Merge pull request #202 from joelddiaz/internalize-configmap

internalize location of CCO configmap

pkg/apis/cloudcredential/v1/credentialsrequest_types.go

@@ -39,9 +39,6 @@ const (
 
 	// CloudCredOperatorNamespace is the namespace where the credentials operator runs.
 	CloudCredOperatorNamespace = "openshift-cloud-credential-operator"
-
-	// CloudCredOperatorConfigMap is an optional ConfigMap that can be used to alter behavior of the operator.
-	CloudCredOperatorConfigMap = "cloud-credential-operator-config"
 )
 
 // NOTE: Run "make" to regenerate code after modifying this file

pkg/cmd/render/render.go

@@ -30,6 +30,7 @@ import (
 
 	minterv1 "github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1"
 	assets "github.com/openshift/cloud-credential-operator/pkg/assets/bootstrap"
+	"github.com/openshift/cloud-credential-operator/pkg/operator/constants"
 	"github.com/openshift/cloud-credential-operator/pkg/operator/utils"
 )
 
@@ -189,7 +190,7 @@ func isDisabled() bool {
 			continue
 		}
 
-		if configMap.Namespace == minterv1.CloudCredOperatorNamespace && configMap.Name == minterv1.CloudCredOperatorConfigMap {
+		if configMap.Namespace == minterv1.CloudCredOperatorNamespace && configMap.Name == constants.CloudCredOperatorConfigMap {
 			logger := log.New()
 			logger.SetLevel(log.GetLevel())
 			disabled, err := utils.CCODisabledCheck(configMap, logger)

pkg/operator/constants/constants.go

@@ -0,0 +1,6 @@
+package constants
+
+const (
+	// CloudCredOperatorConfigMap is an optional ConfigMap that can be used to alter behavior of the operator.
+	CloudCredOperatorConfigMap = "cloud-credential-operator-config"
+)

pkg/operator/credentialsrequest/credentialsrequest_controller.go

@@ -26,6 +26,7 @@ import (
 	"golang.org/x/time/rate"
 
 	minterv1 "github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1"
+	operatorconstants "github.com/openshift/cloud-credential-operator/pkg/operator/constants"
 	"github.com/openshift/cloud-credential-operator/pkg/operator/credentialsrequest/actuator"
 	"github.com/openshift/cloud-credential-operator/pkg/operator/credentialsrequest/constants"
 	"github.com/openshift/cloud-credential-operator/pkg/operator/internalcontroller"
@@ -285,7 +286,7 @@ func (r *ReconcileCredentialsRequest) Reconcile(request reconcile.Request) (reco
 		logger.WithError(err).Error("error checking if operator is disabled")
 		return reconcile.Result{}, err
 	} else if operatorIsDisabled {
-		logger.Infof("operator disabled in %s ConfigMap", minterv1.CloudCredOperatorConfigMap)
+		logger.Infof("operator disabled in %s ConfigMap", operatorconstants.CloudCredOperatorConfigMap)
 		return reconcile.Result{}, err
 	}
 

pkg/operator/credentialsrequest/credentialsrequest_controller_test.go

@@ -44,6 +44,7 @@ import (
 	minteraws "github.com/openshift/cloud-credential-operator/pkg/aws"
 	"github.com/openshift/cloud-credential-operator/pkg/aws/actuator"
 	mockaws "github.com/openshift/cloud-credential-operator/pkg/aws/mock"
+	operatorconstants "github.com/openshift/cloud-credential-operator/pkg/operator/constants"
 	"github.com/openshift/cloud-credential-operator/pkg/operator/credentialsrequest/constants"
 	annotatorconst "github.com/openshift/cloud-credential-operator/pkg/operator/secretannotator/constants"
 	"github.com/openshift/cloud-credential-operator/pkg/operator/utils"
@@ -1465,7 +1466,7 @@ func testInfrastructure(infraName string) *configv1.Infrastructure {
 func testOperatorConfigMap(disabled string) *corev1.ConfigMap {
 	return &corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      minterv1.CloudCredOperatorConfigMap,
+			Name:      operatorconstants.CloudCredOperatorConfigMap,
 			Namespace: minterv1.CloudCredOperatorNamespace,
 		},
 		Data: map[string]string{

pkg/operator/secretannotator/aws/reconciler.go

@@ -19,10 +19,10 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 	"sigs.k8s.io/controller-runtime/pkg/source"
 
-	minterv1 "github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1"
 	ccaws "github.com/openshift/cloud-credential-operator/pkg/aws"
+	"github.com/openshift/cloud-credential-operator/pkg/operator/constants"
 	"github.com/openshift/cloud-credential-operator/pkg/operator/metrics"
-	"github.com/openshift/cloud-credential-operator/pkg/operator/secretannotator/constants"
+	secretconstants "github.com/openshift/cloud-credential-operator/pkg/operator/secretannotator/constants"
 	"github.com/openshift/cloud-credential-operator/pkg/operator/utils"
 )
 
@@ -38,18 +38,18 @@ const (
 func NewReconciler(mgr manager.Manager) reconcile.Reconciler {
 	return &ReconcileCloudCredSecret{
 		Client:           mgr.GetClient(),
-		Logger:           log.WithField("controller", constants.ControllerName),
+		Logger:           log.WithField("controller", secretconstants.ControllerName),
 		AWSClientBuilder: ccaws.NewClient,
 	}
 }
 
 func cloudCredSecretObjectCheck(secret metav1.Object) bool {
-	return secret.GetNamespace() == constants.CloudCredSecretNamespace && secret.GetName() == AWSCloudCredSecretName
+	return secret.GetNamespace() == secretconstants.CloudCredSecretNamespace && secret.GetName() == AWSCloudCredSecretName
 }
 
 func Add(mgr manager.Manager, r reconcile.Reconciler) error {
 	// Create a new controller
-	c, err := controller.New(constants.ControllerName, mgr, controller.Options{Reconciler: r})
+	c, err := controller.New(secretconstants.ControllerName, mgr, controller.Options{Reconciler: r})
 	if err != nil {
 		return err
 	}
@@ -96,7 +96,7 @@ func (r *ReconcileCloudCredSecret) Reconcile(request reconcile.Request) (reconci
 		r.Logger.WithError(err).Error("error checking if operator is disabled")
 		return reconcile.Result{}, err
 	} else if operatorIsDisabled {
-		r.Logger.Infof("operator disabled in %s ConfigMap", minterv1.CloudCredOperatorConfigMap)
+		r.Logger.Infof("operator disabled in %s ConfigMap", constants.CloudCredOperatorConfigMap)
 		return reconcile.Result{}, err
 	}
 
@@ -125,13 +125,13 @@ func (r *ReconcileCloudCredSecret) validateCloudCredsSecret(secret *corev1.Secre
 	accessKey, ok := secret.Data[AwsAccessKeyName]
 	if !ok {
 		r.Logger.Errorf("Couldn't fetch key containing AWS_ACCESS_KEY_ID from cloud cred secret")
-		return r.updateSecretAnnotations(secret, constants.InsufficientAnnotation)
+		return r.updateSecretAnnotations(secret, secretconstants.InsufficientAnnotation)
 	}
 
 	secretKey, ok := secret.Data[AwsSecretAccessKeyName]
 	if !ok {
 		r.Logger.Errorf("Couldn't fetch key containing AWS_SECRET_ACCESS_KEY from cloud cred secret")
-		return r.updateSecretAnnotations(secret, constants.InsufficientAnnotation)
+		return r.updateSecretAnnotations(secret, secretconstants.InsufficientAnnotation)
 	}
 
 	region, err := utils.LoadInfrastructureRegion(r.Client, r.Logger)
@@ -150,13 +150,13 @@ func (r *ReconcileCloudCredSecret) validateCloudCredsSecret(secret *corev1.Secre
 	// Can we mint new creds?
 	cloudCheckResult, err := ccaws.CheckCloudCredCreation(awsClient, r.Logger)
 	if err != nil {
-		r.updateSecretAnnotations(secret, constants.InsufficientAnnotation)
+		r.updateSecretAnnotations(secret, secretconstants.InsufficientAnnotation)
 		return fmt.Errorf("failed checking create cloud creds: %v", err)
 	}
 
 	if cloudCheckResult {
 		r.Logger.Info("Verified cloud creds can be used for minting new creds")
-		return r.updateSecretAnnotations(secret, constants.MintAnnotation)
+		return r.updateSecretAnnotations(secret, secretconstants.MintAnnotation)
 	}
 
 	// Else, can we just pass through the current creds?
@@ -165,18 +165,18 @@ func (r *ReconcileCloudCredSecret) validateCloudCredsSecret(secret *corev1.Secre
 	}
 	cloudCheckResult, err = ccaws.CheckCloudCredPassthrough(awsClient, simParams, r.Logger)
 	if err != nil {
-		r.updateSecretAnnotations(secret, constants.InsufficientAnnotation)
+		r.updateSecretAnnotations(secret, secretconstants.InsufficientAnnotation)
 		return fmt.Errorf("failed checking passthrough cloud creds: %v", err)
 	}
 
 	if cloudCheckResult {
 		r.Logger.Info("Verified cloud creds can be used as-is (passthrough)")
-		return r.updateSecretAnnotations(secret, constants.PassthroughAnnotation)
+		return r.updateSecretAnnotations(secret, secretconstants.PassthroughAnnotation)
 	}
 
 	// Else, these creds aren't presently useful
 	r.Logger.Warning("Cloud creds unable to be used for either minting or passthrough")
-	return r.updateSecretAnnotations(secret, constants.InsufficientAnnotation)
+	return r.updateSecretAnnotations(secret, secretconstants.InsufficientAnnotation)
 }
 
 func (r *ReconcileCloudCredSecret) updateSecretAnnotations(secret *corev1.Secret, value string) error {
@@ -185,7 +185,7 @@ func (r *ReconcileCloudCredSecret) updateSecretAnnotations(secret *corev1.Secret
 		secretAnnotations = map[string]string{}
 	}
 
-	secretAnnotations[constants.AnnotationKey] = value
+	secretAnnotations[secretconstants.AnnotationKey] = value
 	secret.SetAnnotations(secretAnnotations)
 
 	return r.Update(context.Background(), secret)

pkg/operator/secretannotator/aws/reconciler_test.go

@@ -44,6 +44,7 @@ import (
 	ccaws "github.com/openshift/cloud-credential-operator/pkg/aws"
 	mockaws "github.com/openshift/cloud-credential-operator/pkg/aws/mock"
 
+	operatorconstants "github.com/openshift/cloud-credential-operator/pkg/operator/constants"
 	annaws "github.com/openshift/cloud-credential-operator/pkg/operator/secretannotator/aws"
 	"github.com/openshift/cloud-credential-operator/pkg/operator/secretannotator/constants"
 )
@@ -261,7 +262,7 @@ func testSecret() *corev1.Secret {
 func testOperatorConfigMap(disabled string) *corev1.ConfigMap {
 	return &corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      minterv1.CloudCredOperatorConfigMap,
+			Name:      operatorconstants.CloudCredOperatorConfigMap,
 			Namespace: minterv1.CloudCredOperatorNamespace,
 		},
 		Data: map[string]string{

pkg/operator/secretannotator/azure/reconciler.go

@@ -18,9 +18,9 @@ import (
 
 	"github.com/Azure/go-autorest/autorest/azure"
 	"github.com/dgrijalva/jwt-go"
-	minterv1 "github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1"
+	"github.com/openshift/cloud-credential-operator/pkg/operator/constants"
 	"github.com/openshift/cloud-credential-operator/pkg/operator/metrics"
-	"github.com/openshift/cloud-credential-operator/pkg/operator/secretannotator/constants"
+	secretconstants "github.com/openshift/cloud-credential-operator/pkg/operator/secretannotator/constants"
 	"github.com/openshift/cloud-credential-operator/pkg/operator/utils"
 	log "github.com/sirupsen/logrus"
 )
@@ -46,14 +46,14 @@ type ReconcileCloudCredSecret struct {
 func NewReconciler(mgr manager.Manager) reconcile.Reconciler {
 	return &ReconcileCloudCredSecret{
 		Client: mgr.GetClient(),
-		Logger: log.WithField("controller", constants.ControllerName),
+		Logger: log.WithField("controller", secretconstants.ControllerName),
 		Adal:   &adalService{},
 	}
 }
 
 func Add(mgr manager.Manager, r reconcile.Reconciler) error {
 	// Create a new controller
-	c, err := controller.New(constants.ControllerName, mgr, controller.Options{Reconciler: r})
+	c, err := controller.New(secretconstants.ControllerName, mgr, controller.Options{Reconciler: r})
 	if err != nil {
 		return err
 	}
@@ -78,7 +78,7 @@ func Add(mgr manager.Manager, r reconcile.Reconciler) error {
 }
 
 func cloudCredSecretObjectCheck(secret metav1.Object) bool {
-	return secret.GetNamespace() == constants.CloudCredSecretNamespace && secret.GetName() == cloudCredSecretName
+	return secret.GetNamespace() == secretconstants.CloudCredSecretNamespace && secret.GetName() == cloudCredSecretName
 }
 
 func (r *ReconcileCloudCredSecret) Reconcile(request reconcile.Request) (reconcile.Result, error) {
@@ -91,7 +91,7 @@ func (r *ReconcileCloudCredSecret) Reconcile(request reconcile.Request) (reconci
 		r.Logger.WithError(err).Error("error checking if operator is disabled")
 		return reconcile.Result{}, err
 	} else if operatorIsDisabled {
-		r.Logger.Infof("operator disabled in %s ConfigMap", minterv1.CloudCredOperatorConfigMap)
+		r.Logger.Infof("operator disabled in %s ConfigMap", constants.CloudCredOperatorConfigMap)
 		return reconcile.Result{}, err
 	}
 
@@ -120,39 +120,39 @@ func (r *ReconcileCloudCredSecret) validateCloudCredsSecret(secret *corev1.Secre
 
 	if _, ok := secret.Data[azureClientID]; !ok {
 		r.Logger.Errorf("Couldn't fetch key containing %v from cloud cred secret", azureClientID)
-		return r.updateSecretAnnotations(secret, constants.InsufficientAnnotation)
+		return r.updateSecretAnnotations(secret, secretconstants.InsufficientAnnotation)
 	}
 
 	if _, ok := secret.Data[azureClientSecret]; !ok {
 		r.Logger.Errorf("Couldn't fetch key containing %v from cloud cred secret", azureClientSecret)
-		return r.updateSecretAnnotations(secret, constants.InsufficientAnnotation)
+		return r.updateSecretAnnotations(secret, secretconstants.InsufficientAnnotation)
 	}
 
 	if _, ok := secret.Data[azureTenantID]; !ok {
 		r.Logger.Errorf("Couldn't fetch key containing %v from cloud cred secret", azureTenantID)
-		return r.updateSecretAnnotations(secret, constants.InsufficientAnnotation)
+		return r.updateSecretAnnotations(secret, secretconstants.InsufficientAnnotation)
 	}
 
 	if _, ok := secret.Data[azureSubscriptionID]; !ok {
 		r.Logger.Errorf("Couldn't fetch key containing %v from cloud cred secret", azureSubscriptionID)
-		return r.updateSecretAnnotations(secret, constants.InsufficientAnnotation)
+		return r.updateSecretAnnotations(secret, secretconstants.InsufficientAnnotation)
 	}
 
 	// Can we mint new creds?
 	cloudCheckResult, err := r.checkCloudCredCreation(string(secret.Data[azureTenantID]), string(secret.Data[azureClientID]), string(secret.Data[azureClientSecret]))
 	if err != nil {
-		r.updateSecretAnnotations(secret, constants.InsufficientAnnotation)
+		r.updateSecretAnnotations(secret, secretconstants.InsufficientAnnotation)
 		return fmt.Errorf("failed checking create cloud creds: %v", err)
 	}
 
 	if cloudCheckResult {
 		r.Logger.Info("Verified cloud creds can be used for minting new creds")
-		return r.updateSecretAnnotations(secret, constants.MintAnnotation)
+		return r.updateSecretAnnotations(secret, secretconstants.MintAnnotation)
 	}
 
 	// else if check succeded with no error but minting is not possible, assume passthrough
 	r.Logger.Info("Cloud creds will be used as-is (passthrough)")
-	return r.updateSecretAnnotations(secret, constants.PassthroughAnnotation)
+	return r.updateSecretAnnotations(secret, secretconstants.PassthroughAnnotation)
 }
 
 func (r *ReconcileCloudCredSecret) updateSecretAnnotations(secret *corev1.Secret, value string) error {
@@ -161,7 +161,7 @@ func (r *ReconcileCloudCredSecret) updateSecretAnnotations(secret *corev1.Secret
 		secretAnnotations = map[string]string{}
 	}
 
-	secretAnnotations[constants.AnnotationKey] = value
+	secretAnnotations[secretconstants.AnnotationKey] = value
 	secret.SetAnnotations(secretAnnotations)
 
 	return r.Update(context.Background(), secret)

pkg/operator/secretannotator/gcp/reconciler.go

@@ -19,10 +19,10 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 	"sigs.k8s.io/controller-runtime/pkg/source"
 
-	minterv1 "github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1"
 	ccgcp "github.com/openshift/cloud-credential-operator/pkg/gcp"
+	"github.com/openshift/cloud-credential-operator/pkg/operator/constants"
 	"github.com/openshift/cloud-credential-operator/pkg/operator/metrics"
-	"github.com/openshift/cloud-credential-operator/pkg/operator/secretannotator/constants"
+	secretconstants "github.com/openshift/cloud-credential-operator/pkg/operator/secretannotator/constants"
 	"github.com/openshift/cloud-credential-operator/pkg/operator/utils"
 	gcputils "github.com/openshift/cloud-credential-operator/pkg/operator/utils/gcp"
 )
@@ -41,19 +41,19 @@ const (
 func NewReconciler(mgr manager.Manager, projectName string) reconcile.Reconciler {
 	return &ReconcileCloudCredSecret{
 		Client:           mgr.GetClient(),
-		Logger:           log.WithField("controller", constants.ControllerName),
+		Logger:           log.WithField("controller", secretconstants.ControllerName),
 		GCPClientBuilder: ccgcp.NewClient,
 		ProjectName:      projectName,
 	}
 }
 
 func cloudCredSecretObjectCheck(secret metav1.Object) bool {
-	return secret.GetNamespace() == constants.CloudCredSecretNamespace && secret.GetName() == GCPCloudCredSecretName
+	return secret.GetNamespace() == secretconstants.CloudCredSecretNamespace && secret.GetName() == GCPCloudCredSecretName
 }
 
 func Add(mgr manager.Manager, r reconcile.Reconciler) error {
 	// Create a new controller
-	c, err := controller.New(constants.ControllerName, mgr, controller.Options{Reconciler: r})
+	c, err := controller.New(secretconstants.ControllerName, mgr, controller.Options{Reconciler: r})
 	if err != nil {
 		return err
 	}
@@ -101,7 +101,7 @@ func (r *ReconcileCloudCredSecret) Reconcile(request reconcile.Request) (reconci
 		r.Logger.WithError(err).Error("error checking if operator is disabled")
 		return reconcile.Result{}, err
 	} else if operatorIsDisabled {
-		r.Logger.Infof("operator disabled in %s ConfigMap", minterv1.CloudCredOperatorConfigMap)
+		r.Logger.Infof("operator disabled in %s ConfigMap", constants.CloudCredOperatorConfigMap)
 		return reconcile.Result{}, err
 	}
 
@@ -130,7 +130,7 @@ func (r *ReconcileCloudCredSecret) validateCloudCredsSecret(secret *corev1.Secre
 	authJSON, ok := secret.Data[GCPAuthJSONKey]
 	if !ok {
 		r.Logger.Errorf("Couldn't fetch key containing authentication details from cloud cred secret")
-		return r.updateSecretAnnotations(secret, constants.InsufficientAnnotation)
+		return r.updateSecretAnnotations(secret, secretconstants.InsufficientAnnotation)
 	}
 
 	gcpClient, err := r.GCPClientBuilder(r.ProjectName, authJSON)
@@ -141,30 +141,30 @@ func (r *ReconcileCloudCredSecret) validateCloudCredsSecret(secret *corev1.Secre
 	// Can we mint new creds?
 	mintResult, err := gcputils.CheckCloudCredCreation(gcpClient, r.Logger)
 	if err != nil {
-		r.updateSecretAnnotations(secret, constants.InsufficientAnnotation)
+		r.updateSecretAnnotations(secret, secretconstants.InsufficientAnnotation)
 		return fmt.Errorf("error checking whether we can mint new creds: %v", err)
 	}
 
 	if mintResult {
 		r.Logger.Info("Verified cloud creds can be used for minting new creds")
-		return r.updateSecretAnnotations(secret, constants.MintAnnotation)
+		return r.updateSecretAnnotations(secret, secretconstants.MintAnnotation)
 	}
 
 	// Else, can we just pass through the current creds?
 	passthroughResult, err := gcputils.CheckCloudCredPassthrough(gcpClient, r.Logger)
 	if err != nil {
-		r.updateSecretAnnotations(secret, constants.InsufficientAnnotation)
+		r.updateSecretAnnotations(secret, secretconstants.InsufficientAnnotation)
 		return fmt.Errorf("error checking whether we can passthrough cloud creds: %v", err)
 	}
 
 	if passthroughResult {
 		r.Logger.Info("Verified cloud creds can be used as-is (passthrough)")
-		return r.updateSecretAnnotations(secret, constants.PassthroughAnnotation)
+		return r.updateSecretAnnotations(secret, secretconstants.PassthroughAnnotation)
 	}
 
 	// Else, these creds aren't presently useful
 	r.Logger.Warning("Cloud creds unable to be used for either minting or passthrough")
-	return r.updateSecretAnnotations(secret, constants.InsufficientAnnotation)
+	return r.updateSecretAnnotations(secret, secretconstants.InsufficientAnnotation)
 }
 
 func (r *ReconcileCloudCredSecret) updateSecretAnnotations(secret *corev1.Secret, value string) error {
@@ -173,7 +173,7 @@ func (r *ReconcileCloudCredSecret) updateSecretAnnotations(secret *corev1.Secret
 		secretAnnotations = map[string]string{}
 	}
 
-	secretAnnotations[constants.AnnotationKey] = value
+	secretAnnotations[secretconstants.AnnotationKey] = value
 	secret.SetAnnotations(secretAnnotations)
 
 	return r.Update(context.TODO(), secret)