Merge pull request #8295 from rook/mergify/bp/release-1.6/pr-8286

ceph: always rehydrate the access and secret keys (backport #8286)

pkg/operator/ceph/controller/object_operations.go

@@ -18,6 +18,7 @@ package controller
 
 import (
 	"context"
+	"reflect"
 
 	"k8s.io/apimachinery/pkg/api/meta"
 
@@ -32,20 +33,25 @@ func CreateOrUpdateObject(client client.Client, obj client.Object) error {
 	if err != nil {
 		return errors.Wrap(err, "failed to get meta information of object")
 	}
+	objName := accessor.GetName()
+
+	// Somehow meta.TypeAccessor returns an empty string for the type name so using reflection instead
+	objType := reflect.TypeOf(obj)
 
 	err = client.Create(context.TODO(), obj)
 	if err != nil {
 		if kerrors.IsAlreadyExists(err) {
 			err = client.Update(context.TODO(), obj)
 			if err != nil {
-				return errors.Wrapf(err, "failed to update object %q", accessor.GetName())
+				return errors.Wrapf(err, "failed to update ceph %q object %q", objType, objName)
 			}
 
-			logger.Infof("updated ceph object %q", accessor.GetName())
+			logger.Infof("updated ceph %q object %q", objType, objName)
 			return nil
 		}
-		return errors.Wrapf(err, "failed to save ceph object %q", accessor.GetName())
+		return errors.Wrapf(err, "failed to create ceph %v object %q", objType, objName)
 	}
 
+	logger.Infof("created ceph %v object %q", objType, objName)
 	return nil
 }

pkg/operator/ceph/object/bucket/rgw-handlers.go

@@ -49,9 +49,17 @@ func (p *Provisioner) createCephUser(username string) (accKey string, secKey str
 		DisplayName: p.cephUserName,
 	}
 
-	u, err := p.adminOpsClient.CreateUser(context.TODO(), userConfig)
+	var u admin.User
+	u, err = p.adminOpsClient.GetUser(context.TODO(), userConfig)
 	if err != nil {
-		return "", "", errors.Wrapf(err, "failed to create ceph user %q: %v", username, err)
+		if errors.Is(err, admin.ErrNoSuchUser) {
+			u, err = p.adminOpsClient.CreateUser(context.TODO(), userConfig)
+			if err != nil {
+				return "", "", errors.Wrapf(err, "failed to create ceph object user %v", userConfig.ID)
+			}
+		} else {
+			return "", "", errors.Wrapf(err, "failed to get ceph user %q", username)
+		}
 	}
 
 	logger.Infof("successfully created Ceph user %q with access keys", username)

pkg/operator/ceph/object/health.go

@@ -157,15 +157,15 @@ func (c *bucketChecker) checkObjectStoreHealth() error {
 	// Create checker user
 	logger.Debugf("creating s3 user object %q for object store %q health check", userConfig.ID, c.namespacedName.Name)
 	var user admin.User
-	user, err = co.CreateUser(context.TODO(), userConfig)
+	user, err = co.GetUser(context.TODO(), userConfig)
 	if err != nil {
-		if errors.Is(err, admin.ErrUserExists) {
-			user, err = co.GetUser(context.TODO(), userConfig)
+		if errors.Is(err, admin.ErrNoSuchUser) {
+			user, err = co.CreateUser(context.TODO(), userConfig)
 			if err != nil {
-				return errors.Wrapf(err, "failed to get details from ceph object user %q", userConfig.ID)
+				return errors.Wrapf(err, "failed to create from ceph object user %v", userConfig.ID)
 			}
 		} else {
-			return errors.Wrapf(err, "failed to create ceph object user %q", userConfig.ID)
+			return errors.Wrapf(err, "failed to get details from ceph object user %q", userConfig.ID)
 		}
 	}
 

pkg/operator/ceph/object/user/controller.go

@@ -270,27 +270,28 @@ func (r *ReconcileObjectStoreUser) reconcileCephUser(cephObjectStoreUser *cephv1
 
 func (r *ReconcileObjectStoreUser) createorUpdateCephUser(u *cephv1.CephObjectStoreUser) error {
 	logger.Infof("creating ceph object user %q in namespace %q", u.Name, u.Namespace)
+
+	logCreateOrUpdate := fmt.Sprintf("retrieved existing ceph object user %q", u.Name)
 	var user admin.User
 	var err error
-	user, err = r.adminOpsAPI.CreateUser(context.TODO(), *r.userConfig)
+	user, err = r.adminOpsAPI.GetUser(context.TODO(), *r.userConfig)
 	if err != nil {
-		if errors.Is(err, admin.ErrUserExists) {
-			user, err = r.adminOpsAPI.GetUser(context.TODO(), *r.userConfig)
+		if errors.Is(err, admin.ErrNoSuchUser) {
+			user, err = r.adminOpsAPI.CreateUser(context.TODO(), *r.userConfig)
 			if err != nil {
-				return errors.Wrapf(err, "failed to get details from ceph object user %v", &r.userConfig.ID)
+				return errors.Wrapf(err, "failed to create ceph object user %v", &r.userConfig.ID)
 			}
-
-			return nil
+			logCreateOrUpdate = fmt.Sprintf("created ceph object user %q", u.Name)
+		} else {
+			return errors.Wrapf(err, "failed to get details from ceph object user %q", u.Name)
 		}
-
-		return errors.Wrapf(err, "failed to create ceph object user %q", u.Name)
 	}
 
 	// Set access and secret key
 	r.userConfig.Keys[0].AccessKey = user.Keys[0].AccessKey
 	r.userConfig.Keys[0].SecretKey = user.Keys[0].SecretKey
 
-	logger.Infof("created ceph object user %q", u.Name)
+	logger.Info(logCreateOrUpdate)
 	return nil
 }
 
@@ -423,7 +424,6 @@ func (r *ReconcileObjectStoreUser) reconcileCephUserSecret(cephObjectStoreUser *
 		return reconcile.Result{}, errors.Wrapf(err, "failed to create or update ceph object user %q secret", secret.Name)
 	}
 
-	logger.Infof("created ceph object user secret %q", secret.Name)
 	return reconcile.Result{}, nil
 }