From 6f3f6ecebf76dc6d0fbf9a95544fc7a4419b49a1 Mon Sep 17 00:00:00 2001 From: Kaustav Majumder Date: Wed, 25 Sep 2024 18:23:00 +0530 Subject: [PATCH] Prevent noobaaccount creation in provider cluster Signed-off-by: Kaustav Majumder --- controllers/storageconsumer/consumer_test.go | 40 ++++++++++++++++--- .../storageconsumer_controller.go | 12 ++++-- services/provider/server/server.go | 11 +++-- services/provider/server/server_test.go | 6 +-- 4 files changed, 55 insertions(+), 14 deletions(-) diff --git a/controllers/storageconsumer/consumer_test.go b/controllers/storageconsumer/consumer_test.go index d1c5ad284b..0cdeb8310e 100644 --- a/controllers/storageconsumer/consumer_test.go +++ b/controllers/storageconsumer/consumer_test.go @@ -17,10 +17,12 @@ limitations under the License. package controllers import ( + "context" "testing" noobaaApis "github.com/noobaa/noobaa-operator/v5/pkg/apis" "github.com/noobaa/noobaa-operator/v5/pkg/apis/noobaa/v1alpha1" + configv1 "github.com/openshift/api/config/v1" routev1 "github.com/openshift/api/route/v1" v1 "github.com/red-hat-storage/ocs-operator/api/v4/v1" ocsv1alpha1 "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1" @@ -59,12 +61,17 @@ func createFakeScheme(t *testing.T) *runtime.Scheme { if err != nil { assert.Fail(t, "failed to add nbapis scheme") } + err = configv1.AddToScheme(scheme) + if err != nil { + assert.Fail(t, "failed to add configv1 scheme") + } return scheme } func TestCephName(t *testing.T) { var r StorageConsumerReconciler + ctx := context.TODO() r.cephClientHealthChecker = &rookCephv1.CephClient{ ObjectMeta: metav1.ObjectMeta{ Name: "healthchecker", @@ -75,12 +82,13 @@ func TestCephName(t *testing.T) { } scheme := createFakeScheme(t) client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(r.cephClientHealthChecker).Build() - r.Client = client r.Scheme = scheme r.Log = log.Log.WithName("controller_storagecluster_test") - r.storageConsumer = &ocsv1alpha1.StorageConsumer{ + ObjectMeta: metav1.ObjectMeta{ + Name: "provider", + }, Spec: ocsv1alpha1.StorageConsumerSpec{ Enable: true, }, @@ -108,7 +116,7 @@ func TestCephName(t *testing.T) { }, }, Client: ocsv1alpha1.ClientStatus{ - ClusterID: "consumer", + ClusterID: "provider", }, }, } @@ -120,7 +128,17 @@ func TestCephName(t *testing.T) { Phase: v1alpha1.NooBaaAccountPhaseReady, }, } - _, err := r.reconcilePhases() + clusterVersionProvider := &configv1.ClusterVersion{ + ObjectMeta: metav1.ObjectMeta{ + Name: "version", + }, + Spec: configv1.ClusterVersionSpec{ + ClusterID: "12345", + }, + } + err := client.Create(ctx, clusterVersionProvider) + assert.NoError(t, err) + _, err = r.reconcilePhases() assert.NoError(t, err) want := []*ocsv1alpha1.CephResourcesSpec{ @@ -150,6 +168,9 @@ func TestCephName(t *testing.T) { r.Client = client r.storageConsumer = &ocsv1alpha1.StorageConsumer{ + ObjectMeta: metav1.ObjectMeta{ + Name: "consumer", + }, Spec: ocsv1alpha1.StorageConsumerSpec{ Enable: true, }, @@ -186,7 +207,16 @@ func TestCephName(t *testing.T) { Phase: v1alpha1.NooBaaAccountPhaseRejected, }, } - + clusterVersionConsumer := &configv1.ClusterVersion{ + ObjectMeta: metav1.ObjectMeta{ + Name: "version", + }, + Spec: configv1.ClusterVersionSpec{ + ClusterID: "provider", + }, + } + err = client.Create(ctx, clusterVersionConsumer) + assert.NoError(t, err) _, err = r.reconcilePhases() assert.NoError(t, err) diff --git a/controllers/storageconsumer/storageconsumer_controller.go b/controllers/storageconsumer/storageconsumer_controller.go index 279b8239ce..2638dad99d 100644 --- a/controllers/storageconsumer/storageconsumer_controller.go +++ b/controllers/storageconsumer/storageconsumer_controller.go @@ -22,6 +22,7 @@ import ( "encoding/hex" "encoding/json" "fmt" + "strings" "github.com/go-logr/logr" "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1" @@ -153,9 +154,14 @@ func (r *StorageConsumerReconciler) reconcilePhases() (reconcile.Result, error) if err := r.reconcileCephClientHealthChecker(); err != nil { return reconcile.Result{}, err } - - if err := r.reconcileNoobaaAccount(); err != nil { - return reconcile.Result{}, err + // A provider cluster already has a NooBaa system and does not require a NooBaa account + // to connect to a remote cluster, unlike client clusters. + // A NooBaa account only needs to be created if the storage consumer is for a client cluster. + clusterID := util.GetClusterID(r.ctx, r.Client, &r.Log) + if clusterID != "" && !strings.Contains(r.storageConsumer.Name, clusterID) { + if err := r.reconcileNoobaaAccount(); err != nil { + return reconcile.Result{}, err + } } cephResourcesReady := true diff --git a/services/provider/server/server.go b/services/provider/server/server.go index a41b934f59..20fd52ed35 100644 --- a/services/provider/server/server.go +++ b/services/provider/server/server.go @@ -437,6 +437,11 @@ func (s *OCSProviderServer) getExternalResources(ctx context.Context, consumerRe noobaaOperatorSecret.Namespace = s.namespace if err := s.client.Get(ctx, client.ObjectKeyFromObject(noobaaOperatorSecret), noobaaOperatorSecret); err != nil { + if kerrors.IsNotFound(err) { + // ignoring because it is a provider cluster and the noobaa secret does not exist + return extR, nil + + } return nil, fmt.Errorf("failed to get %s secret. %v", noobaaOperatorSecret.Name, err) } @@ -463,9 +468,9 @@ func (s *OCSProviderServer) getExternalResources(ctx context.Context, consumerRe extR = append(extR, &pb.ExternalResource{ Name: "noobaa-remote-join-secret", Kind: "Secret", - Data: mustMarshal(map[string][]byte{ - "auth_token": authToken, - "mgmt_addr": []byte(noobaaMgmtAddress), + Data: mustMarshal(map[string]string{ + "auth_token": string(authToken), + "mgmt_addr": noobaaMgmtAddress, }), }) diff --git a/services/provider/server/server_test.go b/services/provider/server/server_test.go index bcfe3fb084..a8574cb51f 100644 --- a/services/provider/server/server_test.go +++ b/services/provider/server/server_test.go @@ -60,9 +60,9 @@ var noobaaSpec = &nbv1.NooBaaSpec{ }, } -var joinSecret = map[string][]byte{ - "auth_token": []byte("authToken"), - "mgmt_addr": []byte("noobaaMgmtAddress"), +var joinSecret = map[string]string{ + "auth_token": "authToken", + "mgmt_addr": "noobaaMgmtAddress", } var ocsSubscriptionSpec = &opv1a1.SubscriptionSpec{