From b118c3948f1664e791bcad08c366ac9de6c2f415 Mon Sep 17 00:00:00 2001
From: Camila Macedo <camilamacedo86@gmail.com>
Date: Wed, 6 Nov 2024 19:31:33 +0000
Subject: [PATCH] fix: resolve JSONPath error in caBundle readiness check by
 adding kubectl_wait_for_query function

By running `make kind-deploy` against a kind cluster  or installing the released script from https://operator-framework.github.io/operator-controller/getting-started/olmv1_getting_started/ the following error is faced:

```sh
...
deployment.apps/cert-manager-webhook condition met
deployment.apps/cert-manager-cainjector condition met
deployment.apps/cert-manager condition met
error: jsonpath wait format must be --for=jsonpath='{.status.readyReplicas}'=3
```

This PR fixes an issue with kubectl wait when used to check the caBundle field in `mutatingwebhookconfigurations` and `validatingwebhookconfigurations`.

This PR introduces the `kubectl_wait_for_query` function, which replaces `kubectl wait` for this specific use case. The function repeatedly checks the `caBundle` field by using `kubectl get` in a loop, ensuring that the `caBundle` is populated without relying on status-based conditions. This approach provides a more flexible solution compatible with webhook configurations, bypassing the limitations of `kubectl wait`.
---
 scripts/install.tpl.sh | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/scripts/install.tpl.sh b/scripts/install.tpl.sh
index c1907ddc9..ffbc4b02b 100644
--- a/scripts/install.tpl.sh
+++ b/scripts/install.tpl.sh
@@ -41,13 +41,40 @@ function kubectl_wait_rollout() {
     kubectl rollout status --namespace="${namespace}" "${runtime}" --timeout="${timeout}"
 }
 
+function kubectl_wait_for_query() {
+    manifest=$1
+    query=$2
+    timeout=$3
+    poll_interval_in_seconds=$4
+
+    if [[ -z "$manifest" || -z "$query" || -z "$timeout" || -z "$poll_interval_in_seconds" ]]; then
+        echo "Error: Missing arguments."
+        echo "Usage: kubectl_wait_for_query <manifest> <query> <timeout> <poll_interval_in_seconds>"
+        exit 1
+    fi
+
+    start_time=$(date +%s)
+    while true; do
+        val=$(kubectl get "${manifest}" -o jsonpath="${query}" 2>/dev/null || echo "")
+        if [[ -n "${val}" ]]; then
+            echo "${manifest} has ${query}."
+            break
+        fi
+        if [[ $(( $(date +%s) - start_time )) -ge ${timeout} ]]; then
+            echo "Timed out waiting for ${manifest} to have ${query}."
+            exit 1
+        fi
+        sleep ${poll_interval_in_seconds}s
+    done
+}
+
 kubectl apply -f "https://github.com/cert-manager/cert-manager/releases/download/${cert_mgr_version}/cert-manager.yaml"
 # Wait for cert-manager to be fully ready
 kubectl_wait "cert-manager" "deployment/cert-manager-webhook" "60s"
 kubectl_wait "cert-manager" "deployment/cert-manager-cainjector" "60s"
 kubectl_wait "cert-manager" "deployment/cert-manager" "60s"
-kubectl wait mutatingwebhookconfigurations/cert-manager-webhook --for=jsonpath='{.webhooks[0].clientConfig.caBundle}' --timeout=60s
-kubectl wait validatingwebhookconfigurations/cert-manager-webhook --for=jsonpath='{.webhooks[0].clientConfig.caBundle}' --timeout=60s
+kubectl_wait_for_query "mutatingwebhookconfigurations/cert-manager-webhook" '{.webhooks[0].clientConfig.caBundle}' 60 10
+kubectl_wait_for_query "validatingwebhookconfigurations/cert-manager-webhook" '{.webhooks[0].clientConfig.caBundle}' 60 10
 
 kubectl apply -f "https://github.com/operator-framework/catalogd/releases/download/${catalogd_version}/catalogd.yaml"
 # Wait for the rollout, and then wait for the deployment to be Available