Include conditions on supported types #1058
Conversation
Adds support for setting the status conditions on the following types: - vaultstaticsecrets - vaultpkisecrets - vaultdynamicsecrets - hcpauths - hcpvaultsecretsapps
benashz
force-pushed
the
VAULT-22933/adopt-status-conditions-for-all-crds
branch
from
0052f71 to
3d75f0c
Compare
|
Would be awesome to get it merged! |
|
@benashz Sorry for bothering you, but is there any reason why this PR is still a draft? Is something is still missing or non functional or it's finished and just awaiting a merge? |
benashz
requested review from
tvoran,
digivava and
Zlaticanin
and removed request for
tvoran
| // Conditions hold information that be used by other apps to determine the health | ||
| // the resource instance. |
There was a problem hiding this comment.
| // Conditions hold information that be used by other apps to determine the health | |
| // the resource instance. | |
| // Conditions hold information that be used by other apps to determine the health | |
| // of the resource instance. |
There was a problem hiding this comment.
Also missing a "can" here -- "that can be used by other apps"
| // we key conditions on their type and reason | ||
| // e.g: type=VaultAuthGlobal reason=Available, ... |
There was a problem hiding this comment.
It looks like this isn't quite true anymore? i.e. the key seems to just be Type now on line 295.
| @@ -388,6 +388,7 @@ func Test_waitForStoppedCh(t *testing.T) { | |||
| } | |||
|
|
|||
| func TestVaultAuthReconciler_updateConditions(t *testing.T) { | |||
| t.Skip("This test is not working as expected. It is failing with the following error: expected 1 conditions, got 2") | |||
There was a problem hiding this comment.
Is this going to be addressed in this PR? I don't see updateCondtions() being tested anywhere else.
| o.Status.Conditions = append(o.Status.Conditions, | ||
| newConditionNow(o, "VaultPing", consts.ReasonInvalidConfiguration, | ||
| metav1.ConditionTrue, "Vault ping, address=%s", | ||
| o.Spec.Address), | ||
| ) |
There was a problem hiding this comment.
Should the the reason be something besides InvalidConfiguration here? Seems like the ping was successful at this point?
| @@ -108,16 +136,29 @@ func (r *VaultConnectionReconciler) Reconcile(ctx context.Context, req ctrl.Requ | |||
| errs = errors.Join(errs, err) | |||
| } | |||
|
|
|||
| if err := r.updateStatus(ctx, o); err != nil { | |||
| errs = errors.Join(errs, err) | |||
| // TODO: cleanup error reporting | |||
There was a problem hiding this comment.
Can this comment be more specific about what needs cleanup and why?
| conditions = append(conditions, | ||
| newSyncCondition(o, metav1.ConditionTrue, | ||
| "Secret synced, horizon=%s", horizon), | ||
| ) |
There was a problem hiding this comment.
It looks like this change to conditions isn't used.
| r.recordEvent(o, reason, fmt.Sprintf("Secret synced, horizon=%s", horizon)) | ||
| logger.Info("Successfully updated the secret", "horizon", horizon) | ||
| return ctrl.Result{ | ||
| RequeueAfter: horizon, | ||
| }, nil | ||
| } | ||
|
|
||
| func (r *VaultPKISecretReconciler) syncSecret(ctx context.Context, o *secretsv1beta1.VaultPKISecret) (*vault.PKICertResponse, error) { |
There was a problem hiding this comment.
Is this function going to be used somewhere?
| if err := r.updateStatus(ctx, o, newSyncCondition(o, metav1.ConditionFalse, "Failed to sync the secret, horizon=%s, err=%s", horizon, err)); err != nil { | ||
| return ctrl.Result{}, err | ||
| } | ||
|
|
||
| if err := r.updateStatus(ctx, o, newSyncCondition(o, metav1.ConditionFalse, "Failed to sync the secret, horizon=%s, err=%s", horizon, err)); err != nil { | ||
| return ctrl.Result{}, err | ||
| } |
There was a problem hiding this comment.
Duplicate?
| if err := r.updateStatus(ctx, o, newSyncCondition(o, metav1.ConditionFalse, "Failed to sync the secret, horizon=%s, err=%s", horizon, err)); err != nil { | |
| return ctrl.Result{}, err | |
| } | |
| if err := r.updateStatus(ctx, o, newSyncCondition(o, metav1.ConditionFalse, "Failed to sync the secret, horizon=%s, err=%s", horizon, err)); err != nil { | |
| return ctrl.Result{}, err | |
| } | |
| if err := r.updateStatus(ctx, o, newSyncCondition(o, metav1.ConditionFalse, "Failed to sync the secret, horizon=%s, err=%s", horizon, err)); err != nil { | |
| return ctrl.Result{}, err | |
| } |
| for _, newCond := range updates { | ||
| // we key conditions on their type and reason | ||
| // e.g: type=VaultAuthGlobal reason=Available, ... | ||
| key := fmt.Sprintf("%s/%s", newCond.Type, newCond.Reason) | ||
| // if newCond.Reason == "" { |
There was a problem hiding this comment.
This was probably meant to be removed
| o.Status.Conditions = append(o.Status.Conditions, | ||
| newConditionNow(o, consts.TypeResourceValidation, consts.ReasonInvalidConfiguration, | ||
| metav1.ConditionFalse, "Failed to validate resource, address=%s, errs=%s", | ||
| o.Spec.Address, errs), |
There was a problem hiding this comment.
Just double-checking, does this work okay if errs is nil? Since this is an || conditional, it can hit this piece of code if the status is invalid but errs is nil. Should we populate the error with something if it's the !*o.Status.Valid case?
Adds support for setting the status conditions on the following types: