diff --git a/cmd/main.go b/cmd/main.go index e92006e1..16b6e40e 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -65,10 +65,10 @@ var ( ) const ( - envPollingIntervalVariable = "POLLING_INTERVAL" - manageConnect = "MANAGE_CONNECT" - restartDeploymentsEnvVariable = "AUTO_RESTART" - defaultPollingInterval = 600 + envPollingIntervalVariable = "POLLING_INTERVAL" + manageConnect = "MANAGE_CONNECT" + restartWorkloadsEnvVariable = "AUTO_RESTART" + defaultPollingInterval = 600 annotationRegExpString = "^operator.1password.io\\/[a-zA-Z\\.]+" ) @@ -202,7 +202,7 @@ func main() { } // Setup update secrets task - updatedSecretsPoller := op.NewManager(mgr.GetClient(), opConnectClient, shouldAutoRestartDeployments()) + updatedSecretsPoller := op.NewManager(mgr.GetClient(), opConnectClient, shouldAutoRestartWorkloads()) done := make(chan bool) ticker := time.NewTicker(getPollingIntervalForUpdatingSecrets()) go func() { @@ -263,15 +263,15 @@ func shouldManageConnect() bool { return false } -func shouldAutoRestartDeployments() bool { - shouldAutoRestartDeployments, found := os.LookupEnv(restartDeploymentsEnvVariable) +func shouldAutoRestartWorkloads() bool { + value, found := os.LookupEnv(restartWorkloadsEnvVariable) if found { - shouldAutoRestartDeploymentsBool, err := strconv.ParseBool(strings.ToLower(shouldAutoRestartDeployments)) + shouldAutoRestartWorkloadsBool, err := strconv.ParseBool(strings.ToLower(value)) if err != nil { setupLog.Error(err, "") os.Exit(1) } - return shouldAutoRestartDeploymentsBool + return shouldAutoRestartWorkloadsBool } return false } diff --git a/internal/controller/deployment_controller.go b/internal/controller/deployment_controller.go index 67553e84..ccf3424d 100644 --- a/internal/controller/deployment_controller.go +++ b/internal/controller/deployment_controller.go @@ -213,5 +213,5 @@ func (r *DeploymentReconciler) handleApplyingDeployment(deployment *appsv1.Deplo UID: deployment.GetUID(), } - return kubeSecrets.CreateKubernetesSecretFromItem(r.Client, secretName, namespace, item, annotations[op.RestartDeploymentsAnnotation], secretLabels, secretType, ownerRef) + return kubeSecrets.CreateKubernetesSecretFromItem(r.Client, secretName, namespace, item, annotations[op.AutoRestartWorkloadAnnotation], secretLabels, secretType, ownerRef) } diff --git a/internal/controller/onepassworditem_controller.go b/internal/controller/onepassworditem_controller.go index 57610b9b..97886737 100644 --- a/internal/controller/onepassworditem_controller.go +++ b/internal/controller/onepassworditem_controller.go @@ -162,7 +162,7 @@ func (r *OnePasswordItemReconciler) handleOnePasswordItem(resource *onepasswordv secretName := resource.GetName() labels := resource.Labels secretType := resource.Type - autoRestart := resource.Annotations[op.RestartDeploymentsAnnotation] + autoRestart := resource.Annotations[op.AutoRestartWorkloadAnnotation] item, err := op.GetOnePasswordItemByPath(r.OpConnectClient, resource.Spec.ItemPath) if err != nil { diff --git a/pkg/onepassword/annotations.go b/pkg/onepassword/annotations.go index 652f6717..f98b33ae 100644 --- a/pkg/onepassword/annotations.go +++ b/pkg/onepassword/annotations.go @@ -8,12 +8,12 @@ import ( ) const ( - OnepasswordPrefix = "operator.1password.io" - ItemPathAnnotation = OnepasswordPrefix + "/item-path" - NameAnnotation = OnepasswordPrefix + "/item-name" - VersionAnnotation = OnepasswordPrefix + "/item-version" - RestartAnnotation = OnepasswordPrefix + "/last-restarted" - RestartDeploymentsAnnotation = OnepasswordPrefix + "/auto-restart" + OnepasswordPrefix = "operator.1password.io" + ItemPathAnnotation = OnepasswordPrefix + "/item-path" + NameAnnotation = OnepasswordPrefix + "/item-name" + VersionAnnotation = OnepasswordPrefix + "/item-version" + RestartAnnotation = OnepasswordPrefix + "/last-restarted" + AutoRestartWorkloadAnnotation = OnepasswordPrefix + "/auto-restart" ) func GetAnnotationsForDeployment(deployment *appsv1.Deployment, regex *regexp.Regexp) (map[string]string, bool) { @@ -36,7 +36,7 @@ func GetAnnotationsForDeployment(deployment *appsv1.Deployment, regex *regexp.Re func FilterAnnotations(annotations map[string]string, regex *regexp.Regexp) map[string]string { filteredAnnotations := make(map[string]string) for key, value := range annotations { - if regex.MatchString(key) && key != RestartAnnotation && key != RestartDeploymentsAnnotation { + if regex.MatchString(key) && key != RestartAnnotation && key != AutoRestartWorkloadAnnotation { filteredAnnotations[key] = value } } diff --git a/pkg/onepassword/deployments.go b/pkg/onepassword/deployments.go index 6c97efb4..e5d51812 100644 --- a/pkg/onepassword/deployments.go +++ b/pkg/onepassword/deployments.go @@ -11,16 +11,3 @@ func IsDeploymentUsingSecrets(deployment *appsv1.Deployment, secrets map[string] containers = append(containers, deployment.Spec.Template.Spec.InitContainers...) return AreAnnotationsUsingSecrets(deployment.Annotations, secrets) || AreContainersUsingSecrets(containers, secrets) || AreVolumesUsingSecrets(volumes, secrets) } - -func GetUpdatedSecretsForDeployment(deployment *appsv1.Deployment, secrets map[string]*corev1.Secret) map[string]*corev1.Secret { - volumes := deployment.Spec.Template.Spec.Volumes - containers := deployment.Spec.Template.Spec.Containers - containers = append(containers, deployment.Spec.Template.Spec.InitContainers...) - - updatedSecretsForDeployment := map[string]*corev1.Secret{} - AppendAnnotationUpdatedSecret(deployment.Annotations, secrets, updatedSecretsForDeployment) - AppendUpdatedContainerSecrets(containers, secrets, updatedSecretsForDeployment) - AppendUpdatedVolumeSecrets(volumes, secrets, updatedSecretsForDeployment) - - return updatedSecretsForDeployment -} diff --git a/pkg/onepassword/secret_update_handler.go b/pkg/onepassword/secret_update_handler.go index a24e7e15..830f7a70 100644 --- a/pkg/onepassword/secret_update_handler.go +++ b/pkg/onepassword/secret_update_handler.go @@ -3,6 +3,7 @@ package onepassword import ( "context" "fmt" + "k8s.io/apimachinery/pkg/api/meta" "time" onepasswordv1 "github.com/1Password/onepassword-operator/api/v1" @@ -23,18 +24,18 @@ const lockTag = "operator.1password.io:ignore-secret" var log = logf.Log.WithName("update_op_kubernetes_secrets_task") -func NewManager(kubernetesClient client.Client, opConnectClient connect.Client, shouldAutoRestartDeploymentsGlobal bool) *SecretUpdateHandler { +func NewManager(kubernetesClient client.Client, opConnectClient connect.Client, autoRestartWorkloadsGlobally bool) *SecretUpdateHandler { return &SecretUpdateHandler{ - client: kubernetesClient, - opConnectClient: opConnectClient, - shouldAutoRestartDeploymentsGlobal: shouldAutoRestartDeploymentsGlobal, + client: kubernetesClient, + opConnectClient: opConnectClient, + autoRestartWorkloadsGlobally: autoRestartWorkloadsGlobally, } } type SecretUpdateHandler struct { - client client.Client - opConnectClient connect.Client - shouldAutoRestartDeploymentsGlobal bool + client client.Client + opConnectClient connect.Client + autoRestartWorkloadsGlobally bool } func (h *SecretUpdateHandler) UpdateKubernetesSecretsTask() error { @@ -43,24 +44,17 @@ func (h *SecretUpdateHandler) UpdateKubernetesSecretsTask() error { return err } - return h.restartDeploymentsWithUpdatedSecrets(updatedKubernetesSecrets) + return h.restartWorkloadsWithUpdatedSecrets(updatedKubernetesSecrets) } -func (h *SecretUpdateHandler) restartDeploymentsWithUpdatedSecrets(updatedSecretsByNamespace map[string]map[string]*corev1.Secret) error { +func (h *SecretUpdateHandler) restartWorkloadsWithUpdatedSecrets(updatedSecretsByNamespace map[string]map[string]*corev1.Secret) error { // No secrets to update. Exit if len(updatedSecretsByNamespace) == 0 || updatedSecretsByNamespace == nil { return nil } - deployments := &appsv1.DeploymentList{} - err := h.client.List(context.Background(), deployments) - if err != nil { - log.Error(err, "Failed to list kubernetes deployments") - return err - } - - if len(deployments.Items) == 0 { - return nil + workloadTypes := []client.ObjectList{ + &appsv1.DeploymentList{}, } setForAutoRestartByNamespaceMap, err := h.getIsSetForAutoRestartByNamespaceMap() @@ -68,36 +62,76 @@ func (h *SecretUpdateHandler) restartDeploymentsWithUpdatedSecrets(updatedSecret return err } - for i := 0; i < len(deployments.Items); i++ { - deployment := &deployments.Items[i] - updatedSecrets := updatedSecretsByNamespace[deployment.Namespace] + for _, list := range workloadTypes { + if err := h.client.List(context.Background(), list); err != nil { + log.Error(err, "Failed to list workloads", "type", fmt.Sprintf("%T", list)) + return err + } - updatedDeploymentSecrets := GetUpdatedSecretsForDeployment(deployment, updatedSecrets) - if len(updatedDeploymentSecrets) == 0 { - continue + items, err := meta.ExtractList(list) + if err != nil { + log.Error(err, "Failed to extract list items", "type", fmt.Sprintf("%T", list)) + return err } - for _, secret := range updatedDeploymentSecrets { - if isSecretSetForAutoRestart(secret, deployment, setForAutoRestartByNamespaceMap) { - h.restartDeployment(deployment) + + for _, obj := range items { + workload, ok := obj.(client.Object) + if !ok { + log.Error(fmt.Errorf("unexpected type %T", obj), "Skipping non-client.Object") continue } - } - log.V(logs.DebugLevel).Info(fmt.Sprintf("Deployment %q at namespace %q is up to date", deployment.GetName(), deployment.Namespace)) + podTemplate, err := GetPodTemplate(workload) + if err != nil { + log.Error(err, "Failed to get pod template", "workload", workload.GetName()) + continue + } + + updatedSecrets := updatedSecretsByNamespace[workload.GetNamespace()] + if len(updatedSecrets) == 0 { + continue + } + + matchedSecrets := GetUpdatedSecretsForPodTemplate(workload.GetAnnotations(), podTemplate, updatedSecrets) + if len(matchedSecrets) == 0 { + continue + } + + for _, secret := range matchedSecrets { + if isSecretSetForAutoRestart(secret, workload, setForAutoRestartByNamespaceMap) { + h.restartWorkload(workload) + break + } + } + log.V(logs.DebugLevel).Info(fmt.Sprintf("%q %q at namespace %q is up to date", workload.GetObjectKind().GroupVersionKind().Kind, workload.GetName(), workload.GetNamespace())) + } } + return nil } -func (h *SecretUpdateHandler) restartDeployment(deployment *appsv1.Deployment) { - log.Info(fmt.Sprintf("Deployment %q at namespace %q references an updated secret. Restarting", deployment.GetName(), deployment.Namespace)) - if deployment.Spec.Template.Annotations == nil { - deployment.Spec.Template.Annotations = map[string]string{} +func (h *SecretUpdateHandler) restartWorkload(workload client.Object) { + var podTemplate *corev1.PodTemplateSpec + + switch obj := workload.(type) { + case *appsv1.Deployment: + podTemplate = &obj.Spec.Template + default: + log.Info("Unsupported workload type for restart", "type", fmt.Sprintf("%T", obj)) + return + } + + log.Info(fmt.Sprintf("%T %q in namespace %q references an updated secret. Restarting", workload, workload.GetName(), workload.GetNamespace())) + + if podTemplate.Annotations == nil { + podTemplate.Annotations = map[string]string{} } - deployment.Spec.Template.Annotations[RestartAnnotation] = time.Now().String() - err := h.client.Update(context.Background(), deployment) + podTemplate.Annotations[RestartAnnotation] = time.Now().Format(time.RFC3339) + + err := h.client.Update(context.Background(), workload) if err != nil { - log.Error(err, "Problem restarting deployment") + log.Error(err, "Problem restarting workload", "name", workload.GetName()) } } @@ -209,47 +243,77 @@ func (h *SecretUpdateHandler) getPathFromOnePasswordItem(secret corev1.Secret) s return secret.Annotations[ItemPathAnnotation] } -func isSecretSetForAutoRestart(secret *corev1.Secret, deployment *appsv1.Deployment, setForAutoRestartByNamespace map[string]bool) bool { - restartDeployment := secret.Annotations[RestartDeploymentsAnnotation] - //If annotation for auto restarts for deployment is not set. Check for the annotation on its namepsace - if restartDeployment == "" { - return isDeploymentSetForAutoRestart(deployment, setForAutoRestartByNamespace) +func isSecretSetForAutoRestart(secret *corev1.Secret, workload client.Object, setForAutoRestartByNamespace map[string]bool) bool { + restartAnnotation := secret.Annotations[AutoRestartWorkloadAnnotation] + if restartAnnotation == "" { + return isWorkloadSetForAutoRestart(workload, setForAutoRestartByNamespace) } - restartDeploymentBool, err := utils.StringToBool(restartDeployment) + restartBool, err := utils.StringToBool(restartAnnotation) if err != nil { - log.Error(err, "Error parsing %v annotation on Secret %v. Must be true or false. Defaulting to false.", RestartDeploymentsAnnotation, secret.Name) + log.Error(err, "Error parsing %v annotation on Secret %v. Must be true or false. Defaulting to false.", AutoRestartWorkloadAnnotation, secret.Name) return false } - return restartDeploymentBool + + return restartBool } -func isDeploymentSetForAutoRestart(deployment *appsv1.Deployment, setForAutoRestartByNamespace map[string]bool) bool { - restartDeployment := deployment.Annotations[RestartDeploymentsAnnotation] - //If annotation for auto restarts for deployment is not set. Check for the annotation on its namepsace - if restartDeployment == "" { - return setForAutoRestartByNamespace[deployment.Namespace] +func isWorkloadSetForAutoRestart(obj client.Object, setForAutoRestartByNamespace map[string]bool) bool { + annotations := obj.GetAnnotations() + namespace := obj.GetNamespace() + name := obj.GetName() + + restartAnnotation := annotations[AutoRestartWorkloadAnnotation] + if restartAnnotation == "" { + return setForAutoRestartByNamespace[namespace] } - restartDeploymentBool, err := utils.StringToBool(restartDeployment) + restartBool, err := utils.StringToBool(restartAnnotation) if err != nil { - log.Error(err, "Error parsing %v annotation on Deployment %v. Must be true or false. Defaulting to false.", RestartDeploymentsAnnotation, deployment.Name) + log.Error(err, "Error parsing %v annotation on %T %v. Must be true or false. Defaulting to false.", AutoRestartWorkloadAnnotation, obj, name) return false } - return restartDeploymentBool + + return restartBool } func (h *SecretUpdateHandler) isNamespaceSetToAutoRestart(namespace *corev1.Namespace) bool { - restartDeployment := namespace.Annotations[RestartDeploymentsAnnotation] + restartWorkload := namespace.Annotations[AutoRestartWorkloadAnnotation] //If annotation for auto restarts for deployment is not set. Check environment variable set on the operator - if restartDeployment == "" { - return h.shouldAutoRestartDeploymentsGlobal + if restartWorkload == "" { + return h.autoRestartWorkloadsGlobally } - restartDeploymentBool, err := utils.StringToBool(restartDeployment) + restartWorkloadBool, err := utils.StringToBool(restartWorkload) if err != nil { - log.Error(err, "Error parsing %v annotation on Namespace %v. Must be true or false. Defaulting to false.", RestartDeploymentsAnnotation, namespace.Name) + log.Error(err, "Error parsing %v annotation on Namespace %v. Must be true or false. Defaulting to false.", AutoRestartWorkloadAnnotation, namespace.Name) return false } - return restartDeploymentBool + return restartWorkloadBool +} + +func GetPodTemplate(obj client.Object) (*corev1.PodTemplateSpec, error) { + switch o := obj.(type) { + case *appsv1.Deployment: + return &o.Spec.Template, nil + default: + return nil, fmt.Errorf("unsupported type %T", obj) + } +} + +func GetUpdatedSecretsForPodTemplate(annotations map[string]string, podTemplate *corev1.PodTemplateSpec, secrets map[string]*corev1.Secret) map[string]*corev1.Secret { + if podTemplate == nil { + return nil + } + + volumes := podTemplate.Spec.Volumes + containers := append([]corev1.Container{}, podTemplate.Spec.Containers...) + containers = append(containers, podTemplate.Spec.InitContainers...) + + updatedSecrets := map[string]*corev1.Secret{} + AppendAnnotationUpdatedSecret(annotations, secrets, updatedSecrets) + AppendUpdatedContainerSecrets(containers, secrets, updatedSecrets) + AppendUpdatedVolumeSecrets(volumes, secrets, updatedSecrets) + + return updatedSecrets } diff --git a/pkg/onepassword/secret_update_handler_test.go b/pkg/onepassword/secret_update_handler_test.go index 68a06a33..1be34240 100644 --- a/pkg/onepassword/secret_update_handler_test.go +++ b/pkg/onepassword/secret_update_handler_test.go @@ -16,6 +16,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/kubectl/pkg/scheme" + "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" ) @@ -35,7 +36,7 @@ const ( type testUpdateSecretTask struct { testName string - existingDeployment *appsv1.Deployment + existingWorkload runtime.Object existingNamespace *corev1.Namespace existingSecret *corev1.Secret expectedError error @@ -64,7 +65,7 @@ var tests = []testUpdateSecretTask{ { testName: "Test unrelated deployment is not restarted with an updated secret", existingNamespace: defaultNamespace, - existingDeployment: &appsv1.Deployment{ + existingWorkload: &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: deploymentKind, APIVersion: deploymentAPIVersion, @@ -111,7 +112,7 @@ var tests = []testUpdateSecretTask{ { testName: "OP item has new version. Secret needs update. Deployment is restarted based on containers", existingNamespace: defaultNamespace, - existingDeployment: &appsv1.Deployment{ + existingWorkload: &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: deploymentKind, APIVersion: deploymentAPIVersion, @@ -180,7 +181,7 @@ var tests = []testUpdateSecretTask{ { testName: "OP item has new version. Secret needs update. Deployment is restarted based on annotation", existingNamespace: defaultNamespace, - existingDeployment: &appsv1.Deployment{ + existingWorkload: &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: deploymentKind, APIVersion: deploymentAPIVersion, @@ -227,7 +228,7 @@ var tests = []testUpdateSecretTask{ { testName: "OP item has new version. Secret needs update. Deployment is restarted based on volume", existingNamespace: defaultNamespace, - existingDeployment: &appsv1.Deployment{ + existingWorkload: &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: deploymentKind, APIVersion: deploymentAPIVersion, @@ -289,7 +290,7 @@ var tests = []testUpdateSecretTask{ { testName: "No secrets need update. No deployment is restarted", existingNamespace: defaultNamespace, - existingDeployment: &appsv1.Deployment{ + existingWorkload: &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: deploymentKind, APIVersion: deploymentAPIVersion, @@ -337,7 +338,7 @@ var tests = []testUpdateSecretTask{ testName: `Deployment is not restarted when no auto restart is set to true for all deployments and is not overwritten by by a namespace or deployment annotation`, existingNamespace: defaultNamespace, - existingDeployment: &appsv1.Deployment{ + existingWorkload: &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: deploymentKind, APIVersion: deploymentAPIVersion, @@ -406,7 +407,7 @@ var tests = []testUpdateSecretTask{ { testName: `Secret autostart true value takes precedence over false deployment value`, existingNamespace: defaultNamespace, - existingDeployment: &appsv1.Deployment{ + existingWorkload: &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: deploymentKind, APIVersion: deploymentAPIVersion, @@ -415,7 +416,7 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - RestartDeploymentsAnnotation: "false", + AutoRestartWorkloadAnnotation: "false", }, }, Spec: appsv1.DeploymentSpec{ @@ -450,9 +451,9 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: "old version", - ItemPathAnnotation: itemPath, - RestartDeploymentsAnnotation: "true", + VersionAnnotation: "old version", + ItemPathAnnotation: itemPath, + AutoRestartWorkloadAnnotation: "true", }, }, Data: expectedSecretData, @@ -463,9 +464,9 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: fmt.Sprint(itemVersion), - ItemPathAnnotation: itemPath, - RestartDeploymentsAnnotation: "true", + VersionAnnotation: fmt.Sprint(itemVersion), + ItemPathAnnotation: itemPath, + AutoRestartWorkloadAnnotation: "true", }, }, Data: expectedSecretData, @@ -480,7 +481,7 @@ var tests = []testUpdateSecretTask{ { testName: `Secret autostart true value takes precedence over false deployment value`, existingNamespace: defaultNamespace, - existingDeployment: &appsv1.Deployment{ + existingWorkload: &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: deploymentKind, APIVersion: deploymentAPIVersion, @@ -489,7 +490,7 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - RestartDeploymentsAnnotation: "true", + AutoRestartWorkloadAnnotation: "true", }, }, Spec: appsv1.DeploymentSpec{ @@ -524,9 +525,9 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: "old version", - ItemPathAnnotation: itemPath, - RestartDeploymentsAnnotation: "false", + VersionAnnotation: "old version", + ItemPathAnnotation: itemPath, + AutoRestartWorkloadAnnotation: "false", }, }, Data: expectedSecretData, @@ -537,9 +538,9 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: fmt.Sprint(itemVersion), - ItemPathAnnotation: itemPath, - RestartDeploymentsAnnotation: "false", + VersionAnnotation: fmt.Sprint(itemVersion), + ItemPathAnnotation: itemPath, + AutoRestartWorkloadAnnotation: "false", }, }, Data: expectedSecretData, @@ -554,7 +555,7 @@ var tests = []testUpdateSecretTask{ { testName: `Deployment autostart true value takes precedence over false global auto restart value`, existingNamespace: defaultNamespace, - existingDeployment: &appsv1.Deployment{ + existingWorkload: &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: deploymentKind, APIVersion: deploymentAPIVersion, @@ -563,7 +564,7 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - RestartDeploymentsAnnotation: "true", + AutoRestartWorkloadAnnotation: "true", }, }, Spec: appsv1.DeploymentSpec{ @@ -630,11 +631,11 @@ var tests = []testUpdateSecretTask{ ObjectMeta: metav1.ObjectMeta{ Name: namespace, Annotations: map[string]string{ - RestartDeploymentsAnnotation: "true", + AutoRestartWorkloadAnnotation: "true", }, }, }, - existingDeployment: &appsv1.Deployment{ + existingWorkload: &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: deploymentKind, APIVersion: deploymentAPIVersion, @@ -643,7 +644,7 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - RestartDeploymentsAnnotation: "false", + AutoRestartWorkloadAnnotation: "false", }, }, Spec: appsv1.DeploymentSpec{ @@ -709,11 +710,11 @@ var tests = []testUpdateSecretTask{ ObjectMeta: metav1.ObjectMeta{ Name: namespace, Annotations: map[string]string{ - RestartDeploymentsAnnotation: "true", + AutoRestartWorkloadAnnotation: "true", }, }, }, - existingDeployment: &appsv1.Deployment{ + existingWorkload: &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: deploymentKind, APIVersion: deploymentAPIVersion, @@ -787,11 +788,11 @@ func TestUpdateSecretHandler(t *testing.T) { // Register operator types with the runtime scheme. s := scheme.Scheme - s.AddKnownTypes(appsv1.SchemeGroupVersion, testData.existingDeployment) + s.AddKnownTypes(appsv1.SchemeGroupVersion, testData.existingWorkload) // Objects to track in the fake client. objs := []runtime.Object{ - testData.existingDeployment, + testData.existingWorkload, testData.existingNamespace, } @@ -813,9 +814,9 @@ func TestUpdateSecretHandler(t *testing.T) { return &item, nil } h := &SecretUpdateHandler{ - client: cl, - opConnectClient: opConnectClient, - shouldAutoRestartDeploymentsGlobal: testData.globalAutoRestartEnabled, + client: cl, + opConnectClient: opConnectClient, + autoRestartWorkloadsGlobally: testData.globalAutoRestartEnabled, } err := h.UpdateKubernetesSecretsTask() @@ -824,7 +825,7 @@ func TestUpdateSecretHandler(t *testing.T) { var expectedSecretName string if testData.expectedResultSecret == nil { - expectedSecretName = testData.existingDeployment.Name + expectedSecretName = testData.existingWorkload.(client.Object).GetName() } else { expectedSecretName = testData.expectedResultSecret.Name } @@ -845,7 +846,7 @@ func TestUpdateSecretHandler(t *testing.T) { //check if deployment has been restarted deployment := &appsv1.Deployment{} - err = cl.Get(context.TODO(), types.NamespacedName{Name: testData.existingDeployment.Name, Namespace: namespace}, deployment) + err = cl.Get(context.TODO(), types.NamespacedName{Name: testData.existingWorkload.(client.Object).GetName(), Namespace: namespace}, deployment) _, ok := deployment.Spec.Template.Annotations[RestartAnnotation] if ok { @@ -854,7 +855,7 @@ func TestUpdateSecretHandler(t *testing.T) { assert.False(t, testData.expectedRestart, "Deployment was restarted but should not have been.") } - oldPodTemplateAnnotations := testData.existingDeployment.Spec.Template.ObjectMeta.Annotations + oldPodTemplateAnnotations := getPodTemplateAnnotations(testData.existingWorkload) newPodTemplateAnnotations := deployment.Spec.Template.Annotations for name, expected := range oldPodTemplateAnnotations { actual, ok := newPodTemplateAnnotations[name] @@ -867,8 +868,16 @@ func TestUpdateSecretHandler(t *testing.T) { } } -func TestIsUpdatedSecret(t *testing.T) { +func getPodTemplateAnnotations(obj runtime.Object) map[string]string { + switch o := obj.(type) { + case *appsv1.Deployment: + return o.Spec.Template.Annotations + default: + return map[string]string{} + } +} +func TestIsUpdatedSecret(t *testing.T) { secretName := "test-secret" updatedSecrets := map[string]*corev1.Secret{ "some_secret": {},