[Merged by Bors] - Orphaned resources handling

CHANGELOG.md

@@ -7,10 +7,18 @@ All notable changes to this project will be documented in this file.
 ### Changed
 
 - Include chart name when installing with a custom release name ([#300], [#301]).
+- Orphaned resources are deleted ([#319])
+- Updated operator-rs to 0.24.0 ([#319])
+- Operator will not error out any more if admin credential need to be generated but `auto_generate` is not set.
+  Instead the pods are written but will stay in initializing state until the necessary secrets have been
+  created. ([#319])
 
 [#300]: https://github.com/stackabletech/nifi-operator/pull/300
+
 [#301]: https://github.com/stackabletech/nifi-operator/pull/301
 
+[#319]: https://github.com/stackabletech/nifi-operator/pull/319
+
 ## [0.6.0] - 2022-06-30
 
 ### Added

Cargo.toml

@@ -3,3 +3,4 @@
 members = [
     "rust/crd", "rust/operator-binary"
 ]
+

rust/crd/Cargo.toml

@@ -14,6 +14,6 @@ serde = "1.0"
 serde_json = "1.0"
 snafu = "0.7"
 rand = "0.8"
-stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.23.0" }
+stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.24.0" }
 strum = { version = "0.24", features = ["derive"] }
 tracing = "0.1"

rust/crd/src/authentication.rs

@@ -1,3 +1,5 @@
+use std::collections::BTreeMap;
+
 use indoc::{formatdoc, indoc};
 use rand::distributions::Alphanumeric;
 use rand::Rng;
@@ -15,7 +17,6 @@ use stackable_operator::commons::tls::{CaCert, Tls, TlsServerVerification, TlsVe
 use stackable_operator::k8s_openapi::api::core::v1::{Secret, SecretVolumeSource, Volume};
 use stackable_operator::kube::runtime::reflector::ObjectRef;
 use stackable_operator::schemars::{self, JsonSchema};
-use std::collections::BTreeMap;
 
 #[derive(Snafu, Debug)]
 #[allow(clippy::enum_variant_names)]
@@ -322,25 +323,26 @@ async fn check_or_generate_admin_credentials(
     secret_namespace: &str,
     auto_generate: &bool,
 ) -> Result<bool, Error> {
+    // Return if auto_generate is not set
+    // if this means that secrets are missing / don't contain necessary data
+    // we'll let the pods fail during startup instead of aborting reconciliation
+    if !auto_generate {
+        return Ok(false);
+    }
+
+    // Anything beyond here is only reached when auto_generate is set, so we don't
+    // check that again
     match client
-        .exists::<Secret>(secret_name, Some(secret_namespace))
+        .get_opt::<Secret>(secret_name, Some(secret_namespace))
         .await
         .with_context(|_| KubeSnafu {
             reason: format!(
                 "checking if admin credential secret exists [{}/{}]",
                 secret_name, secret_namespace
             ),
         })? {
-        true => {
-            // The secret exists, retrieve the content and check that all required keys are present
-            // any missing keys will be filled with default or generated values
-            let secret_content: Secret = client
-                .get::<Secret>(secret_name, Some(secret_namespace))
-                .await
-                .with_context(|_| MissingSecretSnafu {
-                    obj_ref: ObjectRef::new(secret_name).within(secret_namespace),
-                })?;
-
+        Some(secret_content) => {
+            // An existing secret was found, check if we need to generate anything in here
             let mut additional_data = None;
             let empty_map = BTreeMap::new();
 
@@ -388,17 +390,7 @@ async fn check_or_generate_admin_credentials(
 
             // Apply patch to secret if any additional data was needed and return
             if additional_data.is_some() {
-                // Check if we are allowed to auto generate and abort if not
-                if !auto_generate {
-                    return Err(Error::AdminCredentials {
-                        message: format!(
-                            "Admin credential secret [{}/{}] is missing keys: [{:?}]",
-                            secret_name,
-                            secret_namespace,
-                            additional_data.unwrap().keys()
-                        ),
-                    });
-                }
+                // Patch the secret with auto generated values
                 tracing::debug!(
                     "patching keys [{:?}] in secret [{}/{}]",
                     additional_data.clone().unwrap_or_default().keys(),
@@ -425,15 +417,8 @@ async fn check_or_generate_admin_credentials(
                 Ok(false)
             }
         }
-        false => {
-            if !auto_generate {
-                return Err(Error::AdminCredentials {
-                    message: format!(
-                        "Admin credential secret [{}/{}] does not exist.",
-                        secret_name, secret_namespace
-                    ),
-                });
-            }
+        None => {
+            // No existing secret, generate one
             tracing::info!("No existing admin credentials found, generating a random password.");
             let password: String = rand::thread_rng()
                 .sample_iter(&Alphanumeric)

rust/operator-binary/Cargo.toml

@@ -18,15 +18,15 @@ rand = "0.8"
 semver = "1.0"
 serde = "1.0"
 serde_json = "1.0"
-serde_yaml = "0.9"
+serde_yaml = "0.8"
 snafu = "0.7"
-stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.23.0" }
+stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.24.0" }
 stackable-nifi-crd = { path = "../crd" }
 strum = { version = "0.24", features = ["derive"] }
 tokio = { version = "1.20", features = ["full"] }
 tracing = "0.1"
 
 [build-dependencies]
-built = { version =  "0.5", features = ["chrono", "git2"] }
-stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.23.0" }
+built = { version = "0.5", features = ["chrono", "git2"] }
+stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.24.0" }
 stackable-nifi-crd = { path = "../crd" }