Getting a Secret for a Reconcile job.

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
Co-authored-by: William Young <will.young@engineerbetter.com>
Co-authored-by: Dominic Meddick <dom.meddick@engineerbetter.com>

pkg/controllers/secretsink/secretsink_controller.go

@@ -24,6 +24,7 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/tools/record"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -32,8 +33,8 @@ import (
 )
 
 const (
-	errNotImplemented = "secret sink not implemented"
-	errPatchStatus    = "error merging"
+	errFailedGetSecret = "could not get source secret"
+	errPatchStatus     = "error merging"
 )
 
 type Reconciler struct {
@@ -62,12 +63,27 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 			log.Error(err, errPatchStatus)
 		}
 	}()
-	cond := NewSecretSinkCondition(esapi.SecretSinkReady, v1.ConditionFalse, "NotImplementedError", errNotImplemented)
+	_, err = r.GetSecret(ctx, ss)
+	if err != nil {
+		cond := NewSecretSinkCondition(esapi.SecretSinkReady, v1.ConditionFalse, "SecretSyncFailed", errFailedGetSecret)
+		ss = SetSecretSinkCondition(ss, *cond)
+	}
+	cond := NewSecretSinkCondition(esapi.SecretSinkReady, v1.ConditionTrue, "SecretSynced", "SecretSink synced successfully")
 	ss = SetSecretSinkCondition(ss, *cond)
 	// Set status for SecretSink
 	return ctrl.Result{}, nil
 }
 
+func (r *Reconciler) GetSecret(ctx context.Context, ss esapi.SecretSink) (*v1.Secret, error) {
+	secretName := types.NamespacedName{Name: ss.Spec.Selector.Secret.Name, Namespace: ss.Namespace}
+	secret := &v1.Secret{}
+	err := r.Client.Get(ctx, secretName, secret)
+	if err != nil {
+		return nil, err
+	}
+	return secret, nil
+}
+
 func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error {
 	r.recorder = mgr.GetEventRecorderFor("secret-sink")
 

pkg/controllers/secretsink/secretsink_controller_test.go

@@ -52,7 +52,7 @@ var _ = Describe("secretsink", func() {
 			namspacedName := types.NamespacedName{Namespace: "foo", Name: "Bar"}
 			_, err := reconciler.Reconcile(context.Background(), ctrl.Request{NamespacedName: namspacedName})
 			Expect(err).NotTo(HaveOccurred())
-			Expect(client.GetCallCount()).To(Equal(1))
+			Expect(client.GetCallCount()).To(Equal(2))
 			Expect(client.StatusCallCount()).To(Equal(1))
 
 			_, gotNamespacedName, _ := client.GetArgsForCall(0)
@@ -138,4 +138,29 @@ var _ = Describe("secretsink", func() {
 			Expect(got.Status.Conditions[0]).To(Equal(secretSinkStatusConditionTrue))
 		})
 	})
+	Describe("#GetSecret", func() {
+		It("returns a secret if it exists", func() {
+			sink := esapi.SecretSink{
+				Spec: esapi.SecretSinkSpec{
+					Selector: esapi.SecretSinkSelector{
+						Secret: esapi.SecretSinkSecret{
+							Name: "foo",
+						},
+					},
+				},
+			}
+			sink.Namespace = "bar"
+			_, err := reconciler.GetSecret(context.TODO(), sink)
+			Expect(err).To(BeNil())
+			_, name, _ := client.GetArgsForCall(0)
+			Expect(name.Namespace).To(Equal("bar"))
+			Expect(name.Name).To(Equal("foo"))
+
+		})
+		It("returns an error if it doesn't exist", func() {
+			client.GetReturns(errors.New("secret not found"))
+			_, err := reconciler.GetSecret(context.TODO(), esapi.SecretSink{})
+			Expect(err).To(HaveOccurred())
+		})
+	})
 })