Make IgnoreUpdate secrets optional

Fixes issue where nonexistent secret with ignoreUpdate set would cause the plan to endlessly requeue due to errors. If it is ignored for purposes of plan hash, it should be optional. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Make IgnoreUpdate secrets optional
acc2fdf9 · Brad Davidson · Brad Davidson · 9de91324 · acc2fdf9 · acc2fdf9
Commit acc2fdf9 authored 4 months ago by Brad Davidson Committed by Brad Davidson 4 months ago
--- a/pkg/upgrade/handle_upgrade.go
+++ b/pkg/upgrade/handle_upgrade.go
@@ -40,7 +40,7 @@ func (ctl *Controller) handlePlans(ctx context.Context) error {
 			// validate plan, and generate events for transitions
 			validated := upgradeapiv1.PlanSpecValidated
 			validated.CreateUnknownIfNotExists(obj)
-			if err := upgradeplan.Validate(obj); err != nil {
+			if err := upgradeplan.Validate(obj, secretsCache); err != nil {
 				if !validated.IsFalse(obj) {
 					recorder.Eventf(obj, corev1.EventTypeWarning, "ValidateFailed", "Failed to validate plan: %v", err)
 				}

--- a/pkg/upgrade/job/job.go
+++ b/pkg/upgrade/job/job.go
@@ -288,6 +288,7 @@ func New(plan *upgradeapiv1.Plan, node *corev1.Node, controllerName string) *bat
 			VolumeSource: corev1.VolumeSource{
 				Secret: &corev1.SecretVolumeSource{
 					SecretName: secret.Name,
+					Optional:   pointer.Bool(secret.IgnoreUpdates),
 				},
 			},
 		})

--- a/pkg/upgrade/plan/plan.go
+++ b/pkg/upgrade/plan/plan.go
@@ -79,15 +79,17 @@ func DigestStatus(plan *upgradeapiv1.Plan, secretCache corectlv1.SecretCache) (u
 		}

 		for _, s := range plan.Spec.Secrets {
+			if !s.IgnoreUpdates {
 				secret, err := secretCache.Get(plan.Namespace, s.Name)
 				if err != nil {
 					return plan.Status, err
 				}
-			if !s.IgnoreUpdates {
+
 				secretHash, err := hash.SecretHash(secret)
 				if err != nil {
 					return plan.Status, err
 				}
+
 				h.Write([]byte(secretHash))
 			}
 		}
@@ -239,7 +241,7 @@ func sha256sum(s ...string) string {
 }

 // Validate performs validation of the plan spec, raising errors for any conflicting or invalid settings.
-func Validate(plan *upgradeapiv1.Plan) error {
+func Validate(plan *upgradeapiv1.Plan, secretCache corectlv1.SecretCache) error {
 	if drainSpec := plan.Spec.Drain; drainSpec != nil {
 		if drainSpec.DeleteEmptydirData != nil && drainSpec.DeleteLocalData != nil {
 			return ErrDrainDeleteConflict
@@ -262,5 +264,16 @@ func Validate(plan *upgradeapiv1.Plan) error {
 	if delay := plan.Spec.PostCompleteDelay; delay != nil && delay.Duration < 0 {
 		return ErrInvalidDelay
 	}
-	return nil
+
+	sErrs := []error{}
+	for _, secret := range plan.Spec.Secrets {
+		if secret.IgnoreUpdates {
+			continue
+		}
+		if _, err := secretCache.Get(plan.Namespace, secret.Name); err != nil {
+			sErrs = append(sErrs, err)
+		}
+	}
+
+	return merr.NewErrors(sErrs...)
 }