Merge pull request #682 from jgwest/gitopsrvce-778-skip-operation-cre…

…ation-on-local-managed-envs-oct-2023

GITOPSRVCE-778: only create operations for missing external cluster secrets

backend-shared/db/clusteraccess_test.go

@@ -42,7 +42,7 @@ var _ = Describe("ClusterAccess Tests", func() {
 			Host:                        "host",
 			Kube_config:                 "kube-config",
 			Kube_config_context:         "kube-config-context",
-			Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+			Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 			Serviceaccount_ns:           "Serviceaccount_ns",
 		}
 
@@ -137,7 +137,7 @@ var _ = Describe("ClusterAccess Tests", func() {
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 			err = dbq.CreateClusterCredentials(ctx, &clusterCredentials)

backend-shared/db/clustercredentials.go

@@ -5,6 +5,10 @@ import (
 	"fmt"
 )
 
+const (
+	DefaultServiceaccount_bearer_token = "serviceaccount_bearer_token"
+)
+
 func (dbq *PostgreSQLDatabaseQueries) UnsafeListAllClusterCredentials(ctx context.Context, clusterCredentials *[]ClusterCredentials) error {
 	if dbq.dbConnection == nil {
 		return fmt.Errorf("database connection is nil")

backend-shared/db/gitopsenginecluster_test.go

@@ -29,7 +29,7 @@ var _ = Describe("Gitopsenginecluster Test", func() {
 			Host:                        "host",
 			Kube_config:                 "kube-config",
 			Kube_config_context:         "kube-config-context",
-			Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+			Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 			Serviceaccount_ns:           "Serviceaccount_ns",
 		}
 
@@ -92,7 +92,7 @@ var _ = Describe("Gitopsenginecluster Test", func() {
 			Host:                        "host",
 			Kube_config:                 "kube-config",
 			Kube_config_context:         "kube-config-context",
-			Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+			Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 			Serviceaccount_ns:           "Serviceaccount_ns",
 		}
 		err = dbq.CreateClusterCredentials(ctx, &clusterCredentials)

backend-shared/db/gitopsengineinstance_test.go

@@ -30,7 +30,7 @@ var _ = Describe("Gitopsengineinstance Test", func() {
 			Host:                        "host",
 			Kube_config:                 "kube-config",
 			Kube_config_context:         "kube-config-context",
-			Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+			Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 			Serviceaccount_ns:           "Serviceaccount_ns",
 		}
 

backend-shared/db/guardrow_test.go

@@ -201,7 +201,7 @@ var _ = Describe("Test to verify update/delete operations are not globally scope
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 
@@ -256,7 +256,7 @@ var _ = Describe("Test to verify update/delete operations are not globally scope
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 
@@ -436,7 +436,7 @@ var _ = Describe("Test to verify update/delete operations are not globally scope
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 
@@ -456,7 +456,7 @@ var _ = Describe("Test to verify update/delete operations are not globally scope
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 
@@ -488,7 +488,7 @@ var _ = Describe("Test to verify update/delete operations are not globally scope
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 
@@ -517,7 +517,7 @@ var _ = Describe("Test to verify update/delete operations are not globally scope
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 
@@ -596,7 +596,7 @@ var _ = Describe("Test to verify update/delete operations are not globally scope
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 
@@ -617,7 +617,7 @@ var _ = Describe("Test to verify update/delete operations are not globally scope
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 

backend-shared/db/injection_test.go

@@ -39,7 +39,7 @@ var _ = Describe("Injection Test", func() {
 			Host:                        "host",
 			Kube_config:                 "kube-config",
 			Kube_config_context:         "kube-config-context",
-			Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+			Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 			Serviceaccount_ns:           "Serviceaccount_ns",
 		}
 
@@ -124,7 +124,7 @@ var _ = Describe("Injection Test", func() {
 			Host:                        "host",
 			Kube_config:                 "kube-config",
 			Kube_config_context:         "kube-config-context",
-			Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+			Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 			Serviceaccount_ns:           "Serviceaccount_ns",
 		}
 
@@ -178,7 +178,7 @@ var _ = Describe("Injection Test", func() {
 			Host:                        "host",
 			Kube_config:                 "kube-config",
 			Kube_config_context:         "kube-config-context",
-			Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+			Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 			Serviceaccount_ns:           "Serviceaccount_ns",
 		}
 

backend-shared/db/managedenvironment_test.go

@@ -30,7 +30,7 @@ var _ = Describe("Managedenvironment Test", func() {
 			Host:                        "host",
 			Kube_config:                 "kube-config",
 			Kube_config_context:         "kube-config-context",
-			Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+			Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 			Serviceaccount_ns:           "Serviceaccount_ns",
 		}
 
@@ -138,7 +138,7 @@ var _ = Describe("Managedenvironment Test", func() {
 			Host:                        "host",
 			Kube_config:                 "kube-config",
 			Kube_config_context:         "kube-config-context",
-			Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+			Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 			Serviceaccount_ns:           "Serviceaccount_ns",
 		}
 		err = dbq.CreateClusterCredentials(ctx, &clusterCredentials)

backend-shared/db/test_utils.go

@@ -54,7 +54,7 @@ func generateSampleData() (ClusterCredentials, ManagedEnvironment, GitopsEngineC
 		Host:                        "host",
 		Kube_config:                 "kube-config",
 		Kube_config_context:         "kube-config-context",
-		Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+		Serviceaccount_bearer_token: DefaultServiceaccount_bearer_token,
 		Serviceaccount_ns:           "Serviceaccount_ns",
 	}
 

backend-shared/db/types_test.go

@@ -317,7 +317,7 @@ var _ = Describe("Types Test", func() {
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 

backend-shared/db/util/utils.go

@@ -110,7 +110,7 @@ func GetOrCreateManagedEnvironmentByNamespaceUID(ctx context.Context, namespace
 		Host:                        "host",
 		Kube_config:                 "kube_config",
 		Kube_config_context:         "kube_config_context",
-		Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+		Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 		Serviceaccount_ns:           "serviceaccount_ns",
 	}
 
@@ -395,7 +395,7 @@ func GetOrCreateGitopsEngineClusterByKubeSystemNamespaceUID(ctx context.Context,
 		Host:                        "host",
 		Kube_config:                 "kube_config",
 		Kube_config_context:         "kube_config_context",
-		Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+		Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 		Serviceaccount_ns:           "serviceaccount_ns",
 	}
 	if err := dbq.CreateClusterCredentials(ctx, &clusterCreds); err != nil {

backend-shared/db/util/utils_test.go

@@ -245,7 +245,7 @@ var _ = Describe("Test utility functions.", func() {
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 			err = dbQueries.CreateClusterCredentials(ctx, &clusterCredentials)
@@ -921,7 +921,7 @@ var _ = Describe("Test utility functions.", func() {
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 

backend/eventloop/application_event_loop/application_event_runner_test.go

@@ -633,7 +633,7 @@ var _ = Describe("ApplicationEventLoop Test", func() {
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 

backend/eventloop/db_reconciler_test.go

@@ -316,7 +316,7 @@ var _ = Describe("DB Clean-up Function Tests", func() {
 					Host:                        "host",
 					Kube_config:                 "kube-config",
 					Kube_config_context:         "kube-config-context",
-					Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+					Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 					Serviceaccount_ns:           "Serviceaccount_ns",
 				}
 				err = dbq.CreateClusterCredentials(ctx, &clusterCredentialsDb)
@@ -1638,7 +1638,7 @@ var _ = Describe("DB Clean-up Function Tests", func() {
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 			err = dbq.CreateClusterCredentials(ctx, &clusterCredentialsDb)

backend/eventloop/shared_resource_loop/sharedresourceloop_managedenv_test.go

@@ -1471,7 +1471,7 @@ var _ = Describe("SharedResourceEventLoop ManagedEnvironment-related Test", func
 				Host:                        "host",
 				Kube_config:                 "kube-config",
 				Kube_config_context:         "kube-config-context",
-				Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+				Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 				Serviceaccount_ns:           "Serviceaccount_ns",
 			}
 			err = dbQueries.CreateClusterCredentials(ctx, &clusterCredentialsDb)

cluster-agent/controllers/argoproj.io/application_controller_test.go

@@ -924,7 +924,7 @@ func generateSampleData() (db.ClusterCredentials, db.ManagedEnvironment, db.Gito
 		Host:                        "host",
 		Kube_config:                 "kube-config",
 		Kube_config_context:         "kube-config-context",
-		Serviceaccount_bearer_token: "serviceaccount_bearer_token",
+		Serviceaccount_bearer_token: db.DefaultServiceaccount_bearer_token,
 		Serviceaccount_ns:           "Serviceaccount_ns",
 	}
 

cluster-agent/controllers/argoproj.io/namespace_reconciler.go

@@ -557,6 +557,20 @@ func recreateClusterSecrets(ctx context.Context, dbQueries db.DatabaseQueries, k
 					continue
 				}
 
+				clusterCreds := db.ClusterCredentials{
+					Clustercredentials_cred_id: managedEnvironment.Clustercredentials_id,
+				}
+				if err := dbQueries.GetClusterCredentialsById(ctx, &clusterCreds); err != nil {
+					log.Error(err, "Error occurred in recreateClusterSecrets while retrieving ClusterCredentials:"+managedEnvironment.Clustercredentials_id)
+					continue
+				}
+
+				// Skip if the cluster credentials do not have a token
+				// - this usually indicates that the ManagedEnvironment is on the local cluster, and thus does not require an Argo CD Cluster Secret in order to deploy
+				if clusterCreds.Serviceaccount_bearer_token == db.DefaultServiceaccount_bearer_token {
+					continue
+				}
+
 				// Check if Secret used for this ManagedEnvironment is present in GitOpsEngineInstance namespace.
 				secretName := argosharedutil.GenerateArgoCDClusterSecretName(managedEnvironment)