func()

in pkg/controller/keyvault/placeholder_pod.go [117:210]

• 80 lines of code
• 15 McCabe index (conditional complexity)

func (p *PlaceholderPodController) reconcileObjectDeployment(dep *appsv1.Deployment, spc *secv1.SecretProviderClass, req ctrl.Request, ctx context.Context, logger logr.Logger) (ctrl.Result, error) {
	var (
		err            error
		obj            client.Object
		serviceAccount string
	)

	result := ctrl.Result{}

	switch {
	case util.FindOwnerKind(spc.OwnerReferences, "NginxIngressController") != "":
		obj = &v1alpha1.NginxIngressController{}
		obj.SetName(util.FindOwnerKind(spc.OwnerReferences, "NginxIngressController"))
		logger.Info(fmt.Sprint("getting owner NginxIngressController"))
	case util.FindOwnerKind(spc.OwnerReferences, "Ingress") != "":
		obj = &netv1.Ingress{}
		obj.SetName(util.FindOwnerKind(spc.OwnerReferences, "Ingress"))
		obj.SetNamespace(req.Namespace)
		logger.Info(fmt.Sprint("getting owner Ingress"))
	case util.FindOwnerKind(spc.OwnerReferences, "Gateway") != "":
		obj = &gatewayv1.Gateway{}
		gwName := util.FindOwnerKind(spc.OwnerReferences, "Gateway")
		obj.SetName(gwName)
		obj.SetNamespace(req.Namespace)
		logger.Info(fmt.Sprintf("getting owner Gateway resource %s", gwName))
	default:
		logger.Info("owner type not found")
		return result, nil
	}

	if obj.GetName() != "" {
		if err = p.client.Get(ctx, client.ObjectKeyFromObject(obj), obj); err != nil {
			return result, client.IgnoreNotFound(err)
		}
	}

	cleanPod, err := p.placeholderPodCleanCheck(spc, obj)
	if err != nil {
		return result, err
	}

	if cleanPod {
		logger.Info("attempting to clean unused placeholder pod deployment")
		logger.Info("getting placeholder deployment")
		toCleanDeployment := &appsv1.Deployment{}
		if err = p.client.Get(ctx, client.ObjectKeyFromObject(dep), toCleanDeployment); err != nil {
			return result, client.IgnoreNotFound(err)
		}
		if manifests.HasTopLevelLabels(toCleanDeployment.Labels) {
			logger.Info("deleting placeholder deployment")
			err = p.client.Delete(ctx, toCleanDeployment)
			return result, client.IgnoreNotFound(err)
		}

		logger.Info("deployment found but it's not managed by us, skipping cleaning")
		return result, nil
	}

	// Verify ServiceAccount exists (if Gateway)
	serviceAccount, err = p.verifyServiceAccount(ctx, spc, obj, logger)
	if err != nil {
		var userErr util.UserError
		if errors.As(err, &userErr) {
			logger.Info("user error while verifying if service account exists: %s", userErr.Err)
			p.events.Eventf(obj, corev1.EventTypeWarning, "InvalidInput", userErr.UserMessage)
			return result, nil
		}

		logger.Error(err, "verifying ServiceAccount for placeholder pod")
		return result, fmt.Errorf("verifying service account for placeholder pod: %s", err.Error())
	}

	// Manage a deployment resource
	logger.Info("reconciling placeholder deployment for secret provider class")
	if err = p.buildDeployment(ctx, dep, spc, obj); err != nil {
		err = fmt.Errorf("building deployment: %w", err)
		p.events.Eventf(obj, corev1.EventTypeWarning, "FailedUpdateOrCreatePlaceholderPodDeployment", "error while building placeholder pod Deployment needed to pull Keyvault reference: %s", err.Error())
		logger.Error(err, "failed to build placeholder deployment")
		return result, err
	}

	if serviceAccount != "" {
		dep.Spec.Template.Spec.AutomountServiceAccountToken = to.Ptr(true)
		dep.Spec.Template.Spec.ServiceAccountName = serviceAccount
	}

	if err = util.Upsert(ctx, p.client, dep); err != nil {
		p.events.Eventf(obj, corev1.EventTypeWarning, "FailedUpdateOrCreatePlaceholderPodDeployment", "error while creating or updating placeholder pod Deployment needed to pull Keyvault reference: %s", err.Error())
		logger.Error(err, "failed to upsert placeholder deployment")
		return result, err
	}

	return result, nil
}