From 08cb49439da48390b5a77dca2effe8bab3ce4ad4 Mon Sep 17 00:00:00 2001 From: Shawn Sun <32376495+ssz1997@users.noreply.github.com> Date: Sun, 11 Aug 2024 23:09:35 -0700 Subject: [PATCH] PWX-38512 Skip token refresh verification if host-pid not enabled (#1635) * skip token refresh verification if host-pid not enabled Signed-off-by: shsun_pure * validate px serviceaccount token secret created Signed-off-by: shsun_pure * update error message --------- Signed-off-by: shsun_pure Co-authored-by: shsun_pure Signed-off-by: shsun_pure --- pkg/util/test/util.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/pkg/util/test/util.go b/pkg/util/test/util.go index 8794098c4..b470e8345 100644 --- a/pkg/util/test/util.go +++ b/pkg/util/test/util.go @@ -923,6 +923,18 @@ func validatePortworxTokenRefresh(cluster *corev1.StorageCluster, timeout, inter logrus.Infof("pxVersion: %v, opVersion: 24.2.0. Skip verification because px token refresh is not supported with these versions.", pxVersion) return nil } + pidEnabled, err := strconv.ParseBool(cluster.Annotations["portworx.io/host-pid"]) + if err != nil || !pidEnabled { + pxSaSecret, err := coreops.Instance().GetSecret(pxSaTokenSecretName, cluster.Namespace) + if err != nil { + return fmt.Errorf("failed to get px serviceaccount secret [%s] in namespace [%s]. Err: %w", pxSaTokenSecretName, cluster.Namespace, err) + } + if len(pxSaSecret.Data[core.ServiceAccountTokenKey]) == 0 { + return fmt.Errorf("px serviceaccount token validation failed. Token doesn't exist or length is 0") + } + logrus.Infof("Annotation `host-pid: true` is required for verifying token refresh because we need to run command inside px runc container. Thus Skipping verification.") + return nil + } logrus.Infof("Verifying px runc container token...") // Get one Portworx pod to run commands inside the px runc container on the same node pxPods, err := coreops.Instance().GetPods(cluster.Namespace, map[string]string{"name": "portworx"})