Skip to content

Commit e9bf45d

Browse files
neoaggelosneoaggelos
authored
Merge pull request #100 from canonical/KU-638/secret-get
get secrets instead of list and iterate
2 parents 217d1f2 + 18e470f commit e9bf45d

File tree

1 file changed

+53
-82
lines changed

1 file changed

+53
-82
lines changed

controllers/microk8sconfig_controller.go

Lines changed: 53 additions & 82 deletions
Original file line numberDiff line numberDiff line change
@@ -626,112 +626,83 @@ func (r *MicroK8sConfigReconciler) storeBootstrapData(ctx context.Context, scope
626626

627627
func (r *MicroK8sConfigReconciler) getJoinToken(ctx context.Context, scope *Scope) (string, error) {
628628
// See if the token exists. If not create it.
629-
secrets := &corev1.SecretList{}
630-
err := r.Client.List(ctx, secrets)
631-
if err != nil {
629+
secret := &corev1.Secret{}
630+
err := r.Client.Get(ctx, types.NamespacedName{
631+
Namespace: scope.Cluster.Namespace,
632+
Name: fmt.Sprintf("%s-jointoken", scope.Cluster.Name),
633+
}, secret)
634+
switch {
635+
case err == nil:
636+
return string(secret.Data["value"]), nil
637+
case apierrors.IsNotFound(err):
638+
default:
632639
return "", err
633640
}
634641

635-
found := false
636-
for _, s := range secrets.Items {
637-
if s.Name == scope.Cluster.Name+"-jointoken" {
638-
found = true
639-
}
640-
}
641-
642-
if !found {
643-
const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
644-
b := make([]byte, 32)
645-
for i := range b {
646-
b[i] = letters[mrand.Intn(len(letters))]
647-
}
648-
token := string(b)
649-
tokenSecret := &corev1.Secret{
650-
ObjectMeta: metav1.ObjectMeta{
651-
Namespace: scope.Cluster.Namespace,
652-
Name: scope.Cluster.Name + "-jointoken",
653-
},
654-
Data: map[string][]byte{
655-
"value": []byte(token),
656-
},
657-
}
658-
err = r.Client.Create(ctx, tokenSecret)
659-
if err != nil {
660-
return "", err
661-
}
642+
const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
643+
b := make([]byte, 32)
644+
for i := range b {
645+
b[i] = letters[mrand.Intn(len(letters))]
662646
}
663-
664-
readTokenSecret := &corev1.Secret{}
665-
err = r.Client.Get(ctx,
666-
types.NamespacedName{
647+
token := string(b)
648+
tokenSecret := &corev1.Secret{
649+
ObjectMeta: metav1.ObjectMeta{
667650
Namespace: scope.Cluster.Namespace,
668651
Name: scope.Cluster.Name + "-jointoken",
669652
},
670-
readTokenSecret,
671-
)
672-
if err != nil {
653+
Data: map[string][]byte{
654+
"value": []byte(token),
655+
},
656+
}
657+
if err := r.Client.Create(ctx, tokenSecret); err != nil {
673658
return "", err
674659
}
675660

676-
return string(readTokenSecret.Data["value"]), nil
661+
return token, nil
677662
}
678663

679664
func (r *MicroK8sConfigReconciler) getCA(ctx context.Context, scope *Scope) (cert *string, key *string, err error) {
680665
// See if the CA cert exists. If not create it.
681-
secrets := &corev1.SecretList{}
682-
err = r.Client.List(ctx, secrets)
683-
if err != nil {
684-
return nil, nil, err
685-
}
666+
secret := &corev1.Secret{}
686667

687-
found := false
688-
for _, s := range secrets.Items {
689-
if s.Name == scope.Cluster.Name+"-ca" {
690-
found = true
691-
}
668+
err = r.Client.Get(ctx, types.NamespacedName{
669+
Namespace: scope.Cluster.Namespace,
670+
Name: fmt.Sprintf("%s-ca", scope.Cluster.Name),
671+
}, secret)
672+
switch {
673+
case err == nil:
674+
cert := string(secret.Data["crt"])
675+
key := string(secret.Data["key"])
676+
return &cert, &key, nil
677+
case apierrors.IsNotFound(err):
678+
default:
679+
return nil, nil, err
692680
}
693681

694-
if !found {
695-
newcrt, newkey, err := r.generateCA()
696-
if err != nil {
697-
return nil, nil, err
698-
}
699-
caSecret := &corev1.Secret{
700-
ObjectMeta: metav1.ObjectMeta{
701-
Namespace: scope.Cluster.Namespace,
702-
Name: scope.Cluster.Name + "-ca",
703-
},
704-
Data: map[string][]byte{
705-
// these are the expected names for the certificate and key
706-
"tls.crt": []byte(*newcrt),
707-
"tls.key": []byte(*newkey),
708-
709-
// these are here for backwards-compatibility with older versions of the providers
710-
"crt": []byte(*newcrt),
711-
"key": []byte(*newkey),
712-
},
713-
}
714-
err = r.Client.Create(ctx, caSecret)
715-
if err != nil {
716-
return nil, nil, err
717-
}
682+
newcrt, newkey, err := r.generateCA()
683+
if err != nil {
684+
return nil, nil, err
718685
}
719-
720-
readCASecret := &corev1.Secret{}
721-
err = r.Client.Get(ctx,
722-
types.NamespacedName{
686+
caSecret := &corev1.Secret{
687+
ObjectMeta: metav1.ObjectMeta{
723688
Namespace: scope.Cluster.Namespace,
724689
Name: scope.Cluster.Name + "-ca",
725690
},
726-
readCASecret,
727-
)
728-
if err != nil {
691+
Data: map[string][]byte{
692+
// these are the expected names for the certificate and key
693+
"tls.crt": []byte(*newcrt),
694+
"tls.key": []byte(*newkey),
695+
696+
// these are here for backwards-compatibility with older versions of the providers
697+
"crt": []byte(*newcrt),
698+
"key": []byte(*newkey),
699+
},
700+
}
701+
if err := r.Client.Create(ctx, caSecret); err != nil {
729702
return nil, nil, err
730703
}
731704

732-
certstr := string(readCASecret.Data["crt"])
733-
keystr := string(readCASecret.Data["key"])
734-
return &certstr, &keystr, nil
705+
return newcrt, newkey, nil
735706
}
736707

737708
func (r *MicroK8sConfigReconciler) generateCA() (cert *string, key *string, err error) {

0 commit comments

Comments
 (0)