Add wait with time-out for accept

itdove · itdove · commit 0a8a4ad22815 · 2021-06-21T12:49:30.000-04:00
Signed-off-by: Dominique Vernier &lt;dvernier@redhat.com&gt;
diff --git a/pkg/cmd/accept/cmd.go b/pkg/cmd/accept/cmd.go
@@ -44,6 +44,6 @@ func NewCmd(clusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags, stream
 	}
 
 	cmd.Flags().StringVar(&o.clusters, "clusters", "", "Names of the cluster to accept (comma separated)")
-
+	cmd.Flags().IntVar(&o.wait, "wait", 0, "the number of second to wait for the managedcluster and CSR")
 	return cmd
 }
diff --git a/pkg/cmd/accept/exec.go b/pkg/cmd/accept/exec.go
@@ -5,9 +5,13 @@ import (
 	"context"
 	"fmt"
 	"strings"
+	"time"
 
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/sets"
+	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/kubernetes"
 	"open-cluster-management.io/clusteradm/pkg/helpers"
 
@@ -61,95 +65,145 @@ func (o *Options) run() error {
 	return o.runWithClient(kubeClient, clusterClient)
 }
 
-func (o *Options) runWithClient(kubeClient *kubernetes.Clientset, clusterClient *clusterclientset.Clientset) error {
+func (o *Options) runWithClient(kubeClient *kubernetes.Clientset, clusterClient *clusterclientset.Clientset) (err error) {
 	for _, clusterName := range o.values.clusters {
-
-		csrs, err := kubeClient.CertificatesV1().CertificateSigningRequests().List(context.TODO(),
-			metav1.ListOptions{
-				LabelSelector: fmt.Sprintf("%v = %v", clusterLabel, clusterName),
+		if o.wait == 0 {
+			_, err = o.accept(kubeClient, clusterClient, clusterName)
+		} else {
+			err = wait.PollImmediate(1*time.Second, time.Duration(o.wait)*time.Second, func() (bool, error) {
+				return o.accept(kubeClient, clusterClient, clusterName)
 			})
+		}
 		if err != nil {
 			return err
 		}
-		var csr *certificatesv1.CertificateSigningRequest
-		for _, item := range csrs.Items {
-			//Does not have the correct name prefix
-			if !strings.HasPrefix(item.Spec.Username, userNameSignaturePrefix) {
-				continue
-			}
-			//Check groups
-			var group string
-			for _, g := range item.Spec.Groups {
-				if g == groupName {
-					group = g
-					break
-				}
-			}
-			//Does not contain the correct group
-			if len(group) == 0 {
-				continue
-			}
-			//Check if already approved or denied
-			done := false
-			for _, c := range item.Status.Conditions {
-				if c.Type == certificatesv1.CertificateApproved || c.Type == certificatesv1.CertificateDenied {
-					done = true
-					break
-				}
-			}
-			if done {
-				continue
-			}
-			csr = &item
-			break
-		}
+	}
+	return nil
+}
 
-		if csr != nil {
-			if !o.ClusteradmFlags.DryRun {
-				if csr.Status.Conditions == nil {
-					csr.Status.Conditions = make([]certificatesv1.CertificateSigningRequestCondition, 0)
-				}
-
-				csr.Status.Conditions = append(csr.Status.Conditions, certificatesv1.CertificateSigningRequestCondition{
-					Status:         corev1.ConditionTrue,
-					Type:           certificatesv1.CertificateApproved,
-					Reason:         fmt.Sprintf("%sApprove", helpers.GetExampleHeader()),
-					Message:        fmt.Sprintf("This CSR was approved by %s certificate approve.", helpers.GetExampleHeader()),
-					LastUpdateTime: metav1.Now(),
-				})
-
-				kubeClient, err := o.ClusteradmFlags.KubectlFactory.KubernetesClientSet()
-				if err != nil {
-					return err
-				}
-				signingRequest := kubeClient.CertificatesV1().CertificateSigningRequests()
-				if _, err := signingRequest.UpdateApproval(context.TODO(), csr.Name, csr, metav1.UpdateOptions{}); err != nil {
-					return err
-				}
-			}
-			fmt.Printf("CSR %s approved\n", csr.Name)
-		} else {
-			fmt.Printf("no CSR to approve for cluster %s\n", clusterName)
+func (o *Options) accept(kubeClient *kubernetes.Clientset, clusterClient *clusterclientset.Clientset, clusterName string) (bool, error) {
+	csrApproved, err := o.approveCSR(kubeClient, clusterName)
+	if err != nil {
+		return false, err
+	}
+	mcUpdated, err := o.updateManagedCluster(clusterClient, clusterName)
+	if err != nil {
+		return false, err
+	}
+	if csrApproved && mcUpdated {
+		return true, nil
+	}
+	return false, nil
+}
+
+func (o *Options) approveCSR(kubeClient *kubernetes.Clientset, clusterName string) (bool, error) {
+	csrs, err := kubeClient.CertificatesV1().CertificateSigningRequests().List(context.TODO(),
+		metav1.ListOptions{
+			LabelSelector: fmt.Sprintf("%v = %v", clusterLabel, clusterName),
+		})
+	if err != nil {
+		if errors.IsNotFound(err) {
+			return false, nil
+		}
+		return false, err
+	}
+	var csr *certificatesv1.CertificateSigningRequest
+	for _, item := range csrs.Items {
+		//Does not have the correct name prefix
+		if !strings.HasPrefix(item.Spec.Username, userNameSignaturePrefix) {
+			continue
+		}
+		//Check groups
+		groups := sets.NewString(item.Spec.Groups...)
+		if !groups.Has(groupName) {
+			continue
+		}
+		//Check if already approved or denied
+		approved, denied := GetCertApprovalCondition(&item.Status)
+		//if alreaady denied, then nothing to do
+		if denied {
+			fmt.Printf("CSR %s already denied\n", item.Name)
+			return true, nil
 		}
+		//if alreaady approved, then nothing to do
+		if approved {
+			fmt.Printf("CSR %s already approved\n", item.Name)
+			return true, nil
+		}
+		csr = &item
+		break
+	}
+
+	//no csr found
+	if csr == nil {
+		fmt.Printf("no CSR to approve for cluster %s\n", clusterName)
+		return false, nil
+	}
+	//if dry-run don't approve
+	if o.ClusteradmFlags.DryRun {
+		return true, nil
+	}
+	if csr.Status.Conditions == nil {
+		csr.Status.Conditions = make([]certificatesv1.CertificateSigningRequestCondition, 0)
+	}
+
+	csr.Status.Conditions = append(csr.Status.Conditions, certificatesv1.CertificateSigningRequestCondition{
+		Status:         corev1.ConditionTrue,
+		Type:           certificatesv1.CertificateApproved,
+		Reason:         fmt.Sprintf("%sApprove", helpers.GetExampleHeader()),
+		Message:        fmt.Sprintf("This CSR was approved by %s certificate approve.", helpers.GetExampleHeader()),
+		LastUpdateTime: metav1.Now(),
+	})
+
+	kubeClient, err = o.ClusteradmFlags.KubectlFactory.KubernetesClientSet()
+	if err != nil {
+		return false, err
+	}
+	signingRequest := kubeClient.CertificatesV1().CertificateSigningRequests()
+	if _, err := signingRequest.UpdateApproval(context.TODO(), csr.Name, csr, metav1.UpdateOptions{}); err != nil {
+		return false, err
+	}
+
+	fmt.Printf("CSR %s approved\n", csr.Name)
+	return true, nil
+}
 
-		mc, err := clusterClient.ClusterV1().ManagedClusters().Get(context.TODO(),
-			clusterName,
-			metav1.GetOptions{})
+func (o *Options) updateManagedCluster(clusterClient *clusterclientset.Clientset, clusterName string) (bool, error) {
+	mc, err := clusterClient.ClusterV1().ManagedClusters().Get(context.TODO(),
+		clusterName,
+		metav1.GetOptions{})
+	if err != nil {
+		if errors.IsNotFound(err) {
+			return false, nil
+		}
+		return false, err
+	}
+	if mc.Spec.HubAcceptsClient {
+		fmt.Printf("httpAcceptsClient already set for cluster %s\n", clusterName)
+		return true, nil
+	}
+	if o.ClusteradmFlags.DryRun {
+		return true, nil
+	}
+	if !mc.Spec.HubAcceptsClient {
+		mc.Spec.HubAcceptsClient = true
+		_, err = clusterClient.ClusterV1().ManagedClusters().Update(context.TODO(), mc, metav1.UpdateOptions{})
 		if err != nil {
-			return err
+			return false, err
 		}
-		if !mc.Spec.HubAcceptsClient {
-			if !o.ClusteradmFlags.DryRun {
-				mc.Spec.HubAcceptsClient = true
-				_, err = clusterClient.ClusterV1().ManagedClusters().Update(context.TODO(), mc, metav1.UpdateOptions{})
-				if err != nil {
-					return err
-				}
-			}
-			fmt.Printf("set httpAcceptsClient to true for cluster %s\n", clusterName)
-		} else {
-			fmt.Printf("httpAcceptsClient already set for cluster %s\n", clusterName)
+		fmt.Printf("set httpAcceptsClient to true for cluster %s\n", clusterName)
+	}
+	return true, nil
+}
+
+func GetCertApprovalCondition(status *certificatesv1.CertificateSigningRequestStatus) (approved bool, denied bool) {
+	for _, c := range status.Conditions {
+		if c.Type == certificatesv1.CertificateApproved {
+			approved = true
+		}
+		if c.Type == certificatesv1.CertificateDenied {
+			denied = true
 		}
 	}
-	return nil
+	return
 }
diff --git a/pkg/cmd/accept/options.go b/pkg/cmd/accept/options.go
@@ -11,7 +11,9 @@ type Options struct {
 	ClusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags
 	//A list of comma separated cluster names
 	clusters string
-	values   Values
+	//Wait to wait in second for managedcluster and CSR
+	wait   int
+	values Values
 }
 
 //Values: The values used in the template

Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,6 @@ func NewCmd(clusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags, stream`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`cmd.Flags().StringVar(&o.clusters, "clusters", "", "Names of the cluster to accept (comma separated)")`
`47`		`-`
	`47`	`+ cmd.Flags().IntVar(&o.wait, "wait", 0, "the number of second to wait for the managedcluster and CSR")`
`48`	`48`	`return cmd`
`49`	`49`	`}`