evan.jarrett.net / hsm-secrets-operator
A Kubernetes operator that bridges Hardware Security Module (HSM) data storage with Kubernetes Secrets, providing true secret portability th
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix error when secret not found

Evan Jarrett 9f2c2d92 955309f8

+16 -17
+16 -17
internal/mirror/manager.go
··· 151 151 152 152 // Check if device is connected 153 153 if !grpcClient.IsConnected() { 154 - logger.V(1).Info("Device not connected", "device", deviceId) 154 + logger.Info("Device not connected", "device", deviceId) 155 155 for secretPath := range inventory { 156 156 inventory[secretPath].DeviceStates[deviceId] = &SecretState{ 157 157 Present: false, ··· 179 179 // Try to read the secret to check if it exists 180 180 data, err := grpcClient.ReadSecret(ctx, secretPath) 181 181 if err != nil { 182 - // Secret doesn't exist on this device 183 - logger.V(1).Info("Secret not found on device", "device", deviceId, "secret", secretPath) 184 - state.Error = fmt.Errorf("secret not found: %w", err) 182 + // Secret doesn't exist on this device - leave state.Error = nil so device gets added to devicesNeedingSecret 183 + logger.Info("Secret not found on device", "device", deviceId, "secret", secretPath) 185 184 } else { 186 185 // Secret exists, calculate checksum 187 186 state.Present = true 188 187 state.Checksum = mm.calculateChecksum(data) 189 - logger.V(1).Info("Secret found on device", "device", deviceId, "secret", secretPath, "checksum", state.Checksum[:8]) 188 + logger.Info("Secret found on device", "device", deviceId, "secret", secretPath, "checksum", state.Checksum[:8]) 190 189 191 190 // Try to read metadata 192 191 metadata, metaErr := grpcClient.ReadMetadata(ctx, secretPath) ··· 203 202 state.Timestamp = timestamp 204 203 } 205 204 } 206 - logger.V(1).Info("Metadata found", "device", deviceId, "secret", secretPath, 205 + logger.Info("Metadata found", "device", deviceId, "secret", secretPath, 207 206 "version", state.Version, "timestamp", state.Timestamp.Format(time.RFC3339)) 208 207 } else { 209 - logger.V(1).Info("No metadata found", "device", deviceId, "secret", secretPath) 208 + logger.Info("No metadata found", "device", deviceId, "secret", secretPath) 210 209 } 211 210 } 212 211 ··· 244 243 // Analyze all device states for this secret 245 244 for deviceName, state := range inventory.DeviceStates { 246 245 if state.Error != nil { 247 - logger.V(1).Info("Device has error, skipping", "device", deviceName, "secret", secretPath, "error", state.Error) 246 + logger.Info("Device has error, skipping", "device", deviceName, "secret", secretPath, "error", state.Error) 248 247 continue 249 248 } 250 249 ··· 280 279 // Determine sync operation type 281 280 if len(devicesWithSecret) == 0 { 282 281 // No devices have this secret - nothing to sync 283 - logger.V(1).Info("Secret not found on any device", "secret", secretPath) 282 + logger.Info("Secret not found on any device", "secret", secretPath) 284 283 return nil 285 284 } 286 285 ··· 297 296 } 298 297 299 298 if allInSync { 300 - logger.V(1).Info("Secret already in sync across all devices", "secret", secretPath) 299 + logger.Info("Secret already in sync across all devices", "secret", secretPath) 301 300 return &SecretMirrorPlan{ 302 301 SecretPath: secretPath, 303 302 SourceDevice: sourceDevice, ··· 446 445 // Skip if no sync needed 447 446 if plan.MirrorType == MirrorTypeSkip { 448 447 result.Success = true 449 - logger.V(1).Info("Skipping sync - already in sync", "secret", plan.SecretPath) 448 + logger.Info("Skipping sync - already in sync", "secret", plan.SecretPath) 450 449 return result 451 450 } 452 451 ··· 555 554 // Read metadata (may not exist) 556 555 metadata, err := grpcClient.ReadMetadata(ctx, secretPath) 557 556 if err != nil { 558 - logger.V(1).Info("No metadata found for secret", "secret", secretPath, "device", device.SerialNumber) 557 + logger.Info("No metadata found for secret", "secret", secretPath, "device", device.SerialNumber) 559 558 metadata = nil // Not an error - metadata may not exist 560 559 } 561 560 ··· 731 730 // Ensure client is closed after use 732 731 defer func() { 733 732 if closeErr := hsmClient.Close(); closeErr != nil { 734 - logger.V(1).Info("Error closing HSM client", "error", closeErr) 733 + logger.Info("Error closing HSM client", "error", closeErr) 735 734 } 736 735 }() 737 736 ··· 840 839 case <-ticker.C: 841 840 devices, err := mm.agentManager.GetAvailableDevices(ctx, mm.operatorNamespace) 842 841 if err != nil { 843 - logger.V(1).Info("Failed to check available devices", "error", err) 842 + logger.Info("Failed to check available devices", "error", err) 844 843 continue 845 844 } 846 845 ··· 849 848 for _, device := range devices { 850 849 grpcClient, err := mm.agentManager.CreateGRPCClient(ctx, device, logger) 851 850 if err != nil { 852 - logger.V(1).Info("Agent not ready yet", "device", device.SerialNumber, "error", err) 851 + logger.Info("Agent not ready yet", "device", device.SerialNumber, "error", err) 853 852 continue 854 853 } 855 854 856 855 // Test connection 857 856 if grpcClient.IsConnected() { 858 857 if closeErr := grpcClient.Close(); closeErr != nil { 859 - logger.V(1).Info("Failed to close gRPC client", "error", closeErr) 858 + logger.Info("Failed to close gRPC client", "error", closeErr) 860 859 } 861 860 logger.Info("HSM agents are ready", "readyDevices", len(devices)) 862 861 return true, nil ··· 864 863 } 865 864 } 866 865 867 - logger.V(1).Info("Still waiting for agents", "availableDevices", len(devices)) 866 + logger.Info("Still waiting for agents", "availableDevices", len(devices)) 868 867 } 869 868 } 870 869 }