From bd21d8bae5203347cbff0f18b17b44de61d14e7d Mon Sep 17 00:00:00 2001
From: parth-gr <paarora@redhat.com>
Date: Thu, 21 Nov 2024 22:39:13 +0530
Subject: [PATCH] external: Defer secret hash update until all resources are
 successfully created

This update ensures that the secret hash in the storage
cluster status is updated only after all resources are created
successfully.
Previously, the status was updated prematurely, preventing the
reconcile loop from re-running whether there was a failure or success.
This change enables the reconcile process to continue retrying
until all resources are successfully created.

Signed-off-by: parth-gr <paarora@redhat.com>
---
 .../storagecluster/external_resources.go      | 28 ++++++++-----------
 1 file changed, 12 insertions(+), 16 deletions(-)

diff --git a/controllers/storagecluster/external_resources.go b/controllers/storagecluster/external_resources.go
index cf3330d17a..610769eb85 100644
--- a/controllers/storagecluster/external_resources.go
+++ b/controllers/storagecluster/external_resources.go
@@ -116,7 +116,7 @@ func findNamedResourceFromArray(extArr []ExternalResource, name string) (Externa
 	return ExternalResource{}, fmt.Errorf("Unable to retrieve %q external resource", name)
 }
 
-func (r *StorageClusterReconciler) externalSecretDataChecksum(instance *ocsv1.StorageCluster) (string, error) {
+func (r *StorageClusterReconciler) getExternalSecretDataChecksum(instance *ocsv1.StorageCluster) (string, error) {
 	found, err := r.retrieveSecret(externalClusterDetailsSecret, instance)
 	if err != nil {
 		return "", err
@@ -124,20 +124,6 @@ func (r *StorageClusterReconciler) externalSecretDataChecksum(instance *ocsv1.St
 	return sha512sum(found.Data[externalClusterDetailsKey])
 }
 
-func (r *StorageClusterReconciler) sameExternalSecretData(instance *ocsv1.StorageCluster) bool {
-	extSecretChecksum, err := r.externalSecretDataChecksum(instance)
-	if err != nil {
-		return false
-	}
-	// if the 'ExternalSecretHash' and fetched hash are same, then return true
-	if instance.Status.ExternalSecretHash == extSecretChecksum {
-		return true
-	}
-	// at this point the checksums are different, so update it
-	instance.Status.ExternalSecretHash = extSecretChecksum
-	return false
-}
-
 // retrieveSecret function retrieves the secret object with the specified name
 func (r *StorageClusterReconciler) retrieveSecret(secretName string, instance *ocsv1.StorageCluster) (*corev1.Secret, error) {
 	found := &corev1.Secret{
@@ -263,7 +249,14 @@ func (obj *ocsExternalResources) ensureCreated(r *StorageClusterReconciler, inst
 	}
 	externalOCSResources[instance.UID] = data
 
-	if r.sameExternalSecretData(instance) {
+	extSecretChecksum, err := r.getExternalSecretDataChecksum(instance)
+	if err != nil {
+		r.Log.Error(err, "Failed to get checksum of external secret data.")
+		return reconcile.Result{}, err
+	}
+
+	// if the 'ExternalSecretHash' and fetched hash are same, then return
+	if instance.Status.ExternalSecretHash == extSecretChecksum {
 		return reconcile.Result{}, nil
 	}
 
@@ -272,6 +265,9 @@ func (obj *ocsExternalResources) ensureCreated(r *StorageClusterReconciler, inst
 		r.Log.Error(err, "Could not create ExternalStorageClusterResource.", "StorageCluster", klog.KRef(instance.Namespace, instance.Name))
 		return reconcile.Result{}, err
 	}
+
+	// external resources are successfully created, update the checksums in the status
+	instance.Status.ExternalSecretHash = extSecretChecksum
 	return reconcile.Result{}, nil
 }