Remove reconcile context in main controller

Author: kabicin

common/secret.go

@@ -32,9 +32,9 @@ func (sm SecretMap) Get(key string) ([]byte, bool) {
 	return []byte{}, false
 }
 
-func (lockedBufferSecret LockedBufferSecret) Destroy() {
-	if lockedBufferSecret.LockedData != nil {
-		lockedBufferSecret.LockedData.Destroy()
+func (lockedSecret LockedBufferSecret) Destroy() {
+	if lockedSecret.LockedData != nil {
+		lockedSecret.LockedData.Destroy()
 	}
 }
 
@@ -51,19 +51,27 @@ func GetSecret(client client.Client, name string, ns string) (*LockedBufferSecre
 		return nil, err
 	}
 
-	lockedBufferSecret := &LockedBufferSecret{}
-	lockedBufferSecret.TypeMeta = secret.TypeMeta
-	lockedBufferSecret.ObjectMeta = secret.ObjectMeta
-	for secretKey, secretValue := range secret.Data {
-		lockedBufferSecret.LockedData[secretKey] = memguard.NewBufferFromBytes(secretValue)
+	lockedSecret := &LockedBufferSecret{}
+	lockedSecret.TypeMeta = secret.TypeMeta
+	lockedSecret.ObjectMeta = secret.ObjectMeta
+	if lockedSecret.LockedData == nil {
+		lockedSecret.LockedData = SecretMap{}
 	}
-	return lockedBufferSecret, nil
+	if secret.Data != nil {
+		for secretKey, secretValue := range secret.Data {
+			lockedSecret.LockedData[secretKey] = memguard.NewBufferFromBytes(secretValue)
+		}
+	}
+	return lockedSecret, nil
 }
 
 // Copies a Locked Buffer Secret into a core Secret with a corresponding cleanup func
 func CopySecret(in *LockedBufferSecret, out *corev1.Secret) func() {
 	out.TypeMeta = in.TypeMeta
 	out.ObjectMeta = in.ObjectMeta
+	if out.Data == nil {
+		out.Data = map[string][]byte{}
+	}
 	for key, buf := range in.LockedData {
 		out.Data[key] = buf.Bytes()
 	}

internal/controller/runtimecomponent_controller.go

@@ -101,11 +101,6 @@ func (r *RuntimeComponentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		ns = r.watchNamespaces[0]
 	}
 
-	// This reconcile context is cancelled right before the Reconcile function terminates or when the parent context ctx is cancelled (such as in operator leader election), whichever happens first.
-	// Resources that require cleanup may use this context to hook into program execution before a function return.
-	recCtx, cancel := context.WithCancel(ctx)
-	defer cancel()
-
 	configMap, err := r.GetOpConfigMap(OperatorName, ns)
 	if err != nil {
 		reqLogger.Info("Failed to find runtime-component-operator config map")
@@ -243,7 +238,7 @@ func (r *RuntimeComponentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		if serviceAccountName == "" {
 			serviceAccount := &corev1.ServiceAccount{ObjectMeta: defaultMeta}
 			err = r.CreateOrUpdate(serviceAccount, instance, func() error {
-				return appstacksutils.CustomizeServiceAccount(recCtx, serviceAccount, instance, r.GetClient())
+				return appstacksutils.CustomizeServiceAccount(serviceAccount, instance, r.GetClient())
 			})
 			if err != nil {
 				reqLogger.Error(err, "Failed to reconcile ServiceAccount")
@@ -262,7 +257,7 @@ func (r *RuntimeComponentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 
 	// Check if the ServiceAccount has a valid pull secret before creating the deployment/statefulset
 	// or setting up knative. Otherwise the pods can go into an ImagePullBackOff loop
-	saErr := appstacksutils.ServiceAccountPullSecretExists(recCtx, instance, r.GetClient())
+	saErr := appstacksutils.ServiceAccountPullSecretExists(instance, r.GetClient())
 	if saErr != nil {
 		return r.ManageError(saErr, common.StatusConditionTypeReconciled, instance)
 	}
@@ -324,7 +319,7 @@ func (r *RuntimeComponentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		}
 	}
 
-	useCertmanager, err := r.GenerateSvcCertSecret(recCtx, ba, "rco", "Runtime Component Operator", "runtime-component-operator")
+	useCertmanager, err := r.GenerateSvcCertSecret(ba, "rco", "Runtime Component Operator", "runtime-component-operator")
 	if err != nil {
 		reqLogger.Error(err, "Failed to reconcile CertManager Certificate")
 		return r.ManageError(err, common.StatusConditionTypeReconciled, instance)
@@ -370,7 +365,7 @@ func (r *RuntimeComponentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		}
 	}
 
-	err = r.ReconcileBindings(recCtx, instance)
+	err = r.ReconcileBindings(instance)
 	if err != nil {
 		return r.ManageError(err, common.StatusConditionTypeReconciled, ba)
 	}
@@ -400,7 +395,7 @@ func (r *RuntimeComponentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		err = r.CreateOrUpdate(statefulSet, instance, func() error {
 			appstacksutils.CustomizeStatefulSet(statefulSet, instance)
 			appstacksutils.CustomizePodSpec(&statefulSet.Spec.Template, instance)
-			if err := appstacksutils.CustomizePodWithSVCCertificate(recCtx, &statefulSet.Spec.Template, instance, r.GetClient()); err != nil {
+			if err := appstacksutils.CustomizePodWithSVCCertificate(&statefulSet.Spec.Template, instance, r.GetClient()); err != nil {
 				return err
 			}
 			appstacksutils.CustomizePersistence(statefulSet, instance)
@@ -432,7 +427,7 @@ func (r *RuntimeComponentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		err = r.CreateOrUpdate(deploy, instance, func() error {
 			appstacksutils.CustomizeDeployment(deploy, instance)
 			appstacksutils.CustomizePodSpec(&deploy.Spec.Template, instance)
-			if err := appstacksutils.CustomizePodWithSVCCertificate(recCtx, &deploy.Spec.Template, instance, r.GetClient()); err != nil {
+			if err := appstacksutils.CustomizePodWithSVCCertificate(&deploy.Spec.Template, instance, r.GetClient()); err != nil {
 				return err
 			}
 			return nil
@@ -534,7 +529,7 @@ func (r *RuntimeComponentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	} else if ok {
 		if instance.Spec.Monitoring != nil && (instance.Spec.CreateKnativeService == nil || !*instance.Spec.CreateKnativeService) {
 			// Validate the monitoring endpoints' configuration before creating/updating the ServiceMonitor
-			if err := appstacksutils.ValidatePrometheusMonitoringEndpoints(recCtx, instance, r.GetClient(), instance.GetNamespace()); err != nil {
+			if err := appstacksutils.ValidatePrometheusMonitoringEndpoints(instance, r.GetClient(), instance.GetNamespace()); err != nil {
 				return r.ManageError(err, common.StatusConditionTypeReconciled, instance)
 			}
 			sm := &prometheusv1.ServiceMonitor{ObjectMeta: defaultMeta}

utils/hash.go

@@ -11,8 +11,8 @@ import (
 	"lukechampine.com/blake3"
 )
 
-func HashSecretMapData(data common.SecretMap) string {
-	return hash(data, serializeSecretMapData)
+func HashLockedData(data common.SecretMap) string {
+	return hash(data, serializeLockedData)
 }
 
 func HashData(data map[string][]byte) string {
@@ -34,7 +34,7 @@ func hash(data any, serializer func(any) []byte) string {
 	return hex.EncodeToString(hash)
 }
 
-func serializeSecretMapData(data any) []byte {
+func serializeLockedData(data any) []byte {
 	if _, ok := data.(common.SecretMap); !ok {
 		return []byte{}
 	}

utils/reconciler.go

@@ -653,7 +653,7 @@ func (r *ReconcilerBase) checkIssuerReady(issuer *certmanagerv1.Issuer) error {
 	return nil
 }
 
-func (r *ReconcilerBase) GenerateCMIssuer(recCtx context.Context, namespace string, prefix string, CACommonName string, operatorName string) error {
+func (r *ReconcilerBase) GenerateCMIssuer(namespace string, prefix string, CACommonName string, operatorName string) error {
 	if ok, err := r.IsGroupVersionSupported(certmanagerv1.SchemeGroupVersion.String(), "Issuer"); err != nil {
 		return err
 	} else if !ok {
@@ -750,7 +750,7 @@ func (r *ReconcilerBase) GenerateCMIssuer(recCtx context.Context, namespace stri
 	return nil
 }
 
-func (r *ReconcilerBase) GenerateSvcCertSecret(recCtx context.Context, ba common.BaseComponent, prefix string, CACommonName string, operatorName string) (bool, error) {
+func (r *ReconcilerBase) GenerateSvcCertSecret(ba common.BaseComponent, prefix string, CACommonName string, operatorName string) (bool, error) {
 	delete(ba.GetStatus().GetReferences(), common.StatusReferenceCertSecretName)
 	cleanup := func() {
 		if ok, err := r.IsGroupVersionSupported(certmanagerv1.SchemeGroupVersion.String(), "Certificate"); err != nil {
@@ -791,7 +791,7 @@ func (r *ReconcilerBase) GenerateSvcCertSecret(recCtx context.Context, ba common
 	} else if ok {
 		bao := ba.(metav1.Object)
 
-		err = r.GenerateCMIssuer(recCtx, bao.GetNamespace(), prefix, CACommonName, operatorName)
+		err = r.GenerateCMIssuer(bao.GetNamespace(), prefix, CACommonName, operatorName)
 		if err != nil {
 			if errors.Is(err, APIVersionNotFoundError) {
 				return false, nil
@@ -854,7 +854,7 @@ func (r *ReconcilerBase) GenerateSvcCertSecret(recCtx context.Context, ba common
 				svcCert.Spec.IssuerRef.Name = customIssuer.Name
 			}
 
-			rVersion, _ := GetIssuerResourceVersion(recCtx, r.client, svcCert)
+			rVersion, _ := GetIssuerResourceVersion(r.client, svcCert)
 			if svcCert.Spec.SecretTemplate == nil {
 				svcCert.Spec.SecretTemplate = &certmanagerv1.CertificateSecretTemplate{
 					Annotations: map[string]string{},

utils/reconciler_test.go

@@ -196,7 +196,7 @@ func TestCreateOrUpdate(t *testing.T) {
 	r := NewReconcilerBase(rcl, cl, s, &rest.Config{}, record.NewFakeRecorder(10))
 
 	err := r.CreateOrUpdate(serviceAccount, runtimecomponent, func() error {
-		CustomizeServiceAccount(context.TODO(), serviceAccount, runtimecomponent, r.GetClient())
+		CustomizeServiceAccount(serviceAccount, runtimecomponent, r.GetClient())
 		return nil
 	})
 

utils/service_binding_reconciler.go

@@ -1,7 +1,6 @@
 package utils
 
 import (
-	"context"
 	"fmt"
 	"strconv"
 	"strings"
@@ -20,14 +19,14 @@ const (
 )
 
 // ReconcileBindings goes through the reconcile logic for service binding
-func (r *ReconcilerBase) ReconcileBindings(recCtx context.Context, ba common.BaseComponent) error {
-	if err := r.reconcileExpose(recCtx, ba); err != nil {
+func (r *ReconcilerBase) ReconcileBindings(ba common.BaseComponent) error {
+	if err := r.reconcileExpose(ba); err != nil {
 		return err
 	}
 	return nil
 }
 
-func (r *ReconcilerBase) reconcileExpose(recCtx context.Context, ba common.BaseComponent) error {
+func (r *ReconcilerBase) reconcileExpose(ba common.BaseComponent) error {
 	mObj := ba.(metav1.Object)
 	bindingSecret, err := common.GetSecret(r.GetClient(), getExposeBindingSecretName(ba), mObj.GetNamespace())
 	defer bindingSecret.Destroy()
@@ -47,7 +46,7 @@ func (r *ReconcilerBase) reconcileExpose(recCtx context.Context, ba common.BaseC
 		bindingSecret.LockedData = customSecret.LockedData
 		customSecret.LockedData = nil
 		// Apply default values to the override secret if certain values are not set
-		r.applyDefaultValuesToExpose(recCtx, bindingSecret, ba)
+		r.applyDefaultValuesToExpose(bindingSecret, ba)
 
 		if err := r.CreateOrUpdateSecret(bindingSecret, mObj); err != nil {
 			return err
@@ -79,7 +78,7 @@ func (r *ReconcilerBase) getCustomValuesToExpose(secret *common.LockedBufferSecr
 	return nil
 }
 
-func (r *ReconcilerBase) applyDefaultValuesToExpose(recCtx context.Context, secret *common.LockedBufferSecret, ba common.BaseComponent) {
+func (r *ReconcilerBase) applyDefaultValuesToExpose(secret *common.LockedBufferSecret, ba common.BaseComponent) {
 	mObj := ba.(metav1.Object)
 	secret.Labels = ba.GetLabels()
 	secret.Annotations = MergeMaps(secret.Annotations, ba.GetAnnotations())

utils/utils.go

@@ -846,7 +846,7 @@ func CustomizePersistence(statefulSet *appsv1.StatefulSet, ba common.BaseCompone
 }
 
 // CustomizeServiceAccount ...
-func CustomizeServiceAccount(recCtx context.Context, sa *corev1.ServiceAccount, ba common.BaseComponent, client client.Client) error {
+func CustomizeServiceAccount(sa *corev1.ServiceAccount, ba common.BaseComponent, client client.Client) error {
 	sa.Labels = ba.GetLabels()
 	sa.Annotations = MergeMaps(sa.Annotations, ba.GetAnnotations())
 
@@ -1111,7 +1111,7 @@ func secretShouldExist(secretKeySelector corev1.SecretKeySelector) bool {
 }
 
 // Returns an error if any user specified non-optional Secret or ConfigMap for Prometheus monitoring does not exist, otherwise return nil.
-func ValidatePrometheusMonitoringEndpoints(recCtx context.Context, ba common.BaseComponent, client client.Client, namespace string) error {
+func ValidatePrometheusMonitoringEndpoints(ba common.BaseComponent, client client.Client, namespace string) error {
 	var basicAuth *prometheusv1.BasicAuth
 	var oauth2 *prometheusv1.OAuth2
 	var bearerTokenSecret corev1.SecretKeySelector
@@ -1621,7 +1621,7 @@ func (r *ReconcilerBase) toJSONFromRaw(content *runtime.RawExtension) (map[strin
 // Looks for a pull secret in the service account retrieved from the component
 // Returns nil if there is at least one image pull secret, otherwise an error
 // Will always return nil if 'skipPullSecretValidation' is specified in the CR
-func ServiceAccountPullSecretExists(recCtx context.Context, ba common.BaseComponent, client client.Client) error {
+func ServiceAccountPullSecretExists(ba common.BaseComponent, client client.Client) error {
 	obj := ba.(metav1.Object)
 	ns := obj.GetNamespace()
 	saName := obj.GetName()
@@ -1767,15 +1767,15 @@ func CustomizePodWithSVCCertificate(pts *corev1.PodTemplateSpec, ba common.BaseC
 }
 
 func addSecretHashAsAnnotation(pts *corev1.PodTemplateSpec, object metav1.Object, client client.Client, secretName string, groupName string) error {
-	secret := &corev1.Secret{}
-	err := client.Get(context.Background(), types.NamespacedName{Name: secretName, Namespace: object.GetNamespace()}, secret)
+	secret, err := common.GetSecret(client, secretName, object.GetNamespace())
+	defer secret.Destroy()
 	if err != nil {
 		return fmt.Errorf("Secret %q was not found in namespace %q, %w", secretName, object.GetNamespace(), err)
 	}
 	if pts.ObjectMeta.Annotations == nil {
 		pts.ObjectMeta.Annotations = make(map[string]string)
 	}
-	pts.ObjectMeta.Annotations[groupName+"/secret-"+secretName] = HashData(secret.Data)
+	pts.ObjectMeta.Annotations[groupName+"/secret-"+secretName] = HashLockedData(secret.LockedData)
 	return nil
 }
 
@@ -1845,7 +1845,7 @@ func UpdateConfigMap(configMap *corev1.ConfigMap, key string) {
 	data[key] = common.LoadFromConfig(common.Config, key)
 }
 
-func GetIssuerResourceVersion(recCtx context.Context, client client.Client, certificate *certmanagerv1.Certificate) (string, error) {
+func GetIssuerResourceVersion(client client.Client, certificate *certmanagerv1.Certificate) (string, error) {
 	issuer := &certmanagerv1.Issuer{}
 	err := client.Get(context.Background(), types.NamespacedName{Name: certificate.Spec.IssuerRef.Name,
 		Namespace: certificate.Namespace}, issuer)
@@ -1854,11 +1854,11 @@ func GetIssuerResourceVersion(recCtx context.Context, client client.Client, cert
 	}
 	if issuer.Spec.CA != nil {
 		caSecret, err := common.GetSecret(client, issuer.Spec.CA.SecretName, certificate.Namespace)
-		caSecret.LockedData.Destroy()
+		defer caSecret.Destroy()
 		if err != nil {
 			return "", err
 		} else {
-			return issuer.ResourceVersion + "," + HashData(caSecret.Data), nil
+			return issuer.ResourceVersion + "," + HashLockedData(caSecret.LockedData), nil
 		}
 	} else {
 		return issuer.ResourceVersion, nil

utils/utils_test.go

@@ -1,7 +1,6 @@
 package utils
 
 import (
-	"context"
 	"os"
 	"reflect"
 	"strconv"
@@ -536,13 +535,13 @@ func TestCustomizeServiceAccount(t *testing.T) {
 
 	spec := appstacksv1.RuntimeComponentSpec{PullSecret: &pullSecret}
 	sa, runtime := &corev1.ServiceAccount{}, createRuntimeComponent(name, namespace, spec)
-	CustomizeServiceAccount(context.TODO(), sa, runtime, fcl)
+	CustomizeServiceAccount(sa, runtime, fcl)
 	emptySAIPS := sa.ImagePullSecrets[0].Name
 
 	newSecret := "my-new-secret"
 	spec = appstacksv1.RuntimeComponentSpec{PullSecret: &newSecret}
 	runtime = createRuntimeComponent(name, namespace, spec)
-	CustomizeServiceAccount(context.TODO(), sa, runtime, fcl)
+	CustomizeServiceAccount(sa, runtime, fcl)
 
 	testCSA := []Test{
 		{"ServiceAccount image pull secrets is empty", pullSecret, emptySAIPS},