OADP-6652: Fix unnecessary secret updates and logging in STS flow #1936
Conversation
|
Skipping CI for Draft Pull Request. |
The operator was repeatedly logging "Secret already exists, updating" and "Following standardized STS workflow, secret created successfully" even when the secret content hadn't changed. This was happening because the CloudStorage controller calls STSStandardizedFlow() on every reconciliation, which always attempted to create the secret first, then caught the AlreadyExists error and performed an update. Changed the approach to: - First check if the secret exists - Compare existing data with desired data - Only update when there are actual differences - Skip updates and avoid logging when content is identical - Changed CloudStorage controller to use Debug level and more accurate message when STS secret is available (not necessarily created) This eliminates unnecessary API calls to the Kubernetes cluster and reduces noise in the operator logs. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
d998667 to
9725289
Compare
|
@kaovilai: This pull request references OADP-6652 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
| } | ||
| } | ||
|
|
||
| if needsUpdate { |
There was a problem hiding this comment.
these statements look like a nice add.. pretty clear :)
Replace hardcoded strings with constants from stsflow package: - Add constants for secret operation verbs (created, updated, unchanged) - Add constants for STS secret label key/value - Add constants for error messages - Update all files using "oadp.openshift.io/secret-type" to use STSSecretLabelKey - Update test files to use the new constants This improves maintainability and reduces risk of typos in label names and error messages across the codebase. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
|
@kaovilai: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kaovilai, shubham-pampattiwar, weshayutin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/LGTM |
1661bfa
into
openshift:oadp-dev
|
/cherry-pick oadp-1.5 |
|
@shubham-pampattiwar: new pull request created: #1945 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
The operator was repeatedly logging "Secret already exists, updating"
and "Following standardized STS workflow, secret created successfully"
even when the secret content hadn't changed. This was happening because
the CloudStorage controller calls STSStandardizedFlow() on every
reconciliation, which always attempted to create the secret first,
then caught the AlreadyExists error and performed an update.
Changed the approach to:
message when STS secret is available (not necessarily created)
This eliminates unnecessary API calls to the Kubernetes cluster and
reduces noise in the operator logs.
🤖 Generated with Claude Code
Co-Authored-By: Claude noreply@anthropic.com
Why the changes were made
How to test the changes made