Skip to content

Commit

Permalink
Recreate missing Secrets for RepositoryCredentials.
Browse files Browse the repository at this point in the history
  • Loading branch information
Jayendra Parsai committed Oct 11, 2023
1 parent 0f4493d commit 1ba0e6e
Show file tree
Hide file tree
Showing 2 changed files with 317 additions and 13 deletions.
138 changes: 129 additions & 9 deletions cluster-agent/controllers/argoproj.io/namespace_reconciler.go
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,8 @@ func (r *ApplicationReconciler) startTimerForNextCycle(ctx context.Context, name
cleanOrphanedCRsfromCluster_Operation(ctx, r.DB, r.Client, log)

// Recreate Secrets that are required by Applications, but missing from cluster.
recreateClusterSecrets(ctx, r.DB, r.Client, log)
recreateClusterSecrets_ManagedEnvironments(ctx, r.DB, r.Client, log)
recreateClusterSecrets_RepositoryCredentials(ctx, r.DB, r.Client, log)

log.Info(fmt.Sprintf("Namespace Reconciler finished an iteration at %s. "+
"Next iteration will be triggered after %v Minutes", time.Now().String(), namespaceReconcilerInterval))
Expand Down Expand Up @@ -499,11 +500,11 @@ func cleanOrphanedCRsfromCluster_Operation(ctx context.Context, dbQueries db.Dat
}
}

// recreateClusterSecrets goes through list of ManagedEnvironments created in cluster and recreates Secrets that are missing from cluster.
func recreateClusterSecrets(ctx context.Context, dbQueries db.DatabaseQueries, k8sClient client.Client, logger logr.Logger) {
// recreateClusterSecrets_ManagedEnvironments goes through list of ManagedEnvironments created in cluster and recreates Secrets that are missing from cluster.
func recreateClusterSecrets_ManagedEnvironments(ctx context.Context, dbQueries db.DatabaseQueries, k8sClient client.Client, logger logr.Logger) {

log := logger.WithValues(sharedutil.Log_JobKey, sharedutil.Log_JobKeyValue).
WithValues(sharedutil.Log_JobTypeKey, "CR_Secret_recreate")
WithValues(sharedutil.Log_JobTypeKey, "CR_Secret_recreate_managedEnv")

// First get list of ClusterAccess and Application entries from DB.
listOfClusterAccessFromDB := getListOfClusterAccessFromTable(ctx, dbQueries, false, log)
Expand All @@ -512,7 +513,7 @@ func recreateClusterSecrets(ctx context.Context, dbQueries db.DatabaseQueries, k
// Now get list of GitopsEngineInstances from DB for the cluster service is running on.
listOfGitopsEngineInstanceFromCluster, err := getListOfGitopsEngineInstancesForCurrentCluster(ctx, dbQueries, k8sClient, log)
if err != nil {
log.Error(err, "Error occurred in recreateClusterSecrets while fetching GitopsEngineInstances for cluster.")
log.Error(err, "Error occurred in recreateClusterSecrets_ManagedEnvironments while fetching GitopsEngineInstances for cluster.")
return
}

Expand Down Expand Up @@ -548,7 +549,7 @@ func recreateClusterSecrets(ctx context.Context, dbQueries db.DatabaseQueries, k
}

if err := dbQueries.GetManagedEnvironmentById(ctx, &managedEnvironment); err != nil {
log.Error(err, "Error occurred in recreateClusterSecrets while fetching ManagedEnvironment from DB.:"+managedEnvironment.Managedenvironment_id)
log.Error(err, "Error occurred in recreateClusterSecrets_ManagedEnvironments while fetching ManagedEnvironment from DB.:"+managedEnvironment.Managedenvironment_id)
continue
}

Expand All @@ -572,7 +573,7 @@ func recreateClusterSecrets(ctx context.Context, dbQueries db.DatabaseQueries, k
// Hence created a dummy Cluster User for internal purpose.
var specialClusterUser db.ClusterUser
if err := dbQueries.GetOrCreateSpecialClusterUser(ctx, &specialClusterUser); err != nil {
log.Error(err, "Error occurred in recreateClusterSecrets while fetching clusterUser.")
log.Error(err, "Error occurred in recreateClusterSecrets_ManagedEnvironments while fetching clusterUser.")
return
}

Expand All @@ -588,14 +589,98 @@ func recreateClusterSecrets(ctx context.Context, dbQueries db.DatabaseQueries, k
}

if _, _, err := operations.CreateOperation(ctx, false, dbOperationInput, specialClusterUser.Clusteruser_id, instance.Namespace_name, dbQueries, k8sClient, log); err != nil {
log.Error(err, "Error occurred in recreateClusterSecrets while creating Operation.")
log.Error(err, "Error occurred in recreateClusterSecrets_ManagedEnvironments while creating Operation.")
continue
}

log.Info("Operation " + dbOperationInput.Operation_id + " is created to create Secret: managed-env-" + managedEnvironment.Managedenvironment_id)
}
} else {
log.Error(err, "Error occurred in recreateClusterSecrets while fetching Secret:"+secretName+" from Namespace: "+instance.Namespace_name)
log.Error(err, "Error occurred in recreateClusterSecrets_ManagedEnvironments while fetching Secret:"+secretName+" from Namespace: "+instance.Namespace_name)
}
}
}
}
}
}

// recreateClusterSecrets_RepositoryCredentials goes through list of RepositoryCredentials created in cluster and recreates Secrets that are missing from cluster.
func recreateClusterSecrets_RepositoryCredentials(ctx context.Context, dbQueries db.DatabaseQueries, k8sClient client.Client, logger logr.Logger) {

log := logger.WithValues(sharedutil.Log_JobKey, sharedutil.Log_JobKeyValue).
WithValues(sharedutil.Log_JobTypeKey, "CR_Secret_recreate_repoCred")

// First get list of RepositoryCredentials entries from DB.
listOfRepositoryCredentialsFromDB := getListOfRepositoryCredentialsFromTable(ctx, dbQueries, false, log)

// Now get list of GitopsEngineInstances from DB for the cluster service is running on.
listOfGitopsEngineInstanceFromCluster, err := getListOfGitopsEngineInstancesForCurrentCluster(ctx, dbQueries, k8sClient, log)
if err != nil {
log.Error(err, "Error occurred in recreateClusterSecrets_RepositoryCredentials while fetching GitopsEngineInstances for cluster.")
return
}

// map: whether we have processed this namespace already.
// key is namespace UID, value is not used.
// - we should only ever process a namespace once per iteration.
namespacesProcessed := map[string]interface{}{}

for instanceIndex := range listOfGitopsEngineInstanceFromCluster {
// For each GitOpsEngineinstance, read the namespace and check all the Argo CD secrets in that namespace
instance := listOfGitopsEngineInstanceFromCluster[instanceIndex] // To avoid "Implicit memory aliasing in for loop." error.

// Sanity check: have we processed this Namespace already
if _, exists := namespacesProcessed[instance.Namespace_uid]; exists {
// Log it an skip. There really should never be any GitOpsEngineInstances with matching namespace UID
log.V(logutil.LogLevel_Warn).Error(nil, "there appears to exist multiple GitOpsEngineInstances targeting the same namespace", "namespaceUID", instance.Namespace_uid)
continue
}
namespacesProcessed[instance.Namespace_uid] = nil

// Iterate through list of RepositoryCredentials entries from DB and find entry using current GitOpsEngineInstance.
for repositoryCredentialsIndex := range listOfRepositoryCredentialsFromDB {

repositoryCredentials := listOfRepositoryCredentialsFromDB[repositoryCredentialsIndex] // To avoid "Implicit memory aliasing in for loop." error.

if repositoryCredentials.EngineClusterID == instance.Gitopsengineinstance_id {
// Skip if RepositoryCredentials is created recently
if time.Since(repositoryCredentials.Created_on) < 30*time.Minute {
continue
}

// Check if Secret used for this RepositoryCredentials is present in GitOpsEngineInstance namespace.
argoSecret := corev1.Secret{}

if err := k8sClient.Get(ctx, types.NamespacedName{Name: argosharedutil.GenerateArgoCDRepoCredSecretName(repositoryCredentials), Namespace: instance.Namespace_name}, &argoSecret); err != nil {

// If Secret is not present, then create Operation to recreate the Secret.
if apierr.IsNotFound(err) {

log.Info("Secret: " + repositoryCredentials.SecretObj + " not found in Namespace:" + instance.Namespace_name + ", recreating it.")

// Get Special user from DB because we need ClusterUser for creating Operation and we don't have one.
// Hence created a dummy Cluster User for internal purpose.
var specialClusterUser db.ClusterUser
if err := dbQueries.GetOrCreateSpecialClusterUser(ctx, &specialClusterUser); err != nil {
log.Error(err, "Error occurred in recreateClusterSecrets_RepositoryCredentials while fetching clusterUser.")
return
}

// We need to recreate Secret, to do that create Operation to inform Argo CD about it.
dbOperationInput := db.Operation{
Instance_id: instance.Gitopsengineinstance_id,
Resource_id: repositoryCredentials.RepositoryCredentialsID,
Resource_type: db.OperationResourceType_RepositoryCredentials,
}

if _, _, err := operations.CreateOperation(ctx, false, dbOperationInput, specialClusterUser.Clusteruser_id, instance.Namespace_name, dbQueries, k8sClient, log); err != nil {
log.Error(err, "Error occurred in recreateClusterSecrets_RepositoryCredentials while creating Operation.")
continue
}

log.Info("Operation " + dbOperationInput.Operation_id + " is created to create Secret: " + repositoryCredentials.SecretObj)
} else {
log.Error(err, "Error occurred in recreateClusterSecrets_RepositoryCredentials while fetching Secret:"+repositoryCredentials.SecretObj+" from Namespace: "+instance.Namespace_name)
}
}
}
Expand Down Expand Up @@ -714,3 +799,38 @@ func getApplicationRunningInManagedEnvironment(applicationList []db.Application,

return false, db.Application{}
}

// getListOfRepositoryCredentialsFromTable loops through RepositoryCredentials in database and returns list of user IDs.
func getListOfRepositoryCredentialsFromTable(ctx context.Context, dbQueries db.DatabaseQueries, skipDelay bool, log logr.Logger) []db.RepositoryCredentials {

offSet := 0
var listOfRepositoryCredentialsFromDB []db.RepositoryCredentials

// Continuously iterate and fetch batches until all entries of table processed.
for {
if offSet != 0 && !skipDelay {
time.Sleep(sleepIntervalsOfBatches)
}

var tempList []db.RepositoryCredentials

// Fetch ClusterAccess table entries in batch size as configured above.​
if err := dbQueries.GetRepositoryCredentialsBatch(ctx, &tempList, appRowBatchSize, offSet); err != nil {
log.Error(err, fmt.Sprintf("Error occurred in cleanOrphanedEntriesfromTable_ClusterUser while fetching batch from Offset: %d to %d: ",
offSet, offSet+appRowBatchSize))
break
}

// Break the loop if no entries are left in table to be processed.
if len(tempList) == 0 {
break
}

listOfRepositoryCredentialsFromDB = append(listOfRepositoryCredentialsFromDB, tempList...)

// Skip processed entries in next iteration
offSet += appRowBatchSize
}

return listOfRepositoryCredentialsFromDB
}
Loading

0 comments on commit 1ba0e6e

Please sign in to comment.