From 3ba2a65dc2070201b4ac1550bb1306ad1214d261 Mon Sep 17 00:00:00 2001
From: Angel Misevski <amisevsk@redhat.com>
Date: Tue, 31 May 2022 16:32:40 -0400
Subject: [PATCH] Wait up to 5 seconds for ImagePullSecrets to be added to SA

In some clusters, adding ImagePullSecrets to a ServiceAccount can take a
second or two. If the DevWorkspace Operator creates the workspace
Deployment before this occurs, then once the pull secret is added the
Deployment needs to roll out a new version, resulting in a delay in
workspace start.

To avoid this, if the ServiceAccount does not have any image pull
secrets, we wait up to 5 seconds from the creation timestamp of the
ServiceAccount before continuing.

Signed-off-by: Angel Misevski <amisevsk@redhat.com>
---
 pkg/provision/workspace/pull_secret.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pkg/provision/workspace/pull_secret.go b/pkg/provision/workspace/pull_secret.go
index d5f446cc3..fd0f16731 100644
--- a/pkg/provision/workspace/pull_secret.go
+++ b/pkg/provision/workspace/pull_secret.go
@@ -18,6 +18,7 @@ package workspace
 import (
 	"context"
 	"fmt"
+	"time"
 
 	"github.com/devfile/devworkspace-operator/pkg/provision/sync"
 	"k8s.io/apimachinery/pkg/types"
@@ -30,6 +31,10 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
+const (
+	pullSecretCreationTimeout time.Duration = 5_000_000_000 // 5 seconds
+)
+
 type PullSecretsProvisioningStatus struct {
 	ProvisioningStatus
 	v1alpha1.PodAdditions
@@ -70,6 +75,15 @@ func PullSecrets(clusterAPI sync.ClusterAPI, serviceAccountName, namespace strin
 		}
 	}
 
+	if len(serviceAccount.ImagePullSecrets) == 0 && serviceAccount.CreationTimestamp.Add(pullSecretCreationTimeout).After(time.Now()) {
+		return PullSecretsProvisioningStatus{
+			ProvisioningStatus: ProvisioningStatus{
+				Requeue: true,
+				Message: "Waiting for image pull secrets",
+			},
+		}
+	}
+
 	dockerCfgs := serviceAccount.ImagePullSecrets
 	for _, s := range secrets.Items {
 		if s.Type == corev1.SecretTypeDockercfg || s.Type == corev1.SecretTypeDockerConfigJson {