From bc5cb310220f86f5390ee25884020df09900ba26 Mon Sep 17 00:00:00 2001 From: Gabe Alford Date: Fri, 10 May 2024 16:26:55 -0600 Subject: [PATCH] cleanup: remove tautological conditions --- .../admission/falconadmission_controller.go | 8 +- .../falconnodesensor_controller.go | 183 ++++++++++-------- 2 files changed, 99 insertions(+), 92 deletions(-) diff --git a/internal/controller/admission/falconadmission_controller.go b/internal/controller/admission/falconadmission_controller.go index 366925a6..42e232e5 100644 --- a/internal/controller/admission/falconadmission_controller.go +++ b/internal/controller/admission/falconadmission_controller.go @@ -186,10 +186,7 @@ func (r *FalconAdmissionReconciler) Reconcile(ctx context.Context, req ctrl.Requ // Create a CA Bundle ConfigMap if CACertificate attribute is set; overridden by the presence of a CACertificateConfigMap value if falconAdmission.Spec.Registry.TLS.CACertificateConfigMap == "" && falconAdmission.Spec.Registry.TLS.CACertificate != "" { if _, err := r.reconcileRegistryCABundleConfigMap(ctx, req, log, falconAdmission); err != nil { - if err != nil { - return ctrl.Result{}, err - } - + return ctrl.Result{}, err } } @@ -261,9 +258,6 @@ func (r *FalconAdmissionReconciler) Reconcile(ctx context.Context, req ctrl.Requ pod, err := k8sutils.GetReadyPod(r.Client, ctx, falconAdmission.Spec.InstallNamespace, map[string]string{common.FalconComponentKey: common.FalconAdmissionController}) if err != nil && err.Error() != "No webhook service pod found in a Ready state" { - if err != nil { - return ctrl.Result{}, err - } log.Error(err, "Failed to find Ready admission controller pod") return ctrl.Result{}, err } diff --git a/internal/controller/falcon_node/falconnodesensor_controller.go b/internal/controller/falcon_node/falconnodesensor_controller.go index 6c56aff0..06be5bc2 100644 --- a/internal/controller/falcon_node/falconnodesensor_controller.go +++ b/internal/controller/falcon_node/falconnodesensor_controller.go @@ -398,36 +398,36 @@ func (r *FalconNodeSensorReconciler) Reconcile(ctx context.Context, req ctrl.Req // handleNamespace creates and updates the namespace func (r *FalconNodeSensorReconciler) handleNamespace(ctx context.Context, nodesensor *falconv1alpha1.FalconNodeSensor, logger logr.Logger) (bool, error) { ns := corev1.Namespace{} - err := r.Client.Get(ctx, types.NamespacedName{Name: nodesensor.Spec.InstallNamespace}, &ns) - if err == nil || (err != nil && !errors.IsNotFound(err)) { - return false, err - } - - ns = corev1.Namespace{ - TypeMeta: metav1.TypeMeta{ - APIVersion: corev1.SchemeGroupVersion.String(), - Kind: "Namespace", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: nodesensor.Spec.InstallNamespace, - Labels: map[string]string{ - "pod-security.kubernetes.io/enforce": "privileged", - "pod-security.kubernetes.io/warn": "privileged", - "pod-security.kubernetes.io/audit": "privileged", - "security.openshift.io/scc.podSecurityLabelSync": "false", + err := r.Get(ctx, types.NamespacedName{Name: nodesensor.Spec.InstallNamespace}, &ns) + if err != nil && errors.IsNotFound(err) { + ns = corev1.Namespace{ + TypeMeta: metav1.TypeMeta{ + APIVersion: corev1.SchemeGroupVersion.String(), + Kind: "Namespace", }, - }, - } - err = ctrl.SetControllerReference(nodesensor, &ns, r.Scheme) - if err != nil { - logger.Error(err, "Unable to assign Controller Reference to the Namespace") - } - err = r.Client.Create(ctx, &ns) - if err != nil && !errors.IsAlreadyExists(err) { - logger.Error(err, "Failed to create new namespace", "Namespace.Name", nodesensor.Spec.InstallNamespace) + ObjectMeta: metav1.ObjectMeta{ + Name: nodesensor.Spec.InstallNamespace, + }, + } + + err = ctrl.SetControllerReference(nodesensor, &ns, r.Scheme) + if err != nil { + logger.Error(err, "Unable to assign Controller Reference to the Namespace") + } + + err = r.Create(ctx, &ns) + if err != nil && !errors.IsAlreadyExists(err) { + logger.Error(err, "Failed to create new namespace", "Namespace.Name", nodesensor.Spec.InstallNamespace) + return false, err + } + + return true, nil + } else if err != nil { + logger.Error(err, "Failed to get FalconNodeSensor Namespace") return false, err } - return true, nil + + return false, nil } // handlePriorityClass creates and updates the priority class @@ -772,75 +772,88 @@ func (r *FalconNodeSensorReconciler) handlePermissions(ctx context.Context, node // handleRoleBinding creates and updates RoleBinding func (r *FalconNodeSensorReconciler) handleClusterRoleBinding(ctx context.Context, nodesensor *falconv1alpha1.FalconNodeSensor, logger logr.Logger) (bool, error) { binding := rbacv1.ClusterRoleBinding{} - err := r.Client.Get(ctx, types.NamespacedName{Name: common.NodeClusterRoleBindingName}, &binding) - if err == nil || (err != nil && !errors.IsNotFound(err)) { - return false, err - } - binding = rbacv1.ClusterRoleBinding{ - TypeMeta: metav1.TypeMeta{ - APIVersion: rbacv1.SchemeGroupVersion.String(), - Kind: "ClusterRoleBinding", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: common.NodeClusterRoleBindingName, - Labels: common.CRLabels("clusterrolebinding", common.NodeClusterRoleBindingName, common.FalconKernelSensor), - }, - RoleRef: rbacv1.RoleRef{ - APIGroup: "rbac.authorization.k8s.io", - Kind: "ClusterRole", - Name: "falcon-operator-node-sensor-role", - }, - Subjects: []rbacv1.Subject{ - { - Kind: "ServiceAccount", - Name: common.NodeServiceAccountName, - Namespace: nodesensor.Spec.InstallNamespace, + err := r.Get(ctx, types.NamespacedName{Name: common.NodeClusterRoleBindingName}, &binding) + if err != nil && errors.IsNotFound(err) { + binding = rbacv1.ClusterRoleBinding{ + TypeMeta: metav1.TypeMeta{ + APIVersion: rbacv1.SchemeGroupVersion.String(), + Kind: "ClusterRoleBinding", }, - }, - } - err = ctrl.SetControllerReference(nodesensor, &binding, r.Scheme) - if err != nil { - logger.Error(err, "Unable to assign Controller Reference to the ClusterRoleBinding") - } - logger.Info("Creating FalconNodeSensor ClusterRoleBinding") - err = r.Client.Create(ctx, &binding) - if err != nil && !errors.IsAlreadyExists(err) { - logger.Error(err, "Failed to create new ClusterRoleBinding", "ClusteRoleBinding.Name", common.NodeClusterRoleBindingName) + ObjectMeta: metav1.ObjectMeta{ + Name: common.NodeClusterRoleBindingName, + Labels: common.CRLabels("clusterrolebinding", common.NodeClusterRoleBindingName, common.FalconKernelSensor), + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: "rbac.authorization.k8s.io", + Kind: "ClusterRole", + Name: "falcon-operator-node-sensor-role", + }, + Subjects: []rbacv1.Subject{ + { + Kind: "ServiceAccount", + Name: common.NodeServiceAccountName, + Namespace: nodesensor.Spec.InstallNamespace, + }, + }, + } + + err = ctrl.SetControllerReference(nodesensor, &binding, r.Scheme) + if err != nil { + logger.Error(err, "Unable to assign Controller Reference to the ClusterRoleBinding") + } + + logger.Info("Creating FalconNodeSensor ClusterRoleBinding") + err = r.Create(ctx, &binding) + if err != nil && !errors.IsAlreadyExists(err) { + logger.Error(err, "Failed to create new ClusterRoleBinding", "ClusteRoleBinding.Name", common.NodeClusterRoleBindingName) + return false, err + } + + return true, nil + } else if err != nil { + logger.Error(err, "Failed to get FalconNodeSensor ClusterRoleBinding") return false, err } - return true, nil + return false, nil } // handleServiceAccount creates and updates the service account and grants necessary permissions to it func (r *FalconNodeSensorReconciler) handleServiceAccount(ctx context.Context, nodesensor *falconv1alpha1.FalconNodeSensor, logger logr.Logger) (bool, error) { sa := corev1.ServiceAccount{} - err := r.Client.Get(ctx, types.NamespacedName{Name: common.NodeServiceAccountName, Namespace: nodesensor.Spec.InstallNamespace}, &sa) - if err == nil || (err != nil && !errors.IsNotFound(err)) { - return false, err - } - sa = corev1.ServiceAccount{ - TypeMeta: metav1.TypeMeta{ - APIVersion: corev1.SchemeGroupVersion.String(), - Kind: "ServiceAccount", - }, - ObjectMeta: metav1.ObjectMeta{ - Namespace: nodesensor.Spec.InstallNamespace, - Name: common.NodeServiceAccountName, - Labels: common.CRLabels("serviceaccount", common.NodeServiceAccountName, common.FalconKernelSensor), - }, - } - err = ctrl.SetControllerReference(nodesensor, &sa, r.Scheme) - if err != nil { - logger.Error(err, "Unable to assign Controller Reference to the ServiceAccount") - } - logger.Info("Creating FalconNodeSensor ServiceAccount") - err = r.Client.Create(ctx, &sa) - if err != nil && !errors.IsAlreadyExists(err) { - logger.Error(err, "Failed to create new ServiceAccount", "Namespace.Name", nodesensor.Spec.InstallNamespace) + err := r.Get(ctx, types.NamespacedName{Name: common.NodeServiceAccountName, Namespace: nodesensor.Spec.InstallNamespace}, &sa) + if err != nil && errors.IsNotFound(err) { + sa = corev1.ServiceAccount{ + TypeMeta: metav1.TypeMeta{ + APIVersion: corev1.SchemeGroupVersion.String(), + Kind: "ServiceAccount", + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: nodesensor.Spec.InstallNamespace, + Name: common.NodeServiceAccountName, + Labels: common.CRLabels("serviceaccount", common.NodeServiceAccountName, common.FalconKernelSensor), + }, + } + + err = ctrl.SetControllerReference(nodesensor, &sa, r.Scheme) + if err != nil { + logger.Error(err, "Unable to assign Controller Reference to the ServiceAccount") + } + + logger.Info("Creating FalconNodeSensor ServiceAccount") + err = r.Create(ctx, &sa) + if err != nil && !errors.IsAlreadyExists(err) { + logger.Error(err, "Failed to create new ServiceAccount", "Namespace.Name", nodesensor.Spec.InstallNamespace, "ServiceAccount.Name", common.NodeServiceAccountName) + return false, err + } + + return true, nil + } else if err != nil { + logger.Error(err, "Failed to get FalconNodeSensor ServiceAccount") return false, err } - return true, nil + + return false, nil } // handleServiceAccount creates and updates the service account and grants necessary permissions to it