✨ Add changes to clusteradm accept to disable csr update based on annotation on ManagedCluster (#468)

* Add changes to clusteradm accept to disable csr update based on annotation on ManagedCluster

Signed-off-by: “Jeffrey <[email protected]>
Signed-off-by: Gaurav Jaswal <[email protected]>

* Adding comment to describe support for awsira auth

Signed-off-by: Gaurav Jaswal <[email protected]>

---------

Signed-off-by: “Jeffrey <[email protected]>
Signed-off-by: Gaurav Jaswal <[email protected]>
Co-authored-by: jaswalkiranavtar <[email protected]>

Author: jeffw17

Diff for: pkg/cmd/accept/exec.go

@@ -94,10 +94,27 @@ func (o *Options) runWithClient(kubeClient *kubernetes.Clientset, clusterClient
 }
 
 func (o *Options) accept(kubeClient *kubernetes.Clientset, clusterClient *clusterclientset.Clientset, clusterName string, waitMode bool) (bool, error) {
-	approved, err := o.approveCSR(kubeClient, clusterName, waitMode)
+	managedCluster, err := clusterClient.ClusterV1().ManagedClusters().Get(context.TODO(),
+		clusterName,
+		metav1.GetOptions{})
 	if err != nil {
-		return approved, fmt.Errorf("fail to approve the csr for cluster %s: %v", clusterName, err)
+		return false, fmt.Errorf("fail to get managedcluster %s: %v", clusterName, err)
+	}
+	// when a managed cluster registers with hub using awsirsa registration-auth, it will add this annotation
+	// to ManagedCluster resource, presense of which is used to decide the requested authentication type.
+	// awrirsa authentication doesn't create CSR on hub, hence there is nothing to approve
+	_, hasEksArn := managedCluster.Annotations["agent.open-cluster-management.io/managed-cluster-arn"]
+
+	var approved bool
+	if !hasEksArn {
+		approved, err = o.approveCSR(kubeClient, clusterName, waitMode)
+		if err != nil {
+			return approved, fmt.Errorf("fail to approve the csr for cluster %s: %v", clusterName, err)
+		}
+	} else {
+		approved = true
 	}
+
 	err = o.updateManagedCluster(clusterClient, clusterName)
 	if err != nil {
 		return approved, err