1
+ // Copyright 2020-2024 Project Capsule Authors.
2
+ // SPDX-License-Identifier: Apache-2.0
3
+
1
4
package serviceaccount
2
5
3
6
import (
@@ -21,6 +24,7 @@ import (
21
24
"sigs.k8s.io/controller-runtime/pkg/reconcile"
22
25
)
23
26
27
+ //nolint:revive
24
28
type ServiceAccountReconciler struct {
25
29
proxyURL string
26
30
proxyCA string
@@ -83,6 +87,7 @@ func (r *ServiceAccountReconciler) Reconcile(ctx context.Context, request ctrl.R
83
87
84
88
return reconcile.Result {}, nil
85
89
}
90
+
86
91
r .Log .Error (err , "Error reading the object" )
87
92
88
93
return ctrl.Result {}, err
@@ -102,16 +107,15 @@ func (r *ServiceAccountReconciler) Reconcile(ctx context.Context, request ctrl.R
102
107
if err != nil {
103
108
return reconcile.Result {}, errors .Wrap (err , "error getting token of the service account" )
104
109
}
110
+
105
111
if tokenSecret .Data == nil {
106
112
r .Log .Info ("ServiceAccount token data is missing. Requeueing." )
113
+
107
114
return reconcile.Result {Requeue : true }, nil
108
115
}
109
116
110
117
// Build the kubeConfig for the ServiceAccount Tenant Owner.
111
- config , err := r .buildKubeconfig (r .proxyURL , string (tokenSecret .Data [corev1 .ServiceAccountTokenKey ]))
112
- if err != nil {
113
- return reconcile.Result {}, errors .Wrap (err , "error building the tenant owner config" )
114
- }
118
+ config := r .buildKubeconfig (r .proxyURL , string (tokenSecret .Data [corev1 .ServiceAccountTokenKey ]))
115
119
116
120
configRaw , err := clientcmd .Write (* config )
117
121
if err != nil {
@@ -142,10 +146,12 @@ func (r *ServiceAccountReconciler) Reconcile(ctx context.Context, request ctrl.R
142
146
if sa .GetAnnotations ()[ServiceAccountGlobalAnnotationKey ] == ServiceAccountGlobalAnnotationValue {
143
147
// Get the Tenant owned by the ServiceAccount.
144
148
ownerName := fmt .Sprintf ("system:serviceaccount:%s:%s" , sa .GetNamespace (), sa .GetName ())
149
+
145
150
tenantList , err := r .listTenantsOwned (ctx , string (capsulev1beta2 .ServiceAccountOwner ), ownerName )
146
151
if err != nil {
147
152
return reconcile.Result {}, errors .Wrap (err , "error listing Tenants for owner" )
148
153
}
154
+
149
155
if tenantList .Items == nil {
150
156
return reconcile.Result {}, errors .New ("Tenant list for owner is empty" )
151
157
}
@@ -176,6 +182,7 @@ func (r *ServiceAccountReconciler) forOption(ctx context.Context) builder.ForOpt
176
182
predicate .NewPredicateFuncs (func (object client.Object ) bool {
177
183
ownerName := fmt .Sprintf ("system:serviceaccount:%s:%s" , object .GetNamespace (), object .GetName ())
178
184
tntList , err := r .listTenantsOwned (ctx , string (capsulev1beta2 .ServiceAccountOwner ), ownerName )
185
+
179
186
return err == nil && tntList .Items != nil && len (tntList .Items ) != 0
180
187
}),
181
188
),
@@ -196,7 +203,7 @@ func (r *ServiceAccountReconciler) listTenantsOwned(ctx context.Context, ownerKi
196
203
197
204
// buildKubeconfig returns a client-go/clientcmd/api.Config with a token and server URL specified as arguments.
198
205
// The server set is be the proxy configured at ServiceAccountReconciler-level.
199
- func (r * ServiceAccountReconciler ) buildKubeconfig (server , token string ) ( * clientcmdapi.Config , error ) {
206
+ func (r * ServiceAccountReconciler ) buildKubeconfig (server , token string ) * clientcmdapi.Config {
200
207
// Build the client API Config.
201
208
config := clientcmdapi .NewConfig ()
202
209
config .APIVersion = clientcmdlatest .Version
@@ -228,5 +235,5 @@ func (r *ServiceAccountReconciler) buildKubeconfig(server, token string) (*clien
228
235
config .Contexts = contexts
229
236
config .CurrentContext = KubeconfigContextName
230
237
231
- return config , nil
238
+ return config
232
239
}
0 commit comments