From eecd44d3ee874427da1374ef23df04dff86df2c4 Mon Sep 17 00:00:00 2001
From: Mauricio Harley <mharley@redhat.com>
Date: Fri, 27 Sep 2024 12:40:44 +0000
Subject: [PATCH] Continuation pr145

---
 .../barbicankeystonelistener_controller.go    | 29 ++++++++++---------
 controllers/barbicanworker_controller.go      | 29 ++++++++++---------
 2 files changed, 30 insertions(+), 28 deletions(-)

diff --git a/controllers/barbicankeystonelistener_controller.go b/controllers/barbicankeystonelistener_controller.go
index af1608d..6d0f7c9 100644
--- a/controllers/barbicankeystonelistener_controller.go
+++ b/controllers/barbicankeystonelistener_controller.go
@@ -178,19 +178,12 @@ func (r *BarbicanKeystoneListenerReconciler) getSecret(
 	h *helper.Helper,
 	instance *barbicanv1beta1.BarbicanKeystoneListener,
 	secretName string,
+	expectedFields []string,
 	envVars *map[string]env.Setter,
 ) (ctrl.Result, error) {
-	secret, hash, err := secret.GetSecret(ctx, h, secretName, instance.Namespace)
+	Log := r.GetLogger(ctx)
+	hash, result, err := secret.VerifySecret(ctx, types.NamespacedName{Name: secretName, Namespace: instance.Namespace}, expectedFields, h.GetClient(), time.Second*10)
 	if err != nil {
-		if k8s_errors.IsNotFound(err) {
-			h.GetLogger().Info(fmt.Sprintf("secret %s not found", secretName))
-			instance.Status.Conditions.Set(condition.FalseCondition(
-				condition.InputReadyCondition,
-				condition.RequestedReason,
-				condition.SeverityInfo,
-				condition.InputReadyWaitingMessage))
-			return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, nil
-		}
 		instance.Status.Conditions.Set(condition.FalseCondition(
 			condition.InputReadyCondition,
 			condition.ErrorReason,
@@ -198,11 +191,19 @@ func (r *BarbicanKeystoneListenerReconciler) getSecret(
 			condition.InputReadyErrorMessage,
 			err.Error()))
 		return ctrl.Result{}, err
+	} else if (result != ctrl.Result{}) {
+		Log.Info(fmt.Sprintf("OpenStack secret %s not found", secretName))
+		instance.Status.Conditions.Set(condition.FalseCondition(
+			condition.InputReadyCondition,
+			condition.RequestedReason,
+			condition.SeverityInfo,
+			condition.InputReadyWaitingMessage))
+		return result, nil
 	}
 
 	// Add a prefix to the var name to avoid accidental collision with other non-secret
 	// vars. The secret names themselves will be unique.
-	(*envVars)["secret-"+secret.Name] = env.SetValue(hash)
+	(*envVars)["secret-"+secretName] = env.SetValue(hash)
 	// env[secret-osp-secret] = hash?
 
 	return ctrl.Result{}, nil
@@ -369,8 +370,8 @@ func (r *BarbicanKeystoneListenerReconciler) reconcileNormal(ctx context.Context
 	//
 	// check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map
 	//
-	Log.Info(fmt.Sprintf("[KeystoneListener] Get secret 1 '%s'", instance.Name))
-	ctrlResult, err := r.getSecret(ctx, helper, instance, instance.Spec.Secret, &configVars)
+	Log.Info(fmt.Sprintf("[KeystoneListener] Get secret 1 '%s'", instance.Spec.Secret))
+	ctrlResult, err := r.getSecret(ctx, helper, instance, instance.Spec.Secret, []string{instance.Spec.PasswordSelectors.Service}, &configVars)
 	if err != nil {
 		return ctrlResult, err
 	}
@@ -379,7 +380,7 @@ func (r *BarbicanKeystoneListenerReconciler) reconcileNormal(ctx context.Context
 	// check for required TransportURL secret holding transport URL string
 	//
 	Log.Info(fmt.Sprintf("[KeystoneListener] Get secret 2 '%s'", instance.Spec.TransportURLSecret))
-	ctrlResult, err = r.getSecret(ctx, helper, instance, instance.Spec.TransportURLSecret, &configVars)
+	ctrlResult, err = r.getSecret(ctx, helper, instance, instance.Spec.TransportURLSecret, []string{TransportURL}, &configVars)
 	if err != nil {
 		return ctrlResult, err
 	}
diff --git a/controllers/barbicanworker_controller.go b/controllers/barbicanworker_controller.go
index bb77867..e5cb87e 100644
--- a/controllers/barbicanworker_controller.go
+++ b/controllers/barbicanworker_controller.go
@@ -167,19 +167,12 @@ func (r *BarbicanWorkerReconciler) getSecret(
 	h *helper.Helper,
 	instance *barbicanv1beta1.BarbicanWorker,
 	secretName string,
+	expectedFields []string,
 	envVars *map[string]env.Setter,
 ) (ctrl.Result, error) {
-	secret, hash, err := secret.GetSecret(ctx, h, secretName, instance.Namespace)
+	Log := r.GetLogger(ctx)
+	hash, result, err := secret.VerifySecret(ctx, types.NamespacedName{Name: secretName, Namespace: instance.Namespace}, expectedFields, h.GetClient(), time.Second*10)
 	if err != nil {
-		if k8s_errors.IsNotFound(err) {
-			h.GetLogger().Info(fmt.Sprintf("secret %s not found", secretName))
-			instance.Status.Conditions.Set(condition.FalseCondition(
-				condition.InputReadyCondition,
-				condition.RequestedReason,
-				condition.SeverityInfo,
-				condition.InputReadyWaitingMessage))
-			return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, nil
-		}
 		instance.Status.Conditions.Set(condition.FalseCondition(
 			condition.InputReadyCondition,
 			condition.ErrorReason,
@@ -187,11 +180,19 @@ func (r *BarbicanWorkerReconciler) getSecret(
 			condition.InputReadyErrorMessage,
 			err.Error()))
 		return ctrl.Result{}, err
+	} else if (result != ctrl.Result{}) {
+		Log.Info(fmt.Sprintf("OpenStack secret %s not found", secretName))
+		instance.Status.Conditions.Set(condition.FalseCondition(
+			condition.InputReadyCondition,
+			condition.RequestedReason,
+			condition.SeverityInfo,
+			condition.InputReadyWaitingMessage))
+		return result, nil
 	}
 
 	// Add a prefix to the var name to avoid accidental collision with other non-secret
 	// vars. The secret names themselves will be unique.
-	(*envVars)["secret-"+secret.Name] = env.SetValue(hash)
+	(*envVars)["secret-"+secretName] = env.SetValue(hash)
 	// env[secret-osp-secret] = hash?
 
 	return ctrl.Result{}, nil
@@ -331,8 +332,8 @@ func (r *BarbicanWorkerReconciler) reconcileNormal(ctx context.Context, instance
 	//
 	// check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map
 	//
-	Log.Info(fmt.Sprintf("[Worker] Get secret 1 '%s'", instance.Name))
-	ctrlResult, err := r.getSecret(ctx, helper, instance, instance.Spec.Secret, &configVars)
+	Log.Info(fmt.Sprintf("[API] Get secret 1 '%s'", instance.Spec.Secret))
+	ctrlResult, err := r.getSecret(ctx, helper, instance, instance.Spec.Secret, []string{instance.Spec.PasswordSelectors.Service}, &configVars)
 	if err != nil {
 		return ctrlResult, err
 	}
@@ -341,7 +342,7 @@ func (r *BarbicanWorkerReconciler) reconcileNormal(ctx context.Context, instance
 	// check for required TransportURL secret holding transport URL string
 	//
 	Log.Info(fmt.Sprintf("[Worker] Get secret 2 '%s'", instance.Spec.TransportURLSecret))
-	ctrlResult, err = r.getSecret(ctx, helper, instance, instance.Spec.TransportURLSecret, &configVars)
+	ctrlResult, err = r.getSecret(ctx, helper, instance, instance.Spec.TransportURLSecret, []string{TransportURL}, &configVars)
 	if err != nil {
 		return ctrlResult, err
 	}