concurrent namespace reconciliation to ensure openshift rbac requisites

tektoncd · Dec 20, 2024 · 1007e40 · 1007e40
1 parent a98ed25
commit 1007e40
Show file tree

Hide file tree

Showing 4 changed files with 416 additions and 104 deletions.
diff --git a/pkg/reconciler/common/utils.go b/pkg/reconciler/common/utils.go
@@ -63,3 +63,13 @@ func StructToMap(in, out interface{}) error {
 	}
 	return json.Unmarshal(data, out)
 }
+
+// Helper function to serialize labels map to JSON string
+func SerializeLabelsToJSON(labels map[string]string) string {
+	bytes, err := json.Marshal(labels)
+	if err != nil {
+		// This should be unlikely, but handle serialization error
+		panic(fmt.Sprintf("Failed to serialize labels to JSON: %v", err))
+	}
+	return string(bytes)
+}
diff --git a/pkg/reconciler/common/utils_test.go b/pkg/reconciler/common/utils_test.go
@@ -113,3 +113,70 @@ func TestStructMapError(t *testing.T) {
 	err := StructToMap(&in, actualOut)
 	assert.Error(t, err, "json: Unmarshal(non-pointer map[string]interface {})")
 }
+
+func TestSerializeLabelsToJSON(t *testing.T) {
+	// Test cases with different inputs
+	tests := []struct {
+		name           string
+		labels         map[string]string
+		expectedOutput string
+		expectPanic    bool
+	}{
+		{
+			name: "Valid input with multiple labels",
+			labels: map[string]string{
+				"app":   "my-app",
+				"env":   "production",
+				"owner": "dev-team",
+			},
+			expectedOutput: `{"app":"my-app","env":"production","owner":"dev-team"}`,
+			expectPanic:    false,
+		},
+		{
+			name:           "Empty input",
+			labels:         map[string]string{},
+			expectedOutput: `{}`,
+			expectPanic:    false,
+		},
+		{
+			name: "Single label",
+			labels: map[string]string{
+				"key": "value",
+			},
+			expectedOutput: `{"key":"value"}`,
+			expectPanic:    false,
+		},
+		{
+			name: "Special characters in keys and values",
+			labels: map[string]string{
+				"foo@bar":   "bazqux",
+				"key#1":     "value$%",
+				"space key": "with space",
+			},
+			expectedOutput: `{"foo@bar":"bazqux","key#1":"value$%","space key":"with space"}`,
+			expectPanic:    false,
+		},
+	}
+
+	// Loop over each test case
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.expectPanic {
+				// If we expect a panic, run in a recover block
+				defer func() {
+					if r := recover(); r == nil {
+						t.Errorf("Expected panic, but got none")
+					}
+				}()
+			}
+
+			// Call the function with the test labels
+			actual := SerializeLabelsToJSON(tt.labels)
+
+			// Check if the output matches the expected result
+			if actual != tt.expectedOutput {
+				t.Errorf("Expected %s, but got %s", tt.expectedOutput, actual)
+			}
+		})
+	}
+}
diff --git a/pkg/reconciler/openshift/tektonconfig/extension.go b/pkg/reconciler/openshift/tektonconfig/extension.go
@@ -31,6 +31,7 @@ import (
 	"github.com/tektoncd/operator/pkg/reconciler/common"
 	"github.com/tektoncd/operator/pkg/reconciler/openshift/tektonconfig/extension"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
 	nsV1 "k8s.io/client-go/informers/core/v1"
 	rbacV1 "k8s.io/client-go/informers/rbac/v1"
 	"k8s.io/client-go/kubernetes"
@@ -109,15 +110,33 @@ func (oe openshiftExtension) PreReconcile(ctx context.Context, tc v1alpha1.Tekto
 
 	// below code helps to retain state of pre-existing SA at the time of upgrade
 	if existingSAWithOwnerRef(r.tektonConfig) {
+		logger := logging.FromContext(ctx)
+		logger.Infof("Found pre-existing ServiceAccount. Changing owner reference during upgrade.")
+
 		if err := changeOwnerRefOfPreExistingSA(ctx, r.kubeClientSet, *config); err != nil {
+			logger.Errorf("Failed to change owner reference for pre-existing SA: %v", err)
 			return err
 		}
+
+		// Get current labels to retain any existing labels
 		tcLabels := config.GetLabels()
+		if tcLabels == nil {
+			tcLabels = map[string]string{}
+		}
+
+		// Add or update the serviceAccountCreationLabel without removing other labels
 		tcLabels[serviceAccountCreationLabel] = "true"
-		config.SetLabels(tcLabels)
-		if _, err := oe.operatorClientSet.OperatorV1alpha1().TektonConfigs().Update(ctx, config, metav1.UpdateOptions{}); err != nil {
+
+		// Prepare the patch to update only the labels, keeping the existing ones
+		patchData := []byte(fmt.Sprintf(`{"metadata":{"labels":%s}}`, common.SerializeLabelsToJSON(tcLabels)))
+
+		// Apply the patch to the TektonConfig
+		if _, err := oe.operatorClientSet.OperatorV1alpha1().TektonConfigs().Patch(ctx, config.Name, types.StrategicMergePatchType, patchData, metav1.PatchOptions{}); err != nil {
+			logger.Errorf("Failed to patch TektonConfig with new label: %v", err)
 			return err
 		}
+
+		logger.Infof("Successfully patched TektonConfig with serviceAccountCreationLabel set to true")
 	}
 
 	createRBACResource := true
@@ -133,6 +152,9 @@ func (oe openshiftExtension) PreReconcile(ctx context.Context, tc v1alpha1.Tekto
 			if err := r.cleanUp(ctx); err != nil {
 				return err
 			}
+		} else {
+			//set concurrency default if RBAC resources have be created
+			r.setDefaultConcurrency()
 		}
 	}