Fix token path in hosted mode (open-cluster-management-io#284)

Signed-off-by: Jian Qiu <jqiu@redhat.com> Signed-off-by: Jian Qiu <jqiu@redhat.com>
TomerFi · Oct 18, 2022 · fbbb5d9 · fbbb5d9
1 parent 432fac3
commit fbbb5d9
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 38 deletions.
diff --git a/pkg/helpers/helpers_test.go b/pkg/helpers/helpers_test.go
@@ -3,6 +3,7 @@ package helpers
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"reflect"
 	"testing"
@@ -1191,7 +1192,7 @@ func TestGetRelatedResource(t *testing.T) {
 			objData := assets.MustCreateAssetFromTemplate(c.manifestFile, template, c.config).Data
 
 			relatedResource, err := GenerateRelatedResource(objData)
-			if !reflect.DeepEqual(err, c.expectedErr) {
+			if !errors.Is(err, c.expectedErr) {
 				t.Errorf(diff.ObjectDiff(err, c.expectedErr))
 			}
 			if !reflect.DeepEqual(relatedResource, c.expectedRelatedResource) {

diff --git a/pkg/helpers/sa_syncer.go b/pkg/helpers/sa_syncer.go
@@ -3,6 +3,7 @@ package helpers
 import (
 	"context"
 	"io/ioutil"
+	"path/filepath"
 	"time"
 
 	"github.com/openshift/library-go/pkg/operator/events"
@@ -70,11 +71,11 @@ func SATokenGetter(ctx context.Context, saName, saNamespace string, saClient kub
 	}
 }
 
-func SyncKubeConfigSecret(ctx context.Context, secretName, secretNamespace string, templateKubeconfig *rest.Config, secretClient coreclientv1.SecretsGetter, tokenGetter TokenGetterFunc, recorder events.Recorder) error {
+func SyncKubeConfigSecret(ctx context.Context, secretName, secretNamespace, kubeconfigPath string, templateKubeconfig *rest.Config, secretClient coreclientv1.SecretsGetter, tokenGetter TokenGetterFunc, recorder events.Recorder) error {
 	secret, err := secretClient.Secrets(secretNamespace).Get(ctx, secretName, metav1.GetOptions{})
 	switch {
 	case errors.IsNotFound(err):
-		return applyKubeconfigSecret(ctx, templateKubeconfig, secretName, secretNamespace, secretClient, tokenGetter, recorder)
+		return applyKubeconfigSecret(ctx, templateKubeconfig, secretName, secretNamespace, kubeconfigPath, secretClient, tokenGetter, recorder)
 	case err != nil:
 		return err
 	}
@@ -83,7 +84,7 @@ func SyncKubeConfigSecret(ctx context.Context, secretName, secretNamespace strin
 		return nil
 	}
 
-	return applyKubeconfigSecret(ctx, templateKubeconfig, secretName, secretNamespace, secretClient, tokenGetter, recorder)
+	return applyKubeconfigSecret(ctx, templateKubeconfig, secretName, secretNamespace, kubeconfigPath, secretClient, tokenGetter, recorder)
 }
 
 func tokenValid(secret *corev1.Secret) bool {
@@ -112,7 +113,7 @@ func tokenValid(secret *corev1.Secret) bool {
 }
 
 // applyKubeconfigSecret would render saToken to a secret.
-func applyKubeconfigSecret(ctx context.Context, templateKubeconfig *rest.Config, secretName, secretNamespace string, secretClient coreclientv1.SecretsGetter, tokenGetter TokenGetterFunc, recorder events.Recorder) error {
+func applyKubeconfigSecret(ctx context.Context, templateKubeconfig *rest.Config, secretName, secretNamespace, kubeconfigPath string, secretClient coreclientv1.SecretsGetter, tokenGetter TokenGetterFunc, recorder events.Recorder) error {
 
 	token, expiration, err := tokenGetter()
 	if err != nil {
@@ -155,7 +156,7 @@ func applyKubeconfigSecret(ctx context.Context, templateKubeconfig *rest.Config,
 		},
 		AuthInfos: map[string]*clientcmdapi.AuthInfo{
 			"user": {
-				TokenFile: "token",
+				TokenFile: filepath.Join(filepath.Dir(kubeconfigPath), "token"),
 			},
 		},
 		CurrentContext: "context",

diff --git a/pkg/helpers/sa_syncer_test.go b/pkg/helpers/sa_syncer_test.go
@@ -194,7 +194,7 @@ func TestApplyKubeconfigSecret(t *testing.T) {
 				return tt.token, expiration, tt.tokenGetError
 			}
 			client := testclient.NewSimpleClientset(tt.secrets...)
-			err := SyncKubeConfigSecret(context.TODO(), secretName, secretNamespace, tkc, client.CoreV1(), tokenGetter, eventstesting.NewTestingEventRecorder(t))
+			err := SyncKubeConfigSecret(context.TODO(), secretName, secretNamespace, "/tmp/kubeconfig", tkc, client.CoreV1(), tokenGetter, eventstesting.NewTestingEventRecorder(t))
 			if err != nil && !tt.wantErr {
 				t.Error(err)
 			}

diff --git a/...perators/clustermanager/controllers/clustermanagercontroller/clustermanager_controller.go b/...perators/clustermanager/controllers/clustermanagercontroller/clustermanager_controller.go
@@ -754,7 +754,7 @@ func ensureSAKubeconfigs(ctx context.Context, clusterManagerName, clusterManager
 	sas := getSAs(clusterManagerName)
 	for _, sa := range sas {
 		tokenGetter := helpers.SATokenGetter(ctx, sa, clusterManagerNamespace, hubClient)
-		err := helpers.SyncKubeConfigSecret(ctx, sa+"-kubeconfig", clusterManagerNamespace, &rest.Config{
+		err := helpers.SyncKubeConfigSecret(ctx, sa+"-kubeconfig", clusterManagerNamespace, "/var/run/secrets/hub/kubeconfig", &rest.Config{
 			Host: hubKubeConfig.Host,
 			TLSClientConfig: rest.TLSClientConfig{
 				CAData: hubKubeConfig.CAData,

diff --git a/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go b/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go
@@ -565,7 +565,7 @@ func (n *klusterletController) createManagedClusterKubeconfig(
 	saClient kubernetes.Interface, secretClient coreclientv1.SecretsGetter,
 	recorder events.Recorder) error {
 	tokenGetter := helpers.SATokenGetter(ctx, saName, klusterletNamespace, saClient)
-	err := helpers.SyncKubeConfigSecret(ctx, secretName, agentNamespace, kubeconfigTemplate, n.kubeClient.CoreV1(), tokenGetter, recorder)
+	err := helpers.SyncKubeConfigSecret(ctx, secretName, agentNamespace, "/spoke/config/kubeconfig", kubeconfigTemplate, n.kubeClient.CoreV1(), tokenGetter, recorder)
 	if err != nil {
 		_, _, _ = helpers.UpdateKlusterletStatus(ctx, n.klusterletClient, klusterletName, helpers.UpdateKlusterletConditionFn(metav1.Condition{
 			Type: klusterletApplied, Status: metav1.ConditionFalse, Reason: "KlusterletApplyFailed",

diff --git a/test/e2e/clusterset_test.go b/test/e2e/clusterset_test.go
@@ -34,19 +34,13 @@ var _ = ginkgo.Describe("Create v1beta2 managedclusterset", func() {
 		}
 		gomega.Eventually(func() bool {
 			_, err := t.ClusterClient.ClusterV1beta2().ManagedClusterSets().Create(context.Background(), managedClusterSet, metav1.CreateOptions{})
-			if err != nil {
-				return false
-			}
-			return true
+			return err == nil
 		}, t.EventuallyTimeout*5, t.EventuallyInterval*5).Should(gomega.BeTrue())
 
 		ginkgo.By("Get v1beta2 ManagedClusterSet using v1beta2 client")
 		gomega.Eventually(func() bool {
 			_, err := t.ClusterClient.ClusterV1beta2().ManagedClusterSets().Get(context.Background(), managedClusterSetName, metav1.GetOptions{})
-			if err != nil {
-				return false
-			}
-			return true
+			return err == nil
 		}, t.EventuallyTimeout*5, t.EventuallyInterval*5).Should(gomega.BeTrue())
 
 		ginkgo.By("Update v1beta2 ManagedClusterSet using v1beta2 client")
@@ -57,20 +51,14 @@ var _ = ginkgo.Describe("Create v1beta2 managedclusterset", func() {
 			}
 			updateManagedClusterSet := managedClusterSet.DeepCopy()
 			updateManagedClusterSet.Spec.ClusterSelector.LabelSelector.MatchLabels = nil
-			updateManagedClusterSet, err = t.ClusterClient.ClusterV1beta2().ManagedClusterSets().Update(context.Background(), updateManagedClusterSet, metav1.UpdateOptions{})
-			if err != nil {
-				return false
-			}
-			return true
+			_, err = t.ClusterClient.ClusterV1beta2().ManagedClusterSets().Update(context.Background(), updateManagedClusterSet, metav1.UpdateOptions{})
+			return err == nil
 		}, t.EventuallyTimeout*5, t.EventuallyInterval*5).Should(gomega.BeTrue())
 
 		ginkgo.By("Delete v1beta2 ManagedClusterSet using v1beta2 client")
 		gomega.Eventually(func() bool {
 			err := t.ClusterClient.ClusterV1beta2().ManagedClusterSets().Delete(context.Background(), managedClusterSetName, metav1.DeleteOptions{})
-			if err != nil {
-				return false
-			}
-			return true
+			return err == nil
 		}, t.EventuallyTimeout*5, t.EventuallyInterval*5).Should(gomega.BeTrue())
 	})
 	ginkgo.It("Create a v1beta2 labelselector based ManagedClusterSet and get/update/delete with v1beta1 client", func() {
@@ -94,10 +82,7 @@ var _ = ginkgo.Describe("Create v1beta2 managedclusterset", func() {
 		}
 		gomega.Eventually(func() bool {
 			_, err := t.ClusterClient.ClusterV1beta2().ManagedClusterSets().Create(context.Background(), managedClusterSet, metav1.CreateOptions{})
-			if err != nil {
-				return false
-			}
-			return true
+			return err == nil
 		}, t.EventuallyTimeout*5, t.EventuallyInterval*5).Should(gomega.BeTrue())
 
 		ginkgo.By("Get v1beta2 ManagedClusterSet using v1beta1 client")
@@ -123,19 +108,13 @@ var _ = ginkgo.Describe("Create v1beta2 managedclusterset", func() {
 			}
 			updateManagedClusterSet.Spec.ClusterSelector.LabelSelector.MatchLabels = nil
 			_, err = t.ClusterClient.ClusterV1beta1().ManagedClusterSets().Update(context.Background(), updateManagedClusterSet, metav1.UpdateOptions{})
-			if err != nil {
-				return false
-			}
-			return true
+			return err == nil
 		}, t.EventuallyTimeout*5, t.EventuallyInterval*5).Should(gomega.BeTrue())
 
 		ginkgo.By("Delete v1beta2 ManagedClusterSet using v1beta1 client")
 		gomega.Eventually(func() bool {
 			err := t.ClusterClient.ClusterV1beta1().ManagedClusterSets().Delete(context.Background(), managedClusterSetName, metav1.DeleteOptions{})
-			if err != nil {
-				return false
-			}
-			return true
+			return err == nil
 		}, t.EventuallyTimeout*5, t.EventuallyInterval*5).Should(gomega.BeTrue())
 	})
 })