From e1f300b5ee3fd431bdce7949cb34d8ee6740cf72 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Jul 2024 23:51:16 +0000 Subject: [PATCH] Update secretsencrypt pagination Make secretsencrypt page size and iteration consistent with other paginators Signed-off-by: Brad Davidson --- pkg/secretsencrypt/controller.go | 46 +++++++++++++++----------------- 1 file changed, 21 insertions(+), 25 deletions(-) diff --git a/pkg/secretsencrypt/controller.go b/pkg/secretsencrypt/controller.go index 070c420ddf57..03976d7f9e02 100644 --- a/pkg/secretsencrypt/controller.go +++ b/pkg/secretsencrypt/controller.go @@ -2,6 +2,7 @@ package secretsencrypt import ( "context" + "errors" "fmt" "strings" @@ -12,7 +13,6 @@ import ( "github.com/sirupsen/logrus" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" @@ -30,6 +30,8 @@ const ( secretsProgressEvent string = "SecretsProgress" secretsUpdateCompleteEvent string = "SecretsUpdateComplete" secretsUpdateErrorEvent string = "SecretsUpdateError" + + secretListPageSize = 20 ) type handler struct { @@ -116,7 +118,7 @@ func (h *handler) onChangeNode(nodeName string, node *corev1.Node) (*corev1.Node return node, err } - if err := h.updateSecrets(node); err != nil { + if err := h.updateSecrets(nodeRef); err != nil { h.recorder.Event(nodeRef, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) return node, err } @@ -213,36 +215,30 @@ func (h *handler) validateReencryptStage(node *corev1.Node, annotation string) ( return true, nil } -func (h *handler) updateSecrets(node *corev1.Node) error { - nodeRef := &corev1.ObjectReference{ - Kind: "Node", - Name: node.Name, - UID: types.UID(node.Name), - Namespace: "", - } +func (h *handler) updateSecrets(nodeRef *corev1.ObjectReference) error { secretPager := pager.New(pager.SimplePageFunc(func(opts metav1.ListOptions) (runtime.Object, error) { - return h.secrets.List("", opts) + return h.secrets.List(metav1.NamespaceAll, opts) })) - secretsList, _, err := secretPager.List(h.ctx, metav1.ListOptions{}) - if err != nil { - return err - } + secretPager.PageSize = secretListPageSize + i := 0 - err = meta.EachListItem(secretsList, func(obj runtime.Object) error { - if secret, ok := obj.(*corev1.Secret); ok { - if _, err := h.secrets.Update(secret); err != nil && !apierrors.IsConflict(err) { - return fmt.Errorf("failed to update secret: %v", err) - } - if i != 0 && i%10 == 0 { - h.recorder.Eventf(nodeRef, corev1.EventTypeNormal, secretsProgressEvent, "reencrypted %d secrets", i) - } - i++ + if err := secretPager.EachListItem(h.ctx, metav1.ListOptions{}, func(obj runtime.Object) error { + secret, ok := obj.(*corev1.Secret) + if !ok { + return errors.New("failed to convert object to Secret") + } + if _, err := h.secrets.Update(secret); err != nil && !apierrors.IsConflict(err) { + return fmt.Errorf("failed to update secret: %v", err) } + if i != 0 && i%10 == 0 { + h.recorder.Eventf(nodeRef, corev1.EventTypeNormal, secretsProgressEvent, "reencrypted %d secrets", i) + } + i++ return nil - }) - if err != nil { + }); err != nil { return err } + h.recorder.Eventf(nodeRef, corev1.EventTypeNormal, secretsUpdateCompleteEvent, "completed reencrypt of %d secrets", i) return nil }