Skip to content

Commit

Permalink
Ensure the testuser ServiceAccount is only created once (#117)
Browse files Browse the repository at this point in the history 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
  • Loading branch information
@AverageMarcus
AverageMarcus committed Nov 3, 2023
1 parent f0a290f commit db2db91
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 10 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Fixed

- Ensure `testuser` isn't reapplied when `ApplyCluster` is called again (e.g. during the upgrade tests)

## [0.12.0] - 2023-11-02

### Changed
Expand Down
40 changes: 30 additions & 10 deletions pkg/testuser/testuser.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@ import (
"time"

corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/types"
cr "sigs.k8s.io/controller-runtime/pkg/client"

"github.com/giantswarm/clustertest/pkg/client"
"github.com/giantswarm/clustertest/pkg/wait"
Expand All @@ -17,23 +19,30 @@ import (
// Create handles the creation of a ServiceAccount with cluster-admin permission within the cluster
// and generated a new Kubernetes client that authenticates as that account.
func Create(ctx context.Context, kubeClient *client.Client) (*client.Client, error) {
// ServiceAccount
if err := kubeClient.Create(ctx, &serviceAccount); err != nil {
return nil, err
}
// Secret
if err := kubeClient.Create(ctx, &secret); err != nil {
existing, err := doesUserExist(ctx, kubeClient)
if err != nil {
return nil, err
}
// ClusterRoleBinding
if err := kubeClient.Create(ctx, &clusterRoleBinding); err != nil {
return nil, err

if !existing {
// ServiceAccount
if err := kubeClient.Create(ctx, &serviceAccount); err != nil {
return nil, err
}
// Secret
if err := kubeClient.Create(ctx, &secret); err != nil {
return nil, err
}
// ClusterRoleBinding
if err := kubeClient.Create(ctx, &clusterRoleBinding); err != nil {
return nil, err
}
}

var ca string
var token string

err := wait.For(
err = wait.For(
func() (bool, error) {
var populatedSecret corev1.Secret
err := kubeClient.Get(ctx, types.NamespacedName{Name: secret.ObjectMeta.Name, Namespace: secret.ObjectMeta.Namespace}, &populatedSecret)
Expand Down Expand Up @@ -67,3 +76,14 @@ func Create(ctx context.Context, kubeClient *client.Client) (*client.Client, err

return client.NewFromRawKubeconfig(buf.String())
}

func doesUserExist(ctx context.Context, kubeClient *client.Client) (bool, error) {
var existingAccount corev1.ServiceAccount
err := kubeClient.Get(ctx, cr.ObjectKeyFromObject(&serviceAccount), &existingAccount)
if err != nil && !errors.IsNotFound(err) {
return false, err
} else if errors.IsNotFound(err) {
return false, nil
}
return true, nil
}

0 comments on commit db2db91

Please sign in to comment.