Migrate from phases to conditions

Author: bouskaJ

api/v1alpha1/common.go

@@ -2,18 +2,6 @@ package v1alpha1
 
 import v1 "k8s.io/api/core/v1"
 
-type Phase string
-
-const (
-	PhaseNone     Phase = ""
-	PhaseCreating Phase = "Creating"
-
-	PhaseInitialize Phase = "Initialization"
-	PhaseReady      Phase = "Ready"
-	PhasePending    Phase = "Pending"
-	PhaseError      Phase = "Error"
-)
-
 type ExternalAccess struct {
 	// If set to true, the Operator will create an Ingress or a Route resource.
 	//For the plain Ingress there is no TLS configuration provided Route object uses "edge" termination by default.

api/v1alpha1/ctlog_types.go

@@ -35,7 +35,6 @@ type CTlogSpec struct {
 
 // CTlogStatus defines the observed state of CTlog component
 type CTlogStatus struct {
-	Phase Phase `json:"phase"`
 	// +listType=map
 	// +listMapKey=type
 	// +patchStrategy=merge
@@ -46,7 +45,7 @@ type CTlogStatus struct {
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
-//+kubebuilder:printcolumn:name="Phase",type=string,JSONPath=`.status.phase`,description="The component phase"
+//+kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason`,description="The component status"
 
 // CTlog is the Schema for the ctlogs API
 type CTlog struct {

api/v1alpha1/fulcio_types.go

@@ -77,8 +77,7 @@ type OIDCIssuer struct {
 
 // FulcioStatus defines the observed state of Fulcio
 type FulcioStatus struct {
-	Url   string `json:"url,omitempty"`
-	Phase Phase  `json:"phase,omitempty"`
+	Url string `json:"url,omitempty"`
 	// +listType=map
 	// +listMapKey=type
 	// +patchStrategy=merge
@@ -89,7 +88,7 @@ type FulcioStatus struct {
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
-//+kubebuilder:printcolumn:name="Phase",type=string,JSONPath=`.status.phase`,description="The component phase"
+//+kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason`,description="The component status"
 //+kubebuilder:printcolumn:name="URL",type=string,JSONPath=`.status.url`,description="The component url"
 
 // Fulcio is the Schema for the fulcios API

api/v1alpha1/rekor_types.go

@@ -55,7 +55,6 @@ type BackFillRedis struct {
 // RekorStatus defines the observed state of Rekor
 type RekorStatus struct {
 	Url              string `json:"url,omitempty"`
-	Phase            Phase  `json:"phase,omitempty"`
 	RekorSearchUIUrl string `json:"rekorSearchUIUrl,omitempty"`
 	// +listType=map
 	// +listMapKey=type
@@ -67,7 +66,7 @@ type RekorStatus struct {
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
-//+kubebuilder:printcolumn:name="Phase",type=string,JSONPath=`.status.phase`,description="The component phase"
+//+kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason`,description="The component status"
 //+kubebuilder:printcolumn:name="URL",type=string,JSONPath=`.status.url`,description="The component url"
 
 // Rekor is the Schema for the rekors API

api/v1alpha1/trillian_types.go

@@ -39,7 +39,6 @@ type TrillianDB struct {
 
 // TrillianStatus defines the observed state of Trillian
 type TrillianStatus struct {
-	Phase Phase `json:"phase"`
 	// +listType=map
 	// +listMapKey=type
 	// +patchStrategy=merge
@@ -50,7 +49,7 @@ type TrillianStatus struct {
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
-//+kubebuilder:printcolumn:name="Phase",type=string,JSONPath=`.status.phase`,description="The component phase"
+//+kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason`,description="The component status"
 
 // Trillian is the Schema for the trillians API
 type Trillian struct {

api/v1alpha1/tuf_types.go

@@ -26,8 +26,7 @@ type TufKey struct {
 
 // TufStatus defines the observed state of Tuf
 type TufStatus struct {
-	Url   string `json:"url,omitempty"`
-	Phase Phase  `json:"phase"`
+	Url string `json:"url,omitempty"`
 	// +listType=map
 	// +listMapKey=type
 	// +patchStrategy=merge
@@ -38,7 +37,7 @@ type TufStatus struct {
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
-//+kubebuilder:printcolumn:name="Phase",type=string,JSONPath=`.status.phase`,description="The component phase"
+//+kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason`,description="The component status"
 //+kubebuilder:printcolumn:name="URL",type=string,JSONPath=`.status.url`,description="The component url"
 
 // Tuf is the Schema for the tufs API

config/crd/bases/rhtas.redhat.com_ctlogs.yaml

@@ -16,9 +16,9 @@ spec:
   scope: Namespaced
   versions:
   - additionalPrinterColumns:
-    - description: The component phase
-      jsonPath: .status.phase
-      name: Phase
+    - description: The component status
+      jsonPath: .status.conditions[?(@.type=="Ready")].reason
+      name: Status
       type: string
     name: v1alpha1
     schema:
@@ -187,10 +187,6 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
-              phase:
-                type: string
-            required:
-            - phase
             type: object
         type: object
     served: true

config/crd/bases/rhtas.redhat.com_fulcios.yaml

@@ -16,9 +16,9 @@ spec:
   scope: Namespaced
   versions:
   - additionalPrinterColumns:
-    - description: The component phase
-      jsonPath: .status.phase
-      name: Phase
+    - description: The component status
+      jsonPath: .status.conditions[?(@.type=="Ready")].reason
+      name: Status
       type: string
     - description: The component url
       jsonPath: .status.url
@@ -275,8 +275,6 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
-              phase:
-                type: string
               url:
                 type: string
             type: object

config/crd/bases/rhtas.redhat.com_rekors.yaml

@@ -16,9 +16,9 @@ spec:
   scope: Namespaced
   versions:
   - additionalPrinterColumns:
-    - description: The component phase
-      jsonPath: .status.phase
-      name: Phase
+    - description: The component status
+      jsonPath: .status.conditions[?(@.type=="Ready")].reason
+      name: Status
       type: string
     - description: The component url
       jsonPath: .status.url
@@ -202,8 +202,6 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
-              phase:
-                type: string
               rekorSearchUIUrl:
                 type: string
               url:

config/crd/bases/rhtas.redhat.com_trillians.yaml

@@ -16,9 +16,9 @@ spec:
   scope: Namespaced
   versions:
   - additionalPrinterColumns:
-    - description: The component phase
-      jsonPath: .status.phase
-      name: Phase
+    - description: The component status
+      jsonPath: .status.conditions[?(@.type=="Ready")].reason
+      name: Status
       type: string
     name: v1alpha1
     schema:
@@ -137,10 +137,6 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
-              phase:
-                type: string
-            required:
-            - phase
             type: object
         type: object
     served: true

config/crd/bases/rhtas.redhat.com_tufs.yaml

@@ -16,9 +16,9 @@ spec:
   scope: Namespaced
   versions:
   - additionalPrinterColumns:
-    - description: The component phase
-      jsonPath: .status.phase
-      name: Phase
+    - description: The component status
+      jsonPath: .status.conditions[?(@.type=="Ready")].reason
+      name: Status
       type: string
     - description: The component url
       jsonPath: .status.url
@@ -163,12 +163,8 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
-              phase:
-                type: string
               url:
                 type: string
-            required:
-            - phase
             type: object
         type: object
     served: true

controllers/constants/constants.go

@@ -2,4 +2,11 @@ package constants
 
 const (
 	AppName = "trusted-artifact-signer"
+
+	// conditions
+	Ready      = "Ready"
+	Pending    = "Pending"
+	Creating   = "Creating"
+	Initialize = "Initialize"
+	Failure    = "Failure"
 )

controllers/ctlog/actions/constants.go

@@ -3,6 +3,7 @@ package actions
 const (
 	DeploymentName = "ctlog"
 	ComponentName  = "ctlog"
+	RBACName       = "ctlog"
 
-	RBACName = "ctlog"
+	CertCondition = "FulcioCert"
 )

controllers/ctlog/actions/createTree.go

@@ -8,8 +8,11 @@ import (
 	"github.com/securesign/operator/controllers/common"
 	"github.com/securesign/operator/controllers/common/action"
 	utils "github.com/securesign/operator/controllers/common/utils/kubernetes"
+	"github.com/securesign/operator/controllers/constants"
 	trillian "github.com/securesign/operator/controllers/trillian/actions"
 	v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 func NewCreateTrillianTreeAction() action.Action[rhtasv1alpha1.CTlog] {
@@ -25,20 +28,31 @@ func (i createTrillianTreeAction) Name() string {
 }
 
 func (i createTrillianTreeAction) CanHandle(instance *rhtasv1alpha1.CTlog) bool {
-	return instance.Status.Phase == rhtasv1alpha1.PhaseCreating && (instance.Spec.TreeID == nil || *instance.Spec.TreeID == int64(0))
+	c := meta.FindStatusCondition(instance.Status.Conditions, constants.Ready)
+	return c.Reason == constants.Creating && (instance.Spec.TreeID == nil || *instance.Spec.TreeID == int64(0))
 }
 
 func (i createTrillianTreeAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CTlog) *action.Result {
 	var err error
 
 	trillUrl, err := utils.GetInternalUrl(ctx, i.Client, instance.Namespace, trillian.LogserverDeploymentName)
 	if err != nil {
-		instance.Status.Phase = rhtasv1alpha1.PhaseError
+		meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{
+			Type:    constants.Ready,
+			Status:  metav1.ConditionFalse,
+			Reason:  constants.Failure,
+			Message: err.Error(),
+		})
 		return i.FailedWithStatusUpdate(ctx, fmt.Errorf("could not find trillian instance: %w", err), instance)
 	}
 	tree, err := common.CreateTrillianTree(ctx, "ctlog-tree", trillUrl+":8091")
 	if err != nil {
-		instance.Status.Phase = rhtasv1alpha1.PhaseError
+		meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{
+			Type:    constants.Ready,
+			Status:  metav1.ConditionFalse,
+			Reason:  constants.Failure,
+			Message: err.Error(),
+		})
 		return i.FailedWithStatusUpdate(ctx, fmt.Errorf("could not create trillian tree: %w", err), instance)
 	}
 	i.Recorder.Event(instance, v1.EventTypeNormal, "TreeID", "New Trillian tree created")

controllers/ctlog/actions/deployment.go

@@ -8,6 +8,8 @@ import (
 	"github.com/securesign/operator/controllers/common/action"
 	"github.com/securesign/operator/controllers/constants"
 	"github.com/securesign/operator/controllers/ctlog/utils"
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 )
 
@@ -23,8 +25,9 @@ func (i deployAction) Name() string {
 	return "deploy"
 }
 
-func (i deployAction) CanHandle(tuf *rhtasv1alpha1.CTlog) bool {
-	return tuf.Status.Phase == rhtasv1alpha1.PhaseCreating || tuf.Status.Phase == rhtasv1alpha1.PhaseReady
+func (i deployAction) CanHandle(instance *rhtasv1alpha1.CTlog) bool {
+	c := meta.FindStatusCondition(instance.Status.Conditions, constants.Ready)
+	return c.Reason == constants.Creating || c.Reason == constants.Ready
 }
 
 func (i deployAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CTlog) *action.Result {
@@ -42,11 +45,19 @@ func (i deployAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CTlog)
 	}
 
 	if updated, err = i.Ensure(ctx, dp); err != nil {
+		meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{
+			Type:    constants.Ready,
+			Status:  metav1.ConditionFalse,
+			Reason:  constants.Failure,
+			Message: err.Error(),
+		})
 		return i.FailedWithStatusUpdate(ctx, fmt.Errorf("could not create CTlog: %w", err), instance)
 	}
 
 	if updated {
-		return i.Return()
+		meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{Type: constants.Ready,
+			Status: metav1.ConditionFalse, Reason: constants.Creating, Message: "Service created"})
+		return i.StatusUpdate(ctx, instance)
 	} else {
 		return i.Continue()
 	}

controllers/ctlog/actions/generate_keys.go

@@ -30,7 +30,8 @@ func (g generateKeys) Name() string {
 }
 
 func (g generateKeys) CanHandle(instance *v1alpha1.CTlog) bool {
-	return instance.Status.Phase == v1alpha1.PhaseCreating && instance.Spec.PrivateKeyRef == nil
+	c := meta.FindStatusCondition(instance.Status.Conditions, constants.Ready)
+	return c.Reason == constants.Creating && instance.Spec.PrivateKeyRef == nil
 }
 
 func (g generateKeys) Handle(ctx context.Context, instance *v1alpha1.CTlog) *action.Result {
@@ -54,11 +55,10 @@ func (g generateKeys) Handle(ctx context.Context, instance *v1alpha1.CTlog) *act
 		return g.Failed(fmt.Errorf("could not set controller reference for Secret: %w", err))
 	}
 	if _, err = g.Ensure(ctx, secret); err != nil {
-		instance.Status.Phase = v1alpha1.PhaseError
 		meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{
-			Type:    string(v1alpha1.PhaseReady),
+			Type:    constants.Ready,
 			Status:  metav1.ConditionFalse,
-			Reason:  "Failure",
+			Reason:  constants.Failure,
 			Message: err.Error(),
 		})
 		return g.FailedWithStatusUpdate(ctx, fmt.Errorf("could not create Secret: %w", err), instance)