Add wait with time-out for accept

Signed-off-by: Dominique Vernier <[email protected]>

Author: itdove

pkg/cmd/accept/cmd.go

@@ -44,6 +44,6 @@ func NewCmd(clusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags, stream
 	}
 
 	cmd.Flags().StringVar(&o.clusters, "clusters", "", "Names of the cluster to accept (comma separated)")
-
+	cmd.Flags().IntVar(&o.timeout, "time-out", 1, "the number of second to wait for the managedcluster and CSR")
 	return cmd
 }

pkg/cmd/accept/exec.go

@@ -5,9 +5,12 @@ import (
 	"context"
 	"fmt"
 	"strings"
+	"time"
 
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/kubernetes"
 	"open-cluster-management.io/clusteradm/pkg/helpers"
 
@@ -63,93 +66,122 @@ func (o *Options) run() error {
 
 func (o *Options) runWithClient(kubeClient *kubernetes.Clientset, clusterClient *clusterclientset.Clientset) error {
 	for _, clusterName := range o.values.clusters {
-
-		csrs, err := kubeClient.CertificatesV1().CertificateSigningRequests().List(context.TODO(),
-			metav1.ListOptions{
-				LabelSelector: fmt.Sprintf("%v = %v", clusterLabel, clusterName),
-			})
+		err := wait.PollImmediate(1*time.Second, time.Duration(o.timeout)*time.Second, func() (bool, error) {
+			csrApproved, err := o.approveCSR(kubeClient, clusterName)
+			if err != nil {
+				return false, err
+			}
+			mcUpdated, err := o.updateManagedCluster(clusterClient, clusterName)
+			if err != nil {
+				return false, err
+			}
+			if csrApproved && mcUpdated {
+				return true, nil
+			}
+			return false, nil
+		})
 		if err != nil {
 			return err
 		}
-		var csr *certificatesv1.CertificateSigningRequest
-		for _, item := range csrs.Items {
-			//Does not have the correct name prefix
-			if !strings.HasPrefix(item.Spec.Username, userNameSignaturePrefix) {
-				continue
-			}
-			//Check groups
-			var group string
-			for _, g := range item.Spec.Groups {
-				if g == groupName {
-					group = g
-					break
-				}
-			}
-			//Does not contain the correct group
-			if len(group) == 0 {
-				continue
+	}
+	return nil
+}
+
+func (o *Options) approveCSR(kubeClient *kubernetes.Clientset, clusterName string) (bool, error) {
+	csrs, err := kubeClient.CertificatesV1().CertificateSigningRequests().List(context.TODO(),
+		metav1.ListOptions{
+			LabelSelector: fmt.Sprintf("%v = %v", clusterLabel, clusterName),
+		})
+	if err != nil {
+		if errors.IsNotFound(err) {
+			return false, nil
+		}
+		return false, err
+	}
+	var csr *certificatesv1.CertificateSigningRequest
+	for _, item := range csrs.Items {
+		//Does not have the correct name prefix
+		if !strings.HasPrefix(item.Spec.Username, userNameSignaturePrefix) {
+			continue
+		}
+		//Check groups
+		var group string
+		for _, g := range item.Spec.Groups {
+			if g == groupName {
+				group = g
+				break
 			}
-			//Check if already approved or denied
-			done := false
-			for _, c := range item.Status.Conditions {
-				if c.Type == certificatesv1.CertificateApproved || c.Type == certificatesv1.CertificateDenied {
-					done = true
-					break
-				}
+		}
+		//Does not contain the correct group
+		if len(group) == 0 {
+			continue
+		}
+		//Check if already approved or denied
+		for _, c := range item.Status.Conditions {
+			if c.Type == certificatesv1.CertificateApproved {
+				fmt.Printf("CSR %s already approved\n", item.Name)
+				return true, nil
 			}
-			if done {
-				continue
+			if c.Type == certificatesv1.CertificateDenied {
+				fmt.Printf("CSR %s already denied\n", item.Name)
+				return true, nil
 			}
-			csr = &item
-			break
 		}
+		csr = &item
+		break
+	}
 
-		if csr != nil {
-			if !o.ClusteradmFlags.DryRun {
-				if csr.Status.Conditions == nil {
-					csr.Status.Conditions = make([]certificatesv1.CertificateSigningRequestCondition, 0)
-				}
+	if csr != nil {
+		if !o.ClusteradmFlags.DryRun {
+			if csr.Status.Conditions == nil {
+				csr.Status.Conditions = make([]certificatesv1.CertificateSigningRequestCondition, 0)
+			}
 
-				csr.Status.Conditions = append(csr.Status.Conditions, certificatesv1.CertificateSigningRequestCondition{
-					Status:         corev1.ConditionTrue,
-					Type:           certificatesv1.CertificateApproved,
-					Reason:         fmt.Sprintf("%sApprove", helpers.GetExampleHeader()),
-					Message:        fmt.Sprintf("This CSR was approved by %s certificate approve.", helpers.GetExampleHeader()),
-					LastUpdateTime: metav1.Now(),
-				})
+			csr.Status.Conditions = append(csr.Status.Conditions, certificatesv1.CertificateSigningRequestCondition{
+				Status:         corev1.ConditionTrue,
+				Type:           certificatesv1.CertificateApproved,
+				Reason:         fmt.Sprintf("%sApprove", helpers.GetExampleHeader()),
+				Message:        fmt.Sprintf("This CSR was approved by %s certificate approve.", helpers.GetExampleHeader()),
+				LastUpdateTime: metav1.Now(),
+			})
 
-				kubeClient, err := o.ClusteradmFlags.KubectlFactory.KubernetesClientSet()
-				if err != nil {
-					return err
-				}
-				signingRequest := kubeClient.CertificatesV1().CertificateSigningRequests()
-				if _, err := signingRequest.UpdateApproval(context.TODO(), csr.Name, csr, metav1.UpdateOptions{}); err != nil {
-					return err
-				}
+			kubeClient, err := o.ClusteradmFlags.KubectlFactory.KubernetesClientSet()
+			if err != nil {
+				return false, err
+			}
+			signingRequest := kubeClient.CertificatesV1().CertificateSigningRequests()
+			if _, err := signingRequest.UpdateApproval(context.TODO(), csr.Name, csr, metav1.UpdateOptions{}); err != nil {
+				return false, err
 			}
-			fmt.Printf("CSR %s approved\n", csr.Name)
-		} else {
-			fmt.Printf("no CSR to approve for cluster %s\n", clusterName)
 		}
+		fmt.Printf("CSR %s approved\n", csr.Name)
+		return true, nil
+	}
+	fmt.Printf("no CSR to approve for cluster %s\n", clusterName)
+	return false, nil
+}
 
-		mc, err := clusterClient.ClusterV1().ManagedClusters().Get(context.TODO(),
-			clusterName,
-			metav1.GetOptions{})
-		if err != nil {
-			return err
+func (o *Options) updateManagedCluster(clusterClient *clusterclientset.Clientset, clusterName string) (bool, error) {
+	mc, err := clusterClient.ClusterV1().ManagedClusters().Get(context.TODO(),
+		clusterName,
+		metav1.GetOptions{})
+	if err != nil {
+		if errors.IsNotFound(err) {
+			return false, nil
 		}
-		if !mc.Spec.HubAcceptsClient {
-			if !o.ClusteradmFlags.DryRun {
-				mc.Spec.HubAcceptsClient = true
-				_, err = clusterClient.ClusterV1().ManagedClusters().Update(context.TODO(), mc, metav1.UpdateOptions{})
-				if err != nil {
-					return err
-				}
+		return false, err
+	}
+	if !mc.Spec.HubAcceptsClient {
+		if !o.ClusteradmFlags.DryRun {
+			mc.Spec.HubAcceptsClient = true
+			_, err = clusterClient.ClusterV1().ManagedClusters().Update(context.TODO(), mc, metav1.UpdateOptions{})
+			if err != nil {
+				return false, err
 			}
-			fmt.Printf("set httpAcceptsClient to true for cluster %s\n", clusterName)
-		} else {
-			fmt.Printf("httpAcceptsClient already set for cluster %s\n", clusterName)
 		}
+		fmt.Printf("set httpAcceptsClient to true for cluster %s\n", clusterName)
+	} else {
+		fmt.Printf("httpAcceptsClient already set for cluster %s\n", clusterName)
 	}
-	return nil
+	return true, nil
 }

pkg/cmd/accept/options.go

@@ -11,7 +11,9 @@ type Options struct {
 	ClusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags
 	//A list of comma separated cluster names
 	clusters string
-	values   Values
+	//Timeout to wait in second for managedcluster and CSR
+	timeout int
+	values  Values
 }
 
 //Values: The values used in the template