def on_secret_create_or

def on_secret_create_or_update()

in mysqloperator/sidecar_main.py [0:0]
69 lines of code
19 McCabe index (conditional complexity)

def on_secret_create_or_update(name: str, namespace: str, spec, new, logger: Logger, **kwargs):
    # g_cluster_name
    # g_pod_index
    global g_tls_change_underway
    global g_ca_change_underway
    global g_ca_tls_change_underway_lock
    global g_ready_gate
    global g_ready_gate_lock

    logger.info(f"on_secret_create_or_update: name={name} pod_index={g_pod_index}")

    try:
        g_ready_gate_lock.acquire()
        if not g_ready_gate:
            logger.info("Cached value of gate[ready] is false, re-checking")
            ready = MySQLPod.read(g_pod_name, g_pod_namespace).get_member_readiness_gate("ready")
            if not ready:
                raise kopf.TemporaryError(f"Pod not ready - not yet part of the IC. Will retry", delay=15)
            g_ready_gate = True
            logger.info("Readiness gate 'ready' is true. Handling event.")
    finally:
        g_ready_gate_lock.release()

    ic = InnoDBCluster.read(namespace, g_cluster_name)
    tls_changed = False
    ca_changed = False
    handler = None
    router_deployment = None
    # In case the same secret is used for CA and TLS, and router TLS, then the order
    # here is very important. on_ca_secret_create_or_change() does what
    # on_tls_secret_create_or_change() does and restarts the deployment on top
    # So, either this order of checks or three separate if-statements.
    if ic.parsed_spec.tlsCASecretName == name:
        logger.info(f"on_secret_create_or_update: tlsCASecretName")
        g_ca_tls_change_underway_lock.acquire()
        try:
            if g_tls_change_underway:
                raise kopf.TemporaryError(f"TLS change underway. Wait to finish. {name}", delay=12)
            g_ca_change_underway = True
            ca_changed = True
        finally:
            g_ca_tls_change_underway_lock.release()

        handler = on_ca_secret_create_or_change
        router_deployment = ic.get_router_deployment() if g_pod_index == 0 else None
    elif ic.parsed_spec.tlsSecretName == name:
        logger.info(f"on_secret_create_or_update: tlsSecretName")
        g_ca_tls_change_underway_lock.acquire()
        try:
            if g_ca_change_underway:
                raise kopf.TemporaryError(f"CA change underway. Wait to finish. {name}", delay=14)
            g_tls_change_underway = True
            tls_changed = True
        finally:
            g_ca_tls_change_underway_lock.release()

        handler = on_tls_secret_create_or_change
    elif ic.parsed_spec.router.tlsSecretName == name:
        logger.info(f"on_secret_create_or_update: router.tlsSecretName")
        try:
            g_ca_tls_change_underway_lock.acquire()
            if g_ca_change_underway:
                raise kopf.TemporaryError(f"CA change underway. Wait to finish. {name}", delay=16)
            else:
                handler = on_router_tls_secret_create_or_change
                router_deployment = ic.get_router_deployment() if g_pod_index == 0 else None
        finally:
            g_ca_tls_change_underway_lock.release()

    if handler:
        try:
            handler(new, ic.parsed_spec.tlsUseSelfSigned, router_deployment , logger)
        finally:
            if ca_changed:
                g_ca_tls_change_underway_lock.acquire()
                g_ca_change_underway = False
                g_ca_tls_change_underway_lock.release()
            if tls_changed:
                g_ca_tls_change_underway_lock.acquire()
                g_tls_change_underway = False
                g_ca_tls_change_underway_lock.release()