Skip to content

Commit

Permalink
addressing comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@tanmayja
tanmayja committed Mar 18, 2024
1 parent e04f709 commit 572f8bf
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 35 deletions.
4 changes: 2 additions & 2 deletions api/v1/aerospikecluster_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -872,8 +872,8 @@ type AerospikePodStatus struct { //nolint:govet // for readability
// PodSpecHash is ripemd160 hash of PodSpec used by this pod
PodSpecHash string `json:"podSpecHash"`

// SecurityEnabled is true if security is enabled in the pod
SecurityEnabled bool `json:"securityEnabled"`
// IsSecurityEnabled is true if security is enabled in the pod
IsSecurityEnabled bool `json:"isSecurityEnabled"`
}

// +kubebuilder:object:root=true
Expand Down
10 changes: 5 additions & 5 deletions config/crd/bases/asdb.aerospike.com_aerospikeclusters.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14255,6 +14255,10 @@ spec:
items:
type: string
type: array
isSecurityEnabled:
description: IsSecurityEnabled is true if security is enabled
in the pod
type: boolean
networkPolicyHash:
description: NetworkPolicyHash is ripemd160 hash of NetworkPolicy
used by this pod
Expand All @@ -14270,10 +14274,6 @@ spec:
description: PodSpecHash is ripemd160 hash of PodSpec used by
this pod
type: string
securityEnabled:
description: SecurityEnabled is true if security is enabled
in the pod
type: boolean
servicePort:
description: ServicePort is the port Aerospike clients outside
K8s can connect to.
Expand All @@ -14282,11 +14282,11 @@ spec:
required:
- aerospikeConfigHash
- image
- isSecurityEnabled
- networkPolicyHash
- podIP
- podPort
- podSpecHash
- securityEnabled
type: object
description: Pods has Aerospike specific status of the pods. This
is map instead of the conventional map as list convention to allow
Expand Down
50 changes: 27 additions & 23 deletions controllers/reconciler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1004,7 +1004,7 @@ func (r *SingleClusterReconciler) getSecurityEnabledPods() ([]corev1.Pod, error)
securityEnabledPods := make([]corev1.Pod, 0, len(r.aeroCluster.Status.Pods))

for podName := range r.aeroCluster.Status.Pods {
if r.aeroCluster.Status.Pods[podName].SecurityEnabled {
if r.aeroCluster.Status.Pods[podName].IsSecurityEnabled {
pod := &corev1.Pod{}
podName := types.NamespacedName{Name: podName, Namespace: r.aeroCluster.Namespace}

Expand All @@ -1024,32 +1024,36 @@ func (r *SingleClusterReconciler) enablingSecurity() bool {
}

func (r *SingleClusterReconciler) handleEnableSecurity() error {
if r.aeroCluster.Status.Pods != nil && r.enablingSecurity() {
securityEnabledPods, err := r.getSecurityEnabledPods()
if err != nil {
return err
}
if !r.enablingSecurity() {
return nil // No need to proceed if security is not to be enabling
}

if len(securityEnabledPods) > 0 {
ignorablePodNames, err := r.getIgnorablePods(nil, getConfiguredRackStateList(r.aeroCluster))
if err != nil {
r.Log.Error(err, "Failed to determine pods to be ignored")
securityEnabledPods, err := r.getSecurityEnabledPods()
if err != nil {
return err
}

return err
}
if len(securityEnabledPods) == 0 {
return nil // No security-enabled pods found
}

// Setup access control.
if err := r.validateAndReconcileAccessControl(securityEnabledPods, ignorablePodNames); err != nil {
r.Log.Error(err, "Failed to Reconcile access control")
r.Recorder.Eventf(
r.aeroCluster, corev1.EventTypeWarning, "ACLUpdateFailed",
"Failed to setup Access Control %s/%s", r.aeroCluster.Namespace,
r.aeroCluster.Name,
)
ignorablePodNames, err := r.getIgnorablePods(nil, getConfiguredRackStateList(r.aeroCluster))
if err != nil {
r.Log.Error(err, "Failed to determine pods to be ignored")

return err
}
}
return err
}

// Setup access control.
if err := r.validateAndReconcileAccessControl(securityEnabledPods, ignorablePodNames); err != nil {
r.Log.Error(err, "Failed to Reconcile access control")
r.Recorder.Eventf(
r.aeroCluster, corev1.EventTypeWarning, "ACLUpdateFailed",
"Failed to setup Access Control %s/%s", r.aeroCluster.Namespace,
r.aeroCluster.Name,
)

return err
}

return nil
Expand Down
10 changes: 5 additions & 5 deletions ...bernetes-operator/crds/customresourcedefinition_aerospikeclusters.asdb.aerospike.com.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14255,6 +14255,10 @@ spec:
items:
type: string
type: array
isSecurityEnabled:
description: IsSecurityEnabled is true if security is enabled
in the pod
type: boolean
networkPolicyHash:
description: NetworkPolicyHash is ripemd160 hash of NetworkPolicy
used by this pod
Expand All @@ -14270,10 +14274,6 @@ spec:
description: PodSpecHash is ripemd160 hash of PodSpec used by
this pod
type: string
securityEnabled:
description: SecurityEnabled is true if security is enabled
in the pod
type: boolean
servicePort:
description: ServicePort is the port Aerospike clients outside
K8s can connect to.
Expand All @@ -14282,11 +14282,11 @@ spec:
required:
- aerospikeConfigHash
- image
- isSecurityEnabled
- networkPolicyHash
- podIP
- podPort
- podSpecHash
- securityEnabled
type: object
description: Pods has Aerospike specific status of the pods. This
is map instead of the conventional map as list convention to allow
Expand Down

0 comments on commit 572f8bf

Please sign in to comment.