From 6ddbb6d2bdea53cd9152ed76ba1314ca66ad1bbc Mon Sep 17 00:00:00 2001
From: RealAnna <89971034+RealAnna@users.noreply.github.com>
Date: Tue, 31 Jan 2023 15:21:02 +0100
Subject: [PATCH] fix(operator): disable cache for secrets (#727)

Signed-off-by: realanna <anna.reale@dynatrace.com>
---
 operator/main.go                              |  6 ++++
 .../metrics-provider/00-install.yaml          | 31 +++++++++++++++++++
 .../metrics-provider/01-test-logs.yaml        |  4 +++
 test/integration/metrics-provider/logs.sh     | 19 ++++++++++++
 4 files changed, 60 insertions(+)
 create mode 100644 test/integration/metrics-provider/00-install.yaml
 create mode 100644 test/integration/metrics-provider/01-test-logs.yaml
 create mode 100755 test/integration/metrics-provider/logs.sh

diff --git a/operator/main.go b/operator/main.go
index 3c0067a6db..d48556026e 100644
--- a/operator/main.go
+++ b/operator/main.go
@@ -62,10 +62,12 @@ import (
 	semconv "go.opentelemetry.io/otel/semconv/v1.4.0"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	ctrl "sigs.k8s.io/controller-runtime"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	//+kubebuilder:scaffold:imports
@@ -218,6 +220,8 @@ func main() {
 
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
+	disableCacheFor := []ctrlclient.Object{&corev1.Secret{}}
+
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme:                 scheme,
 		MetricsBindAddress:     metricsAddr,
@@ -236,6 +240,8 @@ func main() {
 		// if you are doing or is intended to do any operation such as perform cleanups
 		// after the manager stops then its usage might be unsafe.
 		// LeaderElectionReleaseOnCancel: true,
+		ClientDisableCacheFor: disableCacheFor, // due to https://github.com/kubernetes-sigs/controller-runtime/issues/550
+		// We disable secret informer cache so that the operator won't need clusterrole list access to secrets
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")
diff --git a/test/integration/metrics-provider/00-install.yaml b/test/integration/metrics-provider/00-install.yaml
new file mode 100644
index 0000000000..e541666f39
--- /dev/null
+++ b/test/integration/metrics-provider/00-install.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dynatrace
+  namespace: keptn-lifecycle-toolkit-system
+type: Opaque
+data:
+  DT_TOKEN: dG9rZW46IG15dG9rZW4=
+---
+apiVersion: metrics.keptn.sh/v1alpha1
+kind: KeptnMetric
+metadata:
+  name: podtatometric
+  namespace: keptn-lifecycle-toolkit-system
+spec:
+  provider:
+    name: "dynatrace"
+  query: "query"
+  fetchIntervalSeconds: 5
+
+---
+apiVersion: lifecycle.keptn.sh/v1alpha2
+kind: KeptnEvaluationProvider
+metadata:
+  name: dynatrace
+  namespace: keptn-lifecycle-toolkit-system
+spec:
+  secretKeyRef:
+    key: DT_TOKEN
+    name: dynatrace
+  targetServer: "http://localhost:8080" #string
diff --git a/test/integration/metrics-provider/01-test-logs.yaml b/test/integration/metrics-provider/01-test-logs.yaml
new file mode 100644
index 0000000000..4fb60228cc
--- /dev/null
+++ b/test/integration/metrics-provider/01-test-logs.yaml
@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1
+kind: TestStep
+commands:
+  - script: ./logs.sh
diff --git a/test/integration/metrics-provider/logs.sh b/test/integration/metrics-provider/logs.sh
new file mode 100755
index 0000000000..95a0fde0a6
--- /dev/null
+++ b/test/integration/metrics-provider/logs.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+NAMESPACE="keptn-lifecycle-toolkit-system"
+RETRY_COUNT=3
+SLEEP_TIME=5
+
+for i in $(seq 1 $RETRY_COUNT); do
+    VAR=$(kubectl logs -n keptn-lifecycle-toolkit-system deployments/klc-controller-manager | grep -c "Error while parsing response")
+    # shellcheck disable=SC1072
+    if [ "$VAR" -ge 1 ]; then
+      echo "Controller could access secret"
+      exit 0
+    fi
+    if [ "$i" -lt "$RETRY_COUNT" ]; then
+            echo "Sleeping for ${SLEEP_TIME} seconds before retrying..."
+            sleep ${SLEEP_TIME}
+    fi
+done
+echo "Retried ${RETRY_COUNT} times, but custom metric value did not meet the condition. Exiting..."exit 1