✨ implement addon enable/disable flow (#33)

* 🐛 ignore hub apiserver override when forcing internal endpoint lookup (#34)

* fix: ignore hub apiserver when force-internal-endpoint-lookup is set; move hub CA to spec.hub
* feat: add timeout, verbosity to API; modernize applicable omitemptys
* feat: add timeout, verbosity args to all clusteradm commands
* fix: handle stdout & stderr separately
* chore: fix 'make test'
* ci: fix E2E artifact paths
* fix: handle approval of duplicate CSRs
---------

Signed-off-by: Tyler Gillson <[email protected]>

* feat: implement addon enable/disable flow

Signed-off-by: Artur Shad Nik <[email protected]>

* chore: add hub and spoke addon conditions

Signed-off-by: Artur Shad Nik <[email protected]>

* feat: add validation to prevent deleting in-use addons

Signed-off-by: Artur Shad Nik <[email protected]>

* test: add new expected condition

Signed-off-by: Artur Shad Nik <[email protected]>

* wip: e2e test

[skip ci]

Signed-off-by: Artur Shad Nik <[email protected]>

* test: add e2e tests

Signed-off-by: Artur Shad Nik <[email protected]>

* add docstrings; move code to helper to address gocyclo

Signed-off-by: Artur Shad Nik <[email protected]>

* chore: trigger ci

Signed-off-by: Artur Shad Nik <[email protected]>

* chore: trigger ci

Signed-off-by: Artur Shad Nik <[email protected]>

* chore: demistify magic numbers

Signed-off-by: Artur Shad Nik <[email protected]>

* feat: check number of MW against number of MCAO

Signed-off-by: Artur Shad Nik <[email protected]>

* chore: helper for max type length

Signed-off-by: Artur Shad Nik <[email protected]>

* fix: delete unused code

Signed-off-by: Artur Shad Nik <[email protected]>

* chore: address review comments

Signed-off-by: Artur Shad Nik <[email protected]>

* chore: update magic number; use ownerRef checks when deleting spoke

Signed-off-by: Artur Shad Nik <[email protected]>

* fix: make unjoined check more robust

Signed-off-by: Artur Shad Nik <[email protected]>

* chore: reorder checks

Signed-off-by: Artur Shad Nik <[email protected]>

* chore: add unit tests; handle unknown conditions

Signed-off-by: Artur Shad Nik <[email protected]>

---------

Signed-off-by: Tyler Gillson <[email protected]>
Signed-off-by: Artur Shad Nik <[email protected]>
Co-authored-by: Tyler Gillson <[email protected]>

Author: arturshadnik

fleetconfig-controller/api/v1alpha1/constants.go

@@ -10,8 +10,14 @@ const (
 	// FleetConfigHubInitialized means that the Hub has been initialized.
 	FleetConfigHubInitialized = "HubInitialized"
 
+	// FleetConfigAddonsConfigured means that all addons have been configured on the Hub.
+	FleetConfigAddonsConfigured = "AddonsConfigured"
+
 	// FleetConfigCleanupFailed means that a failure occurred during cleanup.
 	FleetConfigCleanupFailed = "CleanupFailed"
+
+	// FleetConfigAddonsEnabled means that all addons have been enabled for a particular Spoke.
+	FleetConfigAddonsEnabled = "AddonsEnabled"
 )
 
 // FleetConfig condition reasons

fleetconfig-controller/api/v1alpha1/fleetconfig_types.go

@@ -392,13 +392,20 @@ func (s *Spoke) GetPurgeKlusterletOperator() bool {
 
 // JoinType returns a status condition type indicating that a particular Spoke cluster has joined the Hub.
 func (s *Spoke) JoinType() string {
-	return fmt.Sprintf("spoke-cluster-%s-joined", s.conditionName())
+	baseMsg := "spoke-cluster-%s-joined"
+	return fmt.Sprintf(baseMsg, s.conditionName(maxConditionNameLen(baseMsg)))
 }
 
-func (s *Spoke) conditionName() string {
+// AddonEnableType returns a status condition type indicating that a particular Spoke cluster's addons have been disabled.
+func (s *Spoke) AddonEnableType() string {
+	baseMsg := "spoke-cluster-%s-addons-enabled"
+	return fmt.Sprintf(baseMsg, s.conditionName(maxConditionNameLen(baseMsg)))
+}
+
+func (s *Spoke) conditionName(c int) string {
 	name := s.Name
-	if len(name) > 42 {
-		name = name[:42] // account for extra 21 chars in the condition type (max. total of 63)
+	if len(name) > c {
+		name = name[:c] // account for extra chars in the condition type (max. total of 63)
 	}
 	return name
 }
@@ -431,6 +438,11 @@ type JoinedSpoke struct {
 	// +kubebuilder:default:=true
 	// +optional
 	PurgeKlusterletOperator bool `json:"purgeKlusterletOperator,omitempty"`
+
+	// EnabledAddons is the list of addons that are currently enabled for the cluster.
+	// +kubebuilder:default:={}
+	// +optional
+	EnabledAddons []string `json:"enabledAddons,omitempty"`
 }
 
 // GetName returns the name of the joined spoke cluster.
@@ -450,13 +462,20 @@ func (j *JoinedSpoke) GetPurgeKlusterletOperator() bool {
 
 // UnjoinType returns a status condition type indicating that a particular Spoke cluster has been removed from the Hub.
 func (j *JoinedSpoke) UnjoinType() string {
-	return fmt.Sprintf("spoke-cluster-%s-unjoined", j.conditionName())
+	baseMsg := "spoke-cluster-%s-unjoined"
+	return fmt.Sprintf(baseMsg, j.conditionName(maxConditionNameLen(baseMsg)))
 }
 
-func (j *JoinedSpoke) conditionName() string {
+// AddonDisableType returns a status condition type indicating that a particular Spoke cluster's addons have been disabled.
+func (j *JoinedSpoke) AddonDisableType() string {
+	baseMsg := "spoke-cluster-%s-addons-disabled"
+	return fmt.Sprintf(baseMsg, j.conditionName(maxConditionNameLen(baseMsg)))
+}
+
+func (j *JoinedSpoke) conditionName(c int) string {
 	name := j.Name
-	if len(name) > 40 {
-		name = name[:40] // account for extra 23 chars in the condition type (max. total of 63)
+	if len(name) > c {
+		name = name[:c] // account for extra chars in the condition type (max. total of 63)
 	}
 	return name
 }
@@ -656,3 +675,30 @@ type FleetConfigList struct {
 func init() {
 	SchemeBuilder.Register(&FleetConfig{}, &FleetConfigList{})
 }
+
+func maxConditionNameLen(base string) int {
+	maxLen := 316 // a metav1.Condition.Type type can be at most 316 chars long
+	return maxLen - (len(base) - 2)
+}
+
+// IsUnjoined returns true if a spoke cluster was successfully joined and then successfully unjoined, and the unjoined timestamp is after the joined timestamp.
+// Returns false in all other cases.
+func (m *FleetConfig) IsUnjoined(spoke Spoke, joinedSpoke JoinedSpoke) bool {
+	joinedC := m.GetCondition(spoke.JoinType())
+	if joinedC == nil {
+		return false
+	}
+	unjoinedC := m.GetCondition(joinedSpoke.UnjoinType())
+	if unjoinedC == nil {
+		return false
+	}
+	if unjoinedC.Status != metav1.ConditionTrue {
+		return false
+	}
+	// at this point, unjoined is known to be true. if joined is not true, cluster has not been successfully rejoined
+	if joinedC.Status != metav1.ConditionTrue {
+		return true
+	}
+	// if both exist and are true, compare timestamps
+	return unjoinedC.LastTransitionTime.After(joinedC.LastTransitionTime.Time)
+}

fleetconfig-controller/api/v1alpha1/fleetconfig_types_test.go

@@ -0,0 +1,220 @@
+package v1alpha1
+
+import (
+	"testing"
+	"time"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func TestFleetConfig_IsUnjoined(t *testing.T) {
+	// Create base time for testing
+	baseTime := time.Now()
+	joinedTime := metav1.NewTime(baseTime)
+	unjoinedTime := metav1.NewTime(baseTime.Add(time.Hour)) // 1 hour later
+
+	tests := []struct {
+		name        string
+		fleetConfig *FleetConfig
+		spoke       Spoke
+		joinedSpoke JoinedSpoke
+		want        bool
+	}{
+		{
+			name: "successfully joined and unjoined - should return true",
+			fleetConfig: &FleetConfig{
+				Status: FleetConfigStatus{
+					Conditions: []Condition{
+						{
+							Condition: metav1.Condition{
+								Type:               "spoke-cluster-testcluster-joined",
+								Status:             metav1.ConditionTrue,
+								LastTransitionTime: joinedTime,
+							},
+						},
+						{
+							Condition: metav1.Condition{
+								Type:               "spoke-cluster-testcluster-unjoined",
+								Status:             metav1.ConditionTrue,
+								LastTransitionTime: unjoinedTime,
+							},
+						},
+					},
+				},
+			},
+			spoke:       Spoke{Name: "testcluster"},
+			joinedSpoke: JoinedSpoke{Name: "testcluster"},
+			want:        true,
+		},
+		{
+			name: "joined but not unjoined - should return false",
+			fleetConfig: &FleetConfig{
+				Status: FleetConfigStatus{
+					Conditions: []Condition{
+						{
+							Condition: metav1.Condition{
+								Type:               "spoke-cluster-testcluster-joined",
+								Status:             metav1.ConditionTrue,
+								LastTransitionTime: joinedTime,
+							},
+						},
+						// No unjoin condition
+					},
+				},
+			},
+			spoke:       Spoke{Name: "testcluster"},
+			joinedSpoke: JoinedSpoke{Name: "testcluster"},
+			want:        false,
+		},
+		{
+			name: "both conditions exist but unjoin is False - should return false",
+			fleetConfig: &FleetConfig{
+				Status: FleetConfigStatus{
+					Conditions: []Condition{
+						{
+							Condition: metav1.Condition{
+								Type:               "spoke-cluster-testcluster-joined",
+								Status:             metav1.ConditionTrue,
+								LastTransitionTime: joinedTime,
+							},
+						},
+						{
+							Condition: metav1.Condition{
+								Type:               "spoke-cluster-testcluster-unjoined",
+								Status:             metav1.ConditionFalse,
+								LastTransitionTime: unjoinedTime,
+							},
+						},
+					},
+				},
+			},
+			spoke:       Spoke{Name: "testcluster"},
+			joinedSpoke: JoinedSpoke{Name: "testcluster"},
+			want:        false,
+		},
+		{
+			name: "both conditions exist but join is False - should return true",
+			fleetConfig: &FleetConfig{
+				Status: FleetConfigStatus{
+					Conditions: []Condition{
+						{
+							Condition: metav1.Condition{
+								Type:               "spoke-cluster-testcluster-joined",
+								Status:             metav1.ConditionFalse,
+								LastTransitionTime: metav1.NewTime(unjoinedTime.Add(time.Hour)), // 1 hour after unjoin, failed re-join
+							},
+						},
+						{
+							Condition: metav1.Condition{
+								Type:               "spoke-cluster-testcluster-unjoined",
+								Status:             metav1.ConditionTrue,
+								LastTransitionTime: unjoinedTime,
+							},
+						},
+					},
+				},
+			},
+			spoke:       Spoke{Name: "testcluster"},
+			joinedSpoke: JoinedSpoke{Name: "testcluster"},
+			want:        true,
+		},
+		{
+			name: "both conditions exist but unjoin time is before join time - should return false",
+			fleetConfig: &FleetConfig{
+				Status: FleetConfigStatus{
+					Conditions: []Condition{
+						{
+							Condition: metav1.Condition{
+								Type:               "spoke-cluster-testcluster-joined",
+								Status:             metav1.ConditionTrue,
+								LastTransitionTime: joinedTime,
+							},
+						},
+						{
+							Condition: metav1.Condition{
+								Type:               "spoke-cluster-testcluster-unjoined",
+								Status:             metav1.ConditionTrue,
+								LastTransitionTime: metav1.NewTime(baseTime.Add(-time.Hour)), // 1 hour earlier
+							},
+						},
+					},
+				},
+			},
+			spoke:       Spoke{Name: "testcluster"},
+			joinedSpoke: JoinedSpoke{Name: "testcluster"},
+			want:        false,
+		},
+		{
+			name: "both conditions exist with same time - should return false",
+			fleetConfig: &FleetConfig{
+				Status: FleetConfigStatus{
+					Conditions: []Condition{
+						{
+							Condition: metav1.Condition{
+								Type:               "spoke-cluster-testcluster-joined",
+								Status:             metav1.ConditionTrue,
+								LastTransitionTime: joinedTime,
+							},
+						},
+						{
+							Condition: metav1.Condition{
+								Type:               "spoke-cluster-testcluster-unjoined",
+								Status:             metav1.ConditionTrue,
+								LastTransitionTime: joinedTime, // Same time
+							},
+						},
+					},
+				},
+			},
+			spoke:       Spoke{Name: "testcluster"},
+			joinedSpoke: JoinedSpoke{Name: "testcluster"},
+			want:        false,
+		},
+		{
+			name: "no conditions exist - should return false",
+			fleetConfig: &FleetConfig{
+				Status: FleetConfigStatus{
+					Conditions: []Condition{},
+				},
+			},
+			spoke:       Spoke{Name: "testcluster"},
+			joinedSpoke: JoinedSpoke{Name: "testcluster"},
+			want:        false,
+		},
+		{
+			name: "conditions with Unknown status - should return false",
+			fleetConfig: &FleetConfig{
+				Status: FleetConfigStatus{
+					Conditions: []Condition{
+						{
+							Condition: metav1.Condition{
+								Type:               "spoke-cluster-testcluster-joined",
+								Status:             metav1.ConditionUnknown,
+								LastTransitionTime: joinedTime,
+							},
+						},
+						{
+							Condition: metav1.Condition{
+								Type:               "spoke-cluster-testcluster-unjoined",
+								Status:             metav1.ConditionTrue,
+								LastTransitionTime: unjoinedTime,
+							},
+						},
+					},
+				},
+			},
+			spoke:       Spoke{Name: "testcluster"},
+			joinedSpoke: JoinedSpoke{Name: "testcluster"},
+			want:        true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := tt.fleetConfig.IsUnjoined(tt.spoke, tt.joinedSpoke)
+			if got != tt.want {
+				t.Errorf("FleetConfig.IsUnjoined() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

fleetconfig-controller/api/v1alpha1/fleetconfig_webhook.go

@@ -130,8 +130,8 @@ func (v *FleetConfigCustomValidator) ValidateCreate(ctx context.Context, obj run
 		}
 	}
 
-	allErrs = append(allErrs, validateAddonConfigs(ctx, v.client, fc)...)
-
+	allErrs = append(allErrs, validateAddonConfigs(ctx, v.client, nil, fc)...)
+	allErrs = append(allErrs, validateAddons(fc)...)
 	if len(allErrs) > 0 {
 		return warnings, errors.NewInvalid(GroupKind, fc.Name, allErrs)
 	}
@@ -166,7 +166,8 @@ func (v *FleetConfigCustomValidator) ValidateUpdate(ctx context.Context, oldObj,
 		return nil, err
 	}
 
-	errs := validateAddonConfigs(ctx, v.client, fc)
+	errs := validateAddonConfigs(ctx, v.client, oldFc, fc)
+	errs = append(errs, validateAddons(fc)...)
 	if len(errs) > 0 {
 		return nil, errors.NewInvalid(GroupKind, fc.Name, errs)
 	}