fetch and delete token command line

Signed-off-by: Bangqi Zhu <[email protected]>
antrea-io · Sep 29, 2022 · 6fbe1dc · 6fbe1dc
1 parent 0d98ab1
commit 6fbe1dc
Show file tree

Hide file tree

Showing 9 changed files with 700 additions and 0 deletions.
diff --git a/join.yml b/join.yml
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+data:
+  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1Ea3lPREl4TXpNMU9Wb1hEVE15TURreU5USXhNek0xT1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0hICjdlcVZpL3NLNzRHU2txLzZmeHh1RVEvYi9TZ21ZM3Q0T1NYcWJ4Y2NRN0hoaWxPSHp6Yk9RVGpYd2JrWmpqUWsKWC8rbVFOSDIzNjNuTXo1MUlmOFphV1kwMENCaU1iYUI5QnJWMDVscU9kdi8yVjc5YVI0SER2TlpQSzBVVDM3VgpJamUxSGRTZXZIbHRxZ0k2VmVBQ0xCMjBwem9ZZmZNdzlrd2QrTnF0NGRTVXpPSFRIZUNMMTh1cXAxVkhDeFYwCkdhNnVudmZhOU1nb1d1aWcyYVh4Q250b3hEYWNVL0Uvdk5lZW9nM1R3SXpQZ2lwS3RSbjJYZ2xOSHkvNjZub0QKVzFkckRZV2hiancrQUpVb2lxdjUwU0QyM2FqNTRnTGZ3b2FnWUxSOE85VWdSZ0M2YVBseWFpaHgxd3VYU0NhZgpXODJ4MXpLRW9wbGQyOWhFV1MwQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZLYm5EclRMZVphaXdoRGpaeEdrOVIrZ3o2T2lNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRWVHbVVBM1hMWjRUR3BZUnVLVwp0a2ZVUGhzYlFmcGRObzFpVGNmVWFCUDE4dGdyd1NWYmRmRll1VHo2L0pnTzJLTzhCOGFpeXpwd0tseEZKYjdSCmJPOWJlUVcwNkxPN2tNbjJQN0wrUktoaytWN00vQml1S2tHN3ZjRElwMVZBMkh2S3VBdVZsZGJETkxRdytpWVgKRlRIdDBMdGQwNFZtOHZ5WE9ZVFFFYXBYa0RiSkFvYmlJcHFPU3JTcEo3K3k0OW5xTU8wOWF1djZlYkliZWhmbAp4N0hadTVYRjJEZ2hqUTcrcnNCcjJuYmRQbFdMZkp4NTZGeGNFUkozYWZRc3g4YzJxelNvY1E2eDc5Y2RwRHZxCmkvWVJUMHozaWp1QUkya0JhS2p3WUpMbk9waDMxSDdMekgrSFdBalo0LzNNWHJsK1pZb3hyUjhQL0tWeThJMHYKS3M0PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+  namespace: ZGVmYXVsdA==
+  token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNkluVTVibE5WWms5TFJteHRRV1ZrWDBWc1pqazFOMVo0ZEY5SlRqbDBRelpCVURkQlNuQm1VMWRrTkZFaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUprWldaaGRXeDBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbVJsWm1GMWJIUXRiV1Z0WW1WeUxYUnZhMlZ1SWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaWEoyYVdObExXRmpZMjkxYm5RdWJtRnRaU0k2SW1SbFptRjFiSFF0YldWdFltVnlMWFJ2YTJWdUlpd2lhM1ZpWlhKdVpYUmxjeTVwYnk5elpYSjJhV05sWVdOamIzVnVkQzl6WlhKMmFXTmxMV0ZqWTI5MWJuUXVkV2xrSWpvaU5qRTVZakF4TldVdFkySm1OUzAwWTJabExUazVOVFF0WW1VMk16ZG1ZVFZrTjJRMElpd2ljM1ZpSWpvaWMzbHpkR1Z0T25ObGNuWnBZMlZoWTJOdmRXNTBPbVJsWm1GMWJIUTZaR1ZtWVhWc2RDMXRaVzFpWlhJdGRHOXJaVzRpZlEuTXY2R0N4OHdZLUZWNi05OEFJSVkzQkNUTmI4Z0Ztckp6Y3JYVlh5SWdrVi02cnc3V3RocWxxM3YzRkMyOWN4b3NsT0NUU2EzOGFRN3VJdk0wenNqd18wWGt2eXRrQmdYaGJNUUIzMFljc1JWZlF0VXdvRy1aZ1QySlU2WWIyUkxlTkhqX2Mxc2hhUzE1dkRtYU41NEZYZnZ0SXBybEo5aVBzSkVDUVY5aW5FdFdjUnd3NTJianA4MGRkRVhIdFNXdHdoakU4eFJJQkJrTE93SEQweDhONU9IQVcxZW1jc0lRdHByZDFUSEF2OC1aLXBiVF9lTlZOV0FTcWxSN0pGUWZ0dm9kTVM3YjhScnVJdzVhSVZyd2FIcHI4czItWXdIMWVGMW1QMnE0dnRHSjg5TFBiMkJsR0FSaHlHalJBWW1LQ09pSE1WU1JnU3F2Y1drV3hub1FR
+kind: Secret
+metadata:
+  creationTimestamp: null
+  name: default-member-token
+type: Opaque
diff --git a/pkg/antctl/antctl.go b/pkg/antctl/antctl.go
@@ -633,6 +633,12 @@ $ antctl get podmulticaststats pod -n namespace`,
 			supportController: false,
 			commandGroup:      mc,
 		},
+		{
+			cobraCommand:      multicluster.DeleteCmd,
+			supportAgent:      false,
+			supportController: false,
+			commandGroup:      mc,
+		},
 		{
 			cobraCommand:          set.SetCmd,
 			supportAgent:          false,

diff --git a/pkg/antctl/raw/multicluster/commands.go b/pkg/antctl/raw/multicluster/commands.go
@@ -18,6 +18,7 @@ import (
 	"github.com/spf13/cobra"
 
 	"antrea.io/antrea/pkg/antctl/raw/multicluster/create"
+	"antrea.io/antrea/pkg/antctl/raw/multicluster/delete"
 	"antrea.io/antrea/pkg/antctl/raw/multicluster/deploy"
 	"antrea.io/antrea/pkg/antctl/raw/multicluster/get"
 )
@@ -36,6 +37,10 @@ var DeployCmd = &cobra.Command{
 	Use:   "deploy",
 	Short: "Deploy Antrea Multi-cluster Controller to a leader or member cluster",
 }
+var DeleteCmd = &cobra.Command{
+	Use:   "delete",
+	Short: "Delete multi-cluster resources",
+}
 
 var JoinCmd = NewJoinCommand()
 var LeaveCmd = NewLeaveCommand()
@@ -46,7 +51,9 @@ func init() {
 	GetCmd.AddCommand(get.NewClusterSetCommand())
 	GetCmd.AddCommand(get.NewResourceImportCommand())
 	GetCmd.AddCommand(get.NewResourceExportCommand())
+	GetCmd.AddCommand(get.NewTokenCommand())
 	CreateCmd.AddCommand(create.NewAccessTokenCmd())
 	DeployCmd.AddCommand(deploy.NewLeaderClusterCmd())
 	DeployCmd.AddCommand(deploy.NewMemberClusterCmd())
+	DeleteCmd.AddCommand(delete.DeleteTokenCmd())
 }
diff --git a/pkg/antctl/raw/multicluster/common/common.go b/pkg/antctl/raw/multicluster/common/common.go
@@ -34,6 +34,7 @@ import (
 
 	multiclusterv1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1"
 	multiclusterv1alpha2 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha2"
+	"antrea.io/antrea/pkg/antctl/output"
 	"antrea.io/antrea/pkg/antctl/raw"
 	multiclusterscheme "antrea.io/antrea/pkg/antctl/raw/multicluster/scheme"
 )
@@ -303,6 +304,100 @@ func CreateMemberToken(cmd *cobra.Command, k8sClient client.Client, name string,
 	return nil
 }
 
+func GetMemberToken(cmd *cobra.Command, k8sClient client.Client, name string, namespace string, file *os.File) error {
+	secret := &corev1.Secret{}
+	if err := k8sClient.Get(context.TODO(), types.NamespacedName{Name: name, Namespace: namespace}, secret); err != nil {
+		return err
+	}
+
+	if secret.Annotations[CreateByAntctlAnnotation] == "true" {
+		s := &corev1.Secret{
+			TypeMeta: metav1.TypeMeta{
+				APIVersion: "v1",
+				Kind:       "Secret",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name: name,
+			},
+			Data: secret.Data,
+			Type: corev1.SecretTypeOpaque,
+		}
+		if file != nil {
+			b, err := yaml.Marshal(s)
+			if err != nil {
+				return err
+			}
+			if _, err := file.Write([]byte("---\n")); err != nil {
+				return err
+			}
+			if _, err := file.Write(b); err != nil {
+				return err
+			}
+			fmt.Fprintf(cmd.OutOrStdout(), "Member token saved to %s\n", file.Name())
+		} else {
+			output.YamlOutput(s, cmd.OutOrStdout())
+		}
+	}
+
+	return nil
+}
+
+func DeleteMemberToken(cmd *cobra.Command, k8sClient client.Client, name string, namespace string) error {
+	secret := &corev1.Secret{}
+	getErr := k8sClient.Get(context.TODO(), types.NamespacedName{Namespace: namespace, Name: name}, secret)
+	if getErr != nil {
+		fmt.Fprintf(cmd.OutOrStderr(), "Failed to find Secret \"%s\", error: %s\n", name, getErr)
+	}
+	if secret.Annotations[CreateByAntctlAnnotation] == "true" {
+		deleteErr := k8sClient.Delete(context.TODO(), &corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Namespace: namespace,
+				Name:      name,
+			}}, &client.DeleteOptions{})
+		if deleteErr != nil {
+			fmt.Fprintf(cmd.OutOrStderr(), "Failed to delete Secret \"%s\", error: %s\n", name, deleteErr)
+		}
+	}
+
+	roleBinding := &rbacv1.RoleBinding{}
+	getErr = k8sClient.Get(context.TODO(), types.NamespacedName{Namespace: namespace, Name: name}, roleBinding)
+	if getErr != nil {
+		fmt.Fprintf(cmd.OutOrStderr(), "Failed to find RoleBinding \"%s\", error: %s\n", name, getErr)
+	}
+	if roleBinding.Annotations[CreateByAntctlAnnotation] == "true" {
+		deleteErr := k8sClient.Delete(context.TODO(), &rbacv1.RoleBinding{
+			ObjectMeta: metav1.ObjectMeta{
+				Namespace: namespace,
+				Name:      name,
+			}}, &client.DeleteOptions{})
+
+		if deleteErr != nil {
+			fmt.Fprintf(cmd.OutOrStderr(), "Failed to delete RoleBinding \"%s\", error: %s\n", name, deleteErr)
+		}
+	}
+
+	serviceAccount := &corev1.ServiceAccount{}
+	getErr = k8sClient.Get(context.TODO(), types.NamespacedName{Namespace: namespace, Name: name}, serviceAccount)
+	if getErr != nil {
+		fmt.Fprintf(cmd.OutOrStderr(), "Failed to find ServiceAccount \"%s\", error: %s\n", name, getErr)
+	}
+	if serviceAccount.Annotations[CreateByAntctlAnnotation] == "true" {
+		deleteErr := k8sClient.Delete(context.TODO(), &corev1.ServiceAccount{
+			ObjectMeta: metav1.ObjectMeta{
+				Namespace: namespace,
+				Name:      name,
+				Annotations: map[string]string{
+					CreateByAntctlAnnotation: "true",
+				}}}, &client.DeleteOptions{})
+
+		if deleteErr != nil {
+			fmt.Fprintf(cmd.OutOrStderr(), "Failed to delete ServiceAccount \"%s\", error: %s\n", name, deleteErr)
+		}
+	}
+
+	return nil
+}
+
 func waitForSecretReady(client client.Client, secretName string, namespace string) error {
 	return wait.PollImmediate(
 		1*time.Second,

diff --git a/pkg/antctl/raw/multicluster/common/common_test.go b/pkg/antctl/raw/multicluster/common/common_test.go
@@ -429,3 +429,169 @@ func TestCreateMemberToken(t *testing.T) {
 		})
 	}
 }
+
+func TestDeleteMemberToken(t *testing.T) {
+	secretContent := []byte(`apiVersion: v1
+kind: Secret
+metadata:
+  name: default-member-token
+data:
+  ca.crt: YWJjZAo=
+  namespace: ZGVmYXVsdAo=
+  token: YWJjZAo=
+type: Opaque`)
+	existingSecret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "default",
+			Name:      "default-member-token",
+			Annotations: map[string]string{
+				CreateByAntctlAnnotation: "true",
+			},
+		},
+		Data: map[string][]byte{"token": secretContent},
+	}
+
+	existingSecret1 := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "default",
+			Name:      "default-member-token-1",
+			Annotations: map[string]string{
+				CreateByAntctlAnnotation: "true",
+			},
+		},
+		Data: map[string][]byte{"token": secretContent},
+	}
+
+	existingRolebinding := &rbacv1.RoleBinding{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "default",
+			Name:      "default-member-token",
+			Annotations: map[string]string{
+				CreateByAntctlAnnotation: "true",
+			},
+		},
+	}
+
+	existingRolebinding1 := &rbacv1.RoleBinding{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "default",
+			Name:      "default-member-token-notexist",
+			Annotations: map[string]string{
+				CreateByAntctlAnnotation: "true",
+			},
+		},
+	}
+
+	existingServiceAccount := &corev1.ServiceAccount{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "default",
+			Name:      "default-member-token",
+			Annotations: map[string]string{
+				CreateByAntctlAnnotation: "true",
+			},
+		},
+	}
+
+	existingServiceAccount1 := &corev1.ServiceAccount{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "default",
+			Name:      "default-member-token-notexist",
+			Annotations: map[string]string{
+				CreateByAntctlAnnotation: "true",
+			},
+		},
+	}
+
+	tests := []struct {
+		name                 string
+		namespace            string
+		tokeName             string
+		serviceAccount       *corev1.ServiceAccount
+		rolebinding          *rbacv1.RoleBinding
+		secret               *corev1.Secret
+		numsOfServiceAccount int
+		numsOfRolebinding    int
+		numsOfSecret         int
+		expectedOutput       string
+	}{
+		{
+			name:                 "delete successfully",
+			tokeName:             "default-member-token",
+			namespace:            "default",
+			secret:               existingSecret,
+			rolebinding:          existingRolebinding,
+			serviceAccount:       existingServiceAccount,
+			numsOfServiceAccount: 0,
+			numsOfRolebinding:    0,
+			numsOfSecret:         0,
+			expectedOutput:       "",
+		},
+		{
+			name:                 "failed to delete because of wrong secret name",
+			tokeName:             "default-member-token",
+			namespace:            "default",
+			secret:               existingSecret1,
+			rolebinding:          existingRolebinding,
+			serviceAccount:       existingServiceAccount,
+			numsOfSecret:         1,
+			numsOfRolebinding:    0,
+			numsOfServiceAccount: 0,
+			expectedOutput:       "Failed to find Secret",
+		},
+		{
+			name:                 "failed to delete because of wrong rolebinding name",
+			tokeName:             "default-member-token",
+			namespace:            "default",
+			secret:               existingSecret,
+			rolebinding:          existingRolebinding1,
+			serviceAccount:       existingServiceAccount,
+			numsOfSecret:         0,
+			numsOfRolebinding:    1,
+			numsOfServiceAccount: 0,
+			expectedOutput:       "Failed to find RoleBinding",
+		},
+		{
+			name:                 "failed to delete because of wrong serviceaccount name",
+			tokeName:             "default-member-token",
+			namespace:            "default",
+			secret:               existingSecret,
+			rolebinding:          existingRolebinding,
+			serviceAccount:       existingServiceAccount1,
+			numsOfSecret:         0,
+			numsOfRolebinding:    0,
+			numsOfServiceAccount: 1,
+			expectedOutput:       "Failed to find ServiceAccount",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			cmd := &cobra.Command{}
+			fakeClient := fake.NewClientBuilder().WithScheme(multiclusterscheme.Scheme).WithObjects(tt.secret, tt.rolebinding, tt.serviceAccount).Build()
+			buf := new(bytes.Buffer)
+			cmd.SetOutput(buf)
+			cmd.SetOut(buf)
+			cmd.SetErr(buf)
+
+			err := DeleteMemberToken(cmd, fakeClient, tt.tokeName, tt.namespace)
+
+			if err != nil {
+				log.Fatal(err)
+			}
+			if tt.name == "delete successfully" {
+				assert.Equal(t, tt.expectedOutput, buf.String())
+			} else {
+				assert.Contains(t, buf.String(), tt.expectedOutput)
+			}
+			remainSecrets := &corev1.SecretList{}
+			fakeClient.List(context.Background(), remainSecrets, &client.ListOptions{})
+			assert.Equal(t, tt.numsOfSecret, len(remainSecrets.Items))
+			remainRoleBinding := &rbacv1.RoleBindingList{}
+			fakeClient.List(context.Background(), remainRoleBinding, &client.ListOptions{})
+			assert.Equal(t, tt.numsOfRolebinding, len(remainRoleBinding.Items))
+			remainServiceAccount := &corev1.ServiceAccountList{}
+			fakeClient.List(context.Background(), remainServiceAccount, &client.ListOptions{})
+			assert.Equal(t, tt.numsOfServiceAccount, len(remainServiceAccount.Items))
+		})
+	}
+}