From ce4a146d17d1fe27201cc441bb4ec9ab51dd2c8c Mon Sep 17 00:00:00 2001
From: SSmallMonster <mingming.zhou@daocloud.io>
Date: Fri, 19 Jul 2024 11:21:21 +0800
Subject: [PATCH] fix(admission): update when secrets found but not found data

Signed-off-by: SSmallMonster <mingming.zhou@daocloud.io>
---
 .../admission_controller.go                   | 25 +++++++++++--------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/pkg/install/admissioncontroller/admission_controller.go b/pkg/install/admissioncontroller/admission_controller.go
index 869fda47..748ff83d 100644
--- a/pkg/install/admissioncontroller/admission_controller.go
+++ b/pkg/install/admissioncontroller/admission_controller.go
@@ -331,13 +331,18 @@ func (m *AdmissionControllerMaintainer) Uninstall() error {
 func (m *AdmissionControllerMaintainer) ensureAdmissionCA() error {
 	// skip generation if the ca already exists
 	secret := corev1.Secret{}
-	if err := m.Client.Get(context.Background(), client.ObjectKey{Name: "hwameistor-admission-ca", Namespace: m.ClusterInstance.Spec.TargetNamespace}, &secret); err != nil {
+	secret.Name = "hwameistor-admission-ca"
+	secret.Namespace = m.ClusterInstance.Spec.TargetNamespace
+
+	secretExist := false
+	if err := m.Client.Get(context.Background(), client.ObjectKey{Name: secret.Name, Namespace: secret.Namespace}, &secret); err != nil {
 		if !apierrors.IsNotFound(err) {
 			log.WithError(err).Error("failed to get admission ca secret")
 			return err
 		}
 	} else {
-		if secret.Data != nil || secret.Data[corev1.TLSPrivateKeyKey] != nil || secret.Data[corev1.TLSCertKey] != nil {
+		secretExist = true
+		if secret.Data != nil && secret.Data[corev1.TLSPrivateKeyKey] != nil && secret.Data[corev1.TLSCertKey] != nil {
 			log.Info("admission ca secret found, skip generation")
 			return nil
 		}
@@ -356,21 +361,21 @@ func (m *AdmissionControllerMaintainer) ensureAdmissionCA() error {
 		log.WithError(err).Error("failed to generate certs")
 		return err
 	}
-	secret.Name = "hwameistor-admission-ca"
-	secret.Namespace = m.ClusterInstance.Spec.TargetNamespace
 
 	if secret.Data == nil {
 		secret.Data = make(map[string][]byte)
-		secret.Data[corev1.TLSCertKey] = serverCertPEM.Bytes()
-		secret.Data[corev1.TLSPrivateKeyKey] = serverPrivateKeyPEM.Bytes()
-		log.Info("creating hwameistor-admission-ca secret...")
+	}
+	secret.Data[corev1.TLSCertKey] = serverCertPEM.Bytes()
+	secret.Data[corev1.TLSPrivateKeyKey] = serverPrivateKeyPEM.Bytes()
+
+	if !secretExist {
 		err = m.Client.Create(context.Background(), &secret)
+		log.Info("creating hwameistor-admission-ca secret...")
 	} else {
-		secret.Data[corev1.TLSCertKey] = serverCertPEM.Bytes()
-		secret.Data[corev1.TLSPrivateKeyKey] = serverPrivateKeyPEM.Bytes()
-		log.Info("updating hwameistor-admission-ca secret...")
 		err = m.Client.Update(context.Background(), &secret)
+		log.Info("updating hwameistor-admission-ca secret...")
 	}
+
 	if err != nil {
 		log.WithError(err).Error("failed to update admission ca secret")
 	}