Registration timestamp (#25)

* use annotation mechanism to change controller behavior * fix cluster registration * update docs * fix sec issue * fix cacert test Co-authored-by: Victor Varza <vvarza@adobe.com>
adobe · Apr 4, 2022 · bb58843 · bb58843
1 parent 047c6b3
commit bb58843
Show file tree

Hide file tree

Showing 7 changed files with 18 additions and 10 deletions.
diff --git a/config/crd/bases/registry.ethos.adobe.com_clusters.yaml b/config/crd/bases/registry.ethos.adobe.com_clusters.yaml
@@ -173,7 +173,8 @@ spec:
                   type: string
                 type: array
               peerVirtualNetworks:
-                description: Information about Virtual Networks peered with the cluster
+                description: Information about Virtual Networks manual peered with
+                  the cluster
                 items:
                   description: PeerVirtualNetwork -  peering information done at cluster
                     onboarding

diff --git a/docs/developer-guides/annotations.md b/docs/developer-guides/annotations.md
@@ -18,7 +18,7 @@ Example:
 
 ## Skip CA Cert
 
-The annotation `registry.ethos.adobe.com/skip-ca-cert` defines the behavior of the cluster-registry-client for setting the K8s API CA Certificate. If it's set to `true`, the `CertificateAuthorityData` will not be set.
+The annotation `registry.ethos.adobe.com/skip-ca-cert` defines the behavior of the cluster-registry-client for setting the K8s API CA Certificate. If it's set to `true`, the `CertificateAuthorityData` will not be set with the in-cluster CA Cert.
 
 Example:
     `registry.ethos.adobe.com/skip-ca-cert: "true"`
diff --git a/pkg/api/registry/v1/cluster_types.go b/pkg/api/registry/v1/cluster_types.go
@@ -105,7 +105,7 @@ type ClusterSpec struct {
 	// List of cluster capabilities
 	Capabilities []string `json:"capabilities,omitempty"`
 
-	// Information about Virtual Networks peered with the cluster
+	// Information about Virtual Networks manual peered with the cluster
 	PeerVirtualNetworks []PeerVirtualNetwork `json:"peerVirtualNetworks,omitempty"`
 
 	// Timestamp when cluster information was updated

diff --git a/pkg/client/controllers/cluster_controller.go b/pkg/client/controllers/cluster_controller.go
@@ -63,9 +63,7 @@ func (r *ClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 	skipCACert := instance.Annotations["registry.ethos.adobe.com/skip-ca-cert"]
 
 	// skipCACert is an exception rather than a rule
-	if skipCACert == "true" {
-		instance.Spec.APIServer.CertificateAuthorityData = ""
-	} else {
+	if skipCACert != "true" {
 		if r.CAData != "" {
 			instance.Spec.APIServer.CertificateAuthorityData = r.CAData
 		} else {

diff --git a/pkg/client/controllers/cluster_controller_test.go b/pkg/client/controllers/cluster_controller_test.go
@@ -123,6 +123,7 @@ var _ = Describe("Client Controller", func() {
 				return err == nil
 			}, timeout, interval).Should(BeTrue())
 			cluster.Annotations = map[string]string{"registry.ethos.adobe.com/skip-ca-cert": "true"}
+			cluster.Spec.APIServer.CertificateAuthorityData = "_custom_cert_data_"
 			Expect(k8sClient.Update(ctx, cluster)).Should(Succeed())
 
 			// give controller-runtime time to propagagte data into etcd
@@ -134,7 +135,7 @@ var _ = Describe("Client Controller", func() {
 				if err != nil {
 					return false
 				}
-				return updatedCluster.Spec.APIServer.CertificateAuthorityData == ""
+				return updatedCluster.Spec.APIServer.CertificateAuthorityData == "_custom_cert_data_"
 			}, timeout, interval).Should(BeTrue())
 		})
 	})

diff --git a/pkg/database/database.go b/pkg/database/database.go
@@ -266,6 +266,12 @@ func (d *db) PutCluster(cluster *registryv1.Cluster) error {
 		return fmt.Errorf(msg)
 	}
 
+	existingCluster, _ := d.GetCluster(cluster.Spec.Name)
+	if existingCluster != nil {
+		fmt.Printf("Cluster '%s' found in the database. It will be updated.", cluster.Spec.Name)
+		cluster.Spec.RegisteredAt = existingCluster.Spec.RegisteredAt
+	}
+
 	clusterDb, err := dynamodbattribute.MarshalMap(ClusterDb{
 		TablePartitionKey: cluster.Spec.Name,
 		IndexPartitionKey: "cluster",

diff --git a/pkg/database/database_test.go b/pkg/database/database_test.go
@@ -242,7 +242,8 @@ var _ = Describe("Database Suite", func() {
 							Phase:        "Running",
 							Type:         "Restricted",
 							Capabilities: []string{"gpu-compute"},
-							LastUpdated:  "2020-03-20T07:55:46.132Z",
+							RegisteredAt: "2022-03-20T07:55:46.132Z",
+							LastUpdated:  "2022-03-20T07:55:46.132Z",
 							Tags:         map[string]string{"onboarding": "on", "scaling": "on"},
 						},
 					},
@@ -276,13 +277,14 @@ var _ = Describe("Database Suite", func() {
 							Phase:        "Running",
 							Type:         "Restricted",
 							Capabilities: []string{"gpu-compute"},
-							LastUpdated:  "2020-03-20T07:55:46.132Z",
+							RegisteredAt: "2021-12-13T05:50:07.492Z", // once the cluster is first registered, this filed cannot be changed
+							LastUpdated:  "2022-03-20T07:55:46.132Z",
 							Tags:         map[string]string{"onboarding": "on", "scaling": "on"},
 						},
 					},
 				},
 				{
-					name:        "update existing cluster",
+					name:        "update non existing cluster",
 					clusterName: "cluster101-prod-useast1",
 					newCluster: &registryv1.Cluster{
 						Spec: registryv1.ClusterSpec{