Skip to content

Commit

Permalink
PWX-38512 Skip token refresh verification if host-pid not enabled (#1635
Browse files Browse the repository at this point in the history
)

* skip token refresh verification if host-pid not enabled

Signed-off-by: shsun_pure <shsun@purestorage.com>

* validate px serviceaccount token secret created

Signed-off-by: shsun_pure <shsun@purestorage.com>

* update error message

---------

Signed-off-by: shsun_pure <shsun@purestorage.com>
Co-authored-by: shsun_pure <shsun@purestorage.com>
Signed-off-by: shsun_pure <shsun@purestorage.com>
  • Loading branch information
ssz1997 and shsun_pure committed Aug 12, 2024
1 parent a8fb389 commit 08cb494
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions pkg/util/test/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -923,6 +923,18 @@ func validatePortworxTokenRefresh(cluster *corev1.StorageCluster, timeout, inter
logrus.Infof("pxVersion: %v, opVersion: 24.2.0. Skip verification because px token refresh is not supported with these versions.", pxVersion)
return nil
}
pidEnabled, err := strconv.ParseBool(cluster.Annotations["portworx.io/host-pid"])
if err != nil || !pidEnabled {
pxSaSecret, err := coreops.Instance().GetSecret(pxSaTokenSecretName, cluster.Namespace)
if err != nil {
return fmt.Errorf("failed to get px serviceaccount secret [%s] in namespace [%s]. Err: %w", pxSaTokenSecretName, cluster.Namespace, err)
}
if len(pxSaSecret.Data[core.ServiceAccountTokenKey]) == 0 {
return fmt.Errorf("px serviceaccount token validation failed. Token doesn't exist or length is 0")
}
logrus.Infof("Annotation `host-pid: true` is required for verifying token refresh because we need to run command inside px runc container. Thus Skipping verification.")
return nil
}
logrus.Infof("Verifying px runc container token...")
// Get one Portworx pod to run commands inside the px runc container on the same node
pxPods, err := coreops.Instance().GetPods(cluster.Namespace, map[string]string{"name": "portworx"})
Expand Down

0 comments on commit 08cb494

Please sign in to comment.