Avoid init twice and add get token

Signed-off-by: Dominique Vernier <[email protected]>

CHANGELOG.md

@@ -1,4 +1,6 @@
 [comment]: # ( Copyright Contributors to the Open Cluster Management project )
 # Release Content
 
-- Add support for non-bootstrap token enabled environment [issue 16](https://github.com/open-cluster-management-io/clusteradm/issues/16)
+- Add support for non-bootstrap token enabled environment [issue 16](https://github.com/open-cluster-management-io/clusteradm/issues/16)
+- Avoid to run the `clusteradm init` twice on the hub [issue 21](https://github.com/open-cluster-management-io/clusteradm/issues/21)
+- Add command `clusteradm get token` [issue 22](https://github.com/open-cluster-management-io/clusteradm/issues/22)

Makefile

@@ -17,14 +17,16 @@ export GOPACKAGES   = $(shell go list ./... | grep -v /vendor | grep -v /build |
 .PHONY: clean
 clean: clean-test
 	kind delete cluster --name ${PROJECT_NAME}-functional-test-hub
-	kind delete cluster --name ${PROJECT_NAME}-functional-test-spoke
+	kind delete cluster --name ${PROJECT_NAME}-functional-test-c1
+	kind delete cluster --name ${PROJECT_NAME}-functional-test-c2
 
 .PHONY: deps
 deps:
 	@$(INSTALL_DEPENDENCIES)
 
 .PHONY: build
 build: 
+	rm -f ${GOPATH}/bin/clusteradm
 	go install ./cmd/clusteradm.go
 
 .PHONY: 

VERSION.txt

@@ -1 +1 @@
-0.1.0-alpha
+0.1.0-alpha.3

build/run-functional-tests.sh

@@ -12,10 +12,110 @@ export KUBECONFIG=$TEST_DIR/tmp/kind.yaml
 rm -rf $TEST_RESULT_DIR
 mkdir -p $TEST_RESULT_DIR
 
+function init_hub() {
+   echo "init_hub 1st parameter: "$1 >&2
+   local _CMDINITRESULT=`clusteradm init $1`
+   if [ $? != 0 ]
+   then
+      ERROR_REPORT=$ERROR_REPORT+"clusteradm init failed\n"
+   fi
+   echo $_CMDINITRESULT
+}
+
+function join_hub() {
+   echo "join_hub 1st parameter: "$1 >&2
+   echo "join_hub 2nd parameter: "$2 >&2
+   local _CMDJOIN=`echo "$1" | cut -d ':' -f2-4 | cut -d '<' -f1`
+   _CMDJOIN="$_CMDJOIN $2"
+   local _CMDJOINRESULT=`$_CMDJOIN`
+   if [ $? != 0 ]
+   then
+      ERROR_REPORT=$ERROR_REPORT+"clusteradm join failed\n"
+   fi
+   echo $_CMDJOINRESULT
+}
+
+function accept_cluster() {
+   echo "accept_cluster 1st parameter: "$1 >&2
+   local _CMDACCEPT=`echo "$1" | cut -d ':' -f2`
+   _CMDACCEPT="$_CMDACCEPT"
+   local _CMDACCEPTRESULT=`$_CMDACCEPT --wait 240`
+   if [ $? != 0 ]
+   then
+      ERROR_REPORT=$ERROR_REPORT+"clusteradm accept failed\n"
+   fi
+   echo $_CMDACCEPTRESULT
+}
+
+function gettoken() {
+   local _CMDINITRESULT=`clusteradm get token`
+   if [ $? != 0 ]
+   then
+      ERROR_REPORT=$ERROR_REPORT+"clusteradm get token failed\n"
+   fi
+   echo $_CMDINITRESULT
+}
+
+function joinscenario() {
+   echo "joinscenario 1st parameter: "$1 >&2
+   echo "joinscenario 2nd parameter: "$2 >&2
+   echo "init cluster" >&2
+   kubectl config use-context kind-${CLUSTER_NAME}-hub 
+   CMDINITRESULT=$(init_hub $2)
+   echo "init command result: "$CMDINITRESULT >&2
+
+   echo "join hub" >&2
+   kubectl config use-context kind-${CLUSTER_NAME}-$1
+   CMDJOINRESULT=$(join_hub "${CMDINITRESULT}" $1)
+   echo "join command result: "$CMDJOINRESULT >&2
+
+   echo "Wait 4 min to stabilize" >&2
+
+   kubectl config use-context kind-${CLUSTER_NAME}-hub
+   CMDACCEPTRESULT=$(accept_cluster "${CMDJOINRESULT}")
+   echo $CMDACCEPTRESULT | grep approved
+   if [ $? != 0 ]
+   then
+      echo "accept command result: "$CMDACCEPTRESULT >&2
+      ERROR_REPORT=$ERROR_REPORT+"no CSR get approved\n"
+   else
+      echo "accept command result: "$CMDACCEPTRESULT >&2
+   fi
+}
+
+function gettokenscenario() {
+   echo "gettokenscenario 1st parameter: "$1 >&2
+   echo "get token from hub" >&2
+   kubectl config use-context kind-${CLUSTER_NAME}-hub 
+   CMGETTOKENRESULT=$(gettoken)
+   echo "get token command result: "$CMGETTOKENRESULT >&2
+
+   echo "join hub" >&2
+   kubectl config use-context kind-${CLUSTER_NAME}-$1
+   CMDJOINRESULT=$(join_hub "${CMGETTOKENRESULT}" $1)
+   echo "join command result: "$CMDJOINRESULT >&1
+
+   echo "Wait 4 min to stabilize" >&2
+
+   kubectl config use-context kind-${CLUSTER_NAME}-hub
+   CMDACCEPTRESULT=$(accept_cluster "${CMDJOINRESULT}")
+   echo $CMDACCEPTRESULT | grep approved
+   if [ $? != 0 ]
+   then
+      echo "accept command result: "$CMDACCEPTRESULT >&2
+      ERROR_REPORT=$ERROR_REPORT+"no CSR get approved\n"
+   else
+      echo "accept command result: "$CMDACCEPTRESULT >&2
+   fi
+}
+
+echo "With bootstrap token"
+echo "--------------------"
 export KUBECONFIG=$TEST_DIR/tmp/config.yaml
 kind create cluster --name ${CLUSTER_NAME}-hub --config $TEST_DIR/kind-config/kind119-hub.yaml
-kind create cluster --name ${CLUSTER_NAME}-spoke
+kind create cluster --name ${CLUSTER_NAME}-c1
 #Wait for cluster to setup
+echo "Sleep 10 sec"
 sleep 10
 
 echo "Test clusteradm version"
@@ -25,56 +125,38 @@ then
    ERROR_REPORT=$ERROR_REPORT+"clusteradm version failed\n"
 fi
 
-kubectl config use-context kind-${CLUSTER_NAME}-hub 
-CMDINITRESULT=`clusteradm init --use-bootstrap-token`
-if [ $? != 0 ]
-then
-   echo "init command result: "$CMDINITRESULT
-   ERROR_REPORT=$ERROR_REPORT+"clusteradm init failed\n"
-else
-   echo "init command result: "$CMDINITRESULT
-   echo $CMDINITRESULT
-fi
+echo "Joining with init and bootstrap token"
+echo "-------------------------------------"
+joinscenario c1 --use-bootstrap-token 
+kind delete cluster --name ${CLUSTER_NAME}-c1
+kind create cluster --name ${CLUSTER_NAME}-c2
+echo "Joining with get token and bootstrap token"
+echo "------------------------------------------"
+gettokenscenario c2
 
-CMDJOIN=`echo $CMDINITRESULT | cut -d ':' -f2,3,4 | cut -d '<' -f1`
-CMDJOIN="$CMDJOIN c1"
-echo "Join command: "$CMDJOIN
-kubectl config use-context kind-${CLUSTER_NAME}-spoke
-CMDJOINRESULT=`$CMDJOIN`
-if [ $? != 0 ]
-then
-   echo "join command result: " $CMDJOINRESULT
-   ERROR_REPORT=$ERROR_REPORT+"clusteradm join failed\n"
-else
-   echo "join command result: " $CMDJOINRESULT
-fi
+kind delete cluster --name ${CLUSTER_NAME}-hub
+kind delete cluster --name ${CLUSTER_NAME}-c2
 
-echo "Sleep 4 min to stabilize"
-# we need to wait 2 min but once we will have watch status monitor
-# we will not need to sleep anymore
-sleep 240
+echo "With Service account"
+echo "--------------------"
+export KUBECONFIG=$TEST_DIR/tmp/config.yaml
+kind create cluster --name ${CLUSTER_NAME}-hub --config $TEST_DIR/kind-config/kind119-hub.yaml
+kind create cluster --name ${CLUSTER_NAME}-c1
+#Wait for cluster to setup
+echo "Sleep 10 sec"
+sleep 10
 
-CMDACCEPT=`echo $CMDJOINRESULT | cut -d ':' -f2`
-CMDACCEPT="$CMDACCEPT c1"
-echo "accept command: "$CMDACCEPT
-kubectl config use-context kind-${CLUSTER_NAME}-hub
-CMDACCEPTRESULT=`$CMDACCEPT`
-if [ $? != 0 ]
-then
-   echo "accept command result: "$CMDACCEPTRESULT
-   ERROR_REPORT=$ERROR_REPORT+"clusteradm accept failed\n"
-else
-   echo "accept command result: "$CMDACCEPTRESULT
-fi
+echo "Joining with init and service account"
+echo "-------------------------------------"
+joinscenario c1
+kind delete cluster --name ${CLUSTER_NAME}-c1
+kind create cluster --name ${CLUSTER_NAME}-c2
+echo "Joining with get token and service account"
+echo "------------------------------------------"
+gettokenscenario c2
 
-echo $CMDACCEPTRESULT | grep approved
-if [ $? != 0 ]
-then
-   echo "accept command result: "$CMDACCEPTRESULT
-   ERROR_REPORT=$ERROR_REPORT+"no CSR get approved\n"
-else
-   echo "accept command result: "$CMDACCEPTRESULT
-fi
+kind delete cluster --name ${CLUSTER_NAME}-hub
+kind delete cluster --name ${CLUSTER_NAME}-c2
 
 if [ -z "$ERROR_REPORT" ]
 then
@@ -83,6 +165,3 @@ else
     echo -e "\n\nErrors\n======\n"$ERROR_REPORT
     exit 1
 fi
-
-kind delete cluster --name $CLUSTER_NAME-hub
-kind delete cluster --name $CLUSTER_NAME-spoke

cmd/clusteradm.go

@@ -18,6 +18,7 @@ import (
 	"open-cluster-management.io/clusteradm/pkg/cmd/version"
 
 	acceptclusters "open-cluster-management.io/clusteradm/pkg/cmd/accept"
+	"open-cluster-management.io/clusteradm/pkg/cmd/get"
 	inithub "open-cluster-management.io/clusteradm/pkg/cmd/init"
 	joinhub "open-cluster-management.io/clusteradm/pkg/cmd/join"
 	genericclioptionsclusteradm "open-cluster-management.io/clusteradm/pkg/genericclioptions"
@@ -63,6 +64,7 @@ func main() {
 		{
 			Message: "Registration commands:",
 			Commands: []*cobra.Command{
+				get.NewCmd(clusteradmFlags, streams),
 				inithub.NewCmd(clusteradmFlags, streams),
 				joinhub.NewCmd(clusteradmFlags, streams),
 				acceptclusters.NewCmd(clusteradmFlags, streams),

pkg/cmd/accept/exec.go

@@ -21,9 +21,11 @@ import (
 )
 
 const (
-	groupName               = "system:bootstrappers:managedcluster"
-	userNameSignaturePrefix = "system:bootstrap:"
-	clusterLabel            = "open-cluster-management.io/cluster-name"
+	groupNameBootstrap               = "system:bootstrappers:managedcluster"
+	userNameSignatureBootstrapPrefix = "system:bootstrap:"
+	userNameSignatureSA              = "system:serviceaccount:open-cluster-management:cluster-bootstrap"
+	groupNameSA                      = "system:serviceaccounts:open-cluster-management"
+	clusterLabel                     = "open-cluster-management.io/cluster-name"
 )
 
 func (o *Options) complete(cmd *cobra.Command, args []string) (err error) {
@@ -110,12 +112,14 @@ func (o *Options) approveCSR(kubeClient *kubernetes.Clientset, clusterName strin
 	var csr *certificatesv1.CertificateSigningRequest
 	for _, item := range csrs.Items {
 		//Does not have the correct name prefix
-		if !strings.HasPrefix(item.Spec.Username, userNameSignaturePrefix) {
+		if !strings.HasPrefix(item.Spec.Username, userNameSignatureBootstrapPrefix) &&
+			!strings.HasPrefix(item.Spec.Username, userNameSignatureSA) {
 			continue
 		}
 		//Check groups
 		groups := sets.NewString(item.Spec.Groups...)
-		if !groups.Has(groupName) {
+		if !groups.Has(groupNameBootstrap) &&
+			!groups.Has(groupNameSA) {
 			continue
 		}
 		//Check if already approved or denied

pkg/cmd/get/cmd.go

@@ -0,0 +1,21 @@
+// Copyright Contributors to the Open Cluster Management project
+package get
+
+import (
+	"github.com/spf13/cobra"
+	"k8s.io/cli-runtime/pkg/genericclioptions"
+	"open-cluster-management.io/clusteradm/pkg/cmd/get/token"
+	genericclioptionsclusteradm "open-cluster-management.io/clusteradm/pkg/genericclioptions"
+)
+
+// NewCmd provides a cobra command wrapping NewCmdImportCluster
+func NewCmd(clusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags, streams genericclioptions.IOStreams) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "get",
+		Short: "get a resource",
+	}
+
+	cmd.AddCommand(token.NewCmd(clusteradmFlags, streams))
+
+	return cmd
+}

pkg/cmd/get/token/cmd.go

@@ -0,0 +1,50 @@
+// Copyright Contributors to the Open Cluster Management project
+package token
+
+import (
+	"fmt"
+
+	"open-cluster-management.io/clusteradm/pkg/helpers"
+
+	"github.com/spf13/cobra"
+	"k8s.io/cli-runtime/pkg/genericclioptions"
+	genericclioptionsclusteradm "open-cluster-management.io/clusteradm/pkg/genericclioptions"
+)
+
+var example = `
+# Get the bootstrap token
+%[1]s get token
+`
+
+// NewCmd ...
+func NewCmd(clusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags, streams genericclioptions.IOStreams) *cobra.Command {
+	o := newOptions(clusteradmFlags, streams)
+
+	cmd := &cobra.Command{
+		Use:          "token",
+		Short:        "get the bootsrap token",
+		Example:      fmt.Sprintf(example, helpers.GetExampleHeader()),
+		SilenceUsage: true,
+		PreRun: func(c *cobra.Command, args []string) {
+			helpers.DryRunMessage(o.ClusteradmFlags.DryRun)
+		},
+		RunE: func(c *cobra.Command, args []string) error {
+			if err := o.complete(c, args); err != nil {
+				return err
+			}
+			if err := o.validate(); err != nil {
+				return err
+			}
+			if err := o.run(); err != nil {
+				return err
+			}
+
+			return nil
+		},
+	}
+
+	cmd.Flags().StringVar(&o.outputFile, "output-file", "", "The generated resources will be copied in the specified file")
+	cmd.Flags().BoolVar(&o.useBootstrapToken, "use-bootstrap-token", false, "If set then the boostrap token will used instead of a service account token")
+
+	return cmd
+}