immutable fields

Author: git-hyagi

config/samples/simple-external-cache.yaml

@@ -1,34 +1,28 @@
-apiVersion: repo-manager.pulpproject.org/v1beta2
+---
+apiVersion: v1
+data:
+  REDIS_DB: ""
+  REDIS_HOST: bXktcmVkaXMtaG9zdC5leGFtcGxlLmNvbQ==
+  REDIS_PASSWORD: ""
+  REDIS_PORT: NjM3OQ==
+kind: Secret
+metadata:
+  name: external-redis
+type: Opaque
+
+---
+apiVersion: repo-manager.pulpproject.org/v1
 kind: Pulp
 metadata:
   name: pulp
 spec:
-  deployment_type: pulp
-  image_version: stable
-  image_web_version: stable
-  api:
-    replicas: 1
-  content:
-    replicas: 1
-  worker:
-    replicas: 1
-  web:
-    replicas: 1
+
+  database:
+    external_db_secret: external-database
 
   file_storage_access_mode: "ReadWriteOnce"
   file_storage_size: "2Gi"
   file_storage_storage_class: standard
-  signing_secret: "signing-galaxy"
-  signing_scripts: "signing-scripts"
-  image_web: "quay.io/pulp/galaxy-web"
-
-  ingress_type: nodeport
-  pulp_settings:
-    api_root: "/pulp/"
-    allowed_export_paths:
-      - /tmp
-    allowed_import_paths:
-      - /tmp
 
   cache:
     enabled: true

controllers/deployment.go

@@ -17,7 +17,6 @@ limitations under the License.
 package controllers
 
 import (
-	"context"
 	"os"
 	"reflect"
 	"strconv"
@@ -1108,7 +1107,7 @@ func (d *CommonDeployment) setTelemetryConfig(resources any, pulpcoreType settin
 func AddHashLabel(r FunctionResources, deployment *appsv1.Deployment) {
 	// if the object does not exist yet we need to mutate the object to get the
 	// default values (I think they are added by the admission controller)
-	if err := r.Create(context.TODO(), deployment, client.DryRunAll); err != nil {
+	if err := r.Create(r.Context, deployment, client.DryRunAll); err != nil {
 		SetHashLabel(HashFromMutated(deployment, r), deployment)
 	} else {
 		SetHashLabel(CalculateHash(deployment.Spec), deployment)

controllers/repo_manager/job.go

@@ -41,11 +41,11 @@ func (r *RepoManagerReconciler) updateAdminPasswordJob(ctx context.Context, pulp
 		log.Error(err, "Failed to find "+adminSecretName+" Secret!")
 	}
 
-	// if the secret is already set (it is not the first execution) and it
+	// if the secret is the same and its content
 	// didn't change, there is nothing to do
 	calculatedHash := controllers.CalculateHash(adminSecret.Data)
 	currentHash := controllers.GetCurrentHash(adminSecret)
-	if pulp.Status.AdminPasswordSecret != "" && currentHash == calculatedHash {
+	if pulp.Status.AdminPasswordSecret == pulp.Spec.AdminPasswordSecret && currentHash == calculatedHash {
 		return
 	}
 

controllers/repo_manager/precheck.go

@@ -60,9 +60,9 @@ func prechecks(ctx context.Context, r *RepoManagerReconciler, pulp *pulpv1.Pulp)
 	}
 
 	// verify if a change in an immutable field has been tried
-	if reconcile := checkImmutableFields(ctx, r, pulp); reconcile != nil {
-		return reconcile, nil
-	}
+	//if reconcile := checkImmutableFields(ctx, r, pulp); reconcile != nil {
+	//	return reconcile, nil
+	//}
 
 	// verify if all secrets defined in pulp cr are available
 	if reconcile := checkSecretsAvailability(ctx, r, pulp); reconcile != nil {

controllers/repo_manager/secret.go

@@ -109,7 +109,7 @@ func (r *RepoManagerReconciler) createSecrets(ctx context.Context, pulp *pulpv1.
 	expectedServerSecret := pulpServerSecret(funcResources)
 	if requeue, err := controllers.ReconcileObject(funcResources, expectedServerSecret, serverSecret, conditionType, controllers.PulpSecret{}); err != nil || requeue {
 		// restart pulpcore pods if the secret has changed
-		r.restartPulpCorePods(pulp)
+		r.restartPulpCorePods(ctx, pulp)
 		return &ctrl.Result{Requeue: requeue}, err
 	}
 
@@ -464,7 +464,7 @@ func secretKeySettings(resources controllers.FunctionResources, pulpSettings *st
 		return
 	}
 
-	*pulpSettings = *pulpSettings + fmt.Sprintln("SECRET_KEY = \""+secretKey["secret_key"]+"\"")
+	*pulpSettings = *pulpSettings + fmt.Sprintf("SECRET_KEY = \"%v\"\n", secretKey["secret_key"])
 }
 
 // allowedContentChecksumsSettings appends the allowed_content_checksums into pulpSettings

controllers/repo_manager/status.go

@@ -141,7 +141,7 @@ func (r *RepoManagerReconciler) setStatusConditions(ctx context.Context, pulp *p
 			Message:            "All tasks ran successfully",
 		})
 
-		if err := r.Status().Update(context.Background(), pulp); err != nil && errors.IsConflict(err) {
+		if err := r.Status().Update(ctx, pulp); err != nil && errors.IsConflict(err) {
 			log.V(1).Info("Failed to update pulp status", "error", err)
 			return &ctrl.Result{Requeue: true}
 		}
@@ -236,7 +236,7 @@ func objS3SecretCondition() func(*pulpv1.Pulp) bool {
 // dbFieldsEncrSecretCondition returns the function to verify if a new pulp.Status.DBFieldsEncryptionSecret should be set
 func dbFieldsEncrSecretCondition() func(*pulpv1.Pulp) bool {
 	return func(pulp *pulpv1.Pulp) bool {
-		return len(pulp.Status.DBFieldsEncryptionSecret) == 0 && len(pulp.Spec.DBFieldsEncryptionSecret) > 0
+		return len(pulp.Status.DBFieldsEncryptionSecret) == 0 || pulp.Spec.DBFieldsEncryptionSecret != pulp.Status.DBFieldsEncryptionSecret
 	}
 }
 
@@ -248,21 +248,21 @@ func ingressTypeCondition() func(*pulpv1.Pulp) bool {
 // containerTokenSecretCondition returns the function to verify if a new pulp.Status.ContainerTokenSecret should be set
 func containerTokenSecretCondition() func(*pulpv1.Pulp) bool {
 	return func(pulp *pulpv1.Pulp) bool {
-		return len(pulp.Status.ContainerTokenSecret) == 0 && len(pulp.Spec.ContainerTokenSecret) > 0
+		return len(pulp.Status.ContainerTokenSecret) == 0 || pulp.Spec.ContainerTokenSecret != pulp.Status.ContainerTokenSecret
 	}
 }
 
 // adminPwdSecretCondition returns the function to verify if a new pulp.Status.AdminPasswordSecret should be set
 func adminPwdSecretCondition() func(*pulpv1.Pulp) bool {
 	return func(pulp *pulpv1.Pulp) bool {
-		return len(pulp.Status.AdminPasswordSecret) == 0 && len(pulp.Spec.AdminPasswordSecret) > 0
+		return len(pulp.Status.AdminPasswordSecret) == 0 || pulp.Spec.AdminPasswordSecret != pulp.Status.AdminPasswordSecret
 	}
 }
 
 // externalCacheSecretCondition returns the function to verify if a new pulp.Status.ExternalCacheSecret should be set
 func externalCacheSecretCondition() func(*pulpv1.Pulp) bool {
 	return func(pulp *pulpv1.Pulp) bool {
-		return len(pulp.Status.ExternalCacheSecret) == 0 && len(pulp.Spec.Cache.ExternalCacheSecret) > 0
+		return len(pulp.Status.ExternalCacheSecret) == 0 || pulp.Spec.Cache.ExternalCacheSecret != pulp.Status.ExternalCacheSecret
 	}
 }
 
@@ -283,7 +283,7 @@ func telemetryEnabledCondition() func(*pulpv1.Pulp) bool {
 // pulpSecretKeyCondition returns the function to verify if a new pulp.Status.PulpSecretKey should be set
 func pulpSecretKeyCondition() func(*pulpv1.Pulp) bool {
 	return func(pulp *pulpv1.Pulp) bool {
-		return len(pulp.Status.PulpSecretKey) == 0 && len(pulp.Spec.PulpSecretKey) > 0
+		return len(pulp.Status.PulpSecretKey) == 0 || pulp.Spec.PulpSecretKey != pulp.Status.PulpSecretKey
 	}
 }
 

controllers/repo_manager/utils.go

@@ -458,7 +458,7 @@ func (r *RepoManagerReconciler) findPulpDependentObjects(ctx context.Context, ob
 		FieldSelector: fields.OneTermEqualSelector("objects", obj.GetName()),
 		Namespace:     obj.GetNamespace(),
 	}
-	if err := r.List(context.TODO(), &associatedPulp, opts); err != nil {
+	if err := r.List(ctx, &associatedPulp, opts); err != nil {
 		return []reconcile.Request{}
 	}
 	if len(associatedPulp.Items) > 0 {
@@ -474,11 +474,10 @@ func (r *RepoManagerReconciler) findPulpDependentObjects(ctx context.Context, ob
 }
 
 // restartPulpCorePods will redeploy all pulpcore (API,content,worker) pods.
-func (r *RepoManagerReconciler) restartPulpCorePods(pulp *pulpv1.Pulp) {
-	log := r.RawLogger
-	log.Info("Reprovisioning pulpcore pods to get the new settings ...")
+func (r *RepoManagerReconciler) restartPulpCorePods(ctx context.Context, pulp *pulpv1.Pulp) {
+	r.RawLogger.Info("Reprovisioning pulpcore pods to get the new settings ...")
 	pulp.Status.LastDeploymentUpdate = time.Now().Format(time.RFC3339)
-	r.Status().Update(context.TODO(), pulp)
+	r.Status().Update(ctx, pulp)
 }
 
 // runMigration deploys a k8s Job to run django migrations in case of pulpcore image change
@@ -630,7 +629,7 @@ func (r *RepoManagerReconciler) runSigningSecretTasks(ctx context.Context, pulp
 		return nil
 	}
 
-	r.restartPulpCorePods(pulp)
+	r.restartPulpCorePods(ctx, pulp)
 	secret := &corev1.Secret{}
 	if err := r.Get(ctx, types.NamespacedName{Name: secretName, Namespace: pulp.Namespace}, secret); err != nil {
 		r.RawLogger.Error(err, "Failed to find "+secretName+" Secret!")

controllers/utils.go

@@ -814,7 +814,7 @@ func GetCurrentHash(obj client.Object) string {
 func HashFromMutated(dep *appsv1.Deployment, resources FunctionResources) string {
 	// execute a "dry run" to update the local "deploy" variable with all
 	// mutated configurations
-	resources.Update(context.TODO(), dep, client.DryRunAll)
+	resources.Update(resources.Context, dep, client.DryRunAll)
 	return CalculateHash(dep.Spec)
 }