Support pull-secret re-creation in fixup

Co-Authored-By: Jim Minter <jminter@redhat.com>
2020-05-07 10:28:23 +01:00 · 2020-05-07 10:28:23 +01:00 · a7776dd4e1
--- a/pkg/genevalogging/genevalogging.go
+++ b/pkg/genevalogging/genevalogging.go
@ -17,7 +17,6 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
-	kerrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
@ -350,7 +349,7 @@ func (g *genevaLogging) CreateOrUpdate(ctx context.Context) error {
 	scc.Users = []string{kubeServiceAccount}

 	_, err = g.seccli.SecurityV1().SecurityContextConstraints().Create(scc)
-	if err != nil && !kerrors.IsAlreadyExists(err) {
+	if err != nil && !errors.IsAlreadyExists(err) {
 		return err
 	}

--- a/pkg/install/fixpullsecret.go
+++ b/pkg/install/fixpullsecret.go
@ -7,6 +7,7 @@ import (
 	"context"

 	v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/util/retry"

@ -18,11 +19,26 @@ func (i *Installer) fixPullSecret(ctx context.Context) error {
 	// development mode.

 	return retry.RetryOnConflict(retry.DefaultRetry, func() error {
+		var isCreate bool
 		ps, err := i.kubernetescli.CoreV1().Secrets("openshift-config").Get("pull-secret", metav1.GetOptions{})
-		if err != nil {
+		switch {
+		case errors.IsNotFound(err):
+			ps = &v1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "pull-secret",
+					Namespace: "openshift-config",
+				},
+				Type: v1.SecretTypeDockerConfigJson,
+			}
+			isCreate = true
+		case err != nil:
 			return err
 		}

+		if ps.Data == nil {
+			ps.Data = map[string][]byte{}
+		}
+
 		pullSecret, changed, err := pullsecret.SetRegistryProfiles(string(ps.Data[v1.DockerConfigJsonKey]), i.doc.OpenShiftCluster.Properties.RegistryProfiles...)
 		if err != nil {
 			return err
@ -34,7 +50,11 @@ func (i *Installer) fixPullSecret(ctx context.Context) error {

 		ps.Data[v1.DockerConfigJsonKey] = []byte(pullSecret)

-		_, err = i.kubernetescli.CoreV1().Secrets("openshift-config").Update(ps)
+		if isCreate {
+			_, err = i.kubernetescli.CoreV1().Secrets("openshift-config").Create(ps)
+		} else {
+			_, err = i.kubernetescli.CoreV1().Secrets("openshift-config").Update(ps)
+		}
 		return err
 	})
 }
--- a/pkg/install/fixpullsecret_test.go
+++ b/pkg/install/fixpullsecret_test.go
@ -19,15 +19,40 @@ import (
 func TestFixPullSecret(t *testing.T) {
 	ctx := context.Background()

+	newFakecli := func(data map[string][]byte) *fake.Clientset {
+		return fake.NewSimpleClientset(&v1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "pull-secret",
+				Namespace: "openshift-config",
+			},
+			Data: data,
+		})
+	}
+
 	for _, tt := range []struct {
 		name        string
-		current     []byte
+		fakecli     *fake.Clientset
 		rps         []*api.RegistryProfile
 		want        string
+		wantCreated bool
 		wantUpdated bool
 	}{
 		{
-			name: "missing pull secret",
+			name:    "deleted pull secret",
+			fakecli: fake.NewSimpleClientset(),
+			rps: []*api.RegistryProfile{
+				{
+					Name:     "arosvc.azurecr.io",
+					Username: "fred",
+					Password: "enter",
+				},
+			},
+			want:        `{"auths":{"arosvc.azurecr.io":{"auth":"ZnJlZDplbnRlcg=="}}}`,
+			wantCreated: true,
+		},
+		{
+			name:    "missing arosvc pull secret",
+			fakecli: newFakecli(nil),
 			rps: []*api.RegistryProfile{
 				{
 					Name:     "arosvc.azurecr.io",
@ -39,8 +64,10 @@ func TestFixPullSecret(t *testing.T) {
 			wantUpdated: true,
 		},
 		{
-			name:    "modified pull secret",
-			current: []byte(`{"auths":{"arosvc.azurecr.io":{"auth":""}}}`),
+			name: "modified arosvc pull secret",
+			fakecli: newFakecli(map[string][]byte{
+				v1.DockerConfigJsonKey: []byte(`{"auths":{"arosvc.azurecr.io":{"auth":""}}}`),
+			}),
 			rps: []*api.RegistryProfile{
 				{
 					Name:     "arosvc.azurecr.io",
@ -52,8 +79,10 @@ func TestFixPullSecret(t *testing.T) {
 			wantUpdated: true,
 		},
 		{
-			name:    "no change",
-			current: []byte(`{"auths":{"arosvc.azurecr.io":{"auth":"ZnJlZDplbnRlcg=="}}}`),
+			name: "no change",
+			fakecli: newFakecli(map[string][]byte{
+				v1.DockerConfigJsonKey: []byte(`{"auths":{"arosvc.azurecr.io":{"auth":"ZnJlZDplbnRlcg=="}}}`),
+			}),
 			rps: []*api.RegistryProfile{
 				{
 					Name:     "arosvc.azurecr.io",
@ -65,25 +94,20 @@ func TestFixPullSecret(t *testing.T) {
 		},
 	} {
 		t.Run(tt.name, func(t *testing.T) {
-			var updated bool
+			var created, updated bool

-			fakecli := fake.NewSimpleClientset(&v1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "pull-secret",
-					Namespace: "openshift-config",
-				},
-				Data: map[string][]byte{
-					v1.DockerConfigJsonKey: tt.current,
-				},
+			tt.fakecli.PrependReactor("create", "secrets", func(action ktesting.Action) (handled bool, ret runtime.Object, err error) {
+				created = true
+				return false, nil, nil
 			})

-			fakecli.PrependReactor("update", "secrets", func(action ktesting.Action) (handled bool, ret runtime.Object, err error) {
+			tt.fakecli.PrependReactor("update", "secrets", func(action ktesting.Action) (handled bool, ret runtime.Object, err error) {
 				updated = true
 				return false, nil, nil
 			})

 			i := &Installer{
-				kubernetescli: fakecli,
+				kubernetescli: tt.fakecli,
 				doc: &api.OpenShiftClusterDocument{
 					OpenShiftCluster: &api.OpenShiftCluster{
 						Properties: api.OpenShiftClusterProperties{
@ -98,6 +122,10 @@ func TestFixPullSecret(t *testing.T) {
 				t.Error(err)
 			}

+			if created != tt.wantCreated {
+				t.Fatal(created)
+			}
+
 			if updated != tt.wantUpdated {
 				t.Fatal(updated)
 			}