Merge pull request #1050 from stuggi/update_validatecertsecrets

Update tls cert secret validation due VerifyCertSecrets() change

apis/go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/openstack-k8s-operators/infra-operator/apis v0.4.1-0.20240813061654-72bf12d9b73e
 	github.com/openstack-k8s-operators/ironic-operator/api v0.4.1-0.20240807084947-190400f63726
 	github.com/openstack-k8s-operators/keystone-operator/api v0.4.1-0.20240812074544-7379da550fef
-	github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059
+	github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6
 	github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059
 	github.com/openstack-k8s-operators/manila-operator/api v0.4.1-0.20240828194804-f733ae7bf68d
 	github.com/openstack-k8s-operators/mariadb-operator/api v0.4.1-0.20240812075114-497caae42b27

apis/go.sum

@@ -108,8 +108,8 @@ github.com/openstack-k8s-operators/ironic-operator/api v0.4.1-0.20240807084947-1
 github.com/openstack-k8s-operators/ironic-operator/api v0.4.1-0.20240807084947-190400f63726/go.mod h1:33VtB5iMt9SGJafuB3VCEgw1ezM4CBZ0xh0LU48+/ro=
 github.com/openstack-k8s-operators/keystone-operator/api v0.4.1-0.20240812074544-7379da550fef h1:DYmNZLkoYeT2NOoMN9XPiZS25EMXru6vMNZwwnEW5Og=
 github.com/openstack-k8s-operators/keystone-operator/api v0.4.1-0.20240812074544-7379da550fef/go.mod h1:MkvxXyvpUhfeKy4QDmzPMn6YH5eRu24uOgpLo9SBlwc=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059 h1:AQi/mrFBLRnus+lie6GDUokC7qT0y4OpiIkT4WRmpy4=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:68390qkx7+crmuqpbkTE/Am48nzO98Y9LdPT5XwOv30=
+github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6 h1:VSbVNzUa41hybq/lZi0L8bNv/yzYyNylc8yKSEO+ZCA=
+github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6/go.mod h1:6zxa5xg9uvpObVKFSJa/SA+vDDlgh0Q1aswxDB2XbxU=
 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.4.1-0.20240814075458-0ae9f7f9e059 h1:Ol1P8vPxIHWzTaL6RfENRiAxp2XrMQUYtnP5Ceek53A=
 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:CfMx4bwBVQEYMRt2dIcyqJjR3ToZxFEOPS+0Uy2Mm68=
 github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059 h1:HzvUWSO61v7RvJsteIAdyTycMIIJpr0Kk6FER6d1XAE=

controllers/client/openstackclient_controller.go

@@ -255,7 +255,7 @@ func (r *OpenStackClientReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 	configVars[*instance.Spec.OpenStackConfigSecret] = env.SetValue(secretHash)
 
 	if instance.Spec.CaBundleSecretName != "" {
-		secretHash, ctrlResult, err := tls.ValidateCACertSecret(
+		secretHash, err := tls.ValidateCACertSecret(
 			ctx,
 			helper.GetClient(),
 			types.NamespacedName{
@@ -266,26 +266,19 @@ func (r *OpenStackClientReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		if err != nil {
 			if k8s_errors.IsNotFound(err) {
 				instance.Status.Conditions.Set(condition.FalseCondition(
-					clientv1.OpenStackClientReadyCondition,
+					condition.TLSInputReadyCondition,
 					condition.RequestedReason,
 					condition.SeverityInfo,
-					clientv1.OpenStackClientSecretWaitingMessage))
-				return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, nil
+					fmt.Sprintf(condition.TLSInputReadyWaitingMessage, instance.Spec.CaBundleSecretName)))
+				return ctrl.Result{}, nil
 			}
 			instance.Status.Conditions.Set(condition.FalseCondition(
-				clientv1.OpenStackClientReadyCondition,
+				condition.TLSInputReadyCondition,
 				condition.ErrorReason,
 				condition.SeverityWarning,
-				clientv1.OpenStackClientReadyErrorMessage,
+				condition.TLSInputErrorMessage,
 				err.Error()))
 			return ctrl.Result{}, err
-		} else if (ctrlResult != ctrl.Result{}) {
-			instance.Status.Conditions.Set(condition.FalseCondition(
-				clientv1.OpenStackClientReadyCondition,
-				condition.RequestedReason,
-				condition.SeverityInfo,
-				clientv1.OpenStackClientSecretWaitingMessage))
-			return ctrlResult, nil
 		}
 
 		configVars[instance.Spec.CaBundleSecretName] = env.SetValue(secretHash)
@@ -300,6 +293,9 @@ func (r *OpenStackClientReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		configVars["PrometheusTls"] = env.SetValue(fmt.Sprint(metricStorage.Spec.PrometheusTLS.Enabled()))
 	}
 
+	// all cert input checks out so report InputReady
+	instance.Status.Conditions.MarkTrue(condition.TLSInputReadyCondition, condition.InputReadyMessage)
+
 	configVarsHash, err := util.HashOfInputHashes(configVars)
 	if err != nil {
 		return ctrl.Result{}, err

go.mod

@@ -23,7 +23,7 @@ require (
 	github.com/openstack-k8s-operators/keystone-operator/api v0.4.1-0.20240812074544-7379da550fef
 	github.com/openstack-k8s-operators/lib-common/modules/ansible v0.4.1-0.20240814075458-0ae9f7f9e059
 	github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.4.1-0.20240814075458-0ae9f7f9e059
-	github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059
+	github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6
 	github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059
 	github.com/openstack-k8s-operators/lib-common/modules/test v0.4.1-0.20240814075458-0ae9f7f9e059
 	github.com/openstack-k8s-operators/manila-operator/api v0.4.1-0.20240828194804-f733ae7bf68d

go.sum

@@ -118,8 +118,8 @@ github.com/openstack-k8s-operators/lib-common/modules/ansible v0.4.1-0.202408140
 github.com/openstack-k8s-operators/lib-common/modules/ansible v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:tP+nxk95PisCKJaXE/an2igG9lluxuOVhdmV9WtkR2s=
 github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.4.1-0.20240814075458-0ae9f7f9e059 h1:sYW4yrxAMcx6dAsg7NnJPbNQUR1SCbAF9kQ0ceZIZX8=
 github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:oYFS5h2LBfXtg7ooh7dt65M0wQlnKPgW38iB3CRMK5I=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059 h1:AQi/mrFBLRnus+lie6GDUokC7qT0y4OpiIkT4WRmpy4=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:68390qkx7+crmuqpbkTE/Am48nzO98Y9LdPT5XwOv30=
+github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6 h1:VSbVNzUa41hybq/lZi0L8bNv/yzYyNylc8yKSEO+ZCA=
+github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6/go.mod h1:6zxa5xg9uvpObVKFSJa/SA+vDDlgh0Q1aswxDB2XbxU=
 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.4.1-0.20240814075458-0ae9f7f9e059 h1:Ol1P8vPxIHWzTaL6RfENRiAxp2XrMQUYtnP5Ceek53A=
 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:CfMx4bwBVQEYMRt2dIcyqJjR3ToZxFEOPS+0Uy2Mm68=
 github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059 h1:HzvUWSO61v7RvJsteIAdyTycMIIJpr0Kk6FER6d1XAE=

pkg/openstack/common.go

@@ -248,25 +248,25 @@ func EnsureEndpointConfig(
 				if ingressOverride.TLS != nil && ingressOverride.TLS.SecretName != "" {
 					ed.Route.TLS.SecretName = ptr.To(ingressOverride.TLS.SecretName)
 					validateSecret := &tls.GenericService{SecretName: ed.Route.TLS.SecretName}
-					_, ctrlResult, err := validateSecret.ValidateCertSecret(ctx, helper, instance.GetNamespace())
+					_, err := validateSecret.ValidateCertSecret(ctx, helper, instance.GetNamespace())
 					if err != nil {
+						if k8s_errors.IsNotFound(err) {
+							instance.Status.Conditions.Set(condition.FalseCondition(
+								corev1.OpenStackControlPlaneCustomTLSReadyCondition,
+								condition.RequestedReason,
+								condition.SeverityInfo,
+								corev1.OpenStackControlPlaneCustomTLSReadyWaitingMessage,
+								ingressOverride.TLS.SecretName))
+							return endpoints, ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, nil
+						}
 						instance.Status.Conditions.Set(condition.FalseCondition(
 							corev1.OpenStackControlPlaneCustomTLSReadyCondition,
 							condition.ErrorReason,
 							condition.SeverityWarning,
 							corev1.OpenStackControlPlaneCustomTLSReadyErrorMessage,
 							ingressOverride.TLS.SecretName,
 							err.Error()))
-
-						return endpoints, ctrlResult, err
-					} else if (ctrlResult != ctrl.Result{}) {
-						instance.Status.Conditions.Set(condition.FalseCondition(
-							corev1.OpenStackControlPlaneCustomTLSReadyCondition,
-							condition.RequestedReason,
-							condition.SeverityInfo,
-							corev1.OpenStackControlPlaneCustomTLSReadyWaitingMessage,
-							ingressOverride.TLS.SecretName))
-						return endpoints, ctrlResult, nil
+						return endpoints, ctrl.Result{}, err
 					}
 					instance.Status.Conditions.MarkTrue(corev1.OpenStackControlPlaneCustomTLSReadyCondition,
 						corev1.OpenStackControlPlaneCustomTLSReadyMessage)
@@ -284,11 +284,12 @@ func EnsureEndpointConfig(
 				// a LoadBalancer (MetalLB) for the public endpoints.
 				if !ed.Route.Create && (tlsConfig.API.Public.SecretName != nil && *tlsConfig.API.Public.SecretName != "") {
 					ed.Service.TLS.SecretName = tlsConfig.API.Public.SecretName
-					_, ctrlResult, err := ed.Service.TLS.GenericService.ValidateCertSecret(ctx, helper, instance.GetNamespace())
+					_, err := ed.Service.TLS.GenericService.ValidateCertSecret(ctx, helper, instance.GetNamespace())
 					if err != nil {
-						return endpoints, ctrlResult, err
-					} else if (ctrlResult != ctrl.Result{}) {
-						return endpoints, ctrlResult, nil
+						if k8s_errors.IsNotFound(err) {
+							return endpoints, ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, nil
+						}
+						return endpoints, ctrl.Result{}, err
 					}
 				} else {
 					// issue a certificate for public pod virthost