Fix bug where secret was not properly named

We were prepending the Kubernetes namespace name to the expected secret name when adminSecretKeyVault was empty in the spec but not when it was specified. This doesn't make any sense so moved to always prepend the secret name with the Kubernetes namespace name. IMPORTANT: This could break customers when we release an updated version of the operator so we need to document it clearly.
Azure · Jan 13, 2021 · 063790d · 063790d
1 parent 7bc786e
commit 063790d
Show file tree

Hide file tree

Showing 9 changed files with 401 additions and 120 deletions.
diff --git a/controllers/async_controller.go b/controllers/async_controller.go
@@ -72,16 +72,16 @@ func (r *AsyncReconciler) Reconcile(req ctrl.Request, obj runtime.Object) (resul
 	var keyvaultSecretClient secrets.SecretClient
 
 	// Determine if we need to check KeyVault for secrets
-	KeyVaultName := keyvaultsecretlib.GetKeyVaultName(obj)
+	keyVaultName := keyvaultsecretlib.GetKeyVaultName(obj)
 
-	if len(KeyVaultName) != 0 {
+	if len(keyVaultName) != 0 {
 		// Instantiate the KeyVault Secret Client
-		keyvaultSecretClient = keyvaultsecretlib.New(KeyVaultName, config.GlobalCredentials())
+		keyvaultSecretClient = keyvaultsecretlib.New(keyVaultName, config.GlobalCredentials())
 
 		r.Telemetry.LogInfoByInstance("status", "ensuring vault", req.String())
 
 		if !keyvaultsecretlib.IsKeyVaultAccessible(keyvaultSecretClient) {
-			r.Telemetry.LogInfoByInstance("requeuing", "awaiting vault verification", req.String())
+			r.Telemetry.LogInfoByInstance("requeing", "awaiting vault verification", req.String())
 
 			// update the status of the resource in kubernetes
 			status.Message = "Waiting for secretclient keyvault to be available"
@@ -118,7 +118,7 @@ func (r *AsyncReconciler) Reconcile(req ctrl.Request, obj runtime.Object) (resul
 		}
 	} else {
 		if HasFinalizer(res, finalizerName) {
-			if len(KeyVaultName) != 0 { //KeyVault was specified in Spec, so use that for secrets
+			if len(keyVaultName) != 0 { // keyVault was specified in Spec, so use that for secrets
 				configOptions = append(configOptions, resourcemanager.WithSecretClient(keyvaultSecretClient))
 			}
 			found, deleteErr := r.AzureClient.Delete(ctx, obj, configOptions...)
@@ -158,7 +158,7 @@ func (r *AsyncReconciler) Reconcile(req ctrl.Request, obj runtime.Object) (resul
 
 	r.Telemetry.LogInfoByInstance("status", "reconciling object", req.String())
 
-	if len(KeyVaultName) != 0 { //KeyVault was specified in Spec, so use that for secrets
+	if len(keyVaultName) != 0 { //KeyVault was specified in Spec, so use that for secrets
 		configOptions = append(configOptions, resourcemanager.WithSecretClient(keyvaultSecretClient))
 	}
 

diff --git a/controllers/keyvault_controller_test.go b/controllers/keyvault_controller_test.go
@@ -407,8 +407,8 @@ func TestKeyvaultControllerBadAccessPolicy(t *testing.T) {
 			Namespace: "default",
 		},
 		Spec: azurev1alpha1.KeyVaultSpec{
-			Location:      keyVaultLocation,
-			ResourceGroup: tc.resourceGroupName,
+			Location:       keyVaultLocation,
+			ResourceGroup:  tc.resourceGroupName,
 			AccessPolicies: &accessPolicies,
 		},
 	}

diff --git a/controllers/suite_test.go b/controllers/suite_test.go
@@ -153,9 +153,9 @@ func setup() error {
 
 	// +kubebuilder:scaffold:scheme
 	k8sManager, err = ctrl.NewManager(cfg, ctrl.Options{
-		Scheme: scheme.Scheme,
-		CertDir:            testEnv.WebhookInstallOptions.LocalServingCertDir,
-		Port:               testEnv.WebhookInstallOptions.LocalServingPort,
+		Scheme:  scheme.Scheme,
+		CertDir: testEnv.WebhookInstallOptions.LocalServingCertDir,
+		Port:    testEnv.WebhookInstallOptions.LocalServingPort,
 	})
 	if err != nil {
 		return err

diff --git a/go.mod b/go.mod
@@ -3,6 +3,7 @@ module github.com/Azure/azure-service-operator
 go 1.13
 
 require (
+	github.com/AlekSi/gocov-xml v0.0.0-20190121064608-3a14fb1c4737 // indirect
 	github.com/Azure/aad-pod-identity v1.6.3
 	github.com/Azure/azure-sdk-for-go v44.0.0+incompatible
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
@@ -13,38 +14,51 @@ require (
 	github.com/Azure/go-autorest/autorest/to v0.4.0
 	github.com/Azure/go-autorest/autorest/validation v0.3.0
 	github.com/Azure/go-autorest/tracing v0.6.0
+	github.com/axw/gocov v1.0.0 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/denisenkom/go-mssqldb v0.0.0-20200206145737-bbfc9a55622e
 	github.com/fsnotify/fsnotify v1.4.9 // indirect
 	github.com/go-logr/logr v0.1.0
 	github.com/go-sql-driver/mysql v1.5.0
 	github.com/gobuffalo/envy v1.7.0
-	github.com/google/go-cmp v0.4.0
+	github.com/google/go-cmp v0.5.2
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/google/uuid v1.1.1
 	github.com/hashicorp/go-multierror v1.0.0
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/imdario/mergo v0.3.9 // indirect
+	github.com/json-iterator/go v1.1.10 // indirect
+	github.com/jstemmer/go-junit-report v0.9.1 // indirect
 	github.com/lib/pq v1.6.0
 	github.com/marstr/randname v0.0.0-20181206212954-d5b0f288ab8c
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/mitchellh/mapstructure v1.3.0 // indirect
 	github.com/onsi/ginkgo v1.12.1
 	github.com/onsi/gomega v1.10.1
-	github.com/pelletier/go-toml v1.7.0 // indirect
-	github.com/pkg/errors v0.8.1
+	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.0.0
+	github.com/prometheus/procfs v0.0.11 // indirect
 	github.com/satori/go.uuid v1.2.0
 	github.com/sethvargo/go-password v0.1.2
 	github.com/spf13/cast v1.3.1 // indirect
 	github.com/spf13/cobra v1.0.0
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/viper v1.6.3
-	github.com/stretchr/testify v1.5.1
+	github.com/stretchr/testify v1.6.1
+	github.com/wadey/gocovmerge v0.0.0-20160331181800-b5bfa59ec0ad // indirect
 	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
-	golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7
-	golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 // indirect
+	golang.org/x/net v0.0.0-20200625001655-4c5254603344
+	golang.org/x/text v0.3.3 // indirect
+	gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e // indirect
 	gopkg.in/ini.v1 v1.55.0 // indirect
 	k8s.io/api v0.18.6
-	k8s.io/apimachinery v0.18.6
+	k8s.io/apimachinery v0.18.8
+	k8s.io/apiserver v0.18.6 // indirect
 	k8s.io/client-go v0.18.6
-	sigs.k8s.io/controller-runtime v0.6.2
-	sigs.k8s.io/controller-tools v0.2.5 // indirect
+	k8s.io/utils v0.0.0-20200603063816-c1c6865ac451 // indirect
+	sigs.k8s.io/controller-runtime v0.6.0
+	sigs.k8s.io/controller-tools v0.4.0 // indirect
+	sigs.k8s.io/kind v0.9.0 // indirect
+	sigs.k8s.io/kustomize/kustomize/v3 v3.8.6 // indirect
+	sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06 // indirect
 )