New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Q2] Refactor kubeconfig token replace logic #1165
[Q2] Refactor kubeconfig token replace logic #1165
Conversation
7b15f89
to
1a03476
Compare
1a03476
to
9b04ffe
Compare
9b04ffe
to
12f4d18
Compare
@kinarashah and I discussed the use of
Norman has trouble distinguishing whether an API call like that is trying to update/remove a field. We want to update it with a new token, but Norman may misinterpret that. Regardless, the call to get a token |
12f4d18
to
28eb62b
Compare
Issue: #841
Problem
Solution
Summary of what has changed
rancher2_cluster
resourceMore details
Update to kubeconfig logic to include cases where 1) the kubeconfig is empty (which happens on first provisioning of a cluster if the cache or tf.state file are manually deleted) or 2) the token is expired but returned from
isKubeconfigValid
as an empty string. This case will happen if the user sets a custom value for the global settingkubeconfig-default-token-ttl-minutes
in Rancher.The replace token code also needed to be updated. Before, we were generating an entire kubeconfig every time we needed a token. Instead of deleting the old token and using the one from the new kubeconfig, we are now replacing the token in the cached kubeconfig OR creating a new token for the cached kubeconfig if the token is expired or removed. If a token was removed by the user, that will force a customer to reprovision their entire TF cluster -- this case is handled gracefully now.
@kinarashah I have kept the code to check token length if the kubeconfig is invalid. This case must be isolated because if the kubeconfig can't be pulled for other reasons/errors, Terraform must download a new one. Our previous discussion made the download code unreachable.
Testing
Engineering Testing
Manual Testing
terraform plan
3 times. Verify the same cached kubeconfig is being used and additional tokens were not generatedkubeconfig-default-token-ttl-minutes
to 2m and run tf update to add 1 node to the cluster. Verify a token is created with 2m expiry dateterraform.tfstate
file and setkube_config
to a corrupt id, perhapsTESTTOKEN.
Run tf apply to add 1 node to the cluster. Verify a new token is created since the old one is corrupt, no errorsAll updates completed gracefully and successfully, with no errors.
Automated Testing
QA Testing Considerations
Regressions Considerations