@@ -545,6 +545,12 @@ async fn reconcile_nodes(obj: Arc<ExitNode>, ctx: Arc<Context>) -> Result<Action
545545
546546 debug ! ( ?is_managed, "exit node is managed by cloud provisioner?" ) ;
547547
548+ let exit_nodes: Api < ExitNode > = Api :: namespaced ( ctx. client . clone ( ) , & obj. namespace ( ) . unwrap ( ) ) ;
549+
550+ // finalizer for exit node
551+
552+ let serverside = PatchParams :: apply ( OPERATOR_MANAGER ) . validation_strict ( ) ;
553+
548554 if !is_managed && obj. status . is_none ( ) {
549555 // add status to exit node if it's not managed
550556
@@ -577,108 +583,65 @@ async fn reconcile_nodes(obj: Arc<ExitNode>, ctx: Arc<Context>) -> Result<Action
577583 . await ?;
578584
579585 return Ok ( Action :: await_change ( ) ) ;
580- }
581-
582- let exit_nodes: Api < ExitNode > = Api :: namespaced ( ctx. client . clone ( ) , & obj. namespace ( ) . unwrap ( ) ) ;
583-
584- let provisioner = obj
585- . metadata
586- . annotations
587- . as_ref ( )
588- . and_then ( |annotations| annotations. get ( EXIT_NODE_PROVISIONER_LABEL ) )
589- . and_then ( |provisioner| {
590- find_exit_node_provisioner_from_label ( ctx. clone ( ) , provisioner)
591- . now_or_never ( )
592- . unwrap ( )
593- } ) ;
594-
595- let provisioner_api = provisioner
596- . clone ( )
597- . map ( |provisioner| provisioner. spec . get_inner ( ) ) ;
598-
599- // finalizer for exit node
600- let secret = provisioner
601- . clone ( )
602- . and_then ( |provisioner| {
603- provisioner
604- . clone ( )
605- . find_secret ( )
606- . now_or_never ( )
607- . or_else ( || {
608- Some ( Err ( ReconcileError :: KubeError ( kube:: Error :: Api (
609- kube:: error:: ErrorResponse {
610- code : 500 ,
611- message : format ! (
612- "Error finding secret for provisioner {}" ,
613- provisioner. name_any( )
614- ) ,
615- reason : "SecretNotFound" . to_string ( ) ,
616- status : "Failure" . to_string ( ) ,
617- } ,
618- ) )
619- . into ( ) ) )
620- } )
621- } )
622- . unwrap_or_else ( || {
623- let provisioner = provisioner. clone ( ) . unwrap ( ) ;
624- Err ( color_eyre:: eyre:: anyhow!(
625- "Error finding secret for provisioner {}" ,
626- provisioner. name_any( )
627- ) )
628- } ) ?;
629-
630- let serverside = PatchParams :: apply ( OPERATOR_MANAGER ) . validation_strict ( ) ;
631- // what in the name of all that is good is this
632- // !? why do we have to unwrap()
586+ } else if is_managed {
587+ let provisioner = obj
588+ . metadata
589+ . annotations
590+ . as_ref ( )
591+ . and_then ( |annotations| annotations. get ( EXIT_NODE_PROVISIONER_LABEL ) )
592+ . unwrap ( ) ;
593+ let provisioner = find_exit_node_provisioner_from_label ( ctx. clone ( ) , provisioner)
594+ . await
595+ . ok_or ( ReconcileError :: CloudProvisionerNotFound ) ?;
633596
634- // handle deletion
635- finalizer:: finalizer (
636- & exit_nodes. clone ( ) ,
637- EXIT_NODE_FINALIZER ,
638- obj. clone ( ) ,
639- |event| async move {
640- let m: std:: prelude:: v1:: Result < Action , crate :: error:: ReconcileError > = match event {
641- Event :: Apply ( node) => {
642- if let Some ( provisioner_api) = provisioner_api {
643- if is_managed {
644- let secret = secret. unwrap ( ) ;
645- let _node = {
646- let cloud_resource = if let Some ( _status) = node. status . as_ref ( ) {
647- info ! ( "Updating cloud resource for {}" , node. name_any( ) ) ;
648- provisioner_api
649- . update_exit_node ( secret. clone ( ) , ( * node) . clone ( ) )
650- . await
651- } else {
652- info ! ( "Creating cloud resource for {}" , node. name_any( ) ) ;
653- provisioner_api
654- . create_exit_node ( secret. clone ( ) , ( * node) . clone ( ) )
655- . await
656- } ;
657- // TODO: Don't replace the entire status and object, sadly JSON is better here
658- let exitnode_patch = serde_json:: json!( {
659- "status" : cloud_resource?
660- } ) ;
597+ let provisioner_api = provisioner. clone ( ) . spec . get_inner ( ) ;
661598
662- exit_nodes
663- . patch_status (
664- // We can unwrap safely since Service is guaranteed to have a name
665- & node. name_any ( ) ,
666- & serverside. clone ( ) ,
667- & Patch :: Merge ( exitnode_patch) ,
668- )
669- . await ?
599+ let secret = provisioner
600+ . find_secret ( )
601+ . await
602+ . or_else ( |_| Err ( crate :: error:: ReconcileError :: CloudProvisionerSecretNotFound ) ) ?
603+ . ok_or ( ReconcileError :: CloudProvisionerSecretNotFound ) ?;
604+ finalizer:: finalizer (
605+ & exit_nodes. clone ( ) ,
606+ EXIT_NODE_FINALIZER ,
607+ obj. clone ( ) ,
608+ |event| async move {
609+ let m: std:: prelude:: v1:: Result < Action , crate :: error:: ReconcileError > = match event
610+ {
611+ Event :: Apply ( node) => {
612+ let _node = {
613+ let cloud_resource = if let Some ( _status) = node. status . as_ref ( ) {
614+ info ! ( "Updating cloud resource for {}" , node. name_any( ) ) ;
615+ provisioner_api
616+ . update_exit_node ( secret. clone ( ) , ( * node) . clone ( ) )
617+ . await
618+ } else {
619+ info ! ( "Creating cloud resource for {}" , node. name_any( ) ) ;
620+ provisioner_api
621+ . create_exit_node ( secret. clone ( ) , ( * node) . clone ( ) )
622+ . await
670623 } ;
671- }
624+ // TODO: Don't replace the entire status and object, sadly JSON is better here
625+ let exitnode_patch = serde_json:: json!( {
626+ "status" : cloud_resource?
627+ } ) ;
628+
629+ exit_nodes
630+ . patch_status (
631+ // We can unwrap safely since Service is guaranteed to have a name
632+ & node. name_any ( ) ,
633+ & serverside. clone ( ) ,
634+ & Patch :: Merge ( exitnode_patch) ,
635+ )
636+ . await ?
637+ } ;
638+
639+ Ok ( Action :: requeue ( Duration :: from_secs ( 3600 ) ) )
672640 }
641+ Event :: Cleanup ( node) => {
642+ info ! ( "Cleanup finalizer triggered for {}" , node. name_any( ) ) ;
673643
674- Ok ( Action :: requeue ( Duration :: from_secs ( 3600 ) ) )
675- }
676- Event :: Cleanup ( node) => {
677- info ! ( "Cleanup finalizer triggered for {}" , node. name_any( ) ) ;
678-
679- if let Some ( provisioner_api) = provisioner_api {
680644 if is_managed {
681- let secret = secret. unwrap ( ) ;
682645 info ! ( "Deleting cloud resource for {}" , node. name_any( ) ) ;
683646 provisioner_api
684647 . delete_exit_node ( secret, ( * node) . clone ( ) )
@@ -687,25 +650,28 @@ async fn reconcile_nodes(obj: Arc<ExitNode>, ctx: Arc<Context>) -> Result<Action
687650 error ! ( ?e, "Error deleting exit node {}" , node. name_any( ) )
688651 } ) ;
689652 }
653+ Ok ( Action :: requeue ( Duration :: from_secs ( 3600 ) ) )
690654 }
655+ } ;
691656
692- Ok ( Action :: requeue ( Duration :: from_secs ( 3600 ) ) )
693- }
694- } ;
657+ // Ok(Action::requeue(Duration::from_secs(3600)))
658+ m
659+ } ,
660+ )
661+ . await
662+ . map_err ( |e| {
663+ crate :: error:: ReconcileError :: KubeError ( kube:: Error :: Api ( kube:: error:: ErrorResponse {
664+ code : 500 ,
665+ message : format ! ( "Error applying finalizer for {}" , obj. name_any( ) ) ,
666+ reason : e. to_string ( ) ,
667+ status : "Failure" . to_string ( ) ,
668+ } ) )
669+ } )
670+ } else {
671+ Ok ( Action :: requeue ( Duration :: from_secs ( 3600 ) ) )
672+ }
695673
696- // Ok(Action::requeue(Duration::from_secs(3600)))
697- m
698- } ,
699- )
700- . await
701- . map_err ( |e| {
702- crate :: error:: ReconcileError :: KubeError ( kube:: Error :: Api ( kube:: error:: ErrorResponse {
703- code : 500 ,
704- message : format ! ( "Error applying finalizer for {}" , obj. name_any( ) ) ,
705- reason : e. to_string ( ) ,
706- status : "Failure" . to_string ( ) ,
707- } ) )
708- } )
674+ // handle deletion
709675
710676 // Ok(Action::requeue(Duration::from_secs(3600)))
711677}
0 commit comments