From 8ada4671ae34b8db1bc581c03a2b86021ce93ed2 Mon Sep 17 00:00:00 2001
From: changzhen <changzhen5@huawei.com>
Date: Mon, 13 Jun 2022 17:49:26 +0800
Subject: [PATCH] clean-up unused code for upgrade scene

Signed-off-by: changzhen <changzhen5@huawei.com>
---
 .../app/controllermanager.go                  |   6 +-
 .../ensure_impersonation_secret.go            | 120 ------------------
 .../unifiedauth/unified_auth_controller.go    |  27 +---
 3 files changed, 9 insertions(+), 144 deletions(-)
 delete mode 100644 pkg/controllers/unifiedauth/ensure_impersonation_secret.go

diff --git a/cmd/controller-manager/app/controllermanager.go b/cmd/controller-manager/app/controllermanager.go
index 8a4575661..bc05bb083 100644
--- a/cmd/controller-manager/app/controllermanager.go
+++ b/cmd/controller-manager/app/controllermanager.go
@@ -389,10 +389,8 @@ func startServiceImportController(ctx controllerscontext.Context) (enabled bool,
 
 func startUnifiedAuthController(ctx controllerscontext.Context) (enabled bool, err error) {
 	unifiedAuthController := &unifiedauth.Controller{
-		Client:                ctx.Mgr.GetClient(),
-		ControllerPlaneConfig: ctx.Mgr.GetConfig(),
-		EventRecorder:         ctx.Mgr.GetEventRecorderFor(unifiedauth.ControllerName),
-		ClusterClientSetFunc:  util.NewClusterClientSet,
+		Client:        ctx.Mgr.GetClient(),
+		EventRecorder: ctx.Mgr.GetEventRecorderFor(unifiedauth.ControllerName),
 	}
 	if err := unifiedAuthController.SetupWithManager(ctx.Mgr); err != nil {
 		return false, err
diff --git a/pkg/controllers/unifiedauth/ensure_impersonation_secret.go b/pkg/controllers/unifiedauth/ensure_impersonation_secret.go
deleted file mode 100644
index 1693eaa13..000000000
--- a/pkg/controllers/unifiedauth/ensure_impersonation_secret.go
+++ /dev/null
@@ -1,120 +0,0 @@
-package unifiedauth
-
-import (
-	"context"
-	"fmt"
-
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	kubeclient "k8s.io/client-go/kubernetes"
-	"k8s.io/klog/v2"
-
-	clusterv1alpha1 "github.com/karmada-io/karmada/pkg/apis/cluster/v1alpha1"
-	karmadaclientset "github.com/karmada-io/karmada/pkg/generated/clientset/versioned"
-	"github.com/karmada-io/karmada/pkg/util"
-	"github.com/karmada-io/karmada/pkg/util/names"
-)
-
-// ensureImpersonationSecret make sure create impersonation secret for all Cluster.
-// This logic is used only in the upgrade scenario of the current version
-// and can be deleted in the next version.
-func (c *Controller) ensureImpersonationSecret() {
-	clusterList := &clusterv1alpha1.ClusterList{}
-	if err := c.Client.List(context.TODO(), clusterList); err != nil {
-		klog.Errorf("Failed to list clusterList, error: %v", err)
-		return
-	}
-
-	for index, cluster := range clusterList.Items {
-		if cluster.Spec.SyncMode == clusterv1alpha1.Pull {
-			continue
-		}
-		err := c.ensureImpersonationSecretForCluster(&clusterList.Items[index])
-		if err != nil {
-			klog.Errorf("Failed to ensure impersonation secret exist for cluster %s", cluster.Name)
-		}
-	}
-}
-
-func (c *Controller) ensureImpersonationSecretForCluster(cluster *clusterv1alpha1.Cluster) error {
-	controlPlaneKubeClient := kubeclient.NewForConfigOrDie(c.ControllerPlaneConfig)
-	controlPlaneKarmadaClient := karmadaclientset.NewForConfigOrDie(c.ControllerPlaneConfig)
-
-	klog.V(4).Infof("Create impersonation secret for cluster %s", cluster.Name)
-	// create a ClusterClient for the given member cluster
-	clusterClient, err := c.ClusterClientSetFunc(cluster.Name, c.Client, nil)
-	if err != nil {
-		klog.Errorf("Failed to create a ClusterClient for the given member cluster: %v, err is : %v", cluster.Name, err)
-		return err
-	}
-
-	// clusterNamespace store namespace where serviceaccount and secret exist.
-	clusterNamespace := cluster.Spec.SecretRef.Namespace
-
-	// create a ServiceAccount for impersonation in cluster.
-	impersonationSA := &corev1.ServiceAccount{}
-	impersonationSA.Namespace = clusterNamespace
-	impersonationSA.Name = names.GenerateServiceAccountName("impersonator")
-	if impersonationSA, err = c.ensureServiceAccountExist(clusterClient.KubeClient, impersonationSA); err != nil {
-		return err
-	}
-
-	clusterImpersonatorSecret, err := util.WaitForServiceAccountSecretCreation(clusterClient.KubeClient, impersonationSA)
-	if err != nil {
-		return fmt.Errorf("failed to get serviceAccount secret for impersonation from cluster(%s), error: %v", cluster.Name, err)
-	}
-
-	// create secret to store impersonation info in control plane
-	impersonatorSecret := &corev1.Secret{
-		ObjectMeta: metav1.ObjectMeta{
-			Namespace: clusterNamespace,
-			Name:      names.GenerateImpersonationSecretName(cluster.Name),
-			OwnerReferences: []metav1.OwnerReference{
-				*metav1.NewControllerRef(cluster, clusterv1alpha1.SchemeGroupVersion.WithKind("Cluster")),
-			},
-		},
-		Data: map[string][]byte{
-			clusterv1alpha1.SecretTokenKey: clusterImpersonatorSecret.Data[clusterv1alpha1.SecretTokenKey],
-		},
-	}
-
-	_, err = util.CreateSecret(controlPlaneKubeClient, impersonatorSecret)
-	if err != nil {
-		return fmt.Errorf("failed to create impersonator secret in control plane. error: %v", err)
-	}
-
-	if cluster.Spec.ImpersonatorSecretRef == nil {
-		mutateFunc := func(cluster *clusterv1alpha1.Cluster) {
-			cluster.Spec.ImpersonatorSecretRef = &clusterv1alpha1.LocalSecretReference{
-				Namespace: impersonatorSecret.Namespace,
-				Name:      impersonatorSecret.Name,
-			}
-		}
-
-		_, err = util.CreateOrUpdateClusterObject(controlPlaneKarmadaClient, cluster, mutateFunc)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// ensureServiceAccountExist makes sure that the specific service account exist in cluster.
-// If service account not exit, just create it.
-func (c *Controller) ensureServiceAccountExist(client kubeclient.Interface, saObj *corev1.ServiceAccount) (*corev1.ServiceAccount, error) {
-	exist, err := util.IsServiceAccountExist(client, saObj.Namespace, saObj.Name)
-	if err != nil {
-		return nil, fmt.Errorf("failed to check if impersonation service account exist. error: %v", err)
-	}
-	if exist {
-		return saObj, nil
-	}
-
-	createdObj, err := util.CreateServiceAccount(client, saObj)
-	if err != nil {
-		return nil, fmt.Errorf("ensure impersonation service account failed due to create failed, error: %v", err)
-	}
-
-	return createdObj, nil
-}
diff --git a/pkg/controllers/unifiedauth/unified_auth_controller.go b/pkg/controllers/unifiedauth/unified_auth_controller.go
index 38a10f933..f5d72ee33 100644
--- a/pkg/controllers/unifiedauth/unified_auth_controller.go
+++ b/pkg/controllers/unifiedauth/unified_auth_controller.go
@@ -8,9 +8,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/types"
-	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	"k8s.io/apimachinery/pkg/util/sets"
-	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/record"
 	"k8s.io/klog/v2"
 	controllerruntime "sigs.k8s.io/controller-runtime"
@@ -40,10 +38,8 @@ const (
 
 // Controller is to sync impersonation config to member clusters for unified authentication.
 type Controller struct {
-	client.Client         // used to operate Cluster resources.
-	ControllerPlaneConfig *rest.Config
-	EventRecorder         record.EventRecorder
-	ClusterClientSetFunc  func(string, client.Client, *util.ClientOption) (*util.ClusterClient, error)
+	client.Client // used to operate Cluster resources.
+	EventRecorder record.EventRecorder
 }
 
 // Reconcile performs a full reconciliation for the object referred to by the Request.
@@ -75,12 +71,6 @@ func (c *Controller) Reconcile(ctx context.Context, req controllerruntime.Reques
 	return controllerruntime.Result{}, nil
 }
 
-// Start starts a goroutine to ensure impersonation secret for upgrade scenario.
-func (c *Controller) Start(ctx context.Context) error {
-	go c.ensureImpersonationSecret()
-	return nil
-}
-
 func (c *Controller) syncImpersonationConfig(cluster *clusterv1alpha1.Cluster) error {
 	// step1: list all clusterroles
 	clusterRoleList := &rbacv1.ClusterRoleList{}
@@ -242,14 +232,11 @@ func (c *Controller) SetupWithManager(mgr controllerruntime.Manager) error {
 		},
 	}
 
-	return utilerrors.NewAggregate([]error{
-		controllerruntime.NewControllerManagedBy(mgr).
-			For(&clusterv1alpha1.Cluster{}, builder.WithPredicates(clusterPredicateFunc)).
-			Watches(&source.Kind{Type: &rbacv1.ClusterRole{}}, handler.EnqueueRequestsFromMapFunc(c.newClusterRoleMapFunc())).
-			Watches(&source.Kind{Type: &rbacv1.ClusterRoleBinding{}}, handler.EnqueueRequestsFromMapFunc(c.newClusterRoleBindingMapFunc())).
-			Complete(c),
-		mgr.Add(c),
-	})
+	return controllerruntime.NewControllerManagedBy(mgr).
+		For(&clusterv1alpha1.Cluster{}, builder.WithPredicates(clusterPredicateFunc)).
+		Watches(&source.Kind{Type: &rbacv1.ClusterRole{}}, handler.EnqueueRequestsFromMapFunc(c.newClusterRoleMapFunc())).
+		Watches(&source.Kind{Type: &rbacv1.ClusterRoleBinding{}}, handler.EnqueueRequestsFromMapFunc(c.newClusterRoleBindingMapFunc())).
+		Complete(c)
 }
 
 func (c *Controller) newClusterRoleMapFunc() handler.MapFunc {