moving out secret key initialization out of reconciler

amagioss · Jan 29, 2024 · 16cd40f · 16cd40f
1 parent 5d362b2
commit 16cd40f
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 7 deletions.
diff --git a/k8s/cmd/main.go b/k8s/cmd/main.go
@@ -66,6 +66,12 @@ func main() {
 
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
+	err := controller.InitSLVSecretKey()
+	if err != nil {
+		setupLog.Error(err, "unable to initialize SLV Environment Secret Key")
+		os.Exit(1)
+	}
+
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme:                 scheme,
 		Metrics:                metricsserver.Options{BindAddress: metricsAddr},

diff --git a/k8s/controller/slv_controller.go b/k8s/controller/slv_controller.go
@@ -29,6 +29,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	"github.com/amagimedia/slv"
+	"github.com/amagimedia/slv/core/crypto"
 	"github.com/amagimedia/slv/core/secretkeystore"
 	k8samagicomv1 "github.com/amagimedia/slv/k8s/api/v1"
 )
@@ -40,6 +41,18 @@ const (
 )
 
 var secretSLVVersionAnnotationValue = slv.Version
+var secretKey *crypto.SecretKey
+
+func InitSLVSecretKey() error {
+	if secretKey == nil {
+		sk, err := secretkeystore.GetSecretKey()
+		if err != nil {
+			return err
+		}
+		secretKey = sk
+	}
+	return nil
+}
 
 // SLVReconciler reconciles a SLV object
 type SLVReconciler struct {
@@ -71,14 +84,8 @@ func (r *SLVReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R
 		}
 		return ctrl.Result{}, client.IgnoreNotFound(err)
 	}
-
-	secretKey, err := secretkeystore.GetSecretKey()
-	if err != nil {
-		logger.Error(err, "SLV has no configured environment")
-		return ctrl.Result{}, err
-	}
 	vault := slvCR.Vault
-	if err = vault.Unlock(*secretKey); err != nil {
+	if err := vault.Unlock(*secretKey); err != nil {
 		logger.Error(err, "Failed to unlock vault", "Vault", vault)
 		return ctrl.Result{}, err
 	}