feat(collector): checking existing service account before create running pod (#1222)

pkg/collect/run.go

@@ -43,6 +43,10 @@ func (c *CollectRun) Collect(progressChan chan<- interface{}) (CollectorResult,
 		serviceAccountName = c.Collector.ServiceAccountName
 	}
 
+	if err := checkForExistingServiceAccount(c.Client, namespace, serviceAccountName); err != nil {
+		return nil, err
+	}
+
 	runPodSpec := &troubleshootv1beta2.RunPod{
 		CollectorMeta: troubleshootv1beta2.CollectorMeta{
 			CollectorName: c.Collector.CollectorName,

pkg/collect/runner.go

@@ -155,6 +155,10 @@ func createCollectorPod(client kubernetes.Interface, scheme *runtime.Scheme, own
 		return nil, err
 	}
 
+	if err := checkForExistingServiceAccount(client, namespace, serviceAccountName); err != nil {
+		return nil, err
+	}
+
 	imageName := "replicated/troubleshoot:latest"
 	imagePullPolicy := corev1.PullAlways
 

pkg/collect/util.go

@@ -227,3 +227,12 @@ func getTLSParamsFromSecret(ctx context.Context, client kubernetes.Interface, se
 
 	return caCert, clientCert, clientKey, nil
 }
+
+func checkForExistingServiceAccount(client kubernetes.Interface, namespace string, serviceAccountName string) error {
+	_, err := client.CoreV1().ServiceAccounts(namespace).Get(context.Background(), serviceAccountName, metav1.GetOptions{})
+
+	if err != nil {
+		return errors.Wrapf(err, "Failed to get service account %s", serviceAccountName)
+	}
+	return nil
+}

pkg/collect/util_test.go

@@ -10,6 +10,7 @@ import (
 	troubleshootv1beta2 "github.com/replicatedhq/troubleshoot/pkg/apis/troubleshoot/v1beta2"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
@@ -286,3 +287,48 @@ func createTLSSecret(t *testing.T, client kubernetes.Interface, secretData map[s
 		Name:      secretName,
 	}
 }
+
+func Test_checkForExistingServiceAccount(t *testing.T) {
+	tests := []struct {
+		name               string
+		namespace          string
+		serviceAccountName string
+		mockServiceAccount *corev1.ServiceAccount
+		wantErr            bool
+	}{
+		{
+			name:               "Service account doesn't exist",
+			namespace:          "test-namespace",
+			serviceAccountName: "test-service-account",
+			mockServiceAccount: nil,
+			wantErr:            true,
+		},
+		{
+			name:               "Service account already exists",
+			namespace:          "test-namespace",
+			serviceAccountName: "test-service-account",
+			mockServiceAccount: &corev1.ServiceAccount{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test-service-account",
+				},
+			},
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctx := context.Background()
+			client := testclient.NewSimpleClientset()
+			if tt.mockServiceAccount != nil {
+				_, err := client.CoreV1().ServiceAccounts(tt.namespace).Create(ctx, tt.mockServiceAccount, metav1.CreateOptions{})
+				require.NoError(t, err)
+
+				err = checkForExistingServiceAccount(client, tt.namespace, tt.serviceAccountName)
+				assert.Equal(t, tt.wantErr, err != nil)
+			}
+
+			err := checkForExistingServiceAccount(client, tt.namespace, tt.serviceAccountName)
+			assert.Equal(t, tt.wantErr, err != nil)
+		})
+	}
+}