diff --git a/controllers/keystoneapi_controller.go b/controllers/keystoneapi_controller.go index a99633da..8688b7d0 100644 --- a/controllers/keystoneapi_controller.go +++ b/controllers/keystoneapi_controller.go @@ -1332,6 +1332,8 @@ func (r *KeystoneAPIReconciler) ensureFernetKeys( labels := labels.GetLabels(instance, labels.GetGroupLabel(keystone.ServiceName), map[string]string{}) now := time.Now().UTC() + fmt.Println("::::::::::::::::::::: RECONCILE :::::::::::::::::::::::::::::::::::::") + fmt.Println(int(*instance.Spec.FernetMaxActiveKeys)) // // check if secret already exist // @@ -1342,6 +1344,7 @@ func (r *KeystoneAPIReconciler) ensureFernetKeys( } else { numberKeys = int(*instance.Spec.FernetMaxActiveKeys) } + fmt.Println(numberKeys) secret, hash, err := oko_secret.GetSecret(ctx, helper, secretName, instance.Namespace) @@ -1375,12 +1378,17 @@ func (r *KeystoneAPIReconciler) ensureFernetKeys( return err } } else { + fmt.Println("BEGIN ::::::::::::::::::::::::::::::::::::::::::::::") + //fmt.Println(secret) + //fmt.Println("::::::::::::::::::::::::::::::::::::::::::::::") // add hash to envVars (*envVars)[secret.Name] = env.SetValue(hash) changedKeys := false extraKey := fmt.Sprintf("FernetKeys%d", numberKeys) + //fmt.Println(extraKey) + //fmt.Println() // // Fernet Key rotation @@ -1399,16 +1407,20 @@ func (r *KeystoneAPIReconciler) ensureFernetKeys( if err != nil { changedKeys = true + //fmt.Println("CHANGED") } else if rotatedAt.AddDate(0, 0, duration).Before(now) { secret.Data[extraKey] = secret.Data["FernetKeys0"] secret.Data["FernetKeys0"] = []byte(keystone.GenerateFernetKey()) + //fmt.Println(secret.Data) } + //fmt.Println("BEFORE THE FOR ::::::::::::::::::::::::::::::::::::::::::::::") // // Remove extra keys when FernetMaxActiveKeys changes // for { _, exists := secret.Data[extraKey] + //fmt.Println(exists) if !exists { break } @@ -1426,14 +1438,21 @@ func (r *KeystoneAPIReconciler) ensureFernetKeys( delete(secret.Data, nextKey) } } + //fmt.Println("END FOR ::::::::::::::::::::::::::::::::::::::::::::::") // // Add extra keys when FernetMaxActiveKeys changes // lastKey := fmt.Sprintf("FernetKeys%d", numberKeys-1) + fmt.Println("::::::::::::::::::::: LAST KEY") + fmt.Println(lastKey) for { + fmt.Println("::::::::::::::::::::: FOR") + fmt.Println(secret.Data) _, exists := secret.Data[lastKey] + fmt.Println(exists) if exists { + //fmt.Println("BREAK!") break } changedKeys = true @@ -1451,6 +1470,8 @@ func (r *KeystoneAPIReconciler) ensureFernetKeys( } } + fmt.Println(":::::::::::::::::::::::::::::::::::::::::::::: END FOR") + if !changedKeys { return nil } @@ -1459,6 +1480,8 @@ func (r *KeystoneAPIReconciler) ensureFernetKeys( for k, v := range secret.Data { fernetKeys[k] = string(v[:]) } + fmt.Println(":::::::::::::::::::::::::::::::::::::::::::::: FERNET KEYS") + fmt.Println(fernetKeys) secret.Annotations[fernetAnnotation] = now.Format(time.RFC3339) diff --git a/tests/functional/keystoneapi_controller_test.go b/tests/functional/keystoneapi_controller_test.go index 3f6cd09f..b7fc87d0 100644 --- a/tests/functional/keystoneapi_controller_test.go +++ b/tests/functional/keystoneapi_controller_test.go @@ -1202,12 +1202,31 @@ var _ = Describe("Keystone controller", func() { Expect(secret).ToNot(BeNil()) keystone := GetKeystoneAPI(keystoneAPIName) - keystone.Spec.FernetMaxActiveKeys = ptr.To(int32(6)) + fmt.Println("================== TEST PREVIOUS VALUE =====================") + fmt.Println(GetKeystoneAPI(keystoneAPIName)) + fmt.Println(keystone.Spec.FernetMaxActiveKeys) + fmt.Println(*keystone.Spec.FernetMaxActiveKeys) + + fmt.Println("================== TEST KEEP GOING =====================") + _, err := controllerutil.CreateOrPatch( - th.Ctx, th.K8sClient, keystone, func() error { return nil }) + th.Ctx, th.K8sClient, keystone, func() error { + fmt.Println("================== ON MUTATEFN") + fmt.Println(*keystone.Spec.FernetMaxActiveKeys) + keystone.Spec.FernetMaxActiveKeys = ptr.To(int32(6)) + fmt.Println(*keystone.Spec.FernetMaxActiveKeys) + return nil + }) Expect(err).ToNot(HaveOccurred()) + // REMOVE LINE: Added this line to trigger the reconcile + controllerutil.CreateOrPatch(th.Ctx, th.K8sClient, GetKeystoneAPI(keystoneAPIName), func() error { return nil }) + fmt.Println("================== TEST AFTER VALUE =====================") + fmt.Println(*GetKeystoneAPI(keystoneAPIName).Spec.FernetMaxActiveKeys) Eventually(func(g Gomega) { + fmt.Println("===================== EVENTUALLY") + fmt.Println(*GetKeystoneAPI(keystoneAPIName).Spec.FernetMaxActiveKeys) + secret = th.GetSecret(types.NamespacedName{Namespace: keystoneAPIName.Namespace, Name: "keystone"}) numberFernetKeys := 0 for k, _ := range secret.Data { if strings.HasPrefix(k, "FernetKeys") {