From cafd474a3426a128fd84c69416ba90002142b382 Mon Sep 17 00:00:00 2001
From: Gerard Vanloo <gerard.vanloo@ibm.com>
Date: Fri, 23 Apr 2021 12:33:51 -0400
Subject: [PATCH] Ensuring that secret reconciler fires on create and only when
 secrets change

---
 controllers/logging/secret_controller.go |  8 +++--
 internal/k8shandler/reconciler.go        | 39 ++++++++++++++++++++++--
 2 files changed, 42 insertions(+), 5 deletions(-)

diff --git a/controllers/logging/secret_controller.go b/controllers/logging/secret_controller.go
index 09d043b15..b87eac519 100644
--- a/controllers/logging/secret_controller.go
+++ b/controllers/logging/secret_controller.go
@@ -41,7 +41,11 @@ func (r *SecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 		return ctrl.Result{}, err
 	}
 
-	err = k8shandler.SecretReconcile(cluster, r.Client)
+	ok, err := k8shandler.SecretReconcile(cluster, r.Client)
+	if !ok {
+		return ctrl.Result{}, err
+	}
+
 	return ctrl.Result{}, err
 }
 
@@ -60,7 +64,7 @@ func esSecretUpdatePredicate(r client.Client) predicate.Predicate {
 			return true
 		},
 		CreateFunc: func(e event.CreateEvent) bool {
-			return false
+			return true
 		},
 		DeleteFunc: func(e event.DeleteEvent) bool {
 			return false
diff --git a/internal/k8shandler/reconciler.go b/internal/k8shandler/reconciler.go
index 1330081a2..e523c8f81 100644
--- a/internal/k8shandler/reconciler.go
+++ b/internal/k8shandler/reconciler.go
@@ -30,9 +30,42 @@ func (er *ElasticsearchRequest) L() logr.Logger {
 	return er.ll
 }
 
-func SecretReconcile(requestCluster *elasticsearchv1.Elasticsearch, requestClient client.Client) error {
+// SecretReconcile returns false if the event needs to be requeued
+func SecretReconcile(requestCluster *elasticsearchv1.Elasticsearch, requestClient client.Client) (bool, error) {
 	var secretChanged bool
 
+	elasticsearchRequest := ElasticsearchRequest{
+		client:  requestClient,
+		cluster: requestCluster,
+		ll:      log.WithValues("cluster", requestCluster.Name, "namespace", requestCluster.Namespace),
+	}
+
+	// check if cluster is in the mid of cert redeploy
+	certRestartNodes := elasticsearchRequest.getScheduledCertRedeployNodes()
+	stillRecovering := containsClusterCondition(elasticsearchv1.Recovering, corev1.ConditionTrue, &elasticsearchRequest.cluster.Status)
+	if len(certRestartNodes) > 0 || stillRecovering {
+		// Requeue if there are nodes being scheduled CertRedeploy or under recovering
+		// and reset the certRedeploy status
+		for _, node := range nodes[nodeMapKey(requestCluster.Name, requestCluster.Namespace)] {
+			_, nodeStatus := getNodeStatus(node.name(), &elasticsearchRequest.cluster.Status)
+			nodeStatus.UpgradeStatus.ScheduledForCertRedeploy = corev1.ConditionFalse
+		}
+
+		updateESNodeCondition(&elasticsearchRequest.cluster.Status, &elasticsearchv1.ClusterCondition{
+			Type:   elasticsearchv1.Recovering,
+			Status: corev1.ConditionFalse,
+		})
+		updateESNodeCondition(&elasticsearchRequest.cluster.Status, &elasticsearchv1.ClusterCondition{
+			Type:   elasticsearchv1.Restarting,
+			Status: corev1.ConditionFalse,
+		})
+
+		if err := requestClient.Status().Update(context.TODO(), elasticsearchRequest.cluster); err != nil {
+			return true, err
+		}
+		return false, nil
+	}
+
 	newSecretHash := getSecretDataHash(requestCluster.Name, requestCluster.Namespace, requestClient)
 
 	nretries := -1
@@ -66,12 +99,12 @@ func SecretReconcile(requestCluster *elasticsearchv1.Elasticsearch, requestClien
 	})
 
 	if retryErr != nil {
-		return kverrors.Wrap(retryErr, "failed to update status for cert redeploys",
+		return false, kverrors.Wrap(retryErr, "failed to update status for cert redeploys",
 			"cluster", requestCluster.Name,
 			"retries", nretries)
 	}
 
-	return nil
+	return true, nil
 }
 
 func Reconcile(requestCluster *elasticsearchv1.Elasticsearch, requestClient client.Client) error {