[SECURESIGN-1529] Keep url status up-to-date

securesign · Dec 12, 2024 · 6ed5fc9 · 6ed5fc9
1 parent 0bd21a1
commit 6ed5fc9
Show file tree

Hide file tree

Showing 16 changed files with 262 additions and 101 deletions.
diff --git a/internal/controller/fulcio/actions/initialize.go b/internal/controller/fulcio/actions/initialize.go
@@ -3,17 +3,13 @@ package actions
 import (
 	"context"
 	"errors"
-	"fmt"
 
+	rhtasv1alpha1 "github.com/securesign/operator/api/v1alpha1"
 	"github.com/securesign/operator/internal/controller/common/action"
+	commonUtils "github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 	"github.com/securesign/operator/internal/controller/constants"
-	v12 "k8s.io/api/networking/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
-
-	rhtasv1alpha1 "github.com/securesign/operator/api/v1alpha1"
-	commonUtils "github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 )
 
 func NewInitializeAction() action.Action[*rhtasv1alpha1.Fulcio] {
@@ -57,21 +53,6 @@ func (i initializeAction) Handle(ctx context.Context, instance *rhtasv1alpha1.Fu
 		return i.StatusUpdate(ctx, instance)
 	}
 
-	if instance.Spec.ExternalAccess.Enabled {
-		protocol := "http://"
-		ingress := &v12.Ingress{}
-		err = i.Client.Get(ctx, types.NamespacedName{Name: DeploymentName, Namespace: instance.Namespace}, ingress)
-		if err != nil {
-			return i.Failed(err)
-		}
-		if len(ingress.Spec.TLS) > 0 {
-			protocol = "https://"
-		}
-		instance.Status.Url = protocol + ingress.Spec.Rules[0].Host
-	} else {
-		instance.Status.Url = fmt.Sprintf("http://%s.%s.svc", DeploymentName, instance.Namespace)
-	}
-
 	meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{Type: constants.Ready,
 		Status: metav1.ConditionTrue, Reason: constants.Ready})
 	return i.StatusUpdate(ctx, instance)

diff --git a/internal/controller/fulcio/actions/status_url.go b/internal/controller/fulcio/actions/status_url.go
@@ -0,0 +1,56 @@
+package actions
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/securesign/operator/internal/controller/common/action"
+	"github.com/securesign/operator/internal/controller/constants"
+	v12 "k8s.io/api/networking/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
+	"k8s.io/apimachinery/pkg/types"
+
+	rhtasv1alpha1 "github.com/securesign/operator/api/v1alpha1"
+)
+
+func NewStatusUrlAction() action.Action[*rhtasv1alpha1.Fulcio] {
+	return &statusUrlAction{}
+}
+
+type statusUrlAction struct {
+	action.BaseAction
+}
+
+func (i statusUrlAction) Name() string {
+	return "status-url"
+}
+
+func (i statusUrlAction) CanHandle(_ context.Context, instance *rhtasv1alpha1.Fulcio) bool {
+	c := meta.FindStatusCondition(instance.Status.Conditions, constants.Ready)
+	return c.Reason == constants.Creating || c.Reason == constants.Ready
+}
+
+func (i statusUrlAction) Handle(ctx context.Context, instance *rhtasv1alpha1.Fulcio) *action.Result {
+	var url string
+	if instance.Spec.ExternalAccess.Enabled {
+		protocol := "http://"
+		ingress := &v12.Ingress{}
+		err := i.Client.Get(ctx, types.NamespacedName{Name: DeploymentName, Namespace: instance.Namespace}, ingress)
+		if err != nil {
+			return i.Failed(err)
+		}
+		if len(ingress.Spec.TLS) > 0 {
+			protocol = "https://"
+		}
+		url = protocol + ingress.Spec.Rules[0].Host
+	} else {
+		url = fmt.Sprintf("http://%s.%s.svc", DeploymentName, instance.Namespace)
+	}
+
+	if url == instance.Status.Url {
+		return i.Continue()
+	}
+
+	instance.Status.Url = url
+	return i.StatusUpdate(ctx, instance)
+}
diff --git a/internal/controller/fulcio/fulcio_controller.go b/internal/controller/fulcio/fulcio_controller.go
@@ -102,6 +102,7 @@ func (r *FulcioReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
 		actions.NewCreateMonitorAction(),
 		actions.NewServiceAction(),
 		actions.NewIngressAction(),
+		actions.NewStatusUrlAction(),
 		transitions.NewToInitializePhaseAction[*rhtasv1alpha1.Fulcio](),
 		actions.NewInitializeAction(),
 	}

diff --git a/internal/controller/rekor/actions/ui/initialize.go b/internal/controller/rekor/actions/ui/initialize.go
@@ -4,17 +4,14 @@ import (
 	"context"
 	"errors"
 
+	rhtasv1alpha1 "github.com/securesign/operator/api/v1alpha1"
 	"github.com/securesign/operator/internal/controller/common/action"
 	"github.com/securesign/operator/internal/controller/common/utils"
+	commonUtils "github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 	"github.com/securesign/operator/internal/controller/constants"
 	"github.com/securesign/operator/internal/controller/rekor/actions"
-	v12 "k8s.io/api/networking/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
-
-	rhtasv1alpha1 "github.com/securesign/operator/api/v1alpha1"
-	commonUtils "github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 )
 
 func NewInitializeAction() action.Action[*rhtasv1alpha1.Rekor] {
@@ -58,18 +55,6 @@ func (i initializeAction) Handle(ctx context.Context, instance *rhtasv1alpha1.Re
 		return i.StatusUpdate(ctx, instance)
 	}
 
-	protocol := "http://"
-	ingress := &v12.Ingress{}
-	err = i.Client.Get(ctx, types.NamespacedName{Name: actions.SearchUiDeploymentName, Namespace: instance.Namespace}, ingress)
-	if err != nil {
-		// condition error
-		return i.FailedWithStatusUpdate(ctx, err, instance)
-	}
-	if len(ingress.Spec.TLS) > 0 {
-		protocol = "https://"
-	}
-
-	instance.Status.RekorSearchUIUrl = protocol + ingress.Spec.Rules[0].Host
 	meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{Type: actions.UICondition,
 		Status: metav1.ConditionTrue, Reason: constants.Ready})
 

diff --git a/internal/controller/rekor/actions/ui/status_url.go b/internal/controller/rekor/actions/ui/status_url.go
@@ -0,0 +1,50 @@
+package ui
+
+import (
+	"context"
+
+	"github.com/securesign/operator/internal/controller/common/action"
+	"github.com/securesign/operator/internal/controller/common/utils"
+	"github.com/securesign/operator/internal/controller/rekor/actions"
+	v12 "k8s.io/api/networking/v1"
+	"k8s.io/apimachinery/pkg/types"
+
+	rhtasv1alpha1 "github.com/securesign/operator/api/v1alpha1"
+)
+
+func NewStatusURLAction() action.Action[*rhtasv1alpha1.Rekor] {
+	return &statusUrlAction{}
+}
+
+type statusUrlAction struct {
+	action.BaseAction
+}
+
+func (i statusUrlAction) Name() string {
+	return "status-url"
+}
+
+func (i statusUrlAction) CanHandle(ctx context.Context, instance *rhtasv1alpha1.Rekor) bool {
+	return utils.IsEnabled(instance.Spec.RekorSearchUI.Enabled)
+}
+
+func (i statusUrlAction) Handle(ctx context.Context, instance *rhtasv1alpha1.Rekor) *action.Result {
+	protocol := "http://"
+	ingress := &v12.Ingress{}
+	err := i.Client.Get(ctx, types.NamespacedName{Name: actions.SearchUiDeploymentName, Namespace: instance.Namespace}, ingress)
+	if err != nil {
+		// condition error
+		return i.FailedWithStatusUpdate(ctx, err, instance)
+	}
+	if len(ingress.Spec.TLS) > 0 {
+		protocol = "https://"
+	}
+	url := protocol + ingress.Spec.Rules[0].Host
+
+	if url == instance.Status.RekorSearchUIUrl {
+		return i.Continue()
+	}
+
+	instance.Status.RekorSearchUIUrl = url
+	return i.StatusUpdate(ctx, instance)
+}
diff --git a/internal/controller/rekor/rekor_controller.go b/internal/controller/rekor/rekor_controller.go
@@ -123,6 +123,7 @@ func (r *RekorReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
 		ui.NewDeployAction(),
 		ui.NewCreateServiceAction(),
 		ui.NewIngressAction(),
+		ui.NewStatusURLAction(),
 
 		backfillredis.NewBackfillRedisCronJobAction(),
 

diff --git a/internal/controller/securesign/actions/ensure_fulcio.go b/internal/controller/securesign/actions/ensure_fulcio.go
@@ -82,16 +82,18 @@ func (i fulcioAction) CopyStatus(ctx context.Context, ok client.ObjectKey, insta
 		// not initialized yet, wait for update
 		return i.Continue()
 	}
-	if !meta.IsStatusConditionPresentAndEqual(instance.Status.Conditions, FulcioCondition, objectStatus.Status) {
+	switch {
+	case !meta.IsStatusConditionPresentAndEqual(instance.Status.Conditions, FulcioCondition, objectStatus.Status):
 		meta.SetStatusCondition(&instance.Status.Conditions, v1.Condition{
 			Type:   FulcioCondition,
 			Status: objectStatus.Status,
 			Reason: objectStatus.Reason,
 		})
-		if objectStatus.Status == v1.ConditionTrue {
-			instance.Status.FulcioStatus.Url = object.Status.Url
-		}
-		return i.StatusUpdate(ctx, instance)
+	case instance.Status.FulcioStatus.Url != object.Status.Url:
+		instance.Status.FulcioStatus.Url = object.Status.Url
+	default:
+		return i.Continue()
 	}
-	return i.Continue()
+
+	return i.StatusUpdate(ctx, instance)
 }
diff --git a/internal/controller/securesign/actions/ensure_rekor.go b/internal/controller/securesign/actions/ensure_rekor.go
@@ -81,16 +81,18 @@ func (i rekorAction) CopyStatus(ctx context.Context, ok client.ObjectKey, instan
 		// not initialized yet, wait for update
 		return i.Continue()
 	}
-	if !meta.IsStatusConditionPresentAndEqual(instance.Status.Conditions, RekorCondition, objectStatus.Status) {
+	switch {
+	case !meta.IsStatusConditionPresentAndEqual(instance.Status.Conditions, RekorCondition, objectStatus.Status):
 		meta.SetStatusCondition(&instance.Status.Conditions, v1.Condition{
 			Type:   RekorCondition,
 			Status: objectStatus.Status,
 			Reason: objectStatus.Reason,
 		})
-		if objectStatus.Status == v1.ConditionTrue {
-			instance.Status.RekorStatus.Url = object.Status.Url
-		}
-		return i.StatusUpdate(ctx, instance)
+	case instance.Status.RekorStatus.Url != object.Status.Url:
+		instance.Status.RekorStatus.Url = object.Status.Url
+	default:
+		return i.Continue()
 	}
-	return i.Continue()
+
+	return i.StatusUpdate(ctx, instance)
 }
diff --git a/internal/controller/securesign/actions/ensure_tsa.go b/internal/controller/securesign/actions/ensure_tsa.go
@@ -88,16 +88,18 @@ func (i tsaAction) CopyStatus(ctx context.Context, ok client.ObjectKey, instance
 		// not initialized yet, wait for update
 		return i.Continue()
 	}
-	if !meta.IsStatusConditionPresentAndEqual(instance.Status.Conditions, TSACondition, objectStatus.Status) {
+	switch {
+	case !meta.IsStatusConditionPresentAndEqual(instance.Status.Conditions, TSACondition, objectStatus.Status):
 		meta.SetStatusCondition(&instance.Status.Conditions, v1.Condition{
 			Type:   TSACondition,
 			Status: objectStatus.Status,
 			Reason: objectStatus.Reason,
 		})
-		if objectStatus.Status == v1.ConditionTrue {
-			instance.Status.TSAStatus.Url = object.Status.Url
-		}
-		return i.StatusUpdate(ctx, instance)
+	case instance.Status.TSAStatus.Url != object.Status.Url:
+		instance.Status.TSAStatus.Url = object.Status.Url
+	default:
+		return i.Continue()
 	}
-	return i.Continue()
+
+	return i.StatusUpdate(ctx, instance)
 }
diff --git a/internal/controller/securesign/actions/ensure_tuf.go b/internal/controller/securesign/actions/ensure_tuf.go
@@ -82,16 +82,19 @@ func (i tufAction) CopyStatus(ctx context.Context, ok client.ObjectKey, instance
 		// not initialized yet, wait for update
 		return i.Continue()
 	}
-	if !meta.IsStatusConditionPresentAndEqual(instance.Status.Conditions, TufCondition, objectStatus.Status) {
+
+	switch {
+	case !meta.IsStatusConditionPresentAndEqual(instance.Status.Conditions, TufCondition, objectStatus.Status):
 		meta.SetStatusCondition(&instance.Status.Conditions, v1.Condition{
 			Type:   TufCondition,
 			Status: objectStatus.Status,
 			Reason: objectStatus.Reason,
 		})
-		if objectStatus.Status == v1.ConditionTrue {
-			instance.Status.TufStatus.Url = object.Status.Url
-		}
-		return i.StatusUpdate(ctx, instance)
+	case instance.Status.TufStatus.Url != object.Status.Url:
+		instance.Status.TufStatus.Url = object.Status.Url
+	default:
+		return i.Continue()
 	}
-	return i.Continue()
+
+	return i.StatusUpdate(ctx, instance)
 }
diff --git a/internal/controller/tsa/actions/initialize.go b/internal/controller/tsa/actions/initialize.go
@@ -3,16 +3,13 @@ package actions
 import (
 	"context"
 	"errors"
-	"fmt"
 
 	rhtasv1alpha1 "github.com/securesign/operator/api/v1alpha1"
 	"github.com/securesign/operator/internal/controller/common/action"
 	commonUtils "github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 	"github.com/securesign/operator/internal/controller/constants"
-	v12 "k8s.io/api/networking/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
 )
 
 func NewInitializeAction() action.Action[*rhtasv1alpha1.TimestampAuthority] {
@@ -67,21 +64,6 @@ func (i initializeAction) Handle(ctx context.Context, instance *rhtasv1alpha1.Ti
 		return i.StatusUpdate(ctx, instance)
 	}
 
-	if instance.Spec.ExternalAccess.Enabled {
-		protocol := "http://"
-		ingress := &v12.Ingress{}
-		err = i.Client.Get(ctx, types.NamespacedName{Name: DeploymentName, Namespace: instance.Namespace}, ingress)
-		if err != nil {
-			return i.Failed(err)
-		}
-		if len(ingress.Spec.TLS) > 0 {
-			protocol = "https://"
-		}
-		instance.Status.Url = protocol + ingress.Spec.Rules[0].Host
-	} else {
-		instance.Status.Url = fmt.Sprintf("http://%s.%s.svc", DeploymentName, instance.Namespace)
-	}
-
 	meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{Type: TSAServerCondition,
 		Status: metav1.ConditionTrue, Reason: constants.Ready, ObservedGeneration: instance.Generation})