Merge pull request #318 from wshearn/rotatefixes

[OSD-12879] Some minor fixes related to the previous changes

cmd/account/rotate-secret.go

@@ -15,7 +15,6 @@ import (
 	hiveinternalv1alpha1 "github.com/openshift/hive/apis/hiveinternal/v1alpha1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/utils/pointer"
 
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
@@ -219,9 +218,6 @@ func (o *rotateSecretOptions) run() error {
 		"aws_secret_access_key": []byte(*createAccessKeyOutput.AccessKey.SecretAccessKey),
 	}
 
-	// Escalte to backplane cluster admin
-	o.flags.Impersonate = pointer.StringPtr("backplane-cluster-admin")
-
 	// Update existing osdManagedAdmin secret
 	err = common.UpdateSecret(o.kubeCli, o.accountCRName+"-secret", common.AWSAccountNamespace, newOsdManagedAdminSecretData)
 	if err != nil {
@@ -234,6 +230,23 @@ func (o *rotateSecretOptions) run() error {
 		return err
 	}
 
+	fmt.Println("AWS creds updated on hive.")
+
+	clusterDeployments := &hiveapiv1.ClusterDeploymentList{}
+	listOpts := []client.ListOption{
+		client.InNamespace(account.Spec.ClaimLinkNamespace),
+	}
+
+	err = o.kubeCli.List(ctx, clusterDeployments, listOpts...)
+	if err != nil {
+		return err
+	}
+
+	if len(clusterDeployments.Items) == 0 {
+		return fmt.Errorf("failed to retreive cluster deployments")
+	}
+	cdName := clusterDeployments.Items[0].ObjectMeta.Name
+
 	// Create syncset to deploy the updated creds to the cluster for CCO
 	syncSetName := "aws-sync"
 	syncSet := &hiveapiv1.SyncSet{
@@ -242,6 +255,11 @@ func (o *rotateSecretOptions) run() error {
 			Namespace: account.Spec.ClaimLinkNamespace,
 		},
 		Spec: hiveapiv1.SyncSetSpec{
+			ClusterDeploymentRefs: []corev1.LocalObjectReference{
+				{
+					Name: cdName,
+				},
+			},
 			SyncSetCommonSpec: hiveapiv1.SyncSetCommonSpec{
 				ResourceApplyMode: "Upsert",
 				Secrets: []hiveapiv1.SecretMapping{
@@ -258,40 +276,29 @@ func (o *rotateSecretOptions) run() error {
 			},
 		},
 	}
+	fmt.Println("Syncing AWS creds down to cluster.")
 	err = o.kubeCli.Create(ctx, syncSet)
 	if err != nil {
 		return err
 	}
 
-	clusterDeployments := &hiveapiv1.ClusterDeploymentList{}
-	listOpts := []client.ListOption{
-		client.InNamespace(account.Spec.ClaimLinkNamespace),
-	}
-
-	err = o.kubeCli.List(ctx, clusterDeployments, listOpts...)
-	if err != nil {
-		return err
-	}
-
-	if len(clusterDeployments.Items) == 0 {
-		return fmt.Errorf("failed to retreive cluster deployments")
-	}
-	cdName := clusterDeployments.Items[0].ObjectMeta.Name
-
-	syncStatus := &hiveinternalv1alpha1.ClusterSync{
+	fmt.Printf("Watching Cluster Sync Status for deployment...")
+	hiveinternalv1alpha1.AddToScheme(o.kubeCli.Scheme())
+	searchStatus := &hiveinternalv1alpha1.ClusterSync{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      cdName,
 			Namespace: account.Spec.ClaimLinkNamespace,
 		},
 	}
-
-	fmt.Printf("Watching Cluster Sync Status for deployment...")
-
+	foundStatus := &hiveinternalv1alpha1.ClusterSync{}
 	isSSSynced := false
-	for i := 0; i < 5; i++ {
-		o.kubeCli.Get(ctx, client.ObjectKeyFromObject(syncStatus), syncStatus)
+	for i := 0; i < 6; i++ {
+		err = o.kubeCli.Get(ctx, client.ObjectKeyFromObject(searchStatus), foundStatus)
+		if err != nil {
+			return err
+		}
 
-		for _, status := range syncStatus.Status.SyncSets {
+		for _, status := range foundStatus.Status.SyncSets {
 			if status.Name == syncSetName {
 				if status.FirstSuccessTime != nil {
 					isSSSynced = true
@@ -301,15 +308,15 @@ func (o *rotateSecretOptions) run() error {
 		}
 
 		if isSSSynced {
-			fmt.Printf("Sync completed...")
+			fmt.Printf("\nSync completed...\n")
 			break
 		}
 
-		fmt.Printf("Sync not completed, sleeping 5 seconds and rechecking...")
+		fmt.Printf(".")
 		time.Sleep(time.Second * 5)
 	}
 	if !isSSSynced {
-		return fmt.Errorf("syncset failed to sync in 5mins. Please verify")
+		return fmt.Errorf("syncset failed to sync. Please verify")
 	}
 
 	// Clean up the SS on hive