// waitForToken uses `cmd.Until` to wait for the service account controller to fulfill the token request func waitForToken(token *api.Secret, serviceAccount *api.ServiceAccount, timeout time.Duration, client kcoreclient.SecretInterface) (*api.Secret, error) { // there is no provided rounding function, so we use Round(x) === Floor(x + 0.5) timeoutSeconds := int64(math.Floor(timeout.Seconds() + 0.5)) options := api.ListOptions{ FieldSelector: fields.SelectorFromSet(fields.Set(map[string]string{"metadata.name": token.Name})), Watch: true, ResourceVersion: token.ResourceVersion, TimeoutSeconds: &timeoutSeconds, } watcher, err := client.Watch(options) if err != nil { return nil, fmt.Errorf("could not begin watch for token: %v", err) } event, err := watch.Until(timeout, watcher, func(event watch.Event) (bool, error) { if event.Type == watch.Error { return false, fmt.Errorf("encountered error while watching for token: %v", event.Object) } eventToken, ok := event.Object.(*api.Secret) if !ok { return false, nil } if eventToken.Name != token.Name { return false, nil } switch event.Type { case watch.Modified: if serviceaccounts.IsValidServiceAccountToken(serviceAccount, eventToken) { return true, nil } case watch.Deleted: return false, errors.New("token was deleted before fulfillment by service account token controller") case watch.Added: return false, errors.New("unxepected action: token was added after initial creation") } return false, nil }) if err != nil { return nil, err } return event.Object.(*api.Secret), nil }
func installationStarted(c kcoreclient.PodInterface, name string, s kcoreclient.SecretInterface) wait.ConditionFunc { return func() (bool, error) { pod, err := c.Get(name) if err != nil { return false, err } if pod.Status.Phase == kapi.PodPending { return false, nil } // delete a secret named the same as the pod if it exists if secret, err := s.Get(name); err == nil { if secret.Annotations[newcmd.GeneratedForJob] == "true" && secret.Annotations[newcmd.GeneratedForJobFor] == pod.Annotations[newcmd.GeneratedForJobFor] { if err := s.Delete(name, nil); err != nil { glog.V(4).Infof("Failed to delete install secret %s: %v", name, err) } } } return true, nil } }