From 0824aa0837d5af29dad4c437c646c59720ca408f Mon Sep 17 00:00:00 2001
From: jillianwilson <jillian.morgan@agilebits.com>
Date: Fri, 26 Feb 2021 10:45:30 -0400
Subject: [PATCH] Refactoring map of updated secrets to include secret

---
 ...onepassword.com_v1_onepassworditem_cr.yaml |  1 +
 .../deployment/deployment_controller.go       |  4 ++--
 pkg/onepassword/annotations.go                |  3 ++-
 pkg/onepassword/containers.go                 |  2 +-
 pkg/onepassword/containers_test.go            | 14 ++++++++------
 pkg/onepassword/deployments.go                |  7 +++++--
 pkg/onepassword/deployments_test.go           | 19 ++++++++++---------
 pkg/onepassword/secret_update_handler.go      | 12 ++++++------
 pkg/onepassword/secret_update_handler_test.go |  6 +++---
 pkg/onepassword/volumes.go                    |  2 +-
 pkg/onepassword/volumes_test.go               | 14 ++++++++------
 11 files changed, 47 insertions(+), 37 deletions(-)

diff --git a/deploy/crds/onepassword.com_v1_onepassworditem_cr.yaml b/deploy/crds/onepassword.com_v1_onepassworditem_cr.yaml
index 8afe8fc..d0a94dd 100644
--- a/deploy/crds/onepassword.com_v1_onepassworditem_cr.yaml
+++ b/deploy/crds/onepassword.com_v1_onepassworditem_cr.yaml
@@ -2,5 +2,6 @@ apiVersion: onepassword.com/v1
 kind: OnePasswordItem
 metadata:
   name: example
+  onepasswordoperator/auto_restart: "true"
 spec:
   itemPath: "vaults/<vault_id>/items/<item_id>"
diff --git a/pkg/controller/deployment/deployment_controller.go b/pkg/controller/deployment/deployment_controller.go
index 16f7cdc..d1fc744 100644
--- a/pkg/controller/deployment/deployment_controller.go
+++ b/pkg/controller/deployment/deployment_controller.go
@@ -142,7 +142,7 @@ func (r *ReconcileDeployment) cleanupKubernetesSecretForDeployment(secretName st
 	if len(secretName) == 0 {
 		return nil
 	}
-	updatedSecrets := map[string]bool{secretName: true}
+	updatedSecrets := map[string]*corev1.Secret{secretName: kubernetesSecret}
 
 	multipleDeploymentsUsingSecret, err := r.areMultipleDeploymentsUsingSecret(updatedSecrets, *deletedDeployment)
 	if err != nil {
@@ -160,7 +160,7 @@ func (r *ReconcileDeployment) cleanupKubernetesSecretForDeployment(secretName st
 	return nil
 }
 
-func (r *ReconcileDeployment) areMultipleDeploymentsUsingSecret(updatedSecrets map[string]bool, deletedDeployment appsv1.Deployment) (bool, error) {
+func (r *ReconcileDeployment) areMultipleDeploymentsUsingSecret(updatedSecrets map[string]*corev1.Secret, deletedDeployment appsv1.Deployment) (bool, error) {
 	deployments := &appsv1.DeploymentList{}
 	opts := []client.ListOption{
 		client.InNamespace(deletedDeployment.Namespace),
diff --git a/pkg/onepassword/annotations.go b/pkg/onepassword/annotations.go
index b7b5227..7c60d8e 100644
--- a/pkg/onepassword/annotations.go
+++ b/pkg/onepassword/annotations.go
@@ -4,6 +4,7 @@ import (
 	"regexp"
 
 	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
 )
 
 const (
@@ -42,7 +43,7 @@ func FilterAnnotations(annotations map[string]string, regex *regexp.Regexp) map[
 	return filteredAnnotations
 }
 
-func AreAnnotationsUsingSecrets(annotations map[string]string, secrets map[string]bool) bool {
+func AreAnnotationsUsingSecrets(annotations map[string]string, secrets map[string]*corev1.Secret) bool {
 	_, ok := secrets[annotations[NameAnnotation]]
 	if ok {
 		return true
diff --git a/pkg/onepassword/containers.go b/pkg/onepassword/containers.go
index 759c905..2dfed26 100644
--- a/pkg/onepassword/containers.go
+++ b/pkg/onepassword/containers.go
@@ -2,7 +2,7 @@ package onepassword
 
 import corev1 "k8s.io/api/core/v1"
 
-func AreContainersUsingSecrets(containers []corev1.Container, secrets map[string]bool) bool {
+func AreContainersUsingSecrets(containers []corev1.Container, secrets map[string]*corev1.Secret) bool {
 	for i := 0; i < len(containers); i++ {
 		envVariables := containers[i].Env
 		for j := 0; j < len(envVariables); j++ {
diff --git a/pkg/onepassword/containers_test.go b/pkg/onepassword/containers_test.go
index 7836edb..676c517 100644
--- a/pkg/onepassword/containers_test.go
+++ b/pkg/onepassword/containers_test.go
@@ -2,12 +2,14 @@ package onepassword
 
 import (
 	"testing"
+
+	corev1 "k8s.io/api/core/v1"
 )
 
 func TestAreContainersUsingSecrets(t *testing.T) {
-	secretNamesToSearch := map[string]bool{
-		"onepassword-database-secret": true,
-		"onepassword-api-key":         true,
+	secretNamesToSearch := map[string]*corev1.Secret{
+		"onepassword-database-secret": &corev1.Secret{},
+		"onepassword-api-key":         &corev1.Secret{},
 	}
 
 	containerSecretNames := []string{
@@ -24,9 +26,9 @@ func TestAreContainersUsingSecrets(t *testing.T) {
 }
 
 func TestAreContainersNotUsingSecrets(t *testing.T) {
-	secretNamesToSearch := map[string]bool{
-		"onepassword-database-secret": true,
-		"onepassword-api-key":         true,
+	secretNamesToSearch := map[string]*corev1.Secret{
+		"onepassword-database-secret": &corev1.Secret{},
+		"onepassword-api-key":         &corev1.Secret{},
 	}
 
 	containerSecretNames := []string{
diff --git a/pkg/onepassword/deployments.go b/pkg/onepassword/deployments.go
index f1c1373..e5d5181 100644
--- a/pkg/onepassword/deployments.go
+++ b/pkg/onepassword/deployments.go
@@ -1,8 +1,11 @@
 package onepassword
 
-import appsv1 "k8s.io/api/apps/v1"
+import (
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+)
 
-func IsDeploymentUsingSecrets(deployment *appsv1.Deployment, secrets map[string]bool) bool {
+func IsDeploymentUsingSecrets(deployment *appsv1.Deployment, secrets map[string]*corev1.Secret) bool {
 	volumes := deployment.Spec.Template.Spec.Volumes
 	containers := deployment.Spec.Template.Spec.Containers
 	containers = append(containers, deployment.Spec.Template.Spec.InitContainers...)
diff --git a/pkg/onepassword/deployments_test.go b/pkg/onepassword/deployments_test.go
index b3b62f8..d7445b1 100644
--- a/pkg/onepassword/deployments_test.go
+++ b/pkg/onepassword/deployments_test.go
@@ -4,12 +4,13 @@ import (
 	"testing"
 
 	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
 )
 
 func TestIsDeploymentUsingSecretsUsingVolumes(t *testing.T) {
-	secretNamesToSearch := map[string]bool{
-		"onepassword-database-secret": true,
-		"onepassword-api-key":         true,
+	secretNamesToSearch := map[string]*corev1.Secret{
+		"onepassword-database-secret": &corev1.Secret{},
+		"onepassword-api-key":         &corev1.Secret{},
 	}
 
 	volumeSecretNames := []string{
@@ -26,9 +27,9 @@ func TestIsDeploymentUsingSecretsUsingVolumes(t *testing.T) {
 }
 
 func TestIsDeploymentUsingSecretsUsingContainers(t *testing.T) {
-	secretNamesToSearch := map[string]bool{
-		"onepassword-database-secret": true,
-		"onepassword-api-key":         true,
+	secretNamesToSearch := map[string]*corev1.Secret{
+		"onepassword-database-secret": &corev1.Secret{},
+		"onepassword-api-key":         &corev1.Secret{},
 	}
 
 	containerSecretNames := []string{
@@ -45,9 +46,9 @@ func TestIsDeploymentUsingSecretsUsingContainers(t *testing.T) {
 }
 
 func TestIsDeploymentNotUSingSecrets(t *testing.T) {
-	secretNamesToSearch := map[string]bool{
-		"onepassword-database-secret": true,
-		"onepassword-api-key":         true,
+	secretNamesToSearch := map[string]*corev1.Secret{
+		"onepassword-database-secret": &corev1.Secret{},
+		"onepassword-api-key":         &corev1.Secret{},
 	}
 
 	deployment := &appsv1.Deployment{}
diff --git a/pkg/onepassword/secret_update_handler.go b/pkg/onepassword/secret_update_handler.go
index b7ae112..bf2b5f8 100644
--- a/pkg/onepassword/secret_update_handler.go
+++ b/pkg/onepassword/secret_update_handler.go
@@ -45,7 +45,7 @@ func (h *SecretUpdateHandler) UpdateKubernetesSecretsTask() error {
 	return h.restartDeploymentsWithUpdatedSecrets(updatedKubernetesSecrets)
 }
 
-func (h *SecretUpdateHandler) restartDeploymentsWithUpdatedSecrets(updatedSecretsByNamespace map[string]map[string]bool) error {
+func (h *SecretUpdateHandler) restartDeploymentsWithUpdatedSecrets(updatedSecretsByNamespace map[string]map[string]*corev1.Secret) error {
 	// No secrets to update. Exit
 	if len(updatedSecretsByNamespace) == 0 || updatedSecretsByNamespace == nil {
 		return nil
@@ -94,7 +94,7 @@ func (h *SecretUpdateHandler) restartDeployment(deployment *appsv1.Deployment) {
 	}
 }
 
-func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]bool, error) {
+func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]*corev1.Secret, error) {
 	secrets := &corev1.SecretList{}
 	err := h.client.List(context.Background(), secrets)
 	if err != nil {
@@ -102,7 +102,7 @@ func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]b
 		return nil, err
 	}
 
-	updatedSecrets := map[string]map[string]bool{}
+	updatedSecrets := map[string]map[string]*corev1.Secret{}
 	for i := 0; i < len(secrets.Items); i++ {
 		secret := secrets.Items[i]
 
@@ -130,9 +130,9 @@ func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]b
 			updatedSecret := kubeSecrets.BuildKubernetesSecretFromOnePasswordItem(secret.Name, secret.Namespace, secret.Annotations, *item)
 			h.client.Update(context.Background(), updatedSecret)
 			if updatedSecrets[secret.Namespace] == nil {
-				updatedSecrets[secret.Namespace] = make(map[string]bool)
+				updatedSecrets[secret.Namespace] = make(map[string]*corev1.Secret)
 			}
-			updatedSecrets[secret.Namespace][secret.Name] = true
+			updatedSecrets[secret.Namespace][secret.Name] = &secret
 		}
 	}
 	return updatedSecrets, nil
@@ -148,7 +148,7 @@ func isItemLockedForForcedRestarts(item *onepassword.Item) bool {
 	return false
 }
 
-func isUpdatedSecret(secretName string, updatedSecrets map[string]bool) bool {
+func isUpdatedSecret(secretName string, updatedSecrets map[string]*corev1.Secret) bool {
 	_, ok := updatedSecrets[secretName]
 	if ok {
 		return true
diff --git a/pkg/onepassword/secret_update_handler_test.go b/pkg/onepassword/secret_update_handler_test.go
index 6df5b0d..d2b9934 100644
--- a/pkg/onepassword/secret_update_handler_test.go
+++ b/pkg/onepassword/secret_update_handler_test.go
@@ -694,12 +694,12 @@ func TestUpdateSecretHandler(t *testing.T) {
 func TestIsUpdatedSecret(t *testing.T) {
 
 	secretName := "test-secret"
-	updatedSecrets := map[string]bool{
-		"some_secret": true,
+	updatedSecrets := map[string]*corev1.Secret{
+		"some_secret": &corev1.Secret{},
 	}
 	assert.False(t, isUpdatedSecret(secretName, updatedSecrets))
 
-	updatedSecrets[secretName] = true
+	updatedSecrets[secretName] = &corev1.Secret{}
 	assert.True(t, isUpdatedSecret(secretName, updatedSecrets))
 }
 
diff --git a/pkg/onepassword/volumes.go b/pkg/onepassword/volumes.go
index a75b268..038c15c 100644
--- a/pkg/onepassword/volumes.go
+++ b/pkg/onepassword/volumes.go
@@ -2,7 +2,7 @@ package onepassword
 
 import corev1 "k8s.io/api/core/v1"
 
-func AreVolumesUsingSecrets(volumes []corev1.Volume, secrets map[string]bool) bool {
+func AreVolumesUsingSecrets(volumes []corev1.Volume, secrets map[string]*corev1.Secret) bool {
 	for i := 0; i < len(volumes); i++ {
 		if secret := volumes[i].Secret; secret != nil {
 			secretName := secret.SecretName
diff --git a/pkg/onepassword/volumes_test.go b/pkg/onepassword/volumes_test.go
index d3cce58..00d109c 100644
--- a/pkg/onepassword/volumes_test.go
+++ b/pkg/onepassword/volumes_test.go
@@ -2,12 +2,14 @@ package onepassword
 
 import (
 	"testing"
+
+	corev1 "k8s.io/api/core/v1"
 )
 
 func TestAreVolmesUsingSecrets(t *testing.T) {
-	secretNamesToSearch := map[string]bool{
-		"onepassword-database-secret": true,
-		"onepassword-api-key":         true,
+	secretNamesToSearch := map[string]*corev1.Secret{
+		"onepassword-database-secret": &corev1.Secret{},
+		"onepassword-api-key":         &corev1.Secret{},
 	}
 
 	volumeSecretNames := []string{
@@ -24,9 +26,9 @@ func TestAreVolmesUsingSecrets(t *testing.T) {
 }
 
 func TestAreVolumesNotUsingSecrets(t *testing.T) {
-	secretNamesToSearch := map[string]bool{
-		"onepassword-database-secret": true,
-		"onepassword-api-key":         true,
+	secretNamesToSearch := map[string]*corev1.Secret{
+		"onepassword-database-secret": &corev1.Secret{},
+		"onepassword-api-key":         &corev1.Secret{},
 	}
 
 	volumeSecretNames := []string{