Fixes for restoring OIDC and CRBs

kyma-project · Jan 7, 2025 · 3be3e0c · 3be3e0c
1 parent 1eb5d55
commit 3be3e0c
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 14 deletions.
diff --git a/hack/runtime-migrator/cmd/restore/restore.go b/hack/runtime-migrator/cmd/restore/restore.go
@@ -96,12 +96,12 @@ func (r Restore) Do(ctx context.Context, runtimeIDs []string) error {
 			continue
 		}
 
-		if currentShoot.Generation > objectsToRestore.OriginalShoot.Generation+1 {
-			slog.Warn("Verify the current state of the system. Restore should be performed manually, as the backup may overwrite more that on change.", "runtimeID", runtimeID)
-			r.results.AutomaticRestoreImpossible(runtimeID, currentShoot.Name)
-
-			continue
-		}
+		//if currentShoot.Generation > objectsToRestore.OriginalShoot.Generation+1 {
+		//	slog.Warn("Verify the current state of the system. Restore should be performed manually, as the backup may overwrite more that on change.", "runtimeID", runtimeID)
+		//	r.results.AutomaticRestoreImpossible(runtimeID, currentShoot.Name)
+		//
+		//	continue
+		//}
 
 		if r.cfg.IsDryRun {
 			slog.Info("Runtime processed successfully (dry-run)", "runtimeID", runtimeID)
@@ -176,7 +176,7 @@ func (r Restore) applyCRBs(ctx context.Context, clusterClient client.Client, crb
 			Name:      crb.Name,
 			Namespace: crb.Namespace,
 		}
-		applied, err := applyIfDoesntExist[*v12.ClusterRoleBinding](ctx, key, &crb, clusterClient)
+		applied, err := applyCRBIfDoesntExist(ctx, key, &crb, clusterClient)
 		if err != nil {
 			return nil, err
 		}
@@ -197,7 +197,7 @@ func (r Restore) applyOIDC(ctx context.Context, clusterClient client.Client, oid
 			Name:      oidc.Name,
 			Namespace: oidc.Namespace,
 		}
-		applied, err := applyIfDoesntExist[*authenticationv1alpha1.OpenIDConnect](ctx, key, &oidc, clusterClient)
+		applied, err := applyOIDCIfDoesntExist(ctx, key, &oidc, clusterClient)
 		if err != nil {
 			return nil, err
 		}
@@ -210,13 +210,13 @@ func (r Restore) applyOIDC(ctx context.Context, clusterClient client.Client, oid
 	return appliedOIDCs, nil
 }
 
-func applyIfDoesntExist[T client.Object](ctx context.Context, key client.ObjectKey, object T, clusterClient client.Client) (bool, error) {
+func applyCRBIfDoesntExist(ctx context.Context, key client.ObjectKey, object *v12.ClusterRoleBinding, clusterClient client.Client) (bool, error) {
 	getCtx, cancelGet := context.WithTimeout(ctx, timeoutK8sOperation)
 	defer cancelGet()
 
-	var existentObject T
+	var existingObject v12.ClusterRoleBinding
 
-	err := clusterClient.Get(getCtx, key, existentObject, &client.GetOptions{})
+	err := clusterClient.Get(getCtx, key, &existingObject, &client.GetOptions{})
 	if err == nil {
 		return false, nil
 	}
@@ -230,3 +230,24 @@ func applyIfDoesntExist[T client.Object](ctx context.Context, key client.ObjectK
 
 	return true, clusterClient.Create(createCtx, object, &client.CreateOptions{})
 }
+
+func applyOIDCIfDoesntExist(ctx context.Context, key client.ObjectKey, object *authenticationv1alpha1.OpenIDConnect, clusterClient client.Client) (bool, error) {
+	getCtx, cancelGet := context.WithTimeout(ctx, timeoutK8sOperation)
+	defer cancelGet()
+
+	var existingObject authenticationv1alpha1.OpenIDConnect
+
+	err := clusterClient.Get(getCtx, key, &existingObject, &client.GetOptions{})
+	if err == nil {
+		return false, nil
+	}
+	slog.Error(err.Error())
+	if err != nil && !errors.IsNotFound(err) {
+		return false, err
+	}
+
+	createCtx, cancelCreate := context.WithTimeout(ctx, timeoutK8sOperation)
+	defer cancelCreate()
+
+	return true, clusterClient.Create(createCtx, object, &client.CreateOptions{})
+}
diff --git a/hack/runtime-migrator/internal/restore/restorer.go b/hack/runtime-migrator/internal/restore/restorer.go
@@ -44,6 +44,11 @@ func (r Restorer) Do(runtimeID string, shootName string) (backup.RuntimeBackup,
 		if err != nil {
 			return backup.RuntimeBackup{}, err
 		}
+
+		for i := 0; i < len(crbs); i++ {
+			crbs[i].Generation = 0
+			crbs[i].ResourceVersion = ""
+		}
 	}
 
 	var oidcConfig []authenticationv1alpha1.OpenIDConnect
@@ -54,6 +59,11 @@ func (r Restorer) Do(runtimeID string, shootName string) (backup.RuntimeBackup,
 		if err != nil {
 			return backup.RuntimeBackup{}, err
 		}
+
+		for i := 0; i < len(oidcConfig); i++ {
+			oidcConfig[i].Generation = 0
+			oidcConfig[i].ResourceVersion = ""
+		}
 	}
 
 	return backup.RuntimeBackup{

diff --git a/hack/runtime-migrator/internal/restore/results.go b/hack/runtime-migrator/internal/restore/results.go
@@ -1,7 +1,6 @@
 package restore
 
 import (
-	"fmt"
 	authenticationv1alpha1 "github.com/gardener/oidc-webhook-authenticator/apis/authentication/v1alpha1"
 	v12 "k8s.io/api/rbac/v1"
 )
@@ -56,12 +55,12 @@ func (rr *Results) OperationSucceeded(runtimeID string, shootName string, applie
 
 	appliedCRBsString := make([]string, 0)
 	for _, crb := range appliedCRBs {
-		appliedCRBsString = append(appliedCRBsString, fmt.Sprintf("%s:%s", crb.Namespace, crb.Name))
+		appliedCRBsString = append(appliedCRBsString, crb.Name)
 	}
 
 	appliedOIDCsString := make([]string, 0)
 	for _, oidc := range appliedOIDCs {
-		appliedOIDCsString = append(appliedOIDCsString, fmt.Sprintf("%s:%s", oidc.Namespace, oidc.Name))
+		appliedOIDCsString = append(appliedOIDCsString, oidc.Name)
 	}
 
 	result := RuntimeResult{