in internal/controller/acrpullbinding_controller.go [55:139]
func NewV1beta1Reconciler(opts *V1beta1ReconcilerOpts) *AcrPullBindingReconciler {
if opts.now == nil {
opts.now = time.Now
}
return &AcrPullBindingReconciler{
&genericReconciler[*msiacrpullv1beta1.AcrPullBinding]{
Client: opts.Client,
Logger: opts.Logger,
Scheme: opts.Scheme,
NewBinding: func() *msiacrpullv1beta1.AcrPullBinding {
return &msiacrpullv1beta1.AcrPullBinding{}
},
AddFinalizer: func(binding *msiacrpullv1beta1.AcrPullBinding, finalizer string) *msiacrpullv1beta1.AcrPullBinding {
updated := binding.DeepCopy()
updated.ObjectMeta.Finalizers = append(updated.ObjectMeta.Finalizers, finalizer)
return updated
},
RemoveFinalizer: func(binding *msiacrpullv1beta1.AcrPullBinding, finalizer string) *msiacrpullv1beta1.AcrPullBinding {
updated := binding.DeepCopy()
updated.ObjectMeta.Finalizers = slices.DeleteFunc(updated.ObjectMeta.Finalizers, func(s string) bool {
return s == finalizer
})
return updated
},
GetServiceAccountName: func(binding *msiacrpullv1beta1.AcrPullBinding) string {
serviceAccountName := binding.Spec.ServiceAccountName
if serviceAccountName == "" {
serviceAccountName = defaultServiceAccountName
}
return serviceAccountName
},
GetPullSecretName: func(binding *msiacrpullv1beta1.AcrPullBinding) string {
return legacySecretName(binding.ObjectMeta.Name)
},
GetInputsHash: func(binding *msiacrpullv1beta1.AcrPullBinding) string {
msiClientID, msiResourceID, acrServer := specOrDefault(opts, binding.Spec)
return base36sha224([]byte(msiClientID + msiResourceID + acrServer + binding.Spec.Scope))
},
CreatePullCredential: func(ctx context.Context, binding *msiacrpullv1beta1.AcrPullBinding, serviceAccount *corev1.ServiceAccount) (string, time.Time, error) {
msiClientID, msiResourceID, acrServer := specOrDefault(opts, binding.Spec)
acrAccessToken, err := opts.Auth.AcquireACRAccessToken(ctx, msiResourceID, msiClientID, acrServer, binding.Spec.Scope)
if err != nil {
return "", time.Time{}, fmt.Errorf("failed to retrieve ACR access token: %w", err)
}
dockerConfig, err := authorizer.CreateACRDockerCfg(acrServer, acrAccessToken)
if err != nil {
return "", time.Time{}, fmt.Errorf("failed to write ACR dockercfg: %v", err)
}
return dockerConfig, acrAccessToken.ExpiresOn, nil
},
UpdateStatusError: func(binding *msiacrpullv1beta1.AcrPullBinding, s string) *msiacrpullv1beta1.AcrPullBinding {
updated := binding.DeepCopy()
updated.Status.Error = s
return updated
},
NeedsRefresh: func(logger logr.Logger, pullSecret *corev1.Secret, now func() time.Time) bool {
return now().After(pullSecretExpiry(logger, pullSecret).Add(-1 * tokenRefreshBuffer))
},
RequeueAfter: func(now func() time.Time) func(binding *msiacrpullv1beta1.AcrPullBinding) time.Duration {
return func(binding *msiacrpullv1beta1.AcrPullBinding) time.Duration {
var requeueAfter time.Duration
if binding.Status.TokenExpirationTime != nil {
requeueAfter = binding.Status.TokenExpirationTime.Time.Add(-1 * tokenRefreshBuffer).Sub(now())
}
return requeueAfter
}
},
NeedsStatusUpdate: func(refresh time.Time, expiry time.Time, binding *msiacrpullv1beta1.AcrPullBinding) bool {
return binding.Status.Error != "" || binding.Status.TokenExpirationTime == nil || !binding.Status.TokenExpirationTime.Equal(&metav1.Time{Time: expiry}) ||
binding.Status.LastTokenRefreshTime == nil || !binding.Status.LastTokenRefreshTime.Equal(&metav1.Time{Time: refresh})
},
UpdateStatus: func(refresh time.Time, expiry time.Time, binding *msiacrpullv1beta1.AcrPullBinding) *msiacrpullv1beta1.AcrPullBinding {
updated := binding.DeepCopy()
updated.Status.TokenExpirationTime = &metav1.Time{Time: expiry}
updated.Status.LastTokenRefreshTime = &metav1.Time{Time: refresh}
updated.Status.Error = ""
return updated
},
now: opts.now,
},
}
}