mirror of
https://github.com/1Password/onepassword-operator.git
synced 2025-10-22 15:38:06 +00:00
Error when secret type is changed
This commit is contained in:
@@ -16,6 +16,7 @@ import (
|
|||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/types"
|
"k8s.io/apimachinery/pkg/types"
|
||||||
kubeValidate "k8s.io/apimachinery/pkg/util/validation"
|
kubeValidate "k8s.io/apimachinery/pkg/util/validation"
|
||||||
|
errs "errors"
|
||||||
|
|
||||||
kubernetesClient "sigs.k8s.io/controller-runtime/pkg/client"
|
kubernetesClient "sigs.k8s.io/controller-runtime/pkg/client"
|
||||||
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
||||||
@@ -51,10 +52,7 @@ func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretNa
|
|||||||
secretAnnotations[RestartDeploymentsAnnotation] = autoRestart
|
secretAnnotations[RestartDeploymentsAnnotation] = autoRestart
|
||||||
}
|
}
|
||||||
|
|
||||||
// Default to Opaque secrets
|
// "Opaque" and "" secret types are treated the same by Kubernetes.
|
||||||
if secretType == "" {
|
|
||||||
secretType = "Opaque"
|
|
||||||
}
|
|
||||||
secret := BuildKubernetesSecretFromOnePasswordItem(secretName, namespace, secretAnnotations, labels, secretType, *item)
|
secret := BuildKubernetesSecretFromOnePasswordItem(secretName, namespace, secretAnnotations, labels, secretType, *item)
|
||||||
|
|
||||||
currentSecret := &corev1.Secret{}
|
currentSecret := &corev1.Secret{}
|
||||||
@@ -69,15 +67,15 @@ func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretNa
|
|||||||
currentAnnotations := currentSecret.Annotations
|
currentAnnotations := currentSecret.Annotations
|
||||||
currentLabels := currentSecret.Labels
|
currentLabels := currentSecret.Labels
|
||||||
currentSecretType := string(currentSecret.Type)
|
currentSecretType := string(currentSecret.Type)
|
||||||
if currentSecretType == "" {
|
if !reflect.DeepEqual(currentSecretType, secretType) {
|
||||||
currentSecretType = "Opaque"
|
return errs.New("Cannot change secret type. Secret type is immutable")
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(currentAnnotations, secretAnnotations) || !reflect.DeepEqual(currentLabels, labels) || !reflect.DeepEqual(currentSecretType, secretType) {
|
|
||||||
|
if !reflect.DeepEqual(currentAnnotations, secretAnnotations) || !reflect.DeepEqual(currentLabels, labels) {
|
||||||
log.Info(fmt.Sprintf("Updating Secret %v at namespace '%v'", secret.Name, secret.Namespace))
|
log.Info(fmt.Sprintf("Updating Secret %v at namespace '%v'", secret.Name, secret.Namespace))
|
||||||
currentSecret.ObjectMeta.Annotations = secretAnnotations
|
currentSecret.ObjectMeta.Annotations = secretAnnotations
|
||||||
currentSecret.ObjectMeta.Labels = labels
|
currentSecret.ObjectMeta.Labels = labels
|
||||||
currentSecret.Data = secret.Data
|
currentSecret.Data = secret.Data
|
||||||
currentSecret.Type = corev1.SecretType(secretType)
|
|
||||||
return kubeClient.Update(context.Background(), currentSecret)
|
return kubeClient.Update(context.Background(), currentSecret)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user