Check for changes using DeepDerivative (#13)

Co-authored-by: Carl Hedgren <carl.hedgren@nav.no>

Makefile

@@ -17,7 +17,7 @@ SHELL = /usr/bin/env bash -o pipefail
 .SHELLFLAGS = -ec
 
 .PHONY: all
-all: generate manifests helm build 
+all: generate manifests helm build
 
 ##@ General
 
@@ -119,11 +119,12 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified
 .PHONY: deploy
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default | kubectl apply -f -
+	$(KUSTOMIZE) build config/localhost | kubectl apply -f -
 
 .PHONY: restart
 restart: manifests kustomize ## Restart controller in the K8s cluster specified in ~/.kube/config.
 	kubectl rollout restart deployment/unleasherator-controller-manager -n unleasherator-system
+	kubectl rollout status deployment/unleasherator-controller-manager -n unleasherator-system --timeout=60s
 
 .PHONY: logs
 logs: manifests kustomize ## Show logs for controller in the K8s cluster specified in ~/.kube/config.

README.md

@@ -6,13 +6,11 @@ Currently supports the following resources:
 
 - [x] [Unleash](./docs/unleash.md)
   - [x] Deployment
-    - [ ] Custom Image
-    - [ ] CloudSQL Proxy
   - [x] Service
   - [x] NetworkPolicy
   - [ ] Ingress
 - [ ] [RemoteUneash](./docs/remoteunleash.md)
-- [ ] [ApiToken](./docs/apitoken.md)
+- [x] [ApiToken](./docs/apitoken.md)
 - [ ] [Federation](./docs/federation.md)
 - ~~[ ] Project~~*
 - ~~[ ] Environment~~*
@@ -121,14 +119,14 @@ which provides a reconcile function responsible for synchronizing resources unti
 make install
 ```
 
-2. Run your controller (this will run in the foreground, so switch to a new terminal if you want to leave it running):
+2. Run the controller in your cluster:
+
+Since the controller needs to reach the Unleash instance it can not run locally, but must be deployed to the cluster.
 
 ```sh
-make run
+make docker-build deploy logs
 ```
 
-**NOTE:** You can also run this in one step by running: `make install run`
-
 ### Modifying the API definitions
 
 If you are editing the API definitions, generate the manifests such as CRs or CRDs, and corresponding Helm charts using:

api/v1/apitoken_types.go

@@ -20,7 +20,7 @@ type ApiTokenSpec struct {
 
 	// Environment is the environment to create the token for.
 	// +kubebuilder:validation:Optional
-	// +kubebuilder:default=default
+	// +kubebuilder:default=development
 	Environment string `json:"environment,omitempty"`
 
 	// Projects is the list of projects to create the token for.

api/v1/unleash_types_test.go

@@ -0,0 +1,23 @@
+package unleash_nais_io_v1
+
+import (
+	"testing"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func TestUnleashURL(t *testing.T) {
+	unleash := Unleash{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "test",
+			Namespace: "test",
+		},
+		Spec: UnleashSpec{
+			Size: 1,
+		},
+	}
+
+	if unleash.GetURL() != "http://test.test" {
+		t.Errorf("Expected URL to be http://test.test, got %s", unleash.GetURL())
+	}
+}

config/crd/bases/unleash.nais.io_apitokens.yaml

@@ -35,7 +35,7 @@ spec:
             description: ApiTokenSpec defines the desired state of ApiToken
             properties:
               environment:
-                default: default
+                default: development
                 description: Environment is the environment to create the token for.
                 type: string
               projects:

config/localhost/kustomization.yaml

@@ -0,0 +1,7 @@
+namespace: unleasherator-system
+namePrefix: unleasherator-
+resources:
+- ../default
+
+patchesStrategicMerge:
+- manager_config_patch.yaml

config/localhost/manager_config_patch.yaml

@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        imagePullPolicy: IfNotPresent

controllers/apitoken_controller.go

@@ -144,9 +144,10 @@ func (r *ApiTokenReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 			}
 
 			meta.SetStatusCondition(&token.Status.Conditions, metav1.Condition{
-				Type:   typeDeletedToken,
-				Reason: "Finalizing",
-				Status: "Finalizer operations completed",
+				Type:    typeDeletedToken,
+				Status:  metav1.ConditionTrue,
+				Reason:  "Finalizing",
+				Message: "Finalizer operations completed",
 			})
 
 			if err := r.Status().Update(ctx, token); err != nil {
@@ -196,6 +197,11 @@ func (r *ApiTokenReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 	}
 
 	if !unleash.Status.IsReady() {
+		if err := r.Get(ctx, req.NamespacedName, token); err != nil {
+			log.Error(err, "Failed to get ApiToken")
+			return ctrl.Result{}, err
+		}
+
 		meta.SetStatusCondition(&token.Status.Conditions, metav1.Condition{
 			Type:    typeCreatedToken,
 			Status:  metav1.ConditionFalse,
@@ -210,14 +216,14 @@ func (r *ApiTokenReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 		return ctrl.Result{Requeue: true}, nil
 	}
 
-	secret := &corev1.Secret{}
-	if err := r.Get(ctx, types.NamespacedName{Name: unleash.GetOperatorSecretName(), Namespace: r.OperatorNamespace}, secret); err != nil {
+	adminSecret := &corev1.Secret{}
+	if err := r.Get(ctx, types.NamespacedName{Name: unleash.GetOperatorSecretName(), Namespace: r.OperatorNamespace}, adminSecret); err != nil {
 		if apierrors.IsNotFound(err) {
 			meta.SetStatusCondition(&token.Status.Conditions, metav1.Condition{
 				Type:    typeCreatedToken,
 				Status:  metav1.ConditionFalse,
 				Reason:  "UnleashSecretNotFound",
-				Message: "Unleash secret not found",
+				Message: "Unleash admin secret not found",
 			})
 			if err = r.Status().Update(ctx, token); err != nil {
 				log.Error(err, "Failed to update ApiToken status")
@@ -227,18 +233,18 @@ func (r *ApiTokenReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 			return ctrl.Result{Requeue: true}, nil
 		}
 
-		log.Error(err, "Failed to get Unleash secret")
+		log.Error(err, "Failed to get Unleash admin secret")
 		return ctrl.Result{Requeue: true}, err
 	}
 
-	adminToken := string(secret.Data[resources.EnvInitAdminAPIToken])
+	adminToken := string(adminSecret.Data[resources.EnvInitAdminAPIToken])
 	if adminToken == "" {
-		log.Error(err, "Unleash secret missing api key")
+		log.Error(err, "Unleash admin secret does not contain an api key")
 		meta.SetStatusCondition(&token.Status.Conditions, metav1.Condition{
 			Type:    typeCreatedToken,
 			Status:  metav1.ConditionFalse,
 			Reason:  "UnleashSecretMissingApiKey",
-			Message: "Unleash secret missing api key",
+			Message: "Unleash admin secret missing api key",
 		})
 		if err = r.Status().Update(ctx, token); err != nil {
 			log.Error(err, "Failed to update ApiToken status")
@@ -276,6 +282,8 @@ func (r *ApiTokenReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 			log.Error(err, "Failed to update ApiToken status")
 			return ctrl.Result{Requeue: true}, err
 		}
+
+		return ctrl.Result{Requeue: true}, err
 	}
 
 	if !exists {
@@ -308,6 +316,21 @@ func (r *ApiTokenReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 				"token": []byte(apiToken.Secret),
 			},
 		}
+
+		if err := r.Delete(ctx, secret); err != nil && !apierrors.IsNotFound(err) {
+			log.Error(err, "Failed to delete secret")
+			meta.SetStatusCondition(&token.Status.Conditions, metav1.Condition{
+				Type:    typeCreatedToken,
+				Status:  metav1.ConditionFalse,
+				Reason:  "FailedToDeleteExistingSecret",
+				Message: "Failed to delete existing secret",
+			})
+			if err = r.Status().Update(ctx, token); err != nil {
+				log.Error(err, "Failed to update ApiToken status")
+				return ctrl.Result{Requeue: true}, err
+			}
+		}
+
 		if err := r.Create(ctx, secret); err != nil {
 			log.Error(err, "Failed to create secret")
 			meta.SetStatusCondition(&token.Status.Conditions, metav1.Condition{