Modify LastUpdateTime when the Sealed Secrets is being updated

This PR modify the way that we are setting up the LastUpdateTime. We are going to modify the LastUpdateTime always that we are updating the Sealed Secrets and the LastTransitionTime only when the status has changed. Integration tests included. Signed-off-by: Alvaro Neira Ayuso <alvaro.neira@broadcom.com>
bitnami-labs · Feb 29, 2024 · 732d011 · 732d011
1 parent 5fd7424
commit 732d011
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 6 deletions.
diff --git a/integration/controller_test.go b/integration/controller_test.go
@@ -77,6 +77,15 @@ func getSecretImmutable(s *v1.Secret) bool {
 	return *s.Immutable
 }
 
+func compareLastTimes(ss *ssv1alpha1.SealedSecret) bool {
+	for i := range ss.Status.Conditions {
+		if ss.Status.Conditions[i].Type == ssv1alpha1.SealedSecretSynced {
+			return ss.Status.Conditions[i].LastTransitionTime == ss.Status.Conditions[i].LastUpdateTime
+		}
+	}
+	return false
+}
+
 func fetchKeys(ctx context.Context, c corev1.SecretsGetter) (map[string]*rsa.PrivateKey, []*x509.Certificate, error) {
 	list, err := c.Secrets(*controllerNs).List(ctx, metav1.ListOptions{
 		LabelSelector: keySelector,
@@ -207,6 +216,9 @@ var _ = Describe("create", func() {
 				Eventually(func() (*ssv1alpha1.SealedSecret, error) {
 					return ssc.BitnamiV1alpha1().SealedSecrets(ns).Get(context.Background(), secretName, metav1.GetOptions{})
 				}, Timeout, PollingInterval).ShouldNot(WithTransform(getStatus, BeNil()))
+				Eventually(func() (*ssv1alpha1.SealedSecret, error) {
+					return ssc.BitnamiV1alpha1().SealedSecrets(ns).Get(context.Background(), secretName, metav1.GetOptions{})
+				}, Timeout, PollingInterval).Should(WithTransform(compareLastTimes, Equal(true)))
 				Eventually(func() (*v1.EventList, error) {
 					return c.Events(ns).Search(scheme.Scheme, ss)
 				}, Timeout, PollingInterval).Should(
@@ -251,6 +263,9 @@ var _ = Describe("create", func() {
 				Eventually(func() (*ssv1alpha1.SealedSecret, error) {
 					return ssc.BitnamiV1alpha1().SealedSecrets(ns).Get(context.Background(), secretName, metav1.GetOptions{})
 				}, Timeout, PollingInterval).Should(WithTransform(getObservedGeneration, Equal(int64(2))))
+				Eventually(func() (*ssv1alpha1.SealedSecret, error) {
+					return ssc.BitnamiV1alpha1().SealedSecrets(ns).Get(context.Background(), secretName, metav1.GetOptions{})
+				}, Timeout, PollingInterval).Should(WithTransform(compareLastTimes, Equal(false)))
 			})
 		})
 

diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go
@@ -467,15 +467,11 @@ func updateSealedSecretsStatusConditions(st *ssv1alpha1.SealedSecretStatus, unse
 		cond.Message = unsealError.Error()
 	}
 
+	cond.LastUpdateTime = metav1.Now()
 	// Status has changed, update the transition time and signal that an update is required
 	if cond.Status != status {
-		if !cond.LastUpdateTime.IsZero() {
-			cond.LastTransitionTime = cond.LastUpdateTime
-		} else {
-			cond.LastTransitionTime = metav1.Now()
-		}
+		cond.LastTransitionTime = cond.LastUpdateTime
 		cond.Status = status
-		cond.LastUpdateTime = metav1.Now()
 		updateRequired = true
 	}