diff --git a/Makefile b/Makefile index a8c4d1f5f..26a265bcb 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ build-image: test: test-unit test-e2e test-unit: - go test -parallel 1 ./cmd/... ./pkg/... + go test ./cmd/... ./pkg/... test-e2e: KUBERNETES_CONFIG=${KUBECONFIG} go test -parallel 1 -timeout 30m -v ./test/e2e/... diff --git a/pkg/client/listers.go b/pkg/client/listers.go index 19db4f3af..5c85d1453 100644 --- a/pkg/client/listers.go +++ b/pkg/client/listers.go @@ -1,16 +1,14 @@ package client import ( - corelisters "k8s.io/client-go/listers/core/v1" - imagelisters "github.com/openshift/client-go/image/listers/image/v1" templatelisters "github.com/openshift/client-go/template/listers/template/v1" + corelisters "k8s.io/client-go/listers/core/v1" sampoplisters "github.com/openshift/client-go/samples/listers/samples/v1" ) type Listers struct { - OpenShiftNamespaceSecrets corelisters.SecretNamespaceLister ConfigNamespaceSecrets corelisters.SecretNamespaceLister ImageStreams imagelisters.ImageStreamNamespaceLister Templates templatelisters.TemplateNamespaceLister diff --git a/pkg/metrics/metrics.go b/pkg/metrics/metrics.go index 2fb3a1d70..4bf6fb173 100644 --- a/pkg/metrics/metrics.go +++ b/pkg/metrics/metrics.go @@ -149,7 +149,7 @@ func (sc *samplesCollector) Collect(ch chan<- prometheus.Metric) { addCountGauge(ch, invalidSecretDesc, missingTBRCredential, float64(0)) return } - secret, err := sc.secrets.Get(configv1.SamplesRegistryCredentials) + secret, err := sc.secrets.Get("pull-secret") if err != nil { logrus.Infof("metrics pull secret retrieval failed with: %s", err.Error()) addCountGauge(ch, invalidSecretDesc, missingTBRCredential, float64(1)) @@ -189,7 +189,7 @@ func init() { } func InitializeMetricsCollector(listers *client.Listers) { - sc.secrets = listers.OpenShiftNamespaceSecrets + sc.secrets = listers.ConfigNamespaceSecrets sc.config = listers.Config if !registered { diff --git a/pkg/operator/controller.go b/pkg/operator/controller.go index 916af9559..f2e3e2acb 100644 --- a/pkg/operator/controller.go +++ b/pkg/operator/controller.go @@ -7,7 +7,6 @@ import ( "github.com/sirupsen/logrus" - corev1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" metaapi "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -27,10 +26,10 @@ import ( templateinformers "github.com/openshift/client-go/template/informers/externalversions" sampopapi "github.com/openshift/api/samples/v1" - sampcache "github.com/openshift/cluster-samples-operator/pkg/cache" - sampopclient "github.com/openshift/cluster-samples-operator/pkg/client" sampleclientv1 "github.com/openshift/client-go/samples/clientset/versioned" sampopinformers "github.com/openshift/client-go/samples/informers/externalversions" + sampcache "github.com/openshift/cluster-samples-operator/pkg/cache" + sampopclient "github.com/openshift/cluster-samples-operator/pkg/client" operatorstatus "github.com/openshift/cluster-samples-operator/pkg/operatorstatus" "github.com/openshift/cluster-samples-operator/pkg/stub" @@ -46,19 +45,14 @@ type Controller struct { restconfig *restclient.Config cvowrapper *operatorstatus.ClusterOperatorHandler - crWorkqueue workqueue.RateLimitingInterface - osSecWorkqueue workqueue.RateLimitingInterface - ocSecWorkqueue workqueue.RateLimitingInterface - isWorkqueue workqueue.RateLimitingInterface - tWorkqueue workqueue.RateLimitingInterface + crWorkqueue workqueue.RateLimitingInterface + isWorkqueue workqueue.RateLimitingInterface + tWorkqueue workqueue.RateLimitingInterface - crInformer cache.SharedIndexInformer - osSecInformer cache.SharedIndexInformer - ocSecInformer cache.SharedIndexInformer - isInformer cache.SharedIndexInformer - tInformer cache.SharedIndexInformer + crInformer cache.SharedIndexInformer + isInformer cache.SharedIndexInformer + tInformer cache.SharedIndexInformer - kubeOSNSInformerFactory kubeinformers.SharedInformerFactory kubeOCNSInformerFactory kubeinformers.SharedInformerFactory imageInformerFactory imageinformers.SharedInformerFactory templateInformerFactory templateinformers.SharedInformerFactory @@ -81,14 +75,12 @@ func NewController() (*Controller, error) { listers := &sampopclient.Listers{} c := &Controller{ - restconfig: kubeconfig, - cvowrapper: operatorstatus.NewClusterOperatorHandler(operatorClient), - crWorkqueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "samplesconfig-changes"), - osSecWorkqueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "openshift-secret-changes"), - ocSecWorkqueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "openshift-config-namespace-secret-changes"), - isWorkqueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "imagestream-changes"), - tWorkqueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "template-changes"), - listers: listers, + restconfig: kubeconfig, + cvowrapper: operatorstatus.NewClusterOperatorHandler(operatorClient), + crWorkqueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "samplesconfig-changes"), + isWorkqueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "imagestream-changes"), + tWorkqueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "template-changes"), + listers: listers, } // Initial event to bootstrap CR if it doesn't exist. @@ -114,7 +106,6 @@ func NewController() (*Controller, error) { return nil, err } - c.kubeOSNSInformerFactory = kubeinformers.NewFilteredSharedInformerFactory(kubeClient, defaultResyncDuration, "openshift", nil) c.kubeOCNSInformerFactory = kubeinformers.NewFilteredSharedInformerFactory(kubeClient, defaultResyncDuration, "openshift-config", nil) //TODO - eventually a k8s go-client deps bump will lead to the form below, similar to the image registry operator's kubeinformer initialization, // and similar to what is available with the openshift go-client for imagestreams and templates @@ -123,12 +114,6 @@ func NewController() (*Controller, error) { c.templateInformerFactory = templateinformers.NewSharedInformerFactoryWithOptions(templateClient, defaultResyncDuration, templateinformers.WithNamespace("openshift")) c.sampopInformerFactory = sampopinformers.NewSharedInformerFactory(sampopClient, defaultResyncDuration) - c.osSecInformer = c.kubeOSNSInformerFactory.Core().V1().Secrets().Informer() - c.osSecInformer.AddEventHandler(c.osSecretInformerEventHandler()) - c.listers.OpenShiftNamespaceSecrets = c.kubeOSNSInformerFactory.Core().V1().Secrets().Lister().Secrets("openshift") - - c.ocSecInformer = c.kubeOCNSInformerFactory.Core().V1().Secrets().Informer() - c.ocSecInformer.AddEventHandler(c.ocSecretInformerEventHandler()) c.listers.ConfigNamespaceSecrets = c.kubeOCNSInformerFactory.Core().V1().Secrets().Lister().Secrets("openshift-config") c.isInformer = c.imageInformerFactory.Image().V1().ImageStreams().Informer() @@ -154,20 +139,15 @@ func NewController() (*Controller, error) { func (c *Controller) Run(stopCh <-chan struct{}) error { defer c.crWorkqueue.ShutDown() - defer c.osSecWorkqueue.ShutDown() - defer c.ocSecWorkqueue.ShutDown() defer c.isWorkqueue.ShutDown() defer c.tWorkqueue.ShutDown() - c.kubeOSNSInformerFactory.Start(stopCh) - c.kubeOCNSInformerFactory.Start(stopCh) c.imageInformerFactory.Start(stopCh) c.templateInformerFactory.Start(stopCh) c.sampopInformerFactory.Start(stopCh) logrus.Println("waiting for informer caches to sync") - if !cache.WaitForCacheSync(stopCh, c.osSecInformer.HasSynced, c.ocSecInformer.HasSynced, - c.isInformer.HasSynced, c.tInformer.HasSynced, c.crInformer.HasSynced) { + if !cache.WaitForCacheSync(stopCh, c.isInformer.HasSynced, c.tInformer.HasSynced, c.crInformer.HasSynced) { return fmt.Errorf("failed to wait for caches to sync") } @@ -177,18 +157,6 @@ func (c *Controller) Run(stopCh <-chan struct{}) error { getter: &crGetter{}, } go wait.Until(crQueueWorker.workqueueProcessor, time.Second, stopCh) - osSecQueueWorker := queueWorker{ - c: c, - workQueue: c.osSecWorkqueue, - getter: &osSecretGetter{}, - } - go wait.Until(osSecQueueWorker.workqueueProcessor, time.Second, stopCh) - ocSecQueueWorker := queueWorker{ - c: c, - workQueue: c.ocSecWorkqueue, - getter: &ocSecretGetter{}, - } - go wait.Until(ocSecQueueWorker.workqueueProcessor, time.Second, stopCh) isQueueWorker := queueWorker{ c: c, workQueue: c.isWorkqueue, @@ -225,18 +193,6 @@ func (g *crGetter) Get(c *Controller, key string) (runtime.Object, error) { return c.listers.Config.Get(sampopapi.ConfigName) } -type osSecretGetter struct{} - -func (g *osSecretGetter) Get(c *Controller, key string) (runtime.Object, error) { - return c.listers.OpenShiftNamespaceSecrets.Get(key) -} - -type ocSecretGetter struct{} - -func (g *ocSecretGetter) Get(c *Controller, key string) (runtime.Object, error) { - return c.listers.ConfigNamespaceSecrets.Get(key) -} - type isGetter struct{} func (g *isGetter) Get(c *Controller, key string) (runtime.Object, error) { @@ -299,13 +255,6 @@ func (c *crQueueKeyGen) Key(o interface{}) string { return cr.Name } -type secretQueueKeyGen struct{} - -func (c *secretQueueKeyGen) Key(o interface{}) string { - secret := o.(*corev1.Secret) - return secret.Name -} - type imagestreamQueueKeyGen struct{} func (c *imagestreamQueueKeyGen) Key(o interface{}) string { @@ -416,14 +365,6 @@ func (c *Controller) crInformerEventHandler() cache.ResourceEventHandlerFuncs { return c.commonInformerEventHandler(&crQueueKeyGen{}, c.crWorkqueue) } -func (c *Controller) osSecretInformerEventHandler() cache.ResourceEventHandlerFuncs { - return c.commonInformerEventHandler(&secretQueueKeyGen{}, c.osSecWorkqueue) -} - -func (c *Controller) ocSecretInformerEventHandler() cache.ResourceEventHandlerFuncs { - return c.commonInformerEventHandler(&secretQueueKeyGen{}, c.ocSecWorkqueue) -} - func (c *Controller) imagestreamInformerEventHandler() cache.ResourceEventHandlerFuncs { return c.commonInformerEventHandler(&imagestreamQueueKeyGen{}, c.isWorkqueue) } diff --git a/pkg/stub/config.go b/pkg/stub/config.go index acfdb19fb..390b39354 100644 --- a/pkg/stub/config.go +++ b/pkg/stub/config.go @@ -313,9 +313,6 @@ func (h *Handler) ProcessManagementField(cfg *v1.Config) (bool, bool, error) { if cfg.Spec.ManagementState != cfg.Status.ManagementState { logrus.Println("management state set to managed") - if util.ConditionFalse(cfg, v1.ImportCredentialsExist) { - h.copyDefaultClusterPullSecret(nil) - } } // will set status state to managed at top level caller // to deal with config change processing diff --git a/pkg/stub/handler.go b/pkg/stub/handler.go index 0166f970f..a4a559896 100644 --- a/pkg/stub/handler.go +++ b/pkg/stub/handler.go @@ -77,7 +77,6 @@ func NewSamplesOperatorHandler(kubeconfig *restclient.Config, h.crdlister = listers.Config h.streamlister = listers.ImageStreams h.tplstore = listers.Templates - h.opshiftsecretlister = listers.OpenShiftNamespaceSecrets h.cfgsecretlister = listers.ConfigNamespaceSecrets h.Fileimagegetter = &DefaultImageStreamFromFileGetter{} @@ -86,7 +85,6 @@ func NewSamplesOperatorHandler(kubeconfig *restclient.Config, h.imageclientwrapper = &defaultImageStreamClientWrapper{h: h, lister: listers.ImageStreams} h.templateclientwrapper = &defaultTemplateClientWrapper{h: h, lister: listers.Templates} - h.secretclientwrapper = &defaultSecretClientWrapper{coreclient: h.coreclient, opnshftlister: listers.OpenShiftNamespaceSecrets, cfglister: listers.ConfigNamespaceSecrets} h.cvowrapper = operatorstatus.NewClusterOperatorHandler(h.configclient) h.skippedImagestreams = make(map[string]bool) @@ -121,12 +119,10 @@ type Handler struct { imageclientwrapper ImageStreamClientWrapper templateclientwrapper TemplateClientWrapper - secretclientwrapper SecretClientWrapper crdlister configv1lister.ConfigLister streamlister imagev1lister.ImageStreamNamespaceLister tplstore templatev1lister.TemplateNamespaceLister - opshiftsecretlister corev1lister.SecretNamespaceLister cfgsecretlister corev1lister.SecretNamespaceLister opersecretlister corev1lister.SecretNamespaceLister @@ -446,12 +442,6 @@ func (h *Handler) CreateDefaultResourceIfNeeded(cfg *v1.Config) (*v1.Config, err cfg.Spec.ManagementState = operatorsv1api.Managed } h.AddFinalizer(cfg) - // we should get a watch event for the default pull secret, but just in case - // we miss the watch event, as well as reducing churn with not starting the - // imagestream creates until we get the event, we'll do a one time copy attempt - // here ... we don't track errors cause if it doen't work with this one time, - // we'll then fall back on the watch events, sync intervals, etc. - h.copyDefaultClusterPullSecret(nil) logrus.Println("creating default Config") err = h.crdwrapper.Create(cfg) if err != nil { @@ -487,7 +477,15 @@ func (h *Handler) CreateDefaultResourceIfNeeded(cfg *v1.Config) (*v1.Config, err func (h *Handler) initConditions(cfg *v1.Config) *v1.Config { now := kapis.Now() util.Condition(cfg, v1.SamplesExist) - util.Condition(cfg, v1.ImportCredentialsExist) + creds := util.Condition(cfg, v1.ImportCredentialsExist) + // image registry operator now handles making TBR creds available + // for imagestreams + if creds.Status != corev1.ConditionTrue { + creds.Status = corev1.ConditionTrue + creds.LastTransitionTime = now + creds.LastUpdateTime = now + util.ConditionUpdate(cfg, creds) + } valid := util.Condition(cfg, v1.ConfigurationValid) // our default config is valid; since Condition sets new conditions to false // if we get false here this is the first pass through; invalid configs @@ -582,26 +580,6 @@ func (h *Handler) Handle(event util.Event) error { err := h.processTemplateWatchEvent(t, event.Deleted) return err - case *corev1.Secret: - dockercfgSecret, _ := event.Object.(*corev1.Secret) - if !secretsWeCareAbout(dockercfgSecret) { - return nil - } - - // if we miss a delete event in the openshift namespace (since we cannot - // add a finalizer in our namespace secret), we our watch - // on the openshift-config pull secret should still repopulate; - // if that gets deleted, the whole cluster is hosed; plus, there is talk - // of moving data like that to a special config namespace that is somehow - // protected - - cfg, _ := h.crdwrapper.Get(v1.ConfigName) - if cfg != nil { - return h.processSecretEvent(cfg, dockercfgSecret, event) - } else { - return fmt.Errorf("Received secret %s but do not have the Config yet, requeuing", dockercfgSecret.Name) - } - case *v1.Config: cfg, _ := event.Object.(*v1.Config) @@ -677,19 +655,6 @@ func (h *Handler) Handle(event util.Event) error { return nil } - cfg = h.refetchCfgMinimizeConflicts(cfg) - if util.ConditionUnknown(cfg, v1.ImportCredentialsExist) { - // retry the default cred copy if it failed previously - err := h.copyDefaultClusterPullSecret(nil) - if err == nil { - cfg = h.refetchCfgMinimizeConflicts(cfg) - h.GoodConditionUpdate(cfg, corev1.ConditionTrue, v1.ImportCredentialsExist) - dbg := "cleared import cred unknown" - logrus.Printf("CRDUPDATE %s", dbg) - return h.crdwrapper.UpdateStatus(cfg, dbg) - } - } - // Every time we see a change to the Config object, update the ClusterOperator status // based on the current conditions of the Config. cfg = h.refetchCfgMinimizeConflicts(cfg) @@ -795,25 +760,6 @@ func (h *Handler) Handle(event util.Event) error { util.ConditionUpdate(cfg, condition) } - // if trying to do rhel to the default registry.redhat.io registry requires the secret - // be in place since registry.redhat.io requires auth to pull; if it is not ready - // error state will be logged by WaitingForCredential - cfg = h.refetchCfgMinimizeConflicts(cfg) - stillWaitingForSecret, callSDKToUpdate := h.WaitingForCredential(cfg) - if callSDKToUpdate { - // flush status update ... the only error generated by WaitingForCredential, not - // by api obj access - dbg := "Config update ignored since need the RHEL credential" - logrus.Printf("CRDUPDATE %s", dbg) - // if update to set import cred condition to false fails, return that error - // to requeue - return h.crdwrapper.UpdateStatus(cfg, dbg) - } - if stillWaitingForSecret { - // means we previously udpated cfg but nothing has changed wrt the secret's presence - return nil - } - cfg = h.refetchCfgMinimizeConflicts(cfg) if util.ConditionFalse(cfg, v1.MigrationInProgress) && len(cfg.Status.Version) > 0 && diff --git a/pkg/stub/handler_test.go b/pkg/stub/handler_test.go index dd78e27da..35c661116 100644 --- a/pkg/stub/handler_test.go +++ b/pkg/stub/handler_test.go @@ -53,7 +53,6 @@ func TestWrongSampleResourceName(t *testing.T) { func TestNoArchOrDist(t *testing.T) { h, cfg, event := setup() - processCred(&h, cfg, t) err := h.Handle(event) // image in progress (4th entry, array index 3) should still be false when there is no content ... a la z or ppc statuses := []corev1.ConditionStatus{corev1.ConditionFalse, corev1.ConditionTrue, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse} @@ -65,7 +64,6 @@ func TestNoArchOrDist(t *testing.T) { func TestWithDist(t *testing.T) { h, cfg, event := setup() - processCred(&h, cfg, t) err := h.Handle(event) statuses := []corev1.ConditionStatus{corev1.ConditionFalse, corev1.ConditionTrue, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse} validate(true, err, "", cfg, conditions, statuses, t) @@ -82,7 +80,6 @@ func TestWithDist(t *testing.T) { func TestWithArchDist(t *testing.T) { h, cfg, event := setup() - processCred(&h, cfg, t) if len(cfg.Spec.Architectures) == 0 { t.Errorf("arch not set on bootstrap") } @@ -110,7 +107,6 @@ func TestWithArchDist(t *testing.T) { func TestWithArch(t *testing.T) { h, cfg, event := setup() - processCred(&h, cfg, t) // without a mimic call this simulates our current PPC/390 stories of no samples content cfg.Spec.Architectures = []string{ v1.PPCArchitecture, @@ -130,7 +126,6 @@ func TestWithBadArch(t *testing.T) { func TestManagementState(t *testing.T) { h, cfg, event := setup() - processCred(&h, cfg, t) iskeys := getISKeys() tkeys := getTKeys() mimic(&h, x86OCPContentRootDir) @@ -215,7 +210,6 @@ func TestManagementState(t *testing.T) { func TestSkipped(t *testing.T) { h, cfg, event := setup() - processCred(&h, cfg, t) iskeys := getISKeys() tkeys := getTKeys() cfg.Spec.SkippedImagestreams = iskeys @@ -306,7 +300,6 @@ func TestProcessed(t *testing.T) { tkeys := getTKeys() mimic(&h, x86OCPContentRootDir) - processCred(&h, cfg, t) err := h.Handle(event) validate(true, err, "", cfg, @@ -396,7 +389,6 @@ func TestProcessed(t *testing.T) { func TestImageStreamEvent(t *testing.T) { h, cfg, event := setup() - processCred(&h, cfg, t) mimic(&h, x86OCPContentRootDir) err := h.Handle(event) statuses := []corev1.ConditionStatus{corev1.ConditionFalse, corev1.ConditionTrue, corev1.ConditionTrue, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse} @@ -495,7 +487,6 @@ func TestImageStreamEvent(t *testing.T) { func TestImageStreamErrorRetry(t *testing.T) { h, cfg, event := setup() - processCred(&h, cfg, t) mimic(&h, x86OCPContentRootDir) err := h.Handle(event) statuses := []corev1.ConditionStatus{corev1.ConditionFalse, corev1.ConditionTrue, corev1.ConditionTrue, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse} @@ -611,7 +602,6 @@ func TestImageStreamErrorRetry(t *testing.T) { func TestTemplateEvent(t *testing.T) { h, cfg, event := setup() - processCred(&h, cfg, t) mimic(&h, x86OCPContentRootDir) err := h.Handle(event) statuses := []corev1.ConditionStatus{corev1.ConditionFalse, corev1.ConditionTrue, corev1.ConditionTrue, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse} @@ -637,175 +627,15 @@ func TestTemplateEvent(t *testing.T) { } -func TestCreateDeleteSecretBeforeCR(t *testing.T) { - h, cfg, event := setup() - h.crdwrapper.(*fakeCRDWrapper).cfg = nil - event.Object = &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: v1.SamplesRegistryCredentials, - Namespace: "openshift", - Annotations: map[string]string{ - v1.SamplesVersionAnnotation: h.version, - }, - ResourceVersion: "a", - }, - } - mimic(&h, x86OCPContentRootDir) - - err := h.Handle(event) - validate(false, err, "Received secret samples-registry-credentials but do not have the Config yet", cfg, - conditions, - []corev1.ConditionStatus{corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse}, t) - event.Deleted = true - err = h.Handle(event) - validate(false, err, "Received secret samples-registry-credentials but do not have the Config yet", cfg, - conditions, - []corev1.ConditionStatus{corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse}, t) - - event.Deleted = false - event.Object = cfg - h.crdwrapper.(*fakeCRDWrapper).cfg = cfg - err = h.Handle(event) - validate(true, err, "", cfg, - conditions, - []corev1.ConditionStatus{corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse}, t) - processCred(&h, cfg, t) - err = h.Handle(event) - validate(true, err, "", cfg, - conditions, - []corev1.ConditionStatus{corev1.ConditionFalse, corev1.ConditionTrue, corev1.ConditionTrue, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse}, t) - err = h.Handle(event) - validate(true, err, "", cfg, - conditions, - []corev1.ConditionStatus{corev1.ConditionTrue, corev1.ConditionTrue, corev1.ConditionTrue, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse}, t) - -} - -func TestCreateDeleteSecretAfterCR(t *testing.T) { - h, cfg, event := setup() - mimic(&h, x86OCPContentRootDir) - err := h.Handle(event) - statuses := []corev1.ConditionStatus{corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse} - validate(true, err, "", cfg, conditions, statuses, t) - processCred(&h, cfg, t) - statuses[1] = corev1.ConditionTrue - validate(true, err, "", cfg, conditions, statuses, t) - - h.secretRetryCount = 3 // bypass retry on CR update race - cfg.Spec.ManagementState = operatorsv1api.Removed - statuses[1] = corev1.ConditionTrue - statuses[4] = corev1.ConditionTrue - err = h.Handle(event) - // import cred should be true if from removed, remove pending true, since we don't delete on removed - validate(true, err, "", cfg, conditions, statuses, t) - // call again to mimic event after RemovePending updated and to see status changed to Removed - err = h.Handle(event) - validate(true, err, "", cfg, conditions, statuses, t) - if cfg.Status.ManagementState != operatorsv1api.Removed { - t.Fatalf("mgmt state status should be removed %#v", cfg) - } - - // set back to mgmt - cfg.Spec.ManagementState = operatorsv1api.Managed - h.secretRetryCount = 3 - err = h.Handle(event) - statuses[3] = corev1.ConditionTrue - statuses[4] = corev1.ConditionFalse - // with secret still present, we should start import images - validate(true, err, "", cfg, conditions, statuses, t) - if cfg.Status.ManagementState != operatorsv1api.Managed { - t.Fatalf("mgmt state status should be managed %#v", cfg) - } - -} - -func TestBootstrapRemovedStillHaveSecret(t *testing.T) { - h, cfg, event := setup() - // mimic result if we bootstrapped as removed - cfg.Spec.ManagementState = operatorsv1api.Removed - cfg.Status.Version = h.version - event.Object = &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: coreosPullSecretName, - Namespace: coreosPullSecretNamespace, - }, - } - h.secretclientwrapper.(*fakeSecretClientWrapper).err = nil - h.Handle(event) - importCred := util.Condition(cfg, v1.ImportCredentialsExist) - if importCred.Status != corev1.ConditionTrue { - t.Fatalf("import creds false: %#v", cfg) - } -} - func setup() (Handler, *v1.Config, util.Event) { h := NewTestHandler() cfg, _ := h.CreateDefaultResourceIfNeeded(nil) cfg = h.initConditions(cfg) - fakesecretclient := h.secretclientwrapper.(*fakeSecretClientWrapper) - fakesecretclient.err = kerrors.NewNotFound(schema.GroupResource{}, v1.SamplesRegistryCredentials) h.crdwrapper.(*fakeCRDWrapper).cfg = cfg cache.ClearUpsertsCache() return h, cfg, util.Event{Object: cfg} } -func processCred(h *Handler, cfg *v1.Config, t *testing.T) { - if !util.ConditionFalse(cfg, v1.ImportCredentialsExist) { - t.Fatalf("import cred exists unexpectedly true: %#v", cfg) - } - h.secretclientwrapper.(*fakeSecretClientWrapper).err = nil - secret := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: v1.SamplesRegistryCredentials, - Namespace: "openshift", - Annotations: map[string]string{ - v1.SamplesVersionAnnotation: h.version, - }, - ResourceVersion: "a", - }, - } - credEvent := util.Event{Object: secret} - err := h.Handle(credEvent) - if !util.ConditionTrue(cfg, v1.ImportCredentialsExist) { - t.Fatalf("secret event did not set import cred to true; err: %v, cfg: %#v", err, cfg) - } -} - -func TestSameSecret(t *testing.T) { - h, cfg, event := setup() - mimic(&h, x86OCPContentRootDir) - err := h.Handle(event) - statuses := []corev1.ConditionStatus{corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse} - validate(true, err, "", cfg, conditions, statuses, t) - processCred(&h, cfg, t) - statuses[1] = corev1.ConditionTrue - validate(true, err, "", cfg, conditions, statuses, t) - - err = h.Handle(event) - statuses[3] = corev1.ConditionTrue - validate(true, err, "", cfg, conditions, statuses, t) -} - -func TestSecretAPIError(t *testing.T) { - h, cfg, event := setup() - err := h.Handle(event) - statuses := []corev1.ConditionStatus{corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse} - validate(true, err, "", cfg, conditions, statuses, t) - - event.Object = &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: coreosPullSecretName, - Namespace: coreosPullSecretNamespace, - ResourceVersion: "a", - }, - } - fakesecretclient := h.secretclientwrapper.(*fakeSecretClientWrapper) - fakesecretclient.err = fmt.Errorf("problemchangingsecret") - err = h.Handle(event) - statuses[1] = corev1.ConditionUnknown - validate(true, err, "", cfg, conditions, statuses, t) -} - func TestImageStreamRemovedFromPayloadWithProgressingErrors(t *testing.T) { h, cfg, _ := setup() mimic(&h, x86OCPContentRootDir) @@ -870,7 +700,6 @@ func TestImageGetError(t *testing.T) { } for _, iserr := range errors { h, cfg, event := setup() - processCred(&h, cfg, t) mimic(&h, x86OCPContentRootDir) @@ -1197,7 +1026,6 @@ func TestTemplateGetEreror(t *testing.T) { } for _, terr := range errors { h, cfg, event := setup() - processCred(&h, cfg, t) mimic(&h, x86OCPContentRootDir) @@ -1220,14 +1048,13 @@ func TestDeletedCR(t *testing.T) { h, cfg, event := setup() event.Deleted = true err := h.Handle(event) - statuses := []corev1.ConditionStatus{corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse} + statuses := []corev1.ConditionStatus{corev1.ConditionFalse, corev1.ConditionTrue, corev1.ConditionTrue, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse, corev1.ConditionFalse} validate(true, err, "", cfg, conditions, statuses, t) } func TestSameCR(t *testing.T) { h, cfg, event := setup() mimic(&h, x86OCPContentRootDir) - processCred(&h, cfg, t) cfg.ResourceVersion = "a" // first pass on the resource creates the samples, exists (first entry, index 0) is still false @@ -1248,7 +1075,6 @@ func TestSameCR(t *testing.T) { func TestBadTopDirList(t *testing.T) { h, cfg, event := setup() - processCred(&h, cfg, t) fakefinder := h.Filefinder.(*fakeResourceFileLister) fakefinder.errors = map[string]error{x86OCPContentRootDir: fmt.Errorf("badtopdir")} err := h.Handle(event) @@ -1258,7 +1084,6 @@ func TestBadTopDirList(t *testing.T) { func TestBadSubDirList(t *testing.T) { h, cfg, event := setup() - processCred(&h, cfg, t) mimic(&h, x86OCPContentRootDir) fakefinder := h.Filefinder.(*fakeResourceFileLister) fakefinder.errors = map[string]error{x86OCPContentRootDir + "/imagestreams": fmt.Errorf("badsubdir")} @@ -1270,7 +1095,6 @@ func TestBadSubDirList(t *testing.T) { func TestBadTopLevelStatus(t *testing.T) { h, cfg, event := setup() mimic(&h, x86OCPContentRootDir) - processCred(&h, cfg, t) fakestatus := h.crdwrapper.(*fakeCRDWrapper) fakestatus.updateerr = fmt.Errorf("badsdkupdate") err := h.Handle(event) @@ -1484,7 +1308,6 @@ func NewTestHandler() Handler { listerrors: map[string]error{}, upserterrors: map[string]error{}, } - h.secretclientwrapper = &fakeSecretClientWrapper{} h.imagestreamFile = make(map[string]string) h.templateFile = make(map[string]string) @@ -1703,33 +1526,6 @@ func (f *fakeTemplateClientWrapper) Watch() (watch.Interface, error) { return nil, nil } -type fakeSecretClientWrapper struct { - s *corev1.Secret - err error -} - -func (f *fakeSecretClientWrapper) Create(namespace string, s *corev1.Secret) (*corev1.Secret, error) { - if f.err != nil { - return nil, f.err - } - return s, nil -} - -func (f *fakeSecretClientWrapper) Update(namespace string, s *corev1.Secret) (*corev1.Secret, error) { - if f.err != nil { - return nil, f.err - } - return s, nil -} - -func (f *fakeSecretClientWrapper) Delete(namespace, name string, opts *metav1.DeleteOptions) error { - return f.err -} - -func (f *fakeSecretClientWrapper) Get(namespace, name string) (*corev1.Secret, error) { - return f.s, f.err -} - type fakeInClusterInitter struct{} func (f *fakeInClusterInitter) init(h *Handler, restconfig *restclient.Config) {} diff --git a/pkg/stub/imagestreams.go b/pkg/stub/imagestreams.go index 3cbb912a5..8e7499cda 100644 --- a/pkg/stub/imagestreams.go +++ b/pkg/stub/imagestreams.go @@ -133,10 +133,6 @@ func (h *Handler) processImageStreamWatchEvent(is *imagev1.ImageStream, deleted return err } - if util.ClusterNeedsCreds(cfg) { - return fmt.Errorf("cannot upsert imagestream %s because rhel credentials do not exist", is.Name) - } - imagestream, err := h.Fileimagegetter.Get(filePath) if err != nil { // still attempt to report error in status diff --git a/pkg/stub/interfaces.go b/pkg/stub/interfaces.go index 9bfa5308f..53e3a1121 100644 --- a/pkg/stub/interfaces.go +++ b/pkg/stub/interfaces.go @@ -19,12 +19,10 @@ import ( configv1lister "github.com/openshift/client-go/samples/listers/samples/v1" templatev1lister "github.com/openshift/client-go/template/listers/template/v1" "github.com/sirupsen/logrus" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/watch" corev1client "k8s.io/client-go/kubernetes/typed/core/v1" - corev1lister "k8s.io/client-go/listers/core/v1" restclient "k8s.io/client-go/rest" ) @@ -111,41 +109,6 @@ func (g *defaultTemplateClientWrapper) Watch() (watch.Interface, error) { return g.h.tempclient.Templates("openshift").Watch(context.TODO(), opts) } -type SecretClientWrapper interface { - Get(namespace, name string) (*corev1.Secret, error) - Create(namespace string, s *corev1.Secret) (*corev1.Secret, error) - Update(namespace string, s *corev1.Secret) (*corev1.Secret, error) - Delete(namespace, name string, opts *metav1.DeleteOptions) error -} - -type defaultSecretClientWrapper struct { - coreclient *corev1client.CoreV1Client - opnshftlister corev1lister.SecretNamespaceLister - cfglister corev1lister.SecretNamespaceLister -} - -func (g *defaultSecretClientWrapper) Get(namespace, name string) (*corev1.Secret, error) { - switch namespace { - case "openshift-config": - return g.cfglister.Get(name) - case "openshift": - return g.opnshftlister.Get(name) - } - return g.coreclient.Secrets(namespace).Get(context.TODO(), name, metav1.GetOptions{}) -} - -func (g *defaultSecretClientWrapper) Create(namespace string, s *corev1.Secret) (*corev1.Secret, error) { - return g.coreclient.Secrets(namespace).Create(context.TODO(), s, metav1.CreateOptions{}) -} - -func (g *defaultSecretClientWrapper) Update(namespace string, s *corev1.Secret) (*corev1.Secret, error) { - return g.coreclient.Secrets(namespace).Update(context.TODO(), s, metav1.UpdateOptions{}) -} - -func (g *defaultSecretClientWrapper) Delete(namespace, name string, opts *metav1.DeleteOptions) error { - return g.coreclient.Secrets(namespace).Delete(context.TODO(), name, *opts) -} - type ImageStreamFromFileGetter interface { Get(fullFilePath string) (is *imagev1.ImageStream, err error) } diff --git a/pkg/stub/secrets.go b/pkg/stub/secrets.go deleted file mode 100644 index ded2f8f38..000000000 --- a/pkg/stub/secrets.go +++ /dev/null @@ -1,223 +0,0 @@ -package stub - -import ( - "fmt" - - operatorsv1api "github.com/openshift/api/operator/v1" - v1 "github.com/openshift/api/samples/v1" - "github.com/openshift/cluster-samples-operator/pkg/cache" - "github.com/openshift/cluster-samples-operator/pkg/util" - "github.com/sirupsen/logrus" - corev1 "k8s.io/api/core/v1" - kerrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -const ( - coreosPullSecretNamespace = "openshift-config" - coreosPullSecretName = "pull-secret" -) - -func (h *Handler) copyDefaultClusterPullSecret(secret *corev1.Secret) error { - var err error - if secret == nil { - secret, err = h.secretclientwrapper.Get(coreosPullSecretNamespace, coreosPullSecretName) - if err != nil { - return err - } - if secret == nil { - return nil - } - } - logrus.Printf("Copying secret %s from the %s namespace into the operator's namespace", coreosPullSecretName, coreosPullSecretNamespace) - secretToCreate := corev1.Secret{} - secret.DeepCopyInto(&secretToCreate) - secretToCreate.Name = v1.SamplesRegistryCredentials - secretToCreate.Namespace = "" - secretToCreate.ResourceVersion = "" - secretToCreate.UID = "" - secretToCreate.Annotations = make(map[string]string) - secretToCreate.Annotations[v1.SamplesVersionAnnotation] = h.version - _, err = h.secretclientwrapper.Create("openshift", &secretToCreate) - if kerrors.IsAlreadyExists(err) { - _, err = h.secretclientwrapper.Update("openshift", &secretToCreate) - } - return err -} - -func secretsWeCareAbout(secret *corev1.Secret) bool { - kubeSecret := secret.Name == coreosPullSecretName && secret.Namespace == coreosPullSecretNamespace - openshiftSecret := secret.Name == v1.SamplesRegistryCredentials && secret.Namespace == "openshift" - return kubeSecret || openshiftSecret -} - -func (h *Handler) manageDockerCfgSecret(deleted bool, cfg *v1.Config, secret *corev1.Secret) error { - if !secretsWeCareAbout(secret) { - return nil - } - - switch secret.Name { - case v1.SamplesRegistryCredentials: - // we always want this secret so if deleted recreate - if deleted { - err := h.copyDefaultClusterPullSecret(nil) - if err != nil { - if kerrors.IsNotFound(err) { - // if we get not found that means the coreos pull secret is gone so just return; - // we'll recreate when it is recreated - cfg = h.refetchCfgMinimizeConflicts(cfg) - h.GoodConditionUpdate(cfg, corev1.ConditionFalse, v1.ImportCredentialsExist) - return nil - } - return err - } - cfg = h.refetchCfgMinimizeConflicts(cfg) - h.GoodConditionUpdate(cfg, corev1.ConditionTrue, v1.ImportCredentialsExist) - return nil - } - - case coreosPullSecretName: - // if openshift-config deleted, we'll delete ours - if deleted { - err := h.secretclientwrapper.Delete("openshift", v1.SamplesRegistryCredentials, &metav1.DeleteOptions{}) - if err != nil && !kerrors.IsNotFound(err) { - return err - } - logrus.Printf("registry dockerconfig secret %s was deleted from the %s namespacae so deleted secret %s in the openshift namespace", secret.Name, secret.Namespace, v1.SamplesRegistryCredentials) - cfg = h.refetchCfgMinimizeConflicts(cfg) - h.GoodConditionUpdate(cfg, corev1.ConditionFalse, v1.ImportCredentialsExist) - return nil - } - err := h.copyDefaultClusterPullSecret(secret) - if err == nil { - cfg = h.refetchCfgMinimizeConflicts(cfg) - h.GoodConditionUpdate(cfg, corev1.ConditionTrue, v1.ImportCredentialsExist) - } - return err - - } - - return nil -} - -// WaitingForCredential determines whether we should proceed with processing the sample resource event, -// where we should *NOT* proceed if we are RHEL and using the default redhat registry; The return from -// this method is in 2 flavors: 1) if the first boolean is true, tell the caller to just return nil to the sdk; -// 2) the second boolean being true means we've updated the Config with cred exists == false and the caller should call -// the sdk to update the object -func (h *Handler) WaitingForCredential(cfg *v1.Config) (bool, bool) { - // if trying to do rhel to the default registry.redhat.io registry requires the secret - // be in place since registry.redhat.io requires auth to pull; since it is not ready - // log error state - // we check for actual existence vs. condition because in delete/recreate scenario, the condition can't - // be added out of the gate - _, err := h.secretclientwrapper.Get("openshift", v1.SamplesRegistryCredentials) - if err != nil { - cred := util.Condition(cfg, v1.ImportCredentialsExist) - // - if import cred is false, and the message is empty, that means we have NOT registered the error, and need to do so - // - if cred is false, and the message is there, we can just return nil to the sdk, which "true" for the boolean return value indicates; - // not returning the same error multiple times to the sdk avoids additional churn; once the secret comes in, it will update the Config - // with cred == true, and then we'll get another Config event that will trigger config processing - if len(cred.Message) > 0 { - return true, false - } - err := fmt.Errorf("Cannot create rhel imagestreams to registry.redhat.io without the credentials being available") - h.processError(cfg, v1.ImportCredentialsExist, corev1.ConditionFalse, err, "%v") - return true, true - } - if !util.ConditionTrue(cfg, v1.ImportCredentialsExist) { - h.GoodConditionUpdate(cfg, corev1.ConditionTrue, v1.ImportCredentialsExist) - } - - // the credentials are already in place, or the cluster admin is using their own registry for rhel content, so we do not - // enforce the need for the credential - return false, false -} - -func (h *Handler) processSecretEvent(cfg *v1.Config, dockercfgSecret *corev1.Secret, event util.Event) error { - // if the secret event gets through while we are creating samples, it will - // lead to a conflict when updating in progress to true in the initial create - // loop, which can lead to an extra cycle of creates as we'll return an error there and retry; - // so we check on local flag for creations in progress, and force a retry of the secret - // event; similar to what we do in the imagestream/template watches - if cache.UpsertsAmount() > 0 { - return fmt.Errorf("retry secret event because in the middle of an sample upsert cycle") - } - - deleted := event.Deleted - switch cfg.Spec.ManagementState { - case operatorsv1api.Removed: - // So we allow the processing of the secret event while in removed state to - // facilitate the imagestreams like cli, must-gather, that are installed from the - // payload via this operator's manifest, but are not managed by this operator - logrus.Printf("processing secret watch event %s/%s while in Removed state; deletion event: %v", - dockercfgSecret.Namespace, dockercfgSecret.Name, event.Deleted) - case operatorsv1api.Unmanaged: - logrus.Debugln("Ignoring secret event because samples resource is in unmanaged state") - return nil - case operatorsv1api.Managed: - logrus.Printf("processing secret watch event %s/%s while in Managed state; deletion event: %v", - dockercfgSecret.Namespace, dockercfgSecret.Name, event.Deleted) - default: - logrus.Printf("processing secret watch event like we are in Managed state, even though it is set to %v; deletion event %v", cfg.Spec.ManagementState, event.Deleted) - } - if dockercfgSecret.Namespace == "openshift" { - if !deleted { - if dockercfgSecret.Annotations != nil { - _, ok := dockercfgSecret.Annotations[v1.SamplesVersionAnnotation] - if ok { - // this is just a notification from a prior upsert - logrus.Println("creation/update of credential in openshift namespace recognized") - if !util.ConditionTrue(cfg, v1.ImportCredentialsExist) { - cfg = h.refetchCfgMinimizeConflicts(cfg) - h.GoodConditionUpdate(cfg, corev1.ConditionTrue, v1.ImportCredentialsExist) - dbg := "switching import cred to true following openshift namespace event" - logrus.Printf("CRDUPDATE %s", dbg) - return h.crdwrapper.UpdateStatus(cfg, dbg) - } - return nil - } - } - // not foolproof protection of course, but the lack of the annotation - // means somebody tried to create our credential in the openshift namespace - // on there own ... we are not allowing that - err := fmt.Errorf("the samples credential was created/updated in the openshift namespace without the version annotation") - return h.processError(cfg, v1.ImportCredentialsExist, corev1.ConditionUnknown, err, "%v") - } - - // if deleted, but import credential == true, that means somebody deleted the credential in the openshift - // namespace; we don't like that either, and will - // recreate; but we have to account for the fact that on a valid delete/remove, the secret deletion occurs - // before the updating of the samples resource, so we employ a short term retry - if util.ConditionTrue(cfg, v1.ImportCredentialsExist) { - if h.secretRetryCount < 3 { - err := fmt.Errorf("retry on credential deletion in the openshift namespace to make sure the operator deleted it") - h.secretRetryCount++ - return err - } - } - } - h.secretRetryCount = 0 - beforeStatus := util.Condition(cfg, v1.ImportCredentialsExist).Status - logrus.Infof("current ImportCredentialsExist status: %v", beforeStatus) - err := h.manageDockerCfgSecret(deleted, cfg, dockercfgSecret) - dbg := "" - if err != nil { - cfg = h.refetchCfgMinimizeConflicts(cfg) - h.processError(cfg, v1.ImportCredentialsExist, corev1.ConditionUnknown, err, "%v") - // will not return secret error for immediate retry, but check for unknown in config event path - // or if cfg update fails, that will initiate a retry on the secret event - dbg = "event secret update error" - logrus.Printf("CRDUPDATE %s", dbg) - // update the error even if we are in error before (updated times and in case error changes) - } else { - afterStatus := util.Condition(cfg, v1.ImportCredentialsExist).Status - if beforeStatus == afterStatus { - return nil - } - dbg = "event secret update" - logrus.Printf("CRDUPDATE %s", dbg) - } - // flush the status changes generated by the processing - return h.crdwrapper.UpdateStatus(cfg, dbg) -} diff --git a/pkg/util/util.go b/pkg/util/util.go index 8b13523b3..3f69b8fc2 100644 --- a/pkg/util/util.go +++ b/pkg/util/util.go @@ -227,11 +227,6 @@ func ClusterOperatorStatusDegradedCondition(s *samplev1.Config) (configv1.Condit "InvalidConfiguration", fmt.Sprintf(noInstallDetailed, os.Getenv("RELEASE_VERSION"), Condition(s, samplev1.ConfigurationValid).Message) } - if ClusterNeedsCreds(s) { - return trueRC, - "ImagePullCredentialsNeeded", - fmt.Sprintf(noInstallDetailed, os.Getenv("RELEASE_VERSION"), Condition(s, samplev1.ImportCredentialsExist).Message) - } // report degraded if img import error exists for 2 hrs impErrCon := Condition(s, samplev1.ImportImageErrorsExist) if impErrCon.Status == corev1.ConditionTrue { @@ -296,38 +291,6 @@ func ClusterOperatorStatusProgressingCondition(s *samplev1.Config, degradedState return configv1.ConditionFalse, "", "" } -// ClusterNeedsCreds checks the conditions that drive whether the operator complains about -// needing credentials to import RHEL content -func ClusterNeedsCreds(s *samplev1.Config) bool { - if strings.TrimSpace(s.Spec.SamplesRegistry) != "" && - strings.TrimSpace(s.Spec.SamplesRegistry) != "registry.redhat.io" { - return false - } - - if s.Spec.ManagementState == operatorv1.Removed || - s.Spec.ManagementState == operatorv1.Unmanaged { - return false - } - if s.Status.Conditions == nil { - return true - } - - // some timing paths can lead to only the config valid condition existing, - // so explicitly check it the import creds condition is even there yet - foundImportCred := false - for _, rc := range s.Status.Conditions { - if rc.Type == samplev1.ImportCredentialsExist { - foundImportCred = true - break - } - } - if !foundImportCred { - return true - } - - return ConditionFalse(s, samplev1.ImportCredentialsExist) -} - // IsNonX86Arch let's us know if this is something other than x86_64/amd like s390x or ppc func IsNonX86Arch(cfg *samplev1.Config) bool { if len(cfg.Spec.Architectures) > 0 && cfg.Spec.Architectures[0] != samplev1.AMDArchitecture && cfg.Spec.Architectures[0] != samplev1.X86Architecture { diff --git a/test/e2e/cluster_samples_operator_test.go b/test/e2e/cluster_samples_operator_test.go index b44464e87..2529e7127 100644 --- a/test/e2e/cluster_samples_operator_test.go +++ b/test/e2e/cluster_samples_operator_test.go @@ -198,25 +198,6 @@ func verifyIPv6(t *testing.T) bool { return false } -func verifySecretPresent(t *testing.T) { - setupClients(t) - secClient := kubeClient.CoreV1().Secrets("openshift") - err := wait.PollImmediate(1*time.Second, 10*time.Minute, func() (bool, error) { - _, err := secClient.Get(context.TODO(), samplesapi.SamplesRegistryCredentials, metav1.GetOptions{}) - if err != nil { - if !kerrors.IsNotFound(err) { - t.Logf("%v", err) - } - return false, nil - } - return true, nil - }) - if err != nil { - dumpPod(t) - t.Fatalf("timeout for secret getting created cfg %#v", verifyOperatorUp(t)) - } -} - func verifyConditionsCompleteSamplesAdded(t *testing.T) error { return wait.PollImmediate(1*time.Second, 10*time.Minute, func() (bool, error) { cfg, err := crClient.SamplesV1().Configs().Get(context.TODO(), samplesapi.ConfigName, metav1.GetOptions{}) @@ -754,7 +735,6 @@ func TestImageStreamInOpenshiftNamespace(t *testing.T) { dumpPod(t) t.Fatalf("Config did not stabilize on startup %#v", verifyOperatorUp(t)) } - verifySecretPresent(t) verifyClusterOperatorConditionsComplete(t, cfg.Status.Version, cfg.Status.ManagementState) t.Logf("Config after TestImageStreamInOpenshiftNamespace: %#v", verifyOperatorUp(t)) } @@ -860,7 +840,6 @@ func TestSpecManagementStateField(t *testing.T) { verifyImageStreamsGone(t) verifyTemplatesGone(t) - verifySecretPresent(t) verifyClusterOperatorConditionsComplete(t, cfg.Status.Version, cfg.Status.ManagementState)