Support using existing kubeconfig while import data protection

Signed-off-by: Willis Ren <willis.ren@broadcom.com>

Author: willisren

061-cluster-access-policies-resync.sh

@@ -1,6 +1,7 @@
 #! /bin/bash
 
 source utils/common.sh
+source utils/kubeconfig.sh
 
 register_last_words "Resync rolebindings on clusters and namespaces"
 
@@ -30,15 +31,15 @@ fi
 
 while IFS="." read -r mgmt prvn cls; do
     log info "Connecting to the cluster $mgmt/$prvn/$cls..."
-    if ! tanzu tmc cluster kubeconfig get $cls -m $mgmt -p $prvn > ${TEMPKUBECONFIG} 2>/dev/null; then
-        log error "Failed to get kubeconfig for cluster $mgmt/$prvn/$cls"
-        exit 1
+    if ! get_kubeconfig ${cls} ${prvn} ${mgmt} ${TEMPKUBECONFIG}; then
+        log error "Failed to get kubeconfig for cluster $mgmt/$prvn/$cls, skip resyncing access policies for this cluster"
+        continue
     fi
 
     # Verify cluster connection
     if ! kubectl cluster-info >/dev/null 2>&1; then
-        log error "Failed to connect to cluster $mgmt/$prvn/$cls"
-        exit 1
+        log error "Failed to connect to cluster $mgmt/$prvn/$cls, skip resyncing access policies for this cluster"
+        continue
     fi
 
     log info "Delete stale custom cluster roles for $mgmt/$prvn/$cls ..."
@@ -48,8 +49,8 @@ while IFS="." read -r mgmt prvn cls; do
 
     org_id=$(kubectl -n $TMC_NAMESPACE get cm stack-config -o jsonpath='{.data.org_id}' 2>/dev/null)
     if [[ -z "$org_id" ]]; then
-        log error "Failed to get org_id for the cluster $mgmt/$prvn/$cls"
-        exit 1
+        log error "Failed to get org_id for the cluster $mgmt/$prvn/$cls, skip resyncing access policies for this cluster"
+        continue
     fi
 
     log info "Delete stale cluster rolebindings on $mgmt/$prvn/$cls ..."

064-cluster-data_protection-import.sh

@@ -1,8 +1,10 @@
 #!/bin/bash
 
 set +e
+source utils/kubeconfig.sh
 
 ONBOARDED_CLUSTER_INDEX_FILE="data/clusters/onboarded-clusters-name-index"
+
 TEMPFILE=/tmp/_temp_dp_file_$(date +%s)
 TEMPKUBECONFIG=${TEMPFILE}_kubeconfig
 DPDIR=data/data-protection
@@ -151,7 +153,10 @@ function create_old_bsl() {
         clname=$(echo "${elem}" | yq '.fullName.clusterName')
         mcname=$(echo "${elem}" | yq '.fullName.managementClusterName')
         provname=$(echo "${elem}" | yq '.fullName.provisionerName')
-        ${TANZU} tmc cluster kubeconfig get ${clname} -m ${mcname} -p ${provname} > ${TEMPKUBECONFIG}
+        if ! get_kubeconfig ${clname} ${provname} ${mcname} ${TEMPKUBECONFIG}; then
+            echo "Failed to get kubeconfig for cluster ${mcname}/${provname}/${clname}, skip importing BSL for this cluster"
+            continue
+        fi
         # Create new BSL
         bslname=$(echo "${elem}" | yq '.fullName.name')
         bslprefix=$(echo "${elem}" | yq '.spec.prefix')

utils/kubeconfig.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+WC_KUBECONFIG_INDEX_FILE="data/clusters/attached-wc-kubeconfig-index-file"
+
+function get_kubeconfig() {
+    local cluster_name=$1
+    local provisioner_name=$2
+    local management_cluster_name=$3
+    local kubeconfig_file=$4
+
+    local kubeconfig_dir=$(dirname $kubeconfig_file)
+    mkdir -p $kubeconfig_dir
+
+    if [[ "${management_cluster_name}" == "attached" ]]; then
+        if [[ -n "$WC_KUBECONFIG_INDEX_FILE" && -f "$WC_KUBECONFIG_INDEX_FILE" ]]; then
+            wc_kubeconfig=$(grep "^$cluster_name:" "$WC_KUBECONFIG_INDEX_FILE" | awk '{print $2}')
+            if [[ -n "$wc_kubeconfig" && -f "$wc_kubeconfig" ]]; then
+                cp -f $wc_kubeconfig $kubeconfig_file
+                return 0
+            fi
+        fi
+        
+        if ! tanzu tmc cluster kubeconfig get ${cluster_name} -m ${management_cluster_name} -p ${provisioner_name} > ${kubeconfig_file}; then
+            return 1
+        fi
+    elif ! tanzu tmc cluster admin-kubeconfig get ${cluster_name} -m ${management_cluster_name} -p ${provisioner_name} > ${kubeconfig_file}; then
+        return 1
+    fi
+
+    return 0
+}