fix: resolve issue with default health check interval override

irby · irby · commit ea06d84a86f0 · 2025-11-11T15:10:11.000-05:00
Signed-off-by: Matthew H. Irby &lt;matt.irby@outlook.com&gt;
diff --git a/internal/controller/issuer_controller.go b/internal/controller/issuer_controller.go
@@ -39,11 +39,10 @@ const (
 )
 
 var (
-	errGetAuthSecret           = errors.New("failed to get Secret containing Issuer credentials")
-	errGetCaSecret             = errors.New("caSecretName specified a name, but failed to get Secret containing CA certificate")
-	errHealthCheckerBuilder    = errors.New("failed to build the healthchecker")
-	errHealthCheckerCheck      = errors.New("healthcheck failed")
-	defaultHealthCheckInterval = time.Minute
+	errGetAuthSecret        = errors.New("failed to get Secret containing Issuer credentials")
+	errGetCaSecret          = errors.New("caSecretName specified a name, but failed to get Secret containing CA certificate")
+	errHealthCheckerBuilder = errors.New("failed to build the healthchecker")
+	errHealthCheckerCheck   = errors.New("healthcheck failed")
 )
 
 // IssuerReconciler reconciles a Issuer object
@@ -68,7 +67,6 @@ func (r *IssuerReconciler) newIssuer() (commandissuer.IssuerLike, error) {
 	if err != nil {
 		return nil, err
 	}
-	defaultHealthCheckInterval = r.DefaultHealthCheckInterval
 	return ro.(commandissuer.IssuerLike), nil
 }
 
@@ -100,7 +98,7 @@ func (r *IssuerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res
 		}
 	}()
 
-	healthCheckInterval, err := getHealthCheckInterval(log, issuer)
+	healthCheckInterval, err := r.getHealthCheckInterval(log, issuer)
 	if err != nil {
 		log.Error(err, "an error occurred while getting the health check interval")
 		issuer.GetStatus().SetCondition(ctx, commandissuer.IssuerConditionReady, commandissuer.ConditionFalse, issuerReadyConditionReason, err.Error())
@@ -157,14 +155,14 @@ func (r *IssuerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res
 	return ctrl.Result{RequeueAfter: healthCheckInterval}, nil
 }
 
-func getHealthCheckInterval(log logr.Logger, issuer commandissuer.IssuerLike) (time.Duration, error) {
+func (r *IssuerReconciler) getHealthCheckInterval(log logr.Logger, issuer commandissuer.IssuerLike) (time.Duration, error) {
 	spec := issuer.GetSpec()
 
-	defaultInterval := int(defaultHealthCheckInterval / time.Second)
+	defaultInterval := int(r.DefaultHealthCheckInterval / time.Second)
 
 	if spec.HealthCheck == nil {
-		log.Info(fmt.Sprintf("health check spec value is nil, using default: %d", defaultInterval))
-		return defaultHealthCheckInterval, nil
+		log.Info(fmt.Sprintf("health check spec value is nil, using default: %d seconds", defaultInterval))
+		return r.DefaultHealthCheckInterval, nil
 	}
 
 	if !spec.HealthCheck.Enabled {
@@ -173,8 +171,8 @@ func getHealthCheckInterval(log logr.Logger, issuer commandissuer.IssuerLike) (t
 	}
 
 	if spec.HealthCheck.Interval == nil {
-		log.Info(fmt.Sprintf("health check spec value is nil, using default: %d", defaultInterval))
-		return defaultHealthCheckInterval, nil
+		log.Info(fmt.Sprintf("health check spec value is nil, using default: %d seconds", defaultInterval))
+		return r.DefaultHealthCheckInterval, nil
 	}
 
 	healthCheckInterval := *spec.HealthCheck.Interval
diff --git a/internal/controller/issuer_controller_test.go b/internal/controller/issuer_controller_test.go
@@ -67,6 +67,7 @@ func TestIssuerReconcile(t *testing.T) {
 		objects                                  []client.Object
 		healthCheckerBuilder                     command.HealthCheckerBuilder
 		clusterResourceNamespace                 string
+		defaultHealthCheckInterval               *time.Duration
 		expectedResult                           ctrl.Result
 		expectedError                            error
 		expectedReadyConditionStatus             commandissuerv1alpha1.ConditionStatus
@@ -114,7 +115,7 @@ func TestIssuerReconcile(t *testing.T) {
 			healthCheckerBuilder:                     newFakeHealthCheckerBuilder(nil, nil, false),
 			expectedReadyConditionStatus:             commandissuerv1alpha1.ConditionTrue,
 			expectedMetadataSupportedConditionStatus: commandissuerv1alpha1.ConditionFalse,
-			expectedResult:                           ctrl.Result{RequeueAfter: defaultHealthCheckInterval},
+			expectedResult:                           ctrl.Result{RequeueAfter: time.Minute},
 		},
 		"issuer-basicauth-no-username": {
 			kind: "Issuer",
@@ -236,7 +237,7 @@ func TestIssuerReconcile(t *testing.T) {
 			clusterResourceNamespace:                 "kube-system",
 			expectedReadyConditionStatus:             commandissuerv1alpha1.ConditionTrue,
 			expectedMetadataSupportedConditionStatus: commandissuerv1alpha1.ConditionFalse,
-			expectedResult:                           ctrl.Result{RequeueAfter: defaultHealthCheckInterval},
+			expectedResult:                           ctrl.Result{RequeueAfter: time.Minute},
 		},
 		"success-issuer-oauth": {
 			kind: "Issuer",
@@ -277,7 +278,7 @@ func TestIssuerReconcile(t *testing.T) {
 			healthCheckerBuilder:                     newFakeHealthCheckerBuilder(nil, nil, false),
 			expectedReadyConditionStatus:             commandissuerv1alpha1.ConditionTrue,
 			expectedMetadataSupportedConditionStatus: commandissuerv1alpha1.ConditionFalse,
-			expectedResult:                           ctrl.Result{RequeueAfter: defaultHealthCheckInterval},
+			expectedResult:                           ctrl.Result{RequeueAfter: time.Minute},
 		},
 		"issuer-oauth-no-tokenurl": {
 			kind: "Issuer",
@@ -447,7 +448,7 @@ func TestIssuerReconcile(t *testing.T) {
 			clusterResourceNamespace:                 "kube-system",
 			expectedReadyConditionStatus:             commandissuerv1alpha1.ConditionTrue,
 			expectedMetadataSupportedConditionStatus: commandissuerv1alpha1.ConditionFalse,
-			expectedResult:                           ctrl.Result{RequeueAfter: defaultHealthCheckInterval},
+			expectedResult:                           ctrl.Result{RequeueAfter: time.Minute},
 		},
 		"issuer-kind-Unrecognized": {
 			kind: "UnrecognizedType",
@@ -733,7 +734,7 @@ func TestIssuerReconcile(t *testing.T) {
 			clusterResourceNamespace:                 "kube-system",
 			expectedReadyConditionStatus:             commandissuerv1alpha1.ConditionTrue,
 			expectedMetadataSupportedConditionStatus: commandissuerv1alpha1.ConditionTrue,
-			expectedResult:                           ctrl.Result{RequeueAfter: defaultHealthCheckInterval},
+			expectedResult:                           ctrl.Result{RequeueAfter: time.Minute},
 		},
 		"success-nil-healthcheck-interval-defaults": {
 			kind: "ClusterIssuer",
@@ -777,6 +778,46 @@ func TestIssuerReconcile(t *testing.T) {
 			expectedMetadataSupportedConditionStatus: commandissuerv1alpha1.ConditionTrue,
 			expectedResult:                           ctrl.Result{RequeueAfter: time.Duration(60) * time.Second},
 		},
+		"success-default-healthcheck-interval": {
+			kind: "ClusterIssuer",
+			name: types.NamespacedName{Name: "clusterissuer1"},
+			objects: []client.Object{
+				&commandissuerv1alpha1.ClusterIssuer{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "clusterissuer1",
+					},
+					Spec: commandissuerv1alpha1.IssuerSpec{
+						SecretName:  "clusterissuer1-credentials",
+						HealthCheck: nil,
+					},
+					Status: commandissuerv1alpha1.IssuerStatus{
+						Conditions: []commandissuerv1alpha1.IssuerCondition{
+							{
+								Type:   commandissuerv1alpha1.IssuerConditionReady,
+								Status: commandissuerv1alpha1.ConditionUnknown,
+							},
+						},
+					},
+				},
+				&corev1.Secret{
+					Type: corev1.SecretTypeBasicAuth,
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "clusterissuer1-credentials",
+						Namespace: "kube-system",
+					},
+					Data: map[string][]byte{
+						corev1.BasicAuthUsernameKey: []byte("username"),
+						corev1.BasicAuthPasswordKey: []byte("password"),
+					},
+				},
+			},
+			defaultHealthCheckInterval:               to.Ptr(time.Duration(2) * time.Minute),
+			healthCheckerBuilder:                     newFakeHealthCheckerBuilder(nil, nil, true),
+			clusterResourceNamespace:                 "kube-system",
+			expectedReadyConditionStatus:             commandissuerv1alpha1.ConditionTrue,
+			expectedMetadataSupportedConditionStatus: commandissuerv1alpha1.ConditionTrue,
+			expectedResult:                           ctrl.Result{RequeueAfter: time.Duration(2) * time.Minute},
+		},
 		"success-nil-healthcheck-defaults": {
 			kind: "ClusterIssuer",
 			name: types.NamespacedName{Name: "clusterissuer1"},
@@ -816,48 +857,6 @@ func TestIssuerReconcile(t *testing.T) {
 			expectedMetadataSupportedConditionStatus: commandissuerv1alpha1.ConditionTrue,
 			expectedResult:                           ctrl.Result{RequeueAfter: time.Duration(60) * time.Second},
 		},
-		// "error-healthcheck-invalid-parsing": {
-		// 	kind: "Issuer",
-		// 	name: types.NamespacedName{Namespace: "ns1", Name: "issuer1"},
-		// 	objects: []client.Object{
-		// 		&commandissuerv1alpha1.Issuer{
-		// 			ObjectMeta: metav1.ObjectMeta{
-		// 				Name:      "issuer1",
-		// 				Namespace: "ns1",
-		// 			},
-		// 			Spec: commandissuerv1alpha1.IssuerSpec{
-		// 				SecretName: "issuer1-credentials",
-		// 				HealthCheck: &commandissuerv1alpha1.HealthCheckConfig{
-		// 					Enabled:  true,
-		// 					Interval: to.Ptr(metav1.Duration{Duration: 30 * time.Second}),
-		// 				},
-		// 			},
-		// 			Status: commandissuerv1alpha1.IssuerStatus{
-		// 				Conditions: []commandissuerv1alpha1.IssuerCondition{
-		// 					{
-		// 						Type:   commandissuerv1alpha1.IssuerConditionReady,
-		// 						Status: commandissuerv1alpha1.ConditionUnknown,
-		// 					},
-		// 				},
-		// 			},
-		// 		},
-		// 		&corev1.Secret{
-		// 			Type: corev1.SecretTypeBasicAuth,
-		// 			ObjectMeta: metav1.ObjectMeta{
-		// 				Name:      "issuer1-credentials",
-		// 				Namespace: "ns1",
-		// 			},
-		// 			Data: map[string][]byte{
-		// 				corev1.BasicAuthUsernameKey: []byte("username"),
-		// 				corev1.BasicAuthPasswordKey: []byte("password"),
-		// 			},
-		// 		},
-		// 	},
-		// 	healthCheckerBuilder:                     newFakeHealthCheckerBuilder(nil, nil, false),
-		// 	expectedReadyConditionStatus:             commandissuerv1alpha1.ConditionFalse,
-		// 	expectedMetadataSupportedConditionStatus: commandissuerv1alpha1.ConditionUnknown,
-		// 	expectedResult:                           ctrl.Result{},
-		// },
 		"error-healthcheck-minimum-value": {
 			kind: "Issuer",
 			name: types.NamespacedName{Namespace: "ns1", Name: "issuer1"},
@@ -916,15 +915,23 @@ func TestIssuerReconcile(t *testing.T) {
 			if tc.kind == "" {
 				tc.kind = "Issuer"
 			}
+
+			defaultHealthcheckInterval := time.Minute
+
+			if tc.defaultHealthCheckInterval != nil {
+				defaultHealthcheckInterval = *tc.defaultHealthCheckInterval
+			}
+
 			controller := IssuerReconciler{
 				Kind:                              tc.kind,
 				Client:                            fakeClient,
 				Scheme:                            scheme,
 				HealthCheckerBuilder:              tc.healthCheckerBuilder,
 				ClusterResourceNamespace:          tc.clusterResourceNamespace,
 				SecretAccessGrantedAtClusterLevel: true,
-				DefaultHealthCheckInterval:        time.Minute,
+				DefaultHealthCheckInterval:        defaultHealthcheckInterval,
 			}
+
 			result, err := controller.Reconcile(
 				ctrl.LoggerInto(context.TODO(), logrtesting.NewTestLogger(t)),
 				reconcile.Request{NamespacedName: tc.name},

Original file line number	Diff line number	Diff line change
`@@ -39,11 +39,10 @@ const (`
`39`	`39`	`)`
`40`	`40`
`41`	`41`	`var (`
`42`		`- errGetAuthSecret = errors.New("failed to get Secret containing Issuer credentials")`
`43`		`- errGetCaSecret = errors.New("caSecretName specified a name, but failed to get Secret containing CA certificate")`
`44`		`- errHealthCheckerBuilder = errors.New("failed to build the healthchecker")`
`45`		`- errHealthCheckerCheck = errors.New("healthcheck failed")`
`46`		`- defaultHealthCheckInterval = time.Minute`
	`42`	`+ errGetAuthSecret = errors.New("failed to get Secret containing Issuer credentials")`
	`43`	`+ errGetCaSecret = errors.New("caSecretName specified a name, but failed to get Secret containing CA certificate")`
	`44`	`+ errHealthCheckerBuilder = errors.New("failed to build the healthchecker")`
	`45`	`+ errHealthCheckerCheck = errors.New("healthcheck failed")`
`47`	`46`	`)`
`48`	`47`
`49`	`48`	`// IssuerReconciler reconciles a Issuer object`
`@@ -68,7 +67,6 @@ func (r *IssuerReconciler) newIssuer() (commandissuer.IssuerLike, error) {`
`68`	`67`	`if err != nil {`
`69`	`68`	`return nil, err`
`70`	`69`	`}`
`71`		`- defaultHealthCheckInterval = r.DefaultHealthCheckInterval`
`72`	`70`	`return ro.(commandissuer.IssuerLike), nil`
`73`	`71`	`}`
`74`	`72`
`@@ -100,7 +98,7 @@ func (r *IssuerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res`
`100`	`98`	`}`
`101`	`99`	`}()`
`102`	`100`
`103`		`- healthCheckInterval, err := getHealthCheckInterval(log, issuer)`
	`101`	`+ healthCheckInterval, err := r.getHealthCheckInterval(log, issuer)`
`104`	`102`	`if err != nil {`
`105`	`103`	`log.Error(err, "an error occurred while getting the health check interval")`
`106`	`104`	`issuer.GetStatus().SetCondition(ctx, commandissuer.IssuerConditionReady, commandissuer.ConditionFalse, issuerReadyConditionReason, err.Error())`
`@@ -157,14 +155,14 @@ func (r *IssuerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res`
`157`	`155`	`return ctrl.Result{RequeueAfter: healthCheckInterval}, nil`
`158`	`156`	`}`
`159`	`157`
`160`		`-func getHealthCheckInterval(log logr.Logger, issuer commandissuer.IssuerLike) (time.Duration, error) {`
	`158`	`+func (r *IssuerReconciler) getHealthCheckInterval(log logr.Logger, issuer commandissuer.IssuerLike) (time.Duration, error) {`
`161`	`159`	`spec := issuer.GetSpec()`
`162`	`160`
`163`		`- defaultInterval := int(defaultHealthCheckInterval / time.Second)`
	`161`	`+ defaultInterval := int(r.DefaultHealthCheckInterval / time.Second)`
`164`	`162`
`165`	`163`	`if spec.HealthCheck == nil {`
`166`		`- log.Info(fmt.Sprintf("health check spec value is nil, using default: %d", defaultInterval))`
`167`		`- return defaultHealthCheckInterval, nil`
	`164`	`+ log.Info(fmt.Sprintf("health check spec value is nil, using default: %d seconds", defaultInterval))`
	`165`	`+ return r.DefaultHealthCheckInterval, nil`
`168`	`166`	`}`
`169`	`167`
`170`	`168`	`if !spec.HealthCheck.Enabled {`
`@@ -173,8 +171,8 @@ func getHealthCheckInterval(log logr.Logger, issuer commandissuer.IssuerLike) (t`
`173`	`171`	`}`
`174`	`172`
`175`	`173`	`if spec.HealthCheck.Interval == nil {`
`176`		`- log.Info(fmt.Sprintf("health check spec value is nil, using default: %d", defaultInterval))`
`177`		`- return defaultHealthCheckInterval, nil`
	`174`	`+ log.Info(fmt.Sprintf("health check spec value is nil, using default: %d seconds", defaultInterval))`
	`175`	`+ return r.DefaultHealthCheckInterval, nil`
`178`	`176`	`}`
`179`	`177`
`180`	`178`	`healthCheckInterval := *spec.HealthCheck.Interval`