From 299f69ba8642292b7bd49cad640280cceff31cff Mon Sep 17 00:00:00 2001 From: shsun_pure Date: Fri, 9 Aug 2024 18:43:19 +0000 Subject: [PATCH 1/3] skip token refresh verification if host-pid not enabled Signed-off-by: shsun_pure --- pkg/util/test/util.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/util/test/util.go b/pkg/util/test/util.go index 5b0a7fefa..026254f2c 100644 --- a/pkg/util/test/util.go +++ b/pkg/util/test/util.go @@ -1845,6 +1845,11 @@ func validatePortworxTokenRefresh(cluster *corev1.StorageCluster, timeout, inter logrus.Infof("pxVersion: %v, opVersion: %v. Skip verification because px token refresh is not supported with these versions.", pxVersion, opVersion) return nil } + pidEnabled, err := strconv.ParseBool(cluster.Annotations["portworx.io/host-pid"]) + if err != nil || !pidEnabled { + logrus.Infof("Annotation `host-pid: true` is required for verifying token refresh because we need to run command inside px runc container. Thus Skipping verification.") + return nil + } logrus.Infof("Verifying px runc container token...") // Get one Portworx pod to run commands inside the px runc container on the same node pxPods, err := coreops.Instance().GetPods(cluster.Namespace, map[string]string{"name": "portworx"}) From 96ead5e00e84f98aba42d67d79f781ec931fdba8 Mon Sep 17 00:00:00 2001 From: shsun_pure Date: Fri, 9 Aug 2024 21:43:49 +0000 Subject: [PATCH 2/3] validate px serviceaccount token secret created Signed-off-by: shsun_pure --- pkg/util/test/util.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkg/util/test/util.go b/pkg/util/test/util.go index 026254f2c..4cd69b642 100644 --- a/pkg/util/test/util.go +++ b/pkg/util/test/util.go @@ -1847,6 +1847,13 @@ func validatePortworxTokenRefresh(cluster *corev1.StorageCluster, timeout, inter } pidEnabled, err := strconv.ParseBool(cluster.Annotations["portworx.io/host-pid"]) if err != nil || !pidEnabled { + pxSaSecret, err := coreops.Instance().GetSecret(pxSaTokenSecretName, cluster.Namespace) + if err != nil { + return fmt.Errorf("px serviceaccount token validation failed. Unable to get px serviceaccount secret. Err: %w", err) + } + if len(pxSaSecret.Data[core.ServiceAccountTokenKey]) == 0 { + return fmt.Errorf("px serviceaccount token validation failed. Token doesn't exist or length is 0") + } logrus.Infof("Annotation `host-pid: true` is required for verifying token refresh because we need to run command inside px runc container. Thus Skipping verification.") return nil } From f8dc862d6bcde8de704884a372c3f150a06968f3 Mon Sep 17 00:00:00 2001 From: shsun_pure Date: Fri, 9 Aug 2024 22:13:20 +0000 Subject: [PATCH 3/3] update error message --- pkg/util/test/util.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/util/test/util.go b/pkg/util/test/util.go index 4cd69b642..644a08b0a 100644 --- a/pkg/util/test/util.go +++ b/pkg/util/test/util.go @@ -1849,7 +1849,7 @@ func validatePortworxTokenRefresh(cluster *corev1.StorageCluster, timeout, inter if err != nil || !pidEnabled { pxSaSecret, err := coreops.Instance().GetSecret(pxSaTokenSecretName, cluster.Namespace) if err != nil { - return fmt.Errorf("px serviceaccount token validation failed. Unable to get px serviceaccount secret. Err: %w", err) + return fmt.Errorf("failed to get px serviceaccount secret [%s] in namespace [%s]. Err: %w", pxSaTokenSecretName, cluster.Namespace, err) } if len(pxSaSecret.Data[core.ServiceAccountTokenKey]) == 0 { return fmt.Errorf("px serviceaccount token validation failed. Token doesn't exist or length is 0")