Fix secret namespace (#218)

* fix secret and configmap namespaces Signed-off-by: Roke Jung <roke@redhat.com> * fix secret and configmap namespaces Signed-off-by: Roke Jung <roke@redhat.com>
stolostron · Mar 7, 2022 · 0c53bdb · 0c53bdb
1 parent 487250b
commit 0c53bdb
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 13 deletions.
diff --git a/build/run-e2e-tests.sh b/build/run-e2e-tests.sh
@@ -120,10 +120,10 @@ kind get kubeconfig > cluster_config/hub
 # mess up the go.mod file when doing the local test
 
 # Only latest tag with format "v0~9*.0~9*.0~9*" is picked up
-LATEST_TAG=`git ls-remote --tags https://github.com/open-cluster-management/applifecycle-backend-e2e.git| awk '{print $2}' | sed 's$refs/tags/$$' | grep "v[0-9]*\.[0-9]*\.[0-9]*$" | sort -nr | head -n1`
+LATEST_TAG=`git ls-remote --tags https://github.com/stolostron/applifecycle-backend-e2e.git| awk '{print $2}' | sed 's$refs/tags/$$' | grep "v[0-9]*\.[0-9]*\.[0-9]*$" | sort -nr | head -n1`
 echo -e "\nGet latest version tag of applifecycle-backend-e2e: $LATEST_TAG"
 echo -e "\nGet the applifecycle-backend-e2e data"
-go get github.com/open-cluster-management/applifecycle-backend-e2e@$LATEST_TAG
+go get github.com/stolostron/applifecycle-backend-e2e@$LATEST_TAG
 
 export PATH=$PATH:~/go/bin
 E2E_BINARY_NAME="applifecycle-backend-e2e"

diff --git a/pkg/utils/helmrepoutils_test.go b/pkg/utils/helmrepoutils_test.go
@@ -64,7 +64,7 @@ func TestGetConfig(t *testing.T) {
 	}
 
 	configMapResp, err := GetConfigMap(c, configMapNS, configMapRef)
-	assert.NoError(t, err)
+	assert.Error(t, err)
 
 	assert.Nil(t, configMapResp)
 

diff --git a/pkg/utils/kubernetes.go b/pkg/utils/kubernetes.go
@@ -48,26 +48,39 @@ func GetPassword(secret *corev1.Secret) string {
 func GetConfigMap(client client.Client, parentNamespace string, configMapRef *corev1.ObjectReference) (configMap *corev1.ConfigMap, err error) {
 	if configMapRef != nil {
 		klog.V(5).Info("Retrieve configMap ", parentNamespace, "/", configMapRef.Name)
+
+		// The secret is copied into the subscription namespace on managed cluster.
+		// If namespace is not specified, look for the secret in the parent (subscription) namespace.
+		// If namespace is specified, FIRST look for the secret in the specified namespace.
+		//     THEN look for the secret in the parent (subscription) namespace.
+		usingParentNs := false
+
 		ns := configMapRef.Namespace
 
 		if ns == "" {
 			ns = parentNamespace
+			usingParentNs = true
 		}
 
 		configMap = &corev1.ConfigMap{}
 
 		err = client.Get(context.TODO(), types.NamespacedName{Namespace: ns, Name: configMapRef.Name}, configMap)
 		if err != nil {
-			if errors.IsNotFound(err) {
-				return nil, nil
-			}
+			if !usingParentNs && errors.IsNotFound(err) {
+				// Now try to find the config map in subscription namespace
+				err = client.Get(context.TODO(), types.NamespacedName{Namespace: parentNamespace, Name: configMapRef.Name}, configMap)
 
-			klog.Error(err, " - Failed to get configMap ", "Name: ", configMapRef.Name, " on namespace: ", ns)
+				if err != nil {
+					return nil, err
+				}
 
-			return nil, err
+				klog.Info("configMap found ", "Name: ", configMapRef.Name, " in namespace: ", parentNamespace)
+			} else {
+				return nil, err
+			}
+		} else {
+			klog.Info("ConfigMap found ", "Name:", configMapRef.Name, " in namespace: ", ns)
 		}
-
-		klog.V(5).Info("ConfigMap found ", "Name:", configMapRef.Name, " on namespace: ", ns)
 	} else {
 		klog.V(5).Info("no configMapRef defined ", "parentNamespace", parentNamespace)
 	}
@@ -80,19 +93,37 @@ func GetSecret(client client.Client, parentNamespace string, secretRef *corev1.O
 	if secretRef != nil {
 		klog.V(5).Info("retrieve secret :", parentNamespace, "/", secretRef)
 
+		// The secret is copied into the subscription namespace on managed cluster.
+		// If namespace is not specified, look for the secret in the parent (subscription) namespace.
+		// If namespace is specified, FIRST look for the secret in the specified namespace.
+		//     THEN look for the secret in the parent (subscription) namespace.
+		usingParentNs := false
+
 		ns := secretRef.Namespace
 		if ns == "" {
 			ns = parentNamespace
+			usingParentNs = true
 		}
 
 		secret = &corev1.Secret{}
 
 		err = client.Get(context.TODO(), types.NamespacedName{Namespace: ns, Name: secretRef.Name}, secret)
 		if err != nil {
-			return nil, err
-		}
+			if !usingParentNs && errors.IsNotFound(err) {
+				// Now try to find the secret in subscription namespace
+				err = client.Get(context.TODO(), types.NamespacedName{Namespace: parentNamespace, Name: secretRef.Name}, secret)
+
+				if err != nil {
+					return nil, err
+				}
 
-		klog.V(5).Info("Secret found ", "Name: ", secretRef.Name, " on namespace: ", ns)
+				klog.Info("Secret found ", "Name: ", secretRef.Name, " in namespace: ", parentNamespace)
+			} else {
+				return nil, err
+			}
+		} else {
+			klog.Info("Secret found ", "Name: ", secretRef.Name, " in namespace: ", ns)
+		}
 	} else {
 		klog.V(5).Info("No secret defined at ", "parentNamespace", parentNamespace)
 	}