upsert run secret

pluralsh · Sep 30, 2024 · 895b8a7 · 895b8a7
1 parent 35db9c4
commit 895b8a7
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 3 deletions.
diff --git a/pkg/controller/stacks/job.go b/pkg/controller/stacks/job.go
@@ -7,6 +7,8 @@ import (
 	"strings"
 
 	console "github.com/pluralsh/console/go/client"
+	"github.com/pluralsh/deployment-operator/internal/metrics"
+	consoleclient "github.com/pluralsh/deployment-operator/pkg/client"
 	"github.com/pluralsh/polly/algorithms"
 	"github.com/samber/lo"
 	batchv1 "k8s.io/api/batch/v1"
@@ -15,9 +17,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/log"
-
-	"github.com/pluralsh/deployment-operator/internal/metrics"
-	consoleclient "github.com/pluralsh/deployment-operator/pkg/client"
 )
 
 const (
@@ -85,6 +84,10 @@ func (r *StackReconciler) reconcileRunJob(ctx context.Context, run *console.Stac
 			return nil, err
 		}
 
+		if _, err = r.upsertRunSecret(ctx); err != nil {
+			return nil, err
+		}
+
 		logger.V(2).Info("generating job", "namespace", r.namespace, "name", jobName)
 		job := r.GenerateRunJob(run, jobName)
 

diff --git a/pkg/controller/stacks/secret.go b/pkg/controller/stacks/secret.go
@@ -0,0 +1,53 @@
+package stacks
+
+import (
+	"context"
+
+	corev1 "k8s.io/api/core/v1"
+	apierrs "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+const (
+	secretName           = "job-run-secret"
+	secretDeployTokenKey = "deploy-token"
+)
+
+func (r *StackReconciler) upsertRunSecret(ctx context.Context) (*corev1.Secret, error) {
+	logger := log.FromContext(ctx)
+	secret := &corev1.Secret{}
+
+	if err := r.k8sClient.Get(ctx, types.NamespacedName{Name: secretName, Namespace: r.namespace}, secret); err != nil {
+		if !apierrs.IsNotFound(err) {
+			return nil, err
+		}
+
+		logger.V(2).Info("generating secret", "namespace", r.namespace, "name", secretName)
+		secret = &corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{Name: secretName, Namespace: r.namespace},
+			StringData: map[string]string{secretDeployTokenKey: r.deployToken},
+		}
+
+		logger.V(2).Info("creating secret", "namespace", secret.Namespace, "name", secret.Name)
+		if err := r.k8sClient.Create(ctx, secret); err != nil {
+			logger.Error(err, "unable to create secret")
+			return nil, err
+		}
+
+		return secret, nil
+	}
+
+	if deployToken, exists := secret.Data[secretDeployTokenKey]; !exists || string(deployToken) != r.deployToken {
+		logger.V(2).Info("updating secret", "namespace", secret.Namespace, "name", secret.Name)
+		secret.StringData = map[string]string{secretDeployTokenKey: r.deployToken}
+		if err := r.k8sClient.Update(ctx, secret); err != nil {
+			logger.Error(err, "unable to update secret")
+			return nil, err
+		}
+	}
+
+	return secret, nil
+
+}