Skip to content

Commit

Permalink
Fix a bug where certificate generation took sometime
Browse files Browse the repository at this point in the history
In the cases where `status.certificate` field took sometime
to get populated, because of reasons for example the core
controllers were not ready, we got the empty certificate.
This commit waits to get the certificate field genereated.
  • Loading branch information
viveksinghggits committed Mar 6, 2022
1 parent 4c58f97 commit 25d74b8
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 1 deletion.
20 changes: 20 additions & 0 deletions pkg/allow/allow.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,18 @@ import (
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
apirand "k8s.io/apimachinery/pkg/util/rand"
"k8s.io/apimachinery/pkg/util/wait"
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"

"github.com/viveksinghggits/akcess/pkg/kube"
"github.com/viveksinghggits/akcess/pkg/utils"
)

var (
certificateWaitTimeout = 30 * time.Second
certificateWaitPollInternval = 1 * time.Second
)

func Access(o *utils.AllowOptions, id uuid.UUID) error {
commonName := fmt.Sprintf("%s-%s", utils.Name, apirand.String(5))

Expand Down Expand Up @@ -78,6 +84,20 @@ func Access(o *utils.AllowOptions, id uuid.UUID) error {
return errors.Wrap(err, "Approving CertificateSigningRequest")
}

// wait for certificate field to be generated in CSR's status.certificate field
err = wait.Poll(certificateWaitPollInternval, certificateWaitTimeout, func() (done bool, err error) {
csr, err := k.KubeClient.CertificatesV1().CertificateSigningRequests().Get(ctx, c.Name, metav1.GetOptions{})
if string(csr.Status.Certificate) != "" {
return true, nil
}

return false, nil
})

if err != nil {
return errors.Wrap(err, "waiting for CSR certificate to be generated")
}

// create role and rolebinding
r, err := kube.RoleObject(o, id)
if err != nil {
Expand Down
3 changes: 2 additions & 1 deletion pkg/kube/kube.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/rand"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
Expand Down Expand Up @@ -93,7 +94,7 @@ func CSRObject(csr []byte, duration int32, id uuid.UUID) *v1.CertificateSigningR
durationSeconds := duration * 60
csrObject := &v1.CertificateSigningRequest{
ObjectMeta: metav1.ObjectMeta{
GenerateName: fmt.Sprintf("%s-", utils.Name),
Name: fmt.Sprintf("%s-%s", utils.Name, rand.String(5)),
Annotations: map[string]string{
utils.ResourceAnnotationKey: id.String(),
},
Expand Down

0 comments on commit 25d74b8

Please sign in to comment.