fix up the cronjob to actually check the right labels for builds, adj…

…ust tests
uselagoon · May 10, 2021 · edecf0c · edecf0c
1 parent d371a64
commit edecf0c
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 9 deletions.
diff --git a/controller-test.sh b/controller-test.sh
@@ -43,8 +43,8 @@ check_controller_log_build () {
 
 tear_down () {
     echo "============= TEAR DOWN ============="
-    echo "==> Get pvc"
-    kubectl get pvc --all-namespaces
+    # echo "==> Get pvc"
+    # kubectl get pvc --all-namespaces
     echo "==> Get pods"
     kubectl get pods --all-namespaces
     echo "==> Remove cluster"
@@ -309,20 +309,20 @@ echo "==> Check robot credential rotation worked"
 CHECK_COUNTER=1
 until $(kubectl logs $(kubectl get pods  -n ${CONTROLLER_NAMESPACE} --no-headers | awk '{print $1}') -c manager -n ${CONTROLLER_NAMESPACE} | grep -q "Robot credentials rotated for")
 do
-if [ $CHECK_COUNTER -lt 14 ]; then
+if [ $CHECK_COUNTER -lt 20 ]; then
     let CHECK_COUNTER=CHECK_COUNTER+1
     echo "Credentials not rotated yet"
     sleep 5
 else
-    echo "Timeout of 70seconds for robot credential rotation check"
+    echo "Timeout of 100seconds for robot credential rotation check"
     check_controller_log
     tear_down
     echo "================ END ================"
     echo "============== FAILED ==============="
     exit 1
 fi
 done
-kubectl logs $(kubectl get pods  -n ${CONTROLLER_NAMESPACE} --no-headers | awk '{print $1}') -c manager -n ${CONTROLLER_NAMESPACE} | grep -q "handlers.RotateRobotCredentials"
+kubectl logs $(kubectl get pods  -n ${CONTROLLER_NAMESPACE} --no-headers | awk '{print $1}') -c manager -n ${CONTROLLER_NAMESPACE} | grep "handlers.RotateRobotCredentials"
 
 check_controller_log
 tear_down

diff --git a/controllers/lagoon_harborintegration.go b/controllers/lagoon_harborintegration.go
@@ -269,12 +269,13 @@ func (h *Harbor) RotateRobotCredentials(ctx context.Context, cl client.Client) {
 	// go over every namespace that has a lagoon.sh label
 	// and attempt to create and update the robot account credentials as requred.
 	for _, ns := range namespaces.Items {
+		opLog.Info(fmt.Sprintf("Checking if %s needs robot credentials rotated", ns.ObjectMeta.Name))
 		// check for running builds!
 		lagoonBuilds := &lagoonv1alpha1.LagoonBuildList{}
 		listOption := (&client.ListOptions{}).ApplyOptions([]client.ListOption{
 			client.InNamespace(ns.ObjectMeta.Name),
 			client.MatchingLabels(map[string]string{
-				"lagoon.sh/jobType":    "build",
+				// "lagoon.sh/jobType":    "build",
 				"lagoon.sh/controller": h.ControllerNamespace, // created by this controller
 			}),
 		})
@@ -289,13 +290,12 @@ func (h *Harbor) RotateRobotCredentials(ctx context.Context, cl client.Client) {
 		// if there are any builds pending or running, don't try and refresh the credentials as this
 		// could break the build
 		if len(lagoonBuilds.Items) > 0 {
-			if lagoonBuilds.Items[0].Annotations["lagoon.sh/buildStatus"] == "Running" || lagoonBuilds.Items[0].Annotations["lagoon.sh/buildStatus"] == "Pending" {
+			if lagoonBuilds.Items[0].Labels["lagoon.sh/buildStatus"] == "Running" || lagoonBuilds.Items[0].Labels["lagoon.sh/buildStatus"] == "Pending" {
 				runningBuilds = true
 			}
 		}
 		if !runningBuilds {
 			// only continue if there isn't any running builds
-			opLog.Info(fmt.Sprintf("Checking if %s needs robot credentials rotated", ns.ObjectMeta.Name))
 			hProject, err := h.CreateProject(ctx, ns.Labels["lagoon.sh/project"])
 			if err != nil {
 				opLog.Error(err, "error getting or creating project")
@@ -319,6 +319,8 @@ func (h *Harbor) RotateRobotCredentials(ctx context.Context, cl client.Client) {
 				}
 				opLog.Info(fmt.Sprintf("Robot credentials rotated for %s", ns.ObjectMeta.Name))
 			}
+		} else {
+			opLog.Info(fmt.Sprintf("There are running or pending builds in %s, skipping", ns.ObjectMeta.Name))
 		}
 	}
 }

diff --git a/main.go b/main.go
@@ -215,7 +215,7 @@ func main() {
 	flag.StringVar(&harborRotateInterval, "harbor-rotate-interval", "30d",
 		"The number of days or hours (eg 24h or 30d) to force refresh if required.")
 	flag.StringVar(&harborRobotAccountExpiry, "harbor-robot-account-expiry", "30d",
-		"The number of days or hours (eg 24h or 30d) to force refresh if required.")
+		"The number of days or hours (eg 24h or 30d) to set for new robot account expiration.")
 	flag.StringVar(&harborCredentialCron, "harbor-credential-cron", "0 1 * * *",
 		"Cron definition for how often to run harbor credential rotations")
 	flag.BoolVar(&harborWebhookAdditionEnabled, "harbor-webhook-addition-enabled", false,