Remove double negations by turning IsDexDisabled into DexEnabled

Author: rene-dekker

pkg/controller/apiserver/apiserver_controller.go

@@ -377,7 +377,7 @@ func (r *ReconcileAPIServer) Reconcile(ctx context.Context, request reconcile.Re
 		}
 
 		if authenticationCR != nil && authenticationCR.Status.State == operatorv1.TigeraStatusReady {
-			if !utils.IsDexDisabled(authenticationCR) {
+			if utils.DexEnabled(authenticationCR) {
 				// Do not include DEX TLS Secret Name if authentication CR does not have type Dex
 				secret := render.DexTLSSecretName
 				certificate, err := certificateManager.GetCertificate(r.client, secret, common.OperatorNamespace())

pkg/controller/authentication/authentication_controller.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2020-2024 Tigera, Inc. All rights reserved.
+// Copyright (c) 2025 Tigera, Inc. All rights reserved.
 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -383,7 +383,7 @@ func (r *ReconcileAuthentication) Reconcile(ctx context.Context, request reconci
 	}
 	r.lastAvailabilityTransition = currentAvailabilityTransition
 
-	disableDex := utils.IsDexDisabled(authentication)
+	enableDex := utils.DexEnabled(authentication)
 
 	// DexConfig adds convenience methods around dex related objects in k8s and can be used to configure Dex.
 	dexCfg := render.NewDexConfig(install.CertificateManagement, authentication, dexSecret, idpSecret, r.clusterDomain)
@@ -397,7 +397,7 @@ func (r *ReconcileAuthentication) Reconcile(ctx context.Context, request reconci
 		Installation:   install,
 		DexConfig:      dexCfg,
 		ClusterDomain:  r.clusterDomain,
-		DeleteDex:      disableDex,
+		DeleteDex:      !enableDex,
 		TLSKeyPair:     tlsKeyPair,
 		TrustedBundle:  trustedBundle,
 		Authentication: authentication,
@@ -415,7 +415,7 @@ func (r *ReconcileAuthentication) Reconcile(ctx context.Context, request reconci
 
 	components := []render.Component{component}
 
-	if !disableDex {
+	if enableDex {
 		components = append(components,
 			rcertificatemanagement.CertificateManagement(&rcertificatemanagement.Config{
 				Namespace:       render.DexNamespace,

pkg/controller/manager/manager_controller.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2020-2024 Tigera, Inc. All rights reserved.
+// Copyright (c) 2025 Tigera, Inc. All rights reserved.
 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -462,8 +462,7 @@ func (r *ReconcileManager) Reconcile(ctx context.Context, request reconcile.Requ
 	if authenticationCR != nil && authenticationCR.Status.State != operatorv1.TigeraStatusReady {
 		r.status.SetDegraded(operatorv1.ResourceNotReady, fmt.Sprintf("Authentication is not ready authenticationCR status: %s", authenticationCR.Status.State), nil, logc)
 		return reconcile.Result{}, nil
-	} else if authenticationCR != nil && !utils.IsDexDisabled(authenticationCR) {
-		// Do not include DEX TLS Secret Name is authentication CR does not have type Dex
+	} else if utils.DexEnabled(authenticationCR) {
 		trustedSecretNames = append(trustedSecretNames, render.DexTLSSecretName)
 	}
 

pkg/controller/utils/utils.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2020-2024 Tigera, Inc. All rights reserved.
+// Copyright (c) 2025 Tigera, Inc. All rights reserved.
 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -896,12 +896,12 @@ func compareMap(m1, m2 map[string]string) bool {
 	return true
 }
 
-func IsDexDisabled(authentication *operatorv1.Authentication) bool {
-	disableDex := false
-	if authentication.Spec.OIDC != nil && authentication.Spec.OIDC.Type == operatorv1.OIDCTypeTigera {
-		disableDex = true
+func DexEnabled(authentication *operatorv1.Authentication) bool {
+	enableDex := authentication != nil
+	if enableDex && authentication.Spec.OIDC != nil && authentication.Spec.OIDC.Type == operatorv1.OIDCTypeTigera {
+		enableDex = false
 	}
-	return disableDex
+	return enableDex
 }
 
 func VerifySysctl(pluginData []operatorv1.Sysctl) error {

pkg/controller/utils/utils_test.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2021-2024 Tigera, Inc. All rights reserved.
+// Copyright (c) 2025 Tigera, Inc. All rights reserved.
 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -433,4 +433,17 @@ var _ = Describe("CreatePredicateForObject", func() {
 			Expect(p.Delete(event.DeleteEvent{Object: &v1.Pod{ObjectMeta: metav1.ObjectMeta{Name: "other-object", Namespace: "test-namespace"}}})).To(BeFalse())
 		})
 	})
+
+	DescribeTable("should correctly determine whether Dex is enabled",
+		func(authentication *opv1.Authentication, expectedResult bool) {
+			Expect(DexEnabled(authentication)).To(Equal(expectedResult))
+		},
+		Entry("when authentication is nil", nil, false),
+		Entry("when authentication is not nil and OIDC is nil",
+			&opv1.Authentication{Spec: opv1.AuthenticationSpec{OIDC: nil}}, true),
+		Entry("when authentication is not nil and OIDC type is OIDCTypeTigera",
+			&opv1.Authentication{Spec: opv1.AuthenticationSpec{OIDC: &opv1.AuthenticationOIDC{Type: opv1.OIDCTypeTigera}}}, false),
+		Entry("when authentication is not nil and OIDC type is different",
+			&opv1.Authentication{Spec: opv1.AuthenticationSpec{OIDC: &opv1.AuthenticationOIDC{Type: opv1.OIDCTypeDex}}}, true),
+	)
 })