Modify LastUpdateTime when the Sealed Secrets is being updated (#1475)

**Description of the change** This PR modify the way that we are setting up the LastUpdateTime. We are going to modify the LastUpdateTime always that we are updating the Sealed Secrets and the LastTransitionTime only when the status has changed. Integration tests included. **Benefits** LastUpdateTime is working properly **Applicable issues**  - fixes #1470 Signed-off-by: Alvaro Neira Ayuso <[email protected]>
bitnami-labs · Feb 29, 2024 · e5a59d5 · e5a59d5
1 parent 5fd7424
commit e5a59d5
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/integration/controller_test.go b/integration/controller_test.go
@@ -77,6 +77,15 @@ func getSecretImmutable(s *v1.Secret) bool {
 	return *s.Immutable
 }
 
+func compareLastTimes(ss *ssv1alpha1.SealedSecret) bool {
+	for i := range ss.Status.Conditions {
+		if ss.Status.Conditions[i].Type == ssv1alpha1.SealedSecretSynced {
+			return ss.Status.Conditions[i].LastTransitionTime == ss.Status.Conditions[i].LastUpdateTime
+		}
+	}
+	return false
+}
+
 func fetchKeys(ctx context.Context, c corev1.SecretsGetter) (map[string]*rsa.PrivateKey, []*x509.Certificate, error) {
 	list, err := c.Secrets(*controllerNs).List(ctx, metav1.ListOptions{
 		LabelSelector: keySelector,
@@ -207,6 +216,9 @@ var _ = Describe("create", func() {
 				Eventually(func() (*ssv1alpha1.SealedSecret, error) {
 					return ssc.BitnamiV1alpha1().SealedSecrets(ns).Get(context.Background(), secretName, metav1.GetOptions{})
 				}, Timeout, PollingInterval).ShouldNot(WithTransform(getStatus, BeNil()))
+				Eventually(func() (*ssv1alpha1.SealedSecret, error) {
+					return ssc.BitnamiV1alpha1().SealedSecrets(ns).Get(context.Background(), secretName, metav1.GetOptions{})
+				}, Timeout, PollingInterval).Should(WithTransform(compareLastTimes, Equal(true)))
 				Eventually(func() (*v1.EventList, error) {
 					return c.Events(ns).Search(scheme.Scheme, ss)
 				}, Timeout, PollingInterval).Should(
@@ -233,6 +245,7 @@ var _ = Describe("create", func() {
 				Expect(err).NotTo(HaveOccurred())
 				ss.ResourceVersion = resVer
 
+				time.Sleep(1 * time.Second)
 				fmt.Fprintf(GinkgoWriter, "Updating to SealedSecret: %#v\n", ss)
 				ss, err = ssc.BitnamiV1alpha1().SealedSecrets(ss.Namespace).Update(context.Background(), ss, metav1.UpdateOptions{})
 				Expect(err).NotTo(HaveOccurred())
@@ -251,6 +264,9 @@ var _ = Describe("create", func() {
 				Eventually(func() (*ssv1alpha1.SealedSecret, error) {
 					return ssc.BitnamiV1alpha1().SealedSecrets(ns).Get(context.Background(), secretName, metav1.GetOptions{})
 				}, Timeout, PollingInterval).Should(WithTransform(getObservedGeneration, Equal(int64(2))))
+				Eventually(func() (*ssv1alpha1.SealedSecret, error) {
+					return ssc.BitnamiV1alpha1().SealedSecrets(ns).Get(context.Background(), secretName, metav1.GetOptions{})
+				}, Timeout, PollingInterval).Should(WithTransform(compareLastTimes, Equal(false)))
 			})
 		})
 

diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go
@@ -467,15 +467,11 @@ func updateSealedSecretsStatusConditions(st *ssv1alpha1.SealedSecretStatus, unse
 		cond.Message = unsealError.Error()
 	}
 
+	cond.LastUpdateTime = metav1.Now()
 	// Status has changed, update the transition time and signal that an update is required
 	if cond.Status != status {
-		if !cond.LastUpdateTime.IsZero() {
-			cond.LastTransitionTime = cond.LastUpdateTime
-		} else {
-			cond.LastTransitionTime = metav1.Now()
-		}
+		cond.LastTransitionTime = cond.LastUpdateTime
 		cond.Status = status
-		cond.LastUpdateTime = metav1.Now()
 		updateRequired = true
 	}