Merge pull request #432 from erikgb/fix-non-matching-source-selector

fix: don't error if source selector selects no sources
cert-manager · Sep 11, 2024 · 94e1ed6 · 94e1ed6
2 parents f9f80d2 + e7049f0
commit 94e1ed6
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 6 deletions.
diff --git a/pkg/bundle/source.go b/pkg/bundle/source.go
@@ -18,6 +18,7 @@ package bundle
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"strings"
 
@@ -32,6 +33,8 @@ import (
 
 type notFoundError struct{ error }
 
+type selectsNothingError struct{ error }
+
 // bundleData holds the result of a call to buildSourceBundle. It contains the resulting PEM-encoded
 // certificate data from concatenating all the sources together, binary data for any additional formats and
 // any metadata from the sources which needs to be exposed on the Bundle resource's status field.
@@ -77,6 +80,12 @@ func (b *bundle) buildSourceBundle(ctx context.Context, sources []trustapi.Bundl
 			}
 		}
 
+		// A source selector may select no configmaps/secrets, and this is not an error.
+		if errors.As(err, &selectsNothingError{}) {
+			b.Log.Info(err.Error())
+			continue
+		}
+
 		if err != nil {
 			return bundleData{}, fmt.Errorf("failed to retrieve bundle from source: %w", err)
 		}
@@ -124,10 +133,10 @@ func (b *bundle) configMapBundle(ctx context.Context, ref *trustapi.SourceObject
 		if selectorErr != nil {
 			return "", fmt.Errorf("failed to parse label selector as Selector for ConfigMap in namespace %s: %w", b.Namespace, selectorErr)
 		}
-		if err := b.client.List(ctx, &cml, client.MatchingLabelsSelector{Selector: selector}); apierrors.IsNotFound(err) {
-			return "", notFoundError{err}
-		} else if err != nil {
+		if err := b.client.List(ctx, &cml, client.MatchingLabelsSelector{Selector: selector}); err != nil {
 			return "", fmt.Errorf("failed to get ConfigMapList: %w", err)
+		} else if len(cml.Items) == 0 {
+			return "", selectsNothingError{fmt.Errorf("label selector %s for ConfigMap didn't match any resources", selector.String())}
 		}
 
 		configMaps = cml.Items
@@ -171,10 +180,10 @@ func (b *bundle) secretBundle(ctx context.Context, ref *trustapi.SourceObjectKey
 		if selectorErr != nil {
 			return "", fmt.Errorf("failed to parse label selector as Selector for Secret in namespace %s: %w", b.Namespace, selectorErr)
 		}
-		if err := b.client.List(ctx, &sl, client.MatchingLabelsSelector{Selector: selector}); apierrors.IsNotFound(err) {
-			return "", notFoundError{err}
-		} else if err != nil {
+		if err := b.client.List(ctx, &sl, client.MatchingLabelsSelector{Selector: selector}); err != nil {
 			return "", fmt.Errorf("failed to get SecretList: %w", err)
+		} else if len(sl.Items) == 0 {
+			return "", selectsNothingError{fmt.Errorf("label selector %s for Secret didn't match any resources", selector.String())}
 		}
 
 		secrets = sl.Items

diff --git a/pkg/bundle/source_test.go b/pkg/bundle/source_test.go
@@ -116,6 +116,28 @@ func Test_buildSourceBundle(t *testing.T) {
 			expError:         false,
 			expNotFoundError: false,
 		},
+		"if selects no ConfigMap sources, should return an error": {
+			sources: []trustapi.BundleSource{
+				{ConfigMap: &trustapi.SourceObjectKeySelector{KeySelector: trustapi.KeySelector{Key: "key"}, Selector: &metav1.LabelSelector{MatchLabels: map[string]string{"selects-nothing": "true"}}}},
+			},
+			objects:          []runtime.Object{},
+			expData:          "",
+			expError:         true,
+			expNotFoundError: false,
+		},
+		"if selects at least one ConfigMap source, return data": {
+			sources: []trustapi.BundleSource{
+				{ConfigMap: &trustapi.SourceObjectKeySelector{KeySelector: trustapi.KeySelector{Key: "key"}, Selector: &metav1.LabelSelector{MatchLabels: map[string]string{"trust-bundle.certs": "includes"}}}},
+				{ConfigMap: &trustapi.SourceObjectKeySelector{KeySelector: trustapi.KeySelector{Key: "key"}, Selector: &metav1.LabelSelector{MatchLabels: map[string]string{"selects-nothing": "true"}}}},
+			},
+			objects: []runtime.Object{&corev1.ConfigMap{
+				ObjectMeta: metav1.ObjectMeta{Name: "configmap", Labels: map[string]string{"trust-bundle.certs": "includes"}},
+				Data:       map[string]string{"key": dummy.TestCertificate1 + "\n" + dummy.TestCertificate2},
+			}},
+			expData:          dummy.JoinCerts(dummy.TestCertificate2, dummy.TestCertificate1),
+			expError:         false,
+			expNotFoundError: false,
+		},
 		"if ConfigMap and InLine source, return concatenated data": {
 			sources: []trustapi.BundleSource{
 				{ConfigMap: &trustapi.SourceObjectKeySelector{Name: "configmap", KeySelector: trustapi.KeySelector{Key: "key"}}},