From d790154d287fb1b8ddd83c294060e76846a669c6 Mon Sep 17 00:00:00 2001
From: Fabien Boucher <fboucher@redhat.com>
Date: Fri, 10 Nov 2023 15:37:18 +0000
Subject: [PATCH] reconcile - Remove Owns(Secrets) style watcher and instead
 watch specific ones

This change tell the manager to only call the Reconcile for change on specific
Secrets.

Change-Id: I8dfe11fb4290ec250a2f3f506ac5431491936ff8
---
 api/v1/softwarefactory_types.go           | 16 ++++++++
 controllers/logserver_controller.go       |  1 -
 controllers/softwarefactory_controller.go | 46 ++++++++++++++++++++++-
 3 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/api/v1/softwarefactory_types.go b/api/v1/softwarefactory_types.go
index 45885c63..f8917920 100644
--- a/api/v1/softwarefactory_types.go
+++ b/api/v1/softwarefactory_types.go
@@ -281,6 +281,14 @@ func GetGitHubConnectionsName(spec *ZuulSpec) []string {
 	return res
 }
 
+func GetGitHubConnectionsSecretName(spec *ZuulSpec) []string {
+	var res []string
+	for _, conn := range spec.GitHubConns {
+		res = append(res, conn.Secrets)
+	}
+	return res
+}
+
 func GetGitLabConnectionsName(spec *ZuulSpec) []string {
 	var res []string
 	for _, conn := range spec.GitLabConns {
@@ -289,6 +297,14 @@ func GetGitLabConnectionsName(spec *ZuulSpec) []string {
 	return res
 }
 
+func GetGitLabConnectionsSecretName(spec *ZuulSpec) []string {
+	var res []string
+	for _, conn := range spec.GitLabConns {
+		res = append(res, conn.Secrets)
+	}
+	return res
+}
+
 // +kubebuilder:validation:Enum=INFO;WARN;DEBUG
 // +kubebuilder:default:=INFO
 type LogLevel string
diff --git a/controllers/logserver_controller.go b/controllers/logserver_controller.go
index 4f443729..d3c01ad1 100644
--- a/controllers/logserver_controller.go
+++ b/controllers/logserver_controller.go
@@ -455,7 +455,6 @@ func (r *LogServerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 func (r *LogServerReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&sfv1.LogServer{}).
-		Owns(&apiv1.Secret{}).
 		Owns(&certv1.Certificate{}).
 		Complete(r)
 }
diff --git a/controllers/softwarefactory_controller.go b/controllers/softwarefactory_controller.go
index 88e0a3a4..379460b0 100644
--- a/controllers/softwarefactory_controller.go
+++ b/controllers/softwarefactory_controller.go
@@ -16,14 +16,18 @@ import (
 	"github.com/fatih/color"
 
 	"k8s.io/client-go/rest"
+	"k8s.io/utils/strings/slices"
 
 	corev1 "k8s.io/api/core/v1"
 	k8s_errors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
 	sfv1 "github.com/softwarefactory-project/sf-operator/api/v1"
 	"github.com/softwarefactory-project/sf-operator/controllers/libs/conds"
@@ -282,7 +286,47 @@ func (r *SoftwareFactoryReconciler) StandaloneReconcile(ctx context.Context, ns
 func (r *SoftwareFactoryReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&sfv1.SoftwareFactory{}).
-		Owns(&corev1.Secret{}).
+		// Watch only specific Secrets resources
+		Watches(
+			&corev1.Secret{},
+			handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request {
+				softwareFactories := sfv1.SoftwareFactoryList{}
+				r.Client.List(ctx, &softwareFactories, &client.ListOptions{
+					Namespace: a.GetNamespace(),
+				})
+				if len(softwareFactories.Items) > 0 {
+					// We take the first one of the list
+					// sf-operator only manages one SoftwareFactory instance by namespace
+					softwareFactory := softwareFactories.Items[0]
+					req := []reconcile.Request{
+						{NamespacedName: types.NamespacedName{
+							Name:      softwareFactory.Name,
+							Namespace: a.GetNamespace(),
+						}}}
+					switch updatedResourceName := a.GetName(); updatedResourceName {
+					case NodepoolProvidersSecretsName:
+						return req
+					case GetCustomRouteSSLSecretName("logserver"):
+						return req
+					case GetCustomRouteSSLSecretName("nodepool"):
+						return req
+					case GetCustomRouteSSLSecretName("zuul"):
+						return req
+					default:
+						// Discover secrets for github and gitlab connections
+						otherSecretNames := []string{}
+						otherSecretNames = append(otherSecretNames, sfv1.GetGitHubConnectionsSecretName(&softwareFactory.Spec.Zuul)...)
+						otherSecretNames = append(otherSecretNames, sfv1.GetGitLabConnectionsSecretName(&softwareFactory.Spec.Zuul)...)
+						if slices.Contains(otherSecretNames, a.GetName()) {
+							return req
+						}
+						// All others secrets must trigger reconcile
+						return []reconcile.Request{}
+					}
+				}
+				return []reconcile.Request{}
+			}),
+		).
 		Owns(&certv1.Certificate{}).
 		Complete(r)
 }