Update if AlreadyExists

dtfranz · dtfranz · commit 9b1be42d3c6e · 2024-04-15T11:12:42.000-07:00
Adds code to the client calls for Create to run an Update if the object already exists. This allows us to bypass issues where the object was not found in cache but already exists in the cluster.

Signed-off-by: Daniel Franz &lt;dfranz@redhat.com&gt;
diff --git a/pkg/api/wrappers/deployment_install_client.go b/pkg/api/wrappers/deployment_install_client.go
@@ -58,11 +58,11 @@ func (c *InstallStrategyDeploymentClientForNamespace) GetOpLister() operatorlist
 }
 
 func (c *InstallStrategyDeploymentClientForNamespace) CreateRole(role *rbacv1.Role) (*rbacv1.Role, error) {
-	return c.opClient.KubernetesInterface().RbacV1().Roles(c.Namespace).Create(context.TODO(), role, metav1.CreateOptions{})
+	return c.opClient.CreateRole(role)
 }
 
 func (c *InstallStrategyDeploymentClientForNamespace) CreateRoleBinding(roleBinding *rbacv1.RoleBinding) (*rbacv1.RoleBinding, error) {
-	return c.opClient.KubernetesInterface().RbacV1().RoleBindings(c.Namespace).Create(context.TODO(), roleBinding, metav1.CreateOptions{})
+	return c.opClient.CreateRoleBinding(roleBinding)
 }
 
 func (c *InstallStrategyDeploymentClientForNamespace) EnsureServiceAccount(serviceAccount *corev1.ServiceAccount, owner ownerutil.Owner) (*corev1.ServiceAccount, error) {
diff --git a/pkg/controller/bundle/bundle_unpacker.go b/pkg/controller/bundle/bundle_unpacker.go
@@ -734,6 +734,9 @@ func (c *ConfigMapUnpacker) ensureRole(cmRef *corev1.ObjectReference) (role *rba
 	if err != nil {
 		if apierrors.IsNotFound(err) {
 			role, err = c.client.RbacV1().Roles(fresh.GetNamespace()).Create(context.TODO(), fresh, metav1.CreateOptions{})
+			if apierrors.IsAlreadyExists(err) {
+				role, err = c.client.RbacV1().Roles(fresh.GetNamespace()).Update(context.TODO(), fresh, metav1.UpdateOptions{})
+			}
 		}
 
 		return
@@ -778,6 +781,9 @@ func (c *ConfigMapUnpacker) ensureRoleBinding(cmRef *corev1.ObjectReference) (ro
 	if err != nil {
 		if apierrors.IsNotFound(err) {
 			roleBinding, err = c.client.RbacV1().RoleBindings(fresh.GetNamespace()).Create(context.TODO(), fresh, metav1.CreateOptions{})
+			if apierrors.IsAlreadyExists(err) {
+				roleBinding, err = c.client.RbacV1().RoleBindings(fresh.GetNamespace()).Update(context.TODO(), fresh, metav1.UpdateOptions{})
+			}
 		}
 
 		return
diff --git a/pkg/controller/operators/olm/operatorgroup.go b/pkg/controller/operators/olm/operatorgroup.go
@@ -408,11 +408,8 @@ func (a *Operator) ensureProvidedAPIClusterRole(namePrefix, suffix string, verbs
 		return err
 	}
 	if apierrors.IsNotFound(err) {
-		existingCR, err = a.opClient.KubernetesInterface().RbacV1().ClusterRoles().Create(context.TODO(), clusterRole, metav1.CreateOptions{})
-		if err == nil {
-			return nil
-		}
-		if !apierrors.IsAlreadyExists(err) {
+		existingCR, err = a.opClient.CreateClusterRole(clusterRole)
+		if err != nil {
 			a.logger.WithError(err).Errorf("Create cluster role failed: %v", clusterRole)
 			return err
 		}
@@ -546,12 +543,7 @@ func (a *Operator) ensureSingletonRBAC(operatorNamespace string, csv *v1alpha1.C
 					Resources: []string{"namespaces"},
 				}),
 			}
-			// TODO: this should do something smarter if the cluster role already exists
-			if cr, err := a.opClient.CreateClusterRole(clusterRole); err != nil {
-				// If the CR already exists, but the label is correct, the cache is just behind
-				if apierrors.IsAlreadyExists(err) && cr != nil && ownerutil.IsOwnedByLabel(cr, csv) {
-					continue
-				}
+			if _, err := a.opClient.CreateClusterRole(clusterRole); err != nil {
 				return err
 			}
 			a.logger.Debug("created cluster role")
@@ -585,12 +577,7 @@ func (a *Operator) ensureSingletonRBAC(operatorNamespace string, csv *v1alpha1.C
 					Name:     r.RoleRef.Name,
 				},
 			}
-			// TODO: this should do something smarter if the cluster role binding already exists
-			if crb, err := a.opClient.CreateClusterRoleBinding(clusterRoleBinding); err != nil {
-				// If the CRB already exists, but the label is correct, the cache is just behind
-				if apierrors.IsAlreadyExists(err) && crb != nil && ownerutil.IsOwnedByLabel(crb, csv) {
-					continue
-				}
+			if _, err := a.opClient.CreateClusterRoleBinding(clusterRoleBinding); err != nil {
 				return err
 			}
 		}
@@ -1056,7 +1043,7 @@ func (a *Operator) ensureOpGroupClusterRole(op *operatorsv1.OperatorGroup, suffi
 	clusterRole.Labels[install.OLMManagedLabelKey] = install.OLMManagedLabelValue
 
 	a.logger.Infof("creating cluster role: %s owned by operator group: %s/%s", clusterRole.GetName(), op.GetNamespace(), op.GetName())
-	_, err = a.opClient.KubernetesInterface().RbacV1().ClusterRoles().Create(context.TODO(), clusterRole, metav1.CreateOptions{})
+	_, err = a.opClient.CreateClusterRole(clusterRole)
 	return err
 }
 
diff --git a/pkg/controller/operators/operatorcondition_controller.go b/pkg/controller/operators/operatorcondition_controller.go
@@ -150,7 +150,10 @@ func (r *OperatorConditionReconciler) ensureOperatorConditionRole(operatorCondit
 		if !apierrors.IsNotFound(err) {
 			return err
 		}
-		return r.Client.Create(context.TODO(), role)
+		err = r.Client.Create(context.TODO(), role)
+		if apierrors.IsAlreadyExists(err) {
+			return r.Client.Update(context.TODO(), role)
+		}
 	}
 
 	if ownerutil.IsOwnedBy(existingRole, operatorCondition) &&
@@ -199,7 +202,10 @@ func (r *OperatorConditionReconciler) ensureOperatorConditionRoleBinding(operato
 		if !apierrors.IsNotFound(err) {
 			return err
 		}
-		return r.Client.Create(context.TODO(), roleBinding)
+		err = r.Client.Create(context.TODO(), roleBinding)
+		if apierrors.IsAlreadyExists(err) {
+			return r.Client.Update(context.TODO(), roleBinding)
+		}
 	}
 
 	if ownerutil.IsOwnedBy(existingRoleBinding, operatorCondition) &&
diff --git a/pkg/lib/operatorclient/apiservice.go b/pkg/lib/operatorclient/apiservice.go
@@ -4,15 +4,20 @@ import (
 	"context"
 	"fmt"
 
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/klog"
 	apiregistrationv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1"
 )
 
-// CreateAPIService creates the APIService.
+// CreateAPIService creates the APIService or Updates if it already exists.
 func (c *Client) CreateAPIService(ig *apiregistrationv1.APIService) (*apiregistrationv1.APIService, error) {
-	return c.ApiregistrationV1Interface().ApiregistrationV1().APIServices().Create(context.TODO(), ig, metav1.CreateOptions{})
+	createdAS, err := c.ApiregistrationV1Interface().ApiregistrationV1().APIServices().Create(context.TODO(), ig, metav1.CreateOptions{})
+	if apierrors.IsAlreadyExists(err) {
+		return c.UpdateAPIService(ig)
+	}
+	return createdAS, err
 }
 
 // GetAPIService returns the existing APIService.
diff --git a/pkg/lib/operatorclient/clusterrole.go b/pkg/lib/operatorclient/clusterrole.go
@@ -5,14 +5,19 @@ import (
 	"fmt"
 
 	rbacv1 "k8s.io/api/rbac/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/klog"
 )
 
-// CreateClusterRole creates the ClusterRole.
+// CreateClusterRole creates the ClusterRole or Updates if it already exists.
 func (c *Client) CreateClusterRole(r *rbacv1.ClusterRole) (*rbacv1.ClusterRole, error) {
-	return c.RbacV1().ClusterRoles().Create(context.TODO(), r, metav1.CreateOptions{})
+	createdClusterRole, err := c.RbacV1().ClusterRoles().Create(context.TODO(), r, metav1.CreateOptions{})
+	if apierrors.IsAlreadyExists(err) {
+		return c.UpdateClusterRole(r)
+	}
+	return createdClusterRole, err
 }
 
 // GetClusterRole returns the existing ClusterRole.
diff --git a/pkg/lib/operatorclient/clusterrolebinding.go b/pkg/lib/operatorclient/clusterrolebinding.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	rbacv1 "k8s.io/api/rbac/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	acv1 "k8s.io/client-go/applyconfigurations/rbac/v1"
@@ -16,9 +17,13 @@ func (c *Client) ApplyClusterRoleBinding(applyConfig *acv1.ClusterRoleBindingApp
 	return c.RbacV1().ClusterRoleBindings().Apply(context.TODO(), applyConfig, applyOptions)
 }
 
-// CreateRoleBinding creates the roleBinding.
+// CreateRoleBinding creates the roleBinding or Updates if it already exists.
 func (c *Client) CreateClusterRoleBinding(ig *rbacv1.ClusterRoleBinding) (*rbacv1.ClusterRoleBinding, error) {
-	return c.RbacV1().ClusterRoleBindings().Create(context.TODO(), ig, metav1.CreateOptions{})
+	createdCRB, err := c.RbacV1().ClusterRoleBindings().Create(context.TODO(), ig, metav1.CreateOptions{})
+	if apierrors.IsAlreadyExists(err) {
+		return c.UpdateClusterRoleBinding(ig)
+	}
+	return createdCRB, err
 }
 
 // GetRoleBinding returns the existing roleBinding.
diff --git a/pkg/lib/operatorclient/configmap.go b/pkg/lib/operatorclient/configmap.go
@@ -5,14 +5,19 @@ import (
 	"fmt"
 
 	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/klog"
 )
 
 // CreateConfigMap creates the ConfigMap.
 func (c *Client) CreateConfigMap(ig *corev1.ConfigMap) (*corev1.ConfigMap, error) {
-	return c.CoreV1().ConfigMaps(ig.GetNamespace()).Create(context.TODO(), ig, metav1.CreateOptions{})
+	createdCM, err := c.CoreV1().ConfigMaps(ig.GetNamespace()).Create(context.TODO(), ig, metav1.CreateOptions{})
+	if apierrors.IsAlreadyExists(err) {
+		return c.UpdateConfigMap(ig)
+	}
+	return createdCM, err
 }
 
 // GetConfigMap returns the existing ConfigMap.
diff --git a/pkg/lib/operatorclient/customresources.go b/pkg/lib/operatorclient/customresources.go
@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"k8s.io/apimachinery/pkg/api/errors"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -92,7 +93,7 @@ func (c *Client) CreateCustomResourceRaw(apiGroup, version, namespace, kind stri
 	return nil
 }
 
-// CreateCustomResourceRawIfNotFound creates the raw bytes of the custom resource if it doesn't exist.
+// CreateCustomResourceRawIfNotFound creates the raw bytes of the custom resource if it doesn't exist, or Updates if it does exist.
 // It also returns a boolean to indicate whether a new custom resource is created.
 func (c *Client) CreateCustomResourceRawIfNotFound(apiGroup, version, namespace, kind, name string, data []byte) (bool, error) {
 	klog.V(4).Infof("[CREATE CUSTOM RESOURCE RAW if not found]: %s:%s", namespace, name)
@@ -104,7 +105,11 @@ func (c *Client) CreateCustomResourceRawIfNotFound(apiGroup, version, namespace,
 		return false, err
 	}
 	err = c.CreateCustomResourceRaw(apiGroup, version, namespace, kind, data)
-	if err != nil {
+	if apierrors.IsAlreadyExists(err) {
+		if err = c.UpdateCustomResourceRaw(apiGroup, version, namespace, kind, name, data); err != nil {
+			return false, err
+		}
+	} else if err != nil {
 		return false, err
 	}
 	return true, nil
diff --git a/pkg/lib/operatorclient/deployment.go b/pkg/lib/operatorclient/deployment.go
@@ -25,10 +25,15 @@ func (c *Client) GetDeployment(namespace, name string) (*appsv1.Deployment, erro
 	return c.AppsV1().Deployments(namespace).Get(context.TODO(), name, metav1.GetOptions{})
 }
 
-// CreateDeployment creates the Deployment object.
+// CreateDeployment creates the Deployment object or Updates if it already exists.
 func (c *Client) CreateDeployment(dep *appsv1.Deployment) (*appsv1.Deployment, error) {
 	klog.V(4).Infof("[CREATE Deployment]: %s:%s", dep.Namespace, dep.Name)
-	return c.AppsV1().Deployments(dep.Namespace).Create(context.TODO(), dep, metav1.CreateOptions{})
+	createdDep, err := c.AppsV1().Deployments(dep.Namespace).Create(context.TODO(), dep, metav1.CreateOptions{})
+	if apierrors.IsAlreadyExists(err) {
+		updatedDep, _, err := c.UpdateDeployment(dep)
+		return updatedDep, err
+	}
+	return createdDep, err
 }
 
 // DeleteDeployment deletes the Deployment object.
diff --git a/pkg/lib/operatorclient/role.go b/pkg/lib/operatorclient/role.go
@@ -5,14 +5,19 @@ import (
 	"fmt"
 
 	rbacv1 "k8s.io/api/rbac/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/klog"
 )
 
-// CreateRole creates the role.
+// CreateRole creates the role or Updates if it already exists.
 func (c *Client) CreateRole(r *rbacv1.Role) (*rbacv1.Role, error) {
-	return c.RbacV1().Roles(r.GetNamespace()).Create(context.TODO(), r, metav1.CreateOptions{})
+	createdRole, err := c.RbacV1().Roles(r.GetNamespace()).Create(context.TODO(), r, metav1.CreateOptions{})
+	if apierrors.IsAlreadyExists(err) {
+		return c.UpdateRole(r)
+	}
+	return createdRole, err
 }
 
 // GetRole returns the existing role.
diff --git a/pkg/lib/operatorclient/rolebinding.go b/pkg/lib/operatorclient/rolebinding.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	rbacv1 "k8s.io/api/rbac/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	acv1 "k8s.io/client-go/applyconfigurations/rbac/v1"
@@ -16,9 +17,13 @@ func (c *Client) ApplyRoleBinding(applyConfig *acv1.RoleBindingApplyConfiguratio
 	return c.RbacV1().RoleBindings(*applyConfig.Namespace).Apply(context.TODO(), applyConfig, applyOptions)
 }
 
-// CreateRoleBinding creates the roleBinding.
+// CreateRoleBinding creates the roleBinding or Updates if it already exists.
 func (c *Client) CreateRoleBinding(ig *rbacv1.RoleBinding) (*rbacv1.RoleBinding, error) {
-	return c.RbacV1().RoleBindings(ig.GetNamespace()).Create(context.TODO(), ig, metav1.CreateOptions{})
+	createdRB, err := c.RbacV1().RoleBindings(ig.GetNamespace()).Create(context.TODO(), ig, metav1.CreateOptions{})
+	if apierrors.IsAlreadyExists(err) {
+		return c.UpdateRoleBinding(ig)
+	}
+	return createdRB, err
 }
 
 // GetRoleBinding returns the existing roleBinding.
diff --git a/pkg/lib/operatorclient/secret.go b/pkg/lib/operatorclient/secret.go
@@ -5,14 +5,19 @@ import (
 	"fmt"
 
 	v1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/klog"
 )
 
-// CreateSecret creates the Secret.
+// CreateSecret creates the Secret or Updates if it already exists.
 func (c *Client) CreateSecret(ig *v1.Secret) (*v1.Secret, error) {
-	return c.CoreV1().Secrets(ig.GetNamespace()).Create(context.TODO(), ig, metav1.CreateOptions{})
+	createdSecret, err := c.CoreV1().Secrets(ig.GetNamespace()).Create(context.TODO(), ig, metav1.CreateOptions{})
+	if apierrors.IsAlreadyExists(err) {
+		return c.UpdateSecret(ig)
+	}
+	return createdSecret, err
 }
 
 // GetSecret returns the existing Secret.
diff --git a/pkg/lib/operatorclient/service.go b/pkg/lib/operatorclient/service.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	v1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	acv1 "k8s.io/client-go/applyconfigurations/core/v1"
@@ -16,9 +17,13 @@ func (c *Client) ApplyService(applyConfig *acv1.ServiceApplyConfiguration, apply
 	return c.CoreV1().Services(*applyConfig.Namespace).Apply(context.TODO(), applyConfig, applyOptions)
 }
 
-// CreateService creates the Service.
+// CreateService creates the Service or Updates if it already exists.
 func (c *Client) CreateService(ig *v1.Service) (*v1.Service, error) {
-	return c.CoreV1().Services(ig.GetNamespace()).Create(context.TODO(), ig, metav1.CreateOptions{})
+	createdService, err := c.CoreV1().Services(ig.GetNamespace()).Create(context.TODO(), ig, metav1.CreateOptions{})
+	if apierrors.IsAlreadyExists(err) {
+		return c.UpdateService(ig)
+	}
+	return createdService, err
 }
 
 // GetService returns the existing Service.

Original file line number	Diff line number	Diff line change
`@@ -58,11 +58,11 @@ func (c *InstallStrategyDeploymentClientForNamespace) GetOpLister() operatorlist`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`func (c InstallStrategyDeploymentClientForNamespace) CreateRole(role rbacv1.Role) (*rbacv1.Role, error) {`
`61`		`- return c.opClient.KubernetesInterface().RbacV1().Roles(c.Namespace).Create(context.TODO(), role, metav1.CreateOptions{})`
	`61`	`+ return c.opClient.CreateRole(role)`
`62`	`62`	`}`
`63`	`63`
`64`	`64`	`func (c InstallStrategyDeploymentClientForNamespace) CreateRoleBinding(roleBinding rbacv1.RoleBinding) (*rbacv1.RoleBinding, error) {`
`65`		`- return c.opClient.KubernetesInterface().RbacV1().RoleBindings(c.Namespace).Create(context.TODO(), roleBinding, metav1.CreateOptions{})`
	`65`	`+ return c.opClient.CreateRoleBinding(roleBinding)`
`66`	`66`	`}`
`67`	`67`
`68`	`68`	`func (c InstallStrategyDeploymentClientForNamespace) EnsureServiceAccount(serviceAccount corev1.ServiceAccount, owner ownerutil.Owner) (*corev1.ServiceAccount, error) {`
Original file line number	Diff line number	Diff line change
`@@ -150,7 +150,10 @@ func (r *OperatorConditionReconciler) ensureOperatorConditionRole(operatorCondit`
`150`	`150`	`if !apierrors.IsNotFound(err) {`
`151`	`151`	`return err`
`152`	`152`	`}`
`153`		`- return r.Client.Create(context.TODO(), role)`
	`153`	`+ err = r.Client.Create(context.TODO(), role)`
	`154`	`+ if apierrors.IsAlreadyExists(err) {`
	`155`	`+ return r.Client.Update(context.TODO(), role)`
	`156`	`+ }`
`154`	`157`	`}`
`155`	`158`
`156`	`159`	`if ownerutil.IsOwnedBy(existingRole, operatorCondition) &&`
`@@ -199,7 +202,10 @@ func (r *OperatorConditionReconciler) ensureOperatorConditionRoleBinding(operato`
`199`	`202`	`if !apierrors.IsNotFound(err) {`
`200`	`203`	`return err`
`201`	`204`	`}`
`202`		`- return r.Client.Create(context.TODO(), roleBinding)`
	`205`	`+ err = r.Client.Create(context.TODO(), roleBinding)`
	`206`	`+ if apierrors.IsAlreadyExists(err) {`
	`207`	`+ return r.Client.Update(context.TODO(), roleBinding)`
	`208`	`+ }`
`203`	`209`	`}`
`204`	`210`
`205`	`211`	`if ownerutil.IsOwnedBy(existingRoleBinding, operatorCondition) &&`