From ab46ef87044805b747600bef0233b308b1558565 Mon Sep 17 00:00:00 2001
From: vbadrina <vbadrina@redhat.com>
Date: Wed, 31 Jan 2024 19:37:31 +0530
Subject: [PATCH 1/2] Fetches cluster fsid through secret and not mc

This commit fixes the issue with hub recovery where the new hub cluster does not have managedcluster CRs updated due to clusterclaims
on the managed clusters being in an non updated state.

We are changing the method from looking into the MC CRs to fetching it from the rook secret synced on hub.

Signed-off-by: vbadrina <vbadrina@redhat.com>
---
 controllers/drpolicy_controller.go      | 29 ++++++++--------
 controllers/drpolicy_controller_test.go | 44 ++++++++++++++-----------
 2 files changed, 38 insertions(+), 35 deletions(-)

diff --git a/controllers/drpolicy_controller.go b/controllers/drpolicy_controller.go
index 322fb235..a1120d6f 100644
--- a/controllers/drpolicy_controller.go
+++ b/controllers/drpolicy_controller.go
@@ -23,7 +23,6 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/klog/v2"
-	clusterv1 "open-cluster-management.io/api/cluster/v1"
 	workv1 "open-cluster-management.io/api/work/v1"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
@@ -256,23 +255,23 @@ func (r *DRPolicyReconciler) createOrUpdateManifestWorkForVRC(ctx context.Contex
 }
 
 func (r *DRPolicyReconciler) fetchClusterFSIDs(ctx context.Context, peer *multiclusterv1alpha1.MirrorPeer, clusterFSIDs map[string]string) error {
-	var mcList clusterv1.ManagedClusterList
-	err := r.HubClient.List(ctx, &mcList)
-	if err != nil {
-		return err
-	}
-
 	for _, pr := range peer.Spec.Items {
-		for _, mc := range mcList.Items {
-			if mc.Name == pr.ClusterName {
-				for _, cc := range mc.Status.ClusterClaims {
-					if cc.Name == "cephfsid.odf.openshift.io" {
-						clusterFSIDs[pr.ClusterName] = cc.Value
-						break
-					}
-				}
+		rookSecretName := utils.GetSecretNameByPeerRef(pr)
+		klog.Info("Fetching rook secret ", "Secret Name:", rookSecretName)
+		hs, err := utils.FetchSecretWithName(ctx, r.HubClient, types.NamespacedName{Name: rookSecretName, Namespace: pr.ClusterName})
+		if err != nil {
+			if errors.IsNotFound(err) {
+				klog.Info("could not find secret %q. will attempt to fetch it again after a delay", rookSecretName)
 			}
+			return err
+		}
+		klog.Info("Unmarshalling rook secret ", "Secret Name:", rookSecretName)
+		rt, err := utils.UnmarshalHubSecret(hs)
+		if err != nil {
+			klog.Error(err, "Failed to unmarshal rook secret", "Secret", rookSecretName)
+			return err
 		}
+		clusterFSIDs[pr.ClusterName] = rt.FSID
 	}
 
 	return nil
diff --git a/controllers/drpolicy_controller_test.go b/controllers/drpolicy_controller_test.go
index 6df0daec..8111a4a7 100644
--- a/controllers/drpolicy_controller_test.go
+++ b/controllers/drpolicy_controller_test.go
@@ -8,10 +8,10 @@ import (
 	ramenv1alpha1 "github.com/ramendr/ramen/api/v1alpha1"
 	multiclusterv1alpha1 "github.com/red-hat-storage/odf-multicluster-orchestrator/api/v1alpha1"
 	"github.com/red-hat-storage/odf-multicluster-orchestrator/controllers/utils"
+	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
-	clusterv1 "open-cluster-management.io/api/cluster/v1"
 	workv1 "open-cluster-management.io/api/work/v1"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
@@ -103,33 +103,37 @@ func getFakeDRPolicyReconciler(drpolicy *ramenv1alpha1.DRPolicy, mp *multicluste
 			Name: cName2,
 		},
 	}
-	mc1 := &clusterv1.ManagedCluster{
+
+	// Constitutes both blue secret and green secret present on the hub
+	hubSecret1 := corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: cName1,
+			Name:      utils.GetSecretNameByPeerRef(mp.Spec.Items[0]),
+			Namespace: cName1,
 		},
-		Status: clusterv1.ManagedClusterStatus{
-			ClusterClaims: []clusterv1.ManagedClusterClaim{
-				{
-					Name:  "cephfsid.odf.openshift.io",
-					Value: "db47dafb-1459-44ca-8a7a-b55ba2ec2d7c",
-				},
-			},
+		Data: map[string][]byte{
+			"namespace":            []byte("openshift-storage"),
+			"secret-data":          []byte(`{"cluster":"b2NzLXN0b3JhZ2VjbHVzdGVyLWNlcGhjbHVzdGVy","token":"ZXlKbWMybGtJam9pWXpSak56SmpNRE10WXpCbFlpMDBZMlppTFRnME16RXRNekExTmpZME16UmxZV1ZqSWl3aVkyeHBaVzUwWDJsa0lqb2ljbUprTFcxcGNuSnZjaTF3WldWeUlpd2lhMlY1SWpvaVFWRkVkbGxyTldrM04xbG9TMEpCUVZZM2NFZHlVVXBrU1VvelJtZGpjVWxGVUZWS0wzYzlQU0lzSW0xdmJsOW9iM04wSWpvaU1UY3lMak13TGpFd01TNHlORGs2TmpjNE9Td3hOekl1TXpBdU1UZ3pMakU1TURvMk56ZzVMREUzTWk0ek1DNHlNak11TWpFd09qWTNPRGtpTENKdVlXMWxjM0JoWTJVaU9pSnZjR1Z1YzJocFpuUXRjM1J2Y21GblpTSjk="}`),
+			"secret-origin":        []byte("rook"),
+			"storage-cluster-name": []byte("ocs-storagecluster"),
 		},
+		Type: "multicluster.odf.openshift.io/secret-type",
 	}
-	mc2 := &clusterv1.ManagedCluster{
+
+	hubSecret2 := corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: cName2,
+			Name:      utils.GetSecretNameByPeerRef(mp.Spec.Items[1]),
+			Namespace: cName2,
 		},
-		Status: clusterv1.ManagedClusterStatus{
-			ClusterClaims: []clusterv1.ManagedClusterClaim{
-				{
-					Name:  "cephfsid.odf.openshift.io",
-					Value: "5b544f43-3ff9-4296-bc9f-051e60dcecdf",
-				},
-			},
+		Data: map[string][]byte{
+			"namespace":            []byte("openshift-storage"),
+			"secret-data":          []byte(`{"cluster":"b2NzLXN0b3JhZ2VjbHVzdGVyLWNlcGhjbHVzdGVy","token":"ZXlKbWMybGtJam9pWXpSak56SmpNRE10WXpCbFlpMDBZMlppTFRnME16RXRNekExTmpZME16UmxZV1ZqSWl3aVkyeHBaVzUwWDJsa0lqb2ljbUprTFcxcGNuSnZjaTF3WldWeUlpd2lhMlY1SWpvaVFWRkVkbGxyTldrM04xbG9TMEpCUVZZM2NFZHlVVXBrU1VvelJtZGpjVWxGVUZWS0wzYzlQU0lzSW0xdmJsOW9iM04wSWpvaU1UY3lMak13TGpFd01TNHlORGs2TmpjNE9Td3hOekl1TXpBdU1UZ3pMakU1TURvMk56ZzVMREUzTWk0ek1DNHlNak11TWpFd09qWTNPRGtpTENKdVlXMWxjM0JoWTJVaU9pSnZjR1Z1YzJocFpuUXRjM1J2Y21GblpTSjk="}`),
+			"secret-origin":        []byte("rook"),
+			"storage-cluster-name": []byte("ocs-storagecluster"),
 		},
+		Type: "multicluster.odf.openshift.io/secret-type",
 	}
-	fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithObjects(drpolicy, mp, ns1, ns2, mc1, mc2).Build()
+
+	fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithObjects(drpolicy, mp, ns1, ns2, &hubSecret1, &hubSecret2).Build()
 
 	r := DRPolicyReconciler{
 		HubClient: fakeClient,

From 8a6992dd43b9053bd902180ee7b79cff46f9a464 Mon Sep 17 00:00:00 2001
From: vbadrina <vbadrina@redhat.com>
Date: Wed, 31 Jan 2024 20:10:28 +0530
Subject: [PATCH 2/2] kubelint fix: expose port on manager

Signed-off-by: vbadrina <vbadrina@redhat.com>
---
 config/manager/manager.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 16137463..e9713c6b 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -32,6 +32,9 @@ spec:
         - --leader-elect
         image: controller:latest
         name: manager
+        ports:
+        - containerPort: 8081
+          protocol: TCP
         env:
         - name: TOKEN_EXCHANGE_IMAGE
           value: ${IMG}