func reconcileForBasicAuthWithBootstrappedSecurityJson()

in controllers/util/solr_security_util.go [89:149]

• 48 lines of code
• 11 McCabe index (conditional complexity)

func reconcileForBasicAuthWithBootstrappedSecurityJson(ctx context.Context, client *client.Client, instance *solr.SolrCloud) (*SecurityConfig, error) {
	reader := *client

	sec := instance.Spec.SolrSecurity
	security := &SecurityConfig{SolrSecurity: sec}

	// We're supplying a secret with random passwords and a default security.json
	// since we randomly generate the passwords, we need to lookup the secret first and only create if not exist
	basicAuthSecret := &corev1.Secret{}
	err := reader.Get(ctx, types.NamespacedName{Name: instance.BasicAuthSecretName(), Namespace: instance.Namespace}, basicAuthSecret)
	if err != nil && errors.IsNotFound(err) {
		authSecret, bootstrapSecret := generateBasicAuthSecretWithBootstrap(instance)

		// take ownership of these secrets since we created them
		if err := controllerutil.SetControllerReference(instance, authSecret, reader.Scheme()); err != nil {
			return nil, err
		}
		if err := controllerutil.SetControllerReference(instance, bootstrapSecret, reader.Scheme()); err != nil {
			return nil, err
		}
		err = reader.Create(ctx, authSecret)
		if err != nil {
			return nil, err
		}
		err = reader.Create(ctx, bootstrapSecret)
		if err != nil {
			return nil, err
		}

		// supply the bootstrap security.json to the initContainer via a simple BASE64 encoding env var
		security.SecurityJson = string(bootstrapSecret.Data[SecurityJsonFile])
		security.SecurityJsonSrc = &corev1.EnvVarSource{
			SecretKeyRef: &corev1.SecretKeySelector{
				LocalObjectReference: corev1.LocalObjectReference{Name: bootstrapSecret.Name}, Key: SecurityJsonFile}}
		basicAuthSecret = authSecret
	}

	if err != nil {
		return nil, err
	}
	security.CredentialsSecret = basicAuthSecret

	if security.SecurityJson == "" {
		// the bootstrap secret already exists, so just stash the security.json needed for constructing initContainers
		bootstrapSecret := &corev1.Secret{}
		err = reader.Get(ctx, types.NamespacedName{Name: instance.SecurityBootstrapSecretName(), Namespace: instance.Namespace}, bootstrapSecret)
		if err != nil {
			if !errors.IsNotFound(err) {
				return nil, err
			} // else perhaps the user deleted it after security was bootstrapped ... this is ok but may trigger a restart on the STS
		} else {
			// stash this so we can configure the setup-zk initContainer to bootstrap the security.json in ZK
			security.SecurityJson = string(bootstrapSecret.Data[SecurityJsonFile])
			security.SecurityJsonSrc = &corev1.EnvVarSource{
				SecretKeyRef: &corev1.SecretKeySelector{
					LocalObjectReference: corev1.LocalObjectReference{Name: bootstrapSecret.Name}, Key: SecurityJsonFile}}
		}
	}

	return security, nil
}