaults.GetCheFlavor()),
109129 },
110130 Type: corev1.SecretTypeOpaque,
111131 Data: map[string][]byte{
112- "user": []byte("openvsx"),
113- "password": []byte(utils.GeneratePassword(16)),
114- "database": []byte("openvsx"),
115- "userName ": []byte("eclipse-che"),
116- "userPAT": []byte(utils.GeneratePassword(32)),
117- "adminName": []byte("openvsx-admin"),
118- "adminPAT": []byte(utils.GeneratePassword(32)),
132+ "db- user": []byte("openvsx"),
133+ "db- password": []byte(utils.GeneratePassword(16)),
134+ "db-name": []byte("openvsx"),
135+ "publisher-name ": []byte("eclipse-che"),
136+ "publisher-token": []byte(utils.GeneratePassword(32)),
137+ "admin-name": []byte("openvsx-admin"),
138+ "admin-token": []byte(utils.GeneratePassword(32)),
119139 },
120140 }
121141
122142 if err := controllerutil.SetControllerReference(ctx.CheCluster, secret, ctx.ClusterAPI.Scheme); err != nil {
123143 return false, err
124144 }
125- err = ctx.ClusterAPI.ClientWrapper.Sync(context.TODO(), secret)
145+ err = ctx.ClusterAPI.ClientWrapper.Sync(context.TODO(), secret)
126146 return err == nil, err
127147}
128148
149+ func validateSecretKeys(secret *corev1.Secret) (bool, error) {
150+ var missing []string
151+ for _, key := range requiredSecretKeys {
152+ if _, ok := secret.Data[key]; !ok {
153+ missing = append(missing, key)
154+ }
155+ }
156+ if len(missing) > 0 {
157+ return false, fmt.Errorf("credentials secret '%s' is missing required keys: %v", secret.Name, missing)
158+ }
159+ return true, nil
160+ }
161+
162+ func isUserProvidedSecret(ctx *chetypes.DeployContext) bool {
163+ return ctx.CheCluster.Spec.Components.OpenVSX.OpenVSXDatabase != nil &&
164+ ctx.CheCluster.Spec.Components.OpenVSX.OpenVSXDatabase.OpenVSXSecret != ""
165+ }
166+
167+ func GetCredentialsSecretName(ctx *chetypes.DeployContext) string {
168+ if isUserProvidedSecret(ctx) {
169+ return ctx.CheCluster.Spec.Components.OpenVSX.OpenVSXDatabase.OpenVSXSecret
170+ }
171+ return constants.OpenVSXDatabaseCredentialsSecret
172+ }
173+
129174func (p *OpenVSXDatabaseReconciler) syncService(ctx *chetypes.DeployContext) (bool, error) {
130175 return deploy.SyncServiceToCluster(
131176 ctx,
0 commit comments