func()

in controllers/manager/staticgatewayconfiguration_controller.go [309:366]

• 49 lines of code
• 11 McCabe index (conditional complexity)

func (r *StaticGatewayConfigurationReconciler) reconcileWireguardKey(
	ctx context.Context,
	gwConfig *egressgatewayv1alpha1.StaticGatewayConfiguration,
) error {
	log := log.FromContext(ctx)

	secret := &corev1.Secret{
		ObjectMeta: metav1.ObjectMeta{
			Name:      fmt.Sprintf("sgw-%s", string(gwConfig.UID)),
			Namespace: r.SecretNamespace,
		},
	}
	if _, err := controllerutil.CreateOrUpdate(ctx, r, secret, func() error {
		if secret.Labels == nil {
			secret.Labels = make(map[string]string)
		}
		if sgcNS, ok := secret.Labels[consts.OwningSGCNamespaceLabel]; !ok || sgcNS != gwConfig.Namespace {
			secret.Labels[consts.OwningSGCNamespaceLabel] = gwConfig.Namespace
		}
		if sgcName, ok := secret.Labels[consts.OwningSGCNameLabel]; !ok || sgcName != gwConfig.Name {
			secret.Labels[consts.OwningSGCNameLabel] = gwConfig.Name
		}

		if secret.Data == nil {
			secret.Data = make(map[string][]byte)
		}
		if _, ok := secret.Data[consts.WireguardPrivateKeyName]; !ok {
			// create new private key
			wgPrivateKey, err := wgtypes.GeneratePrivateKey()
			if err != nil {
				log.Error(err, "failed to generate wireguard private key")
				return err
			}

			secret.Data[consts.WireguardPrivateKeyName] = []byte(wgPrivateKey.String())
			secret.Data[consts.WireguardPublicKeyName] = []byte(wgPrivateKey.PublicKey().String())
		}

		return nil
	}); err != nil {
		log.Error(err, "failed to reconcile wireguard keypair secret")
		return err
	}
	if secret.DeletionTimestamp.IsZero() {
		// Update secret reference
		gwConfig.Status.PrivateKeySecretRef = &corev1.ObjectReference{
			APIVersion: "v1",
			Kind:       "Secret",
			Name:       secret.Name,
			Namespace:  secret.Namespace,
		}

		// Update public key
		gwConfig.Status.PublicKey = string(secret.Data[consts.WireguardPublicKeyName])
	}

	return nil
}