Add missing pieces for new dataplane key secret

Author: bjee19

internal/controller/provisioner/handler.go

@@ -256,6 +256,8 @@ func (h *eventHandler) provisionResourceForAllGateways(
 
 // deprovisionSecretsForAllGateways cleans up any secrets that a user deleted that were duplicated
 // for all Gateways. For example, NGINX Plus secrets.
+//
+//nolint:gocyclo // will refactor at some point
 func (h *eventHandler) deprovisionSecretsForAllGateways(ctx context.Context, secret string) error {
 	var allErrs []error
 
@@ -283,6 +285,10 @@ func (h *eventHandler) deprovisionSecretsForAllGateways(ctx context.Context, sec
 			if err := h.provisioner.deleteObject(ctx, &corev1.Secret{ObjectMeta: resources.PlusClientSSLSecret}); err != nil {
 				allErrs = append(allErrs, err)
 			}
+		case strings.HasSuffix(resources.DataplaneKeySecret.Name, secret):
+			if err := h.provisioner.deleteObject(ctx, &corev1.Secret{ObjectMeta: resources.DataplaneKeySecret}); err != nil {
+				allErrs = append(allErrs, err)
+			}
 		default:
 			for _, dockerSecret := range resources.DockerSecrets {
 				if strings.HasSuffix(dockerSecret.Name, secret) {

internal/controller/provisioner/handler_test.go

@@ -23,7 +23,7 @@ func TestHandleEventBatch_Upsert(t *testing.T) {
 	t.Parallel()
 	g := NewWithT(t)
 
-	store := newStore([]string{dockerTestSecretName}, "", jwtTestSecretName, "", "")
+	store := newStore([]string{dockerTestSecretName}, "", jwtTestSecretName, "", "", "")
 	provisioner, fakeClient, _ := defaultNginxProvisioner()
 	provisioner.cfg.StatusQueue = status.NewQueue()
 
@@ -213,6 +213,7 @@ func TestHandleEventBatch_Delete(t *testing.T) {
 		jwtTestSecretName,
 		caTestSecretName,
 		clientTestSecretName,
+		nginxOneDataplaneKeySecretName,
 	)
 	provisioner, fakeClient, _ := defaultNginxProvisioner()
 	provisioner.cfg.StatusQueue = status.NewQueue()

internal/controller/provisioner/provisioner.go

@@ -112,6 +112,7 @@ func NewNginxProvisioner(
 		jwtSecretName,
 		caSecretName,
 		clientSSLSecretName,
+		cfg.NginxOneConsoleTelemetryConfig.DataplaneKeySecretName,
 	)
 
 	selector := metav1.LabelSelector{

internal/controller/provisioner/provisioner_test.go

@@ -29,12 +29,13 @@ import (
 )
 
 const (
-	agentTLSTestSecretName = "agent-tls-secret"
-	jwtTestSecretName      = "jwt-secret"
-	caTestSecretName       = "ca-secret"
-	clientTestSecretName   = "client-secret"
-	dockerTestSecretName   = "docker-secret"
-	ngfNamespace           = "nginx-gateway"
+	agentTLSTestSecretName         = "agent-tls-secret"
+	jwtTestSecretName              = "jwt-secret"
+	caTestSecretName               = "ca-secret"
+	clientTestSecretName           = "client-secret"
+	dockerTestSecretName           = "docker-secret"
+	ngfNamespace                   = "nginx-gateway"
+	nginxOneDataplaneKeySecretName = "dataplane-key"
 )
 
 func createScheme() *runtime.Scheme {
@@ -164,6 +165,7 @@ func defaultNginxProvisioner(
 			jwtTestSecretName,
 			caTestSecretName,
 			clientTestSecretName,
+			nginxOneDataplaneKeySecretName,
 		),
 		k8sClient: fakeClient,
 		cfg: Config{

internal/controller/provisioner/store.go

@@ -31,6 +31,7 @@ type NginxResources struct {
 	PlusJWTSecret       metav1.ObjectMeta
 	PlusClientSSLSecret metav1.ObjectMeta
 	PlusCASecret        metav1.ObjectMeta
+	DataplaneKeySecret  metav1.ObjectMeta
 	DockerSecrets       []metav1.ObjectMeta
 }
 
@@ -50,6 +51,9 @@ type store struct {
 	caSecretName        string
 	clientSSLSecretName string
 
+	// NGINX One Dataplane key secret
+	dataplaneKeySecretName string
+
 	lock sync.RWMutex
 }
 
@@ -58,21 +62,23 @@ func newStore(
 	agentTLSSecretName,
 	jwtSecretName,
 	caSecretName,
-	clientSSLSecretName string,
+	clientSSLSecretName,
+	dataplaneKeySecretName string,
 ) *store {
 	dockerSecretNamesMap := make(map[string]struct{})
 	for _, name := range dockerSecretNames {
 		dockerSecretNamesMap[name] = struct{}{}
 	}
 
 	return &store{
-		gateways:            make(map[types.NamespacedName]*gatewayv1.Gateway),
-		nginxResources:      make(map[types.NamespacedName]*NginxResources),
-		dockerSecretNames:   dockerSecretNamesMap,
-		agentTLSSecretName:  agentTLSSecretName,
-		jwtSecretName:       jwtSecretName,
-		caSecretName:        caSecretName,
-		clientSSLSecretName: clientSSLSecretName,
+		gateways:               make(map[types.NamespacedName]*gatewayv1.Gateway),
+		nginxResources:         make(map[types.NamespacedName]*NginxResources),
+		dockerSecretNames:      dockerSecretNamesMap,
+		agentTLSSecretName:     agentTLSSecretName,
+		jwtSecretName:          jwtSecretName,
+		caSecretName:           caSecretName,
+		clientSSLSecretName:    clientSSLSecretName,
+		dataplaneKeySecretName: dataplaneKeySecretName,
 	}
 }
 
@@ -226,6 +232,10 @@ func (s *store) registerSecretInGatewayConfig(obj *corev1.Secret, gatewayNSName
 			s.nginxResources[gatewayNSName] = &NginxResources{
 				PlusClientSSLSecret: obj.ObjectMeta,
 			}
+		case hasSuffix(obj.GetName(), s.dataplaneKeySecretName):
+			s.nginxResources[gatewayNSName] = &NginxResources{
+				DataplaneKeySecret: obj.ObjectMeta,
+			}
 		}
 
 		for secret := range s.dockerSecretNames {
@@ -246,6 +256,8 @@ func (s *store) registerSecretInGatewayConfig(obj *corev1.Secret, gatewayNSName
 			cfg.PlusCASecret = obj.ObjectMeta
 		case hasSuffix(obj.GetName(), s.clientSSLSecretName):
 			cfg.PlusClientSSLSecret = obj.ObjectMeta
+		case hasSuffix(obj.GetName(), s.dataplaneKeySecretName):
+			cfg.DataplaneKeySecret = obj.ObjectMeta
 		}
 
 		for secret := range s.dockerSecretNames {
@@ -357,6 +369,10 @@ func secretResourceMatches(resources *NginxResources, nsName types.NamespacedNam
 		return true
 	}
 
+	if resourceMatches(resources.DataplaneKeySecret, nsName) {
+		return true
+	}
+
 	return resourceMatches(resources.PlusCASecret, nsName)
 }
 
@@ -437,6 +453,9 @@ func getResourceVersionForSecret(resources *NginxResources, secret *corev1.Secre
 	if resources.PlusCASecret.GetName() == secret.GetName() {
 		return resources.PlusCASecret.GetResourceVersion()
 	}
+	if resources.DataplaneKeySecret.GetName() == secret.GetName() {
+		return resources.DataplaneKeySecret.GetResourceVersion()
+	}
 
 	return ""
 }

internal/controller/provisioner/store_test.go

@@ -23,21 +23,29 @@ func TestNewStore(t *testing.T) {
 	t.Parallel()
 	g := NewWithT(t)
 
-	store := newStore([]string{"docker-secret"}, "agent-tls-secret", "jwt-secret", "ca-secret", "client-ssl-secret")
+	store := newStore(
+		[]string{"docker-secret"},
+		"agent-tls-secret",
+		"jwt-secret",
+		"ca-secret",
+		"client-ssl-secret",
+		"dataplane-key",
+	)
 
 	g.Expect(store).NotTo(BeNil())
 	g.Expect(store.dockerSecretNames).To(HaveKey("docker-secret"))
 	g.Expect(store.agentTLSSecretName).To(Equal("agent-tls-secret"))
 	g.Expect(store.jwtSecretName).To(Equal("jwt-secret"))
 	g.Expect(store.caSecretName).To(Equal("ca-secret"))
 	g.Expect(store.clientSSLSecretName).To(Equal("client-ssl-secret"))
+	g.Expect(store.dataplaneKeySecretName).To(Equal("dataplane-key"))
 }
 
 func TestUpdateGateway(t *testing.T) {
 	t.Parallel()
 	g := NewWithT(t)
 
-	store := newStore(nil, "", "", "", "")
+	store := newStore(nil, "", "", "", "", "")
 	gateway := &gatewayv1.Gateway{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "test-gateway",
@@ -56,7 +64,7 @@ func TestDeleteGateway(t *testing.T) {
 	t.Parallel()
 	g := NewWithT(t)
 
-	store := newStore(nil, "", "", "", "")
+	store := newStore(nil, "", "", "", "", "")
 	nsName := types.NamespacedName{Name: "test-gateway", Namespace: "default"}
 	store.gateways[nsName] = &gatewayv1.Gateway{}
 
@@ -70,7 +78,7 @@ func TestGetGateways(t *testing.T) {
 	t.Parallel()
 	g := NewWithT(t)
 
-	store := newStore(nil, "", "", "", "")
+	store := newStore(nil, "", "", "", "", "")
 	gateway1 := &gatewayv1.Gateway{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "test-gateway-1",
@@ -101,7 +109,14 @@ func TestRegisterResourceInGatewayConfig(t *testing.T) {
 	t.Parallel()
 	g := NewWithT(t)
 
-	store := newStore([]string{"docker-secret"}, "agent-tls-secret", "jwt-secret", "ca-secret", "client-ssl-secret")
+	store := newStore(
+		[]string{"docker-secret"},
+		"agent-tls-secret",
+		"jwt-secret",
+		"ca-secret",
+		"client-ssl-secret",
+		"dataplane-key",
+	)
 	nsName := types.NamespacedName{Name: "test-gateway", Namespace: "default"}
 
 	registerAndGetResources := func(obj any) *NginxResources {
@@ -415,7 +430,7 @@ func TestDeleteResourcesForGateway(t *testing.T) {
 	t.Parallel()
 	g := NewWithT(t)
 
-	store := newStore(nil, "", "", "", "")
+	store := newStore(nil, "", "", "", "", "")
 	nsName := types.NamespacedName{Name: "test-gateway", Namespace: "default"}
 	store.nginxResources[nsName] = &NginxResources{}
 
@@ -427,7 +442,7 @@ func TestDeleteResourcesForGateway(t *testing.T) {
 func TestGatewayExistsForResource(t *testing.T) {
 	t.Parallel()
 
-	store := newStore(nil, "", "", "", "")
+	store := newStore(nil, "", "", "", "", "")
 	gateway := &graph.Gateway{}
 	store.nginxResources[types.NamespacedName{Name: "test-gateway", Namespace: "default"}] = &NginxResources{
 		Gateway: gateway,
@@ -648,7 +663,7 @@ func TestGatewayExistsForResource(t *testing.T) {
 func TestGetResourceVersionForObject(t *testing.T) {
 	t.Parallel()
 
-	store := newStore(nil, "", "", "", "")
+	store := newStore(nil, "", "", "", "", "")
 	nsName := types.NamespacedName{Name: "test-gateway", Namespace: "default"}
 	store.nginxResources[nsName] = &NginxResources{
 		Deployment: metav1.ObjectMeta{