Fix bug where we could fail to emit user requested secrets or configmaps

If the user requests a particular secret or configmap value be written, we should error if we are unable to write it and retry.
Azure · Apr 8, 2024 · ca1ba70 · ca1ba70
1 parent 8e03d50
commit ca1ba70
Show file tree

Hide file tree

Showing 7 changed files with 3,805 additions and 14 deletions.
diff --git a/v2/internal/controllers/edge_case_test.go b/v2/internal/controllers/edge_case_test.go
@@ -14,10 +14,13 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
+	documentdb "github.com/Azure/azure-service-operator/v2/api/documentdb/v1api20210515"
 	network "github.com/Azure/azure-service-operator/v2/api/network/v1api20201101"
 	resources "github.com/Azure/azure-service-operator/v2/api/resources/v1api20200601"
 	"github.com/Azure/azure-service-operator/v2/internal/testcommon"
 	"github.com/Azure/azure-service-operator/v2/internal/util/to"
+	"github.com/Azure/azure-service-operator/v2/pkg/common/annotations"
+	"github.com/Azure/azure-service-operator/v2/pkg/genruntime"
 	"github.com/Azure/azure-service-operator/v2/pkg/genruntime/conditions"
 )
 
@@ -277,3 +280,66 @@ func Test_Owner_IsMutableIfNotSuccessfullyCreated(t *testing.T) {
 	// Delete the account
 	tc.DeleteResourceAndWait(acct)
 }
+
+func Test_CreateCosmosAccountWithSkipReconcile_SecretsAreWritten(t *testing.T) {
+	t.Parallel()
+	tc := globalTestContext.ForTest(t)
+
+	rg := tc.CreateTestResourceGroupAndWait()
+	cosmosSecret1 := "keys1"
+
+	// Custom namer because cosmosdb accounts have stricter name
+	// requirements - no hyphens allowed.
+	// Create a Cosmos DB account
+	offerType := documentdb.DatabaseAccountOfferType_Standard
+	kind := documentdb.DatabaseAccount_Kind_Spec_GlobalDocumentDB
+	acct := &documentdb.DatabaseAccount{
+		ObjectMeta: tc.MakeObjectMetaWithName(tc.NoSpaceNamer.GenerateName("sqlacct")),
+		Spec: documentdb.DatabaseAccount_Spec{
+			Location:                 tc.AzureRegion,
+			Owner:                    testcommon.AsOwner(rg),
+			Kind:                     &kind,
+			DatabaseAccountOfferType: &offerType,
+			Locations: []documentdb.Location{
+				{
+					LocationName: tc.AzureRegion,
+				},
+			},
+			OperatorSpec: &documentdb.DatabaseAccountOperatorSpec{
+				Secrets: &documentdb.DatabaseAccountOperatorSecrets{
+					PrimaryMasterKey: &genruntime.SecretDestination{
+						Name: cosmosSecret1,
+						Key:  "primarymasterkey",
+					},
+					PrimaryReadonlyMasterKey: &genruntime.SecretDestination{
+						Name: cosmosSecret1,
+						Key:  "primaryreadonlymasterkey",
+					},
+					DocumentEndpoint: &genruntime.SecretDestination{
+						Name: cosmosSecret1,
+						Key:  "endpoint",
+					},
+				},
+			},
+		},
+	}
+
+	cosmosSecret2 := "keys2"
+	skipAcct := acct.DeepCopy()
+	skipAcct.Spec.AzureName = skipAcct.Name
+	skipAcct.Name = skipAcct.Name + "-skip" // So we don't collide
+	skipAcct.Spec.OperatorSpec.Secrets.PrimaryMasterKey.Name = cosmosSecret2
+	skipAcct.Spec.OperatorSpec.Secrets.PrimaryReadonlyMasterKey.Name = cosmosSecret2
+	skipAcct.Spec.OperatorSpec.Secrets.DocumentEndpoint.Name = cosmosSecret2
+	skipAcct.Annotations = map[string]string{
+		annotations.ReconcilePolicy: string(annotations.ReconcilePolicySkip),
+	}
+
+	tc.ExportAsSampleNamed(acct, "s1")
+	tc.ExportAsSampleNamed(skipAcct, "s2")
+
+	tc.CreateResourcesAndWait(acct, skipAcct)
+
+	tc.ExpectSecretHasKeys(cosmosSecret1, "primarymasterkey", "primaryreadonlymasterkey", "endpoint")
+	tc.ExpectSecretHasKeys(cosmosSecret2, "primarymasterkey", "primaryreadonlymasterkey", "endpoint")
+}