Allow stripping manifest from the CR status (#18)

Author: misberner

pkg/reconciler/reconciler.go

@@ -81,6 +81,8 @@ type Reconciler struct {
 	markFailedAfter         time.Duration
 	maxHistory              int
 
+	stripManifestFromStatus bool
+
 	annotSetupOnce       sync.Once
 	annotations          map[string]struct{}
 	installAnnotations   map[string]annotation.Install
@@ -265,6 +267,17 @@ func SkipDependentWatches(skip bool) Option {
 	}
 }
 
+// StripManifestFromStatus is an Option that configures whether the manifest
+// should be removed from the automatically populated status.
+// This is recommended if the manifest might return sensitive data (i.e.,
+// secrets).
+func StripManifestFromStatus(strip bool) Option {
+	return func(r *Reconciler) error {
+		r.stripManifestFromStatus = strip
+		return nil
+	}
+}
+
 // WithMaxConcurrentReconciles is an Option that configures the number of
 // concurrent reconciles that the controller will run.
 //
@@ -528,7 +541,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (res ctrl.
 	if errors.Is(err, driver.ErrReleaseNotFound) {
 		u.UpdateStatus(updater.EnsureCondition(conditions.Deployed(corev1.ConditionFalse, "", "")))
 	} else if err == nil {
-		ensureDeployedRelease(&u, rel)
+		r.ensureDeployedRelease(&u, rel)
 	}
 	u.UpdateStatus(updater.EnsureCondition(conditions.Initialized(corev1.ConditionTrue, "", "")))
 
@@ -615,7 +628,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (res ctrl.
 		}
 	}
 
-	ensureDeployedRelease(&u, rel)
+	r.ensureDeployedRelease(&u, rel)
 	u.UpdateStatus(
 		updater.EnsureCondition(conditions.ReleaseFailed(corev1.ConditionFalse, "", "")),
 		updater.EnsureCondition(conditions.Irreconcilable(corev1.ConditionFalse, "", "")),
@@ -943,7 +956,7 @@ func (r *Reconciler) setupWatches(mgr ctrl.Manager, c controller.Controller) err
 	return nil
 }
 
-func ensureDeployedRelease(u *updater.Updater, rel *release.Release) {
+func (r *Reconciler) ensureDeployedRelease(u *updater.Updater, rel *release.Release) {
 	reason := conditions.ReasonInstallSuccessful
 	message := "release was successfully installed"
 	if rel.Version > 1 {
@@ -953,6 +966,13 @@ func ensureDeployedRelease(u *updater.Updater, rel *release.Release) {
 	if rel.Info != nil && len(rel.Info.Notes) > 0 {
 		message = rel.Info.Notes
 	}
+
+	if r.stripManifestFromStatus {
+		relCopy := *rel
+		relCopy.Manifest = ""
+		rel = &relCopy
+	}
+
 	u.Update(updater.EnsureFinalizer(uninstallFinalizer))
 	u.UpdateStatus(
 		updater.EnsureCondition(conditions.Deployed(corev1.ConditionTrue, reason, message)),

pkg/reconciler/reconciler_test.go

@@ -154,6 +154,16 @@ var _ = Describe("Reconciler", func() {
 				Expect(r.skipDependentWatches).To(Equal(true))
 			})
 		})
+		var _ = Describe("StripManifestFromStatus", func() {
+			It("should set to false", func() {
+				Expect(StripManifestFromStatus(false)(r)).To(Succeed())
+				Expect(r.stripManifestFromStatus).To(Equal(false))
+			})
+			It("should set to true", func() {
+				Expect(StripManifestFromStatus(true)(r)).To(Succeed())
+				Expect(r.stripManifestFromStatus).To(Equal(true))
+			})
+		})
 		var _ = Describe("WithMaxConcurrentReconciles", func() {
 			It("should set the reconciler max concurrent reconciled", func() {
 				Expect(WithMaxConcurrentReconciles(1)(r)).To(Succeed())